For years, the list of worst passwords was dominated by the word “password.” It was consistently among the most common and easy to guess. But now there’s a new number one.
SplashData, a password management application, has announced that first time in years, “password” fell from the number one spot to second place. It now sits behind “12345.”
Interestingly, many of the passwords on the list below are short and numerical. This trend comes even after many websites began asking for more complex passwords that contain at least one number, notes Morgan Slain, CEO of Splash Data.
“Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” he said in a statement.
Splash Data offers several tips in making passwords more secure such as using passwords of eight characters or more with mixed types of characters, even though these are not immune to security breach either.
“But even passwords with common substitutions like “dr4matic” can be vulnerable to attackers’ increasingly sophisticated technology,” Slain said.
In addition, Splash Data suggests avoiding using the same username/password combination for multiple websites and “using a password manager application that organizes and protects passwords and can automatically log you into websites.”
Here is the list of worst passwords of 2013 and their change from 2012, according to SplashData:
1. 123456 (Up 1)
2. passoword (Down 1)
3. 12345678 (Unchanged)
4. qwerty (Up 1)
5. abc123 (Down 1)
6. 123456789 (New)
7. 111111 (Up 2)
8. 1234567 (Up 5)
9. iloveyou (Up 2)
10. adobe123 (New)
11. 123123 (Up 5)
12. admin (New)
13. 1234567890 (New)
14. letmein (Down 7)
15. photoshop (New)
16. 1234 (New)
17. monkey (Down 11)
18. shadow (Unchanged)
19. sunshine (Down 5)
20. 12345 (new)
21. password1 (Up 4)
22. princess (New)
23. azerty (New)
24. trustno1 (Down 12)
25. 000000 (New)
Social media is increasingly being used as evidence in criminal cases to convict suspects, but those incidents usually arise when an individual admits to a crime via a platform such as Twitter or Facebook. A recent case in Tennessee signifies the increasing influence of technology over criminal cases, as a man was arrested for “liking” a Facebook post made by a woman who had filed a restraining order against him.
According to RT, a Memphis woman named Towanna Murphy posted a video on Facebook that was “liked” by Thaddeus Matthews. Matthews, a local talk radio host who was formerly involved with Murphy, had a restraining order placed against him by the woman. Murphy took screenshots of her Facebook page and sent them to the police station.
In response to Matthews social media actions, he was arrested and charged with violating a protection order. He was released on a $1,000 bond.
Although the Facebook “like” button seems like an innocuous feature of a social media platform, the feature actually played an integral role in a federal case last year after an employee was fired for not “liking” the campaign page for Hampton, Virginia Sheriff B.J. Roberts. The U.S. District Court of Eastern Virginia ultimately found that the “Like” button is covered by the First Amendment and therefore constitutes free speech.
When it comes to restraining orders, however, the “Like” button and other social media actions are viewed differently. According to ABC News, a Massachusetts man was recently jailed for sending a Google Plus invite to his ex-girlfriend, who had filed a restraining order against him.
TrustedSec CEO David Kennedy, the hacking expert who easily cracked the security setup of Healthcare.gov, explained Sunday how he was able to enter the site.
“There’s a technique called, what we call ‘passive reconnaissance,’” Kennedy explained in an interview with Fox News, “which allows us to query and look at how the website operates and performs.”
This attack, along with access to the 70,000 documents of personal information extracted from the site, requires very little work, according to Kennedy. The attack extracts information without actually having to go into the system.
Kennedy added that extracting the documents took no time at all, about 4 minutes, and that it could be done with a standard browser.
“Think of something where you have a car and the car doors are open and the windows are open — you can see inside of it,” Kennedy said. “That’s basically what they allow you to do and there’s no real sophistication level here.”
Kennedy noted that the website has not gotten any safer since its conception, and that security may have even gotten worse over the past two months.
According to TrustedSec, the health care website fails to meet even basic security practices for protecting sensitive personal information.
The concept of net neutrality has been an important issue for many online businesses as well as advocates pushing to maintain a free, more open internet. On Tuesday, hopes of maintaining net neutrality in the United States were extremely diminished. A federal appeals court struck down the Federal Communications Commission order requiring internet service providers to abide by the rules of an open web, brought forth by Verizon's suit against the FCC (Verizon v. FCC).
The new decision means that the corporations that control access to the internet can now determine how different websites are treated, with internet service providers (ISPs) tweaking loading times and other factors according to their own judgement.
