Every year, they publish their list of most widely used insecure passwords, as gleaned from passwords that were made public via data breaches occurring in that year.

To compile the 2016 list, the company analyzed more than ten million stolen passwords, and depressingly, the 2016 list looks a lot like the 2015 list.

Topping the chart for two years in a row was the password “123456.” If there’s a less secure password than this, it’s actually difficult to imagine what it might be. But several of the others that showed up in prominent positions on the 2016 list were also widely used in 2015, including “qwerty,” “111111,” and of course, the infamous “password.”

This should go without saying. Last year saw the highest number of security breaches in the entire history of the internet, and that there’s every indication that 2017 will be another record-breaking year. If you’re still using passwords like this, you are part of the problem.

If you have any employees using passwords like this, they’re essentially a ticking time bomb. If your company’s security is breached, odds are good it will be because someone in your organization is using a weak password and simply not taking digital security as seriously as they need to be.

All of this underscores the need for diligence and education. If it’s been a while since your employees have attended data security training classes, there’s no time like the present to get that set up. Remember, your security system is only as secure as your weakest link, and if your weakest link is being protected by a password like “password,” then you’re in real trouble, no matter how much you’re spending to keep your data safe.

Used with permission from Article Aggregator

Thanks to radical improvements in the quality of digital cameras in recent years, it’s possible to take crisper, clearer digital photos than ever before. This, combined with the fact that high quality cameras are cheap, and built into the now-ubiquitous smartphone is the first piece of the puzzle.

The second piece is the explosive growth of image-oriented social media like SnapChat and Instagram, which has fostered the “selfie” craze. More and more people are taking pictures of themselves and posting them to various social media outlets than ever before, and the combination of these two factors is what has opened the door.

Thanks to the ultra-high quality of these pictures, hackers can actually zoom in close enough to digitally reproduce your fingerprints. If you have taken a selfie and you’re flashing the “Peace sign” for example, your fingerprints are visible at sufficiently high resolution, and can be copied.

Enterprising hackers are doing exactly that, and armed with a digital copy of your fingerprints, they have everything they need to steal your identity. They could get a driver’s license and “replacement” social security card, then use those things to open credit cards in your name and go on a spending spree at your expense.

They can also use the digital fingerprints to unlock your phone if you’ve got it locked in that manner.

Security researchers have verified that fingerprints can be stolen in this manner from a photo taken as far as nine feet away, which is a truly terrifying thought.

If you make regular use of social media, it might be a good idea to review the pictures you’ve made visible to the public and begin selectively culling or editing them, just in case.

Used with permission from Article Aggregator

Since that time, we’ve witnessed a breathtaking increase in the size of the IoT (Internet of Things). It is poised to surpass the combined size of internet-connected PCs and smartphones later this year, and there’s no end in sight to its phenomenal growth.

The problem is that PCs and smartphones are several orders of magnitude more secure than virtually every internet object in use today. Most of them lack even the most basic of security protocols, and what’s worse is that the companies that manufacture them have shown almost a complete lack of interest in changing that.

It’s a problem in general because hackers are enslaving them almost as fast as they come online, and they’re assembling botnets of unprecedented size. The botnets are being used to launch Denial of Service attacks capable of knocking companies offline, or, as was painfully demonstrated late last year, taking down much of the US’s internet.

The problem is even worse where medical devices are concerned, because once control is gained, the hacker controlling the device can quite literally kill the patient it’s hooked up to.

Another warning was issued in 2016, this time about a pair of smart cardiac devices made by St. Jude Medical.

The company initially denied that the hack was possible, but later reversed its opinion. There’s some ongoing infighting about the way the hack information was released, but this latest warning has spurred the FDA to begin the process of drafting new rules establishing minimum acceptable security standards for smart medical devices.

The hope is that these standards will permeate the industry, and that more equipment manufacturers will begin taking steps to bolster security of these devices we are increasingly relying on.

Used with permission from Article Aggregator

All things end, though, and the HDD’s reign is officially coming to a close. It’s getting increasingly difficult to justify springing for an old-style hard drive when you can buy an SSD or a hybrid drive instead. The advantages are just too compelling.

The primary advantage that SSDs offer over their older counterparts is speed. It comes down to performance. HDD’s can get fragmented over time, which degrades the speed with which they can access files. Even in cases where an HDD is perfectly unfragmented, they still can’t match the access speeds of an SSD, and in business, it’s increasingly the case that speed is life.

