A group of pentesters in Iran have successfully breached Turkmenistan’s Domain Registry and gained access to the name-server management console for the registered .tm domains. The hackers say they found a way to inject SQL code in hidden form fields with insufficient validation and input sanitization. The attack yielded a complete database dump, which one would expect to contain customer names, e-mail addre...

Computer users will have a hard time keeping passwords private this year. At least, that’s the view of Big Four auditing firm Deloitte. The findings of Deloitte’s TMT Predictions 2013 report reveal rampant re-use of passwords, which puts computer users at risk when these passwords are leaked and bruteforced with modern technologies. “If you take a site with over six million users and you take ten thousand p...

Hashed passwords have always been the way to go when storing authentication credentials in databases. If in the early days of the web simple hashing algorithms were enough to offer decent protection in case of data leaks, the currently-available computing power makes brute-forcing a breeze. Researcher Jeremi Gosney – also known as epixoip – demonstrated at the Passwords^12 conference in Oslo that no passwor...

“Jesus” and “Ninja” join older entries such as “password”, “123456” and “12345678” in the list of the scariest 2012 passwords, according to SplashData, a California-based company that makes password management applications. Other newcomers in the list of unsecure passwords include “welcome,” “mustang”, and “password1.” “At this time of year, people enjoy focusing on scary costumes, movies and decorations, b...

A new auction website in New Zealand was taken down two days after its launch when IT professionals deemed it unsafe.   Wheedle.co.nz proved to lack consistent security policies and needed to postpone its activities until it properly addressed the multitude of “unforeseen technical problems.” Shortly after its launch, some wheedle visitors noticed and complained about how the password reset system was sendi...

Passwords are the last, and sometimes only, line of defense against online criminals. The average computer users know not to leave their critical passwords lying around for all to see. Some iOS app developers, however, are apparently less careful when handling users’ vital information. Bitdefender Labs analyzed some highly-rated free iOS apps starting from the premise that they should handle credentials wis...

New phishing campaign that claims to safely change your Apple ID password is in fact fishing for gadget owners’ critical information. Apple customers are once again the target of a phishing campaign that attempts to collect log-in information. The message, disguised as a password reset message, lures victims to a phishing web page to “review” the original password. Making use of social engineering, the scam...

Online gaming service battle.net has fallen victim to unauthorized access and the leak of sensitive user information. Even though credit card data is thought to be safe, a list of email addresses for global Battle.net users, as well as the answer to the personal security question, hashed passwords and information relating to Mobile and Dial-In Authenticators have fallen into the wrong hands, according to th...

Hacked Dropbox accounts were recently used in a spam campaign that affected a few hundred users. Usernames and passwords were allegedly accessed via third party websites two weeks back, but the recent spam campaign confirms the breach was real. The online file storage service confirmed that user accounts were accessed and an employee documents containing user emails was used in the spam campaign. Users from...

A new computer game designed by researchers at the Stanford University allows users to pick their passwords in a totally unpredictable way. The game is based on a combination of cryptography (the “art” of encryption) and neuroscience that suppresses the emergence of common patterns. Password theft has become much easier for social engineers, who can basically tell one users’ password by simply analyzing the...