A new graphic circulating around the web demonstrates how an ISP’s new pricing options might work if they fully take advantage of the system created by the new ruling. According to the Huffington Post, the graphic was created by a Reddit user named quink in 2009 when Comcast fought against the FCC’s order, but has seen a resurgence due to Verizon's recent success in the appeals court.
The primary criticism of the ruling is that it allows ISPs to promise websites quicker loading times or more seamless content delivery in exchange for money. If Verizon wanted to cut a deal with YouTube, for instance, they could allow that site to load more quickly than similar sites offered by competitors.
Huffington Post also points out that quink’s graphic is comparable to cable television distribution. Many cable channels are given to subscribers in “bundles,” and adding new channels requires further payment. ISPs could potentially apply the same method of distribution to the internet.
Because the internet has historically been relatively open and free for users as well as businesses, the ruling could have a drastic effect on how business is conducted online. Of course, that history may also hint towards the idea that companies will be resistant and not much will change. The Atlantic seems to think that users are overreacting to the ruling, as the corporation-dominated, closed internet depicted in the graphic is unlikely to truly occur.
What will actually happen remains to be seen.
Security firm Proofpoint is reporting that one of the first Internet-of-Things cyber attacks recently happened, and it involved a refrigerator.
The Internet-of-Things refers to household gadgets that can be connected to the Internet, and Proofpoint warns that hackers are now able to use them to send out compromising emails.
According to Proofpoint, the massive attack happened between December 23 and January 6 and consisted of, “more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.”
“No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location – and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use,” said Proofpoint in their report. “But [Internet-of-Things] devices are typically not protected by the anti-spam and anti-virus infrastructures available to organizations and individual consumers, nor are they routinely monitored by dedicated IT teams or alerting software to receive patches to address new security issues as they arise.”
David Knight, general manager of information security for Proofpoint, says that there is not much the owner of a smart device can do to stop this from happening.
"I don't think a consumer should be expected to know and fix if their refrigerator has been compromised," said Knight. "The industry is going to have to do a better job of securing these devices."
"People should be concerned,” warned Knight, “because unlike PCs and laptops where there are tools and user interfaces where you can tell if something is wrong, there's not a lot to help you tell if your fridge or home audio system has been compromised.”
The National Security Agency (NSA) is collecting about 200 million text messages a day around the globe, according to newly-published documents provided by whistleblower Edward Snowden.
The Guardian and the UK’s Channel 4 News report that the NSA uses the text messages "to extract data including location, contact networks and credit card details.”
These top-secret NSA documents include the title: “SMS Text Messages: A Goldmine to Exploit."
The NSA says it uses a computer program called "Dishfire" to sweep up "pretty much everything it can." The private information is then analyzed by another program called “Prefer.”
According to The Guardian, in a single day, the NSA can swoop up more than 5 million missed-call alerts, details of 1.6 million border crossings, more than 110,000 names from e-business cards and over 800,000 financial transactions.
Another document says the GHCQ, the UK version of the NSA, uses the NSA’s texting database to search “untargeted and unwarranted” communications between people in Great Britain.
These new revelations come just as the Obama administration plans to announce its NSA reforms on Friday.
Mother Jones reports that the reforms won't likely change anything major at the NSA. The spy agency will still continue to sweep tons of information from American's phone calls and texts, and will keep hacking Internet encryptions, which includes emails and other online accounts.
The only possible meaningful change might be reforming the Foreign Intelligence Surveillance Act Court, which approves most of the US government's surveillance requests, but is not accountable to the public or Congress.
Federal Communications Commission (FCC) Chairman Tom Wheeler was giving a speech on Jan. 9 in Silicon Valley when protesters interrupted him numerous times.
The protesters from StopSmartMeters.org claimed there is a strong link between cancer and cell phones (video below).
They spaced their interruptions throughout Wheeler's speech and asked why the FCC had not warned people about cell phones causing cancerous tumors, notes Storyleak.com.
“How many people have to die from brain cancer before the federal government puts warning labels on cell phones?” yelled one protester.
After the first protester was taken out, Wheeler joked, “John, it’s great to be here!” bringing laughter from the crowd.
“Thanks for my husband's brain tumor and many others, Tom,” another protester yelled during Wheeler's speech.
The connection between cell phones and cancer is widely debated.
According to US News & World Report, a study published in 2013 compared 20 heavy cell phone users to 20 deaf people who do not use cell phones. The study found that the heavy cell phone users had far more cell damage, which can lead to cancer.
But the National Cancer Institute website states, "Studies thus far have not shown a consistent link between cell phone use and cancers of the brain, nerves, or other tissues of the head or neck. More research is needed because cell phone technology and how people use cell phones have been changing rapidly."