A secondary advantage is the form factor of the drive. SSDs are significantly smaller, and as such, much easier to incorporate into system architecture. Even better, as smartphones get incrementally bigger and SSDs continue getting smaller, the day is inevitably coming when they’ll be incorporated into every device you use.

The only real advantage that HDDs have over their sleeker, faster counterparts is in terms of raw storage for the money, and for the moment, the older drives are still cheaper. If you need bulk storage and are on a budget, you may still be tempted to head in that direction.

That will be true for at least the first half of this year, but new facilities are coming online later in the year, which should close most of the price gap between the two technologies. Investing in HDDs now could mean a bigger expense down the road as you eventually retire and replace those drives.

A good intermediary step if you absolutely need storage now is a hybrid drive, which combines the best features of both technologies, but you can expect hybrid drives to have a relatively short shelf life. The moment SSDs come within 20% of the price of comparably sized HDDs, they’re destined to go the way of the dinosaur.

Used with permission from Article Aggregator

This year, Android topped the list by a wide margin, with a staggering 523 reported security issues. The runner up, Debian Linux, placed a distant second with 319 vulnerabilities.

Surprisingly, Adobe’s Flash Player reported 266. That’s still a staggering number, but far fewer than one might expect given how many times it’s been in the news.

At first glance, the sheer number of Android bugs is both shocking and alarming, but it’s important to note the limitations of the list. It does not take issue severity into account. Many of the Android bugs reported in 2016 were relatively minor flaws whose fixes were rolled into patches designed to fix more pressing issues.

This is the reason that Adobe captured more headlines, even though they came in fourth place with Flash Player. A greater percentage of the bugs reported were critical flaws.

Limitations aside, there is some value to these statistics, and it’s a good broad measure of the state of security in programs your company probably relies a great deal on.

Being “awarded” with top honors by CVE Details is hardly a reason to cheer, but it’s not the end of the world. Seeing Android at the top of the list, for example, is not a sufficient reason to trade all your Android devices in for handhelds running iOS. After all, last year, Apple products reported a mind-boggling 7008 security vulnerabilities.

The point is, just about every major tech company takes a turn “winning” this award, so while it’s important to keep track of, it’s also important to take the finding with a grain of salt.

Used with permission from Article Aggregator

Last year, electronics giant Samsung came under fire when it was revealed that its smart TVs recorded everything you said when you were within twenty feet or so of your television.

This should hardly come as a surprise, given the fact that the TV has to do this in order to make use of and get better at understanding a user’s voice commands, but the company spent more than a month responding to outraged complaints.

Now, there’s a new wrinkle, and this time, Amazon’s voice-activated “Echo” device is at the center.

The case in question involves a murder. The victim, Victor Collins, was found dead in a hot tub, and an Amazon Echo was in his immediate vicinity.

The police issued a warrant, demanding that Amazon release the recordings associated with the device on the thinking that they may contain some evidence about who committed the crime.

Amazon has refused to comply, because most of the time, the Echo doesn’t record anything. The only way it would have recorded anything would be if someone had said the words “Amazon” or “Alexa” just prior to the murder. Those are the phrases that trigger the recording process.

Based on this, Amazon has a good chance of defeating the warrant.

However it plays out, you can bet that people who offer voice activated products will be watching the case with interest. If law enforcement is successful in compelling Amazon’s compliance, then it could put a serious damper on the public’s enthusiasm for having these sorts of devices in their homes.

Used with permission from Article Aggregator

On Christmas day, his family downloaded and installed an app on their Android-based LG Smart TV and wound up getting a ransomware infection. He took a photo of his TV screen and published it as proof. It is the first known instance of ransomware infecting a television set “in the wild,” but it certainly won’t be the last.

In 2015, security researcher Candid Wueest proved that it was theoretically possible by infecting her own smart TV as a demonstration, but it didn’t get a lot of attention. Needless to say, it’s getting more attention now. What’s worse is the fact that it’s fairly difficult to remove. Attempting to restore the device to factory default settings was ineffective.