A cell phone start-up is looking to cash in on the current government surveillance hysteria sweeping much of the western world.
On Wednesday, encrypted communications company Silent Circle and Spanish cell phone start-up Geeksphone announced their debut product: Blackphone, an “NSA-proof” smartphone. The phone company tells users their product will be the first on the market to prevent government agencies and hackers from viewing personal information on their phones.
“I have spent my whole career working towards the launch of secure telephony products," said Phil Zimmermann, co-founder of Silent Circle. "Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect."
The phone is scheduled to be unveiled at the Mobile World Congress in Barcelona, Spain on February 24th. Consumers will be able to pre-order the phone once it is unveiled.
While the specifics of how the Blackphone will guard your information remain unclear, the general idea is this: the phone is designed to use encrypted data, secure file-sharing, and private internet browsing.
Despite the company’s claim that Blackphone will be “the world’s first smartphone placing privacy and control directly in the hands of its users,” this much is clear: Blackphone is not the first encrypted phone to hit the market. German company GSMK Cryptophone, for example, has been manufacturing encrypted communications products for years.
Nevertheless, it’ll be interesting to see if Blackphone catches on. The company makes it painfully obvious in their promotional video for the phone that they hope to lure in customers frightened by the recent NSA leaks brought forth by Edward Snowden. The video, dark music and all, shows pictures of a number of newspaper front pages in the past year featuring headlines regarding government surveillance. The whole video has a fear-mongering vibe to it.
See it for yourself here:
A new report on the NSA shows that the controversial agency can access computers even when they’re not connected to the internet.
The New York Times reported Tuesday that the NSA has placed software on over 100,000 computers around the world allowing agents to conduct surveillance on the machines using radio frequency technology.
Here’s a breakdown of how the James Bond-esque technology works.
Field agents first insert USB plugs containing tiny transceivers into the target computer. The transceiver then communicates with a briefcase-sized NSA field station that can be placed up to eight miles away from the computer. This station then relays information back to the NSA’s Remote Operations Center. The field station can install malware on the computer as well as import and extract any information agents wish to on the target computer.
NSA spokesperson Vanee Vines described the technology as an “active defense” technique that has not been used on American computers. Among the groups targeted by the technology are the Chinese and Russian militaries, drug cartels, trade institutions at the European Union, and occasionally U.S. partners near war zones like Pakistan, Saudi Arabia, and India.
“NSA's activities are focused and specifically deployed against -- and only against -- valid foreign intelligence targets in response to intelligence requirements," Vines said. "In addition, we do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of -- or give intelligence we collect to -- U.S. companies to enhance their international competitiveness or increase their bottom line."
Vines' last comment about using intelligence technologies to steal trade secrets is a dig at the Chinese Army. The Chinese Army has been caught many times in the past hacking into American industrial and military computers in order to steal trade secrets and intellectual property. Ironically, U.S. officials have loudly protested each time it’s been discovered that Chinese intelligence has tapped U.S. computers.
A senior U.S. official speaking with the Times said the tracking technology should be thought of in the same way submarines are.
“That is what the submarines do all the time,” the anonymous official said. “They track the adversary submarines”. With digital sureveillance, he concluded, the U.S. tries “to silently track the adversaries while they’re trying to silently track you.”
I think most of us can agree that red lights are a necessary evil. Notice I said most, not all, of us. Count German car maker Audi among those who think we can find a way around sitting at red lights.
Audi is developing a system that will let drivers know how long an upcoming traffic light will stay a certain color. The idea is that, once informed about how long they have to make it through a light, drivers can adjust their speeds accordingly and spend as little time waiting at red lights as possible.
The system will work by learning traffic light patterns using local data sources. The data will then be sent to the car using the vehicles WiFi system and -- voila -- a countdown will appear on the dash telling drivers how long they have to zip through the next light.
Audi has dubbed the developmental program “Traffic Light Assist” (TLA). TLA has been tested in Berlin, Verona, and Las Vegas thus far. A widespread implementation of the technology likely depends on whether local governments are willing to grant Audi access to their traffic light data. This is no doubt the biggest obstacle in Audi’s way right now.
It’s not hard to envision how many drivers would use the technology. If you see you’ve got 6 seconds to get through a light that’s 500 feet away, do you relax and agree to wait at the light for a few minutes? Or do you hit the gas and try squeeze through the intersection before the light turns red? The system seems like a great way to encourage speeding. Good luck convincing authorities otherwise.
We’ll wait and see how this one turns out, but I’d guess the chances of this tech really taking off are slim at best.