When Cauthon called LG’s tech support, they promised they’d send a tech out for $350, which wasn’t much of a savings, since the hackers were only asking for $500 to unlock the set. In the end, Cauthon found the solution, but it involved a lot of hoop jumping.
Working with LG’s tech support on the phone, he was able to put the TV into recovery mode, which allowed the data to be manually wiped, which is a long, painful process that amounts to a more thorough factory reset.

While this was (eventually) successful, it should be noted that Cauthon’s software development background gave him a significant leg up where dealing with this issue was concerned, and even for him, it was a tortuous process that took several hours. The average user would have essentially no chance of success, and be left with few options other than simply paying the ransom and hoping the hackers were true to their word.
It's an interesting case that highlights just how vulnerable our “smart” devices are, and the potential complications that can arise from our increasing reliance on them.

Used with permission from Article Aggregator

The fact that a psychiatric patient (current or former) was able to access the information at all is disturbing enough, but there’s more to the story. This incident was observed by a member of the staff, who notified his supervisor who, to his credit, took steps to restrict the access of the library’s computer to put such information off-limits.

Unfortunately, while steps were taken, the incident was not reported to upper management in either the New Hampshire Hospital or DHHS. Not long thereafter, that same former patient posted non-confidential information on social media, which was when the hospital became aware that he had not only accessed, but also copied the information.

At this point, law enforcement and DHHS officials got involved and an investigation launched.

Unfortunately, the deeper they dug, the worse it got.

As it turns out, the former patient had also been able to access protected health information, which also wound up on social media. In all, nearly fifteen thousand DHHS clients had their personal information exposed, including names, addresses and social security numbers.

The information was removed just hours after it was discovered, but there’s no way to tell if anyone made copies during the brief window of time it was widely visible.

The criminal investigation into the matter is ongoing, and the hospital’s IT department has identified and eliminated the flaw that allowed the breach in the first place. However, this incident underscores just how easy it is to miss one small detail and open the door to a breach which could have serious consequences.

Used with permission from Article Aggregator

Slated to be released to Windows Insiders users in January of this year, and the rest of the installed base sometime in the spring, the new mode causes Windows 10 users to behave a lot like an X-box. When a game is launched, the OS will re-prioritize the processes it’s running. Any process that’s not directly tied to the game you’re currently playing will be given a lower priority.

At this point, there are a number of unknowns. For instance, there are no estimates yet about what kind of performance boost this will lead to when you’re playing a game. It’s also unclear whether this applies only to games that have been installed on your local machine, or if the game mode would also activate if you launched a game from your Steam account.

While this is interesting, what’s even more intriguing is the idea that this could be the tip of a very large iceberg. One could easily imagine Microsoft creating other optimization modes as well.

Consider, for example, the struggles business face when dealing with very large datasets.
How much of a performance boost could be seen if the company also created a Data Processing Mode that specifically idled or re-prioritized operations that were nonessential to dealing with these data sets?

The possibilities are endless here, and Microsoft could really be onto something.
Given the ongoing explosion of internet-connected devices and the oceans of data they are now providing, any new tools the business community can get their hands on that will help deal with the deluge are going to be gratefully accepted. For that reason alone, the success of Microsoft’s Game Mode bears watching.

Used with permission from Article Aggregator

One of the most amazing and disheartening aspects of internet use is that after all this time, a shocking number of people are still getting taken in by the lure of installing a “crack” for popular software.

It should go without saying that installing a cracked version of any software carries certain inherent risks. After all, there’s no expectation that the person or group who cracked the software in question has your best interests in mind.

And yet, even though all of that is painfully obvious, people keep falling for the ruse.
They see some cracked version of software they use, figure it’s a free way to get a full-featured version, and too often, install it without thinking twice.

Most of the time, the result is annoying, but harmless. You get a few random popups, and your browsing experience is a little more cluttered than usual.

Sometimes, though, you get a lot more than you bargained for. It’s not unheard of for hackers to install keyloggers, ransomware or malware that can give them complete control over your system.

That’s bad enough if you do it at home. It’s even worse if you do it while using a device you use to access work materials, because in doing so, you not only provide the hackers with access to all your personal information, but you expose your company to unnecessary risks as well.

Fortunately, this is a fixable problem, and as we start 2017, it bears repeating that any time you are presented with an opportunity to install a cracked version of anything from your favorite antivirus software, just say no. You’ll save yourself an enormous number of headaches, and that’s priceless.

Used with permission from Article Aggregator