A malware family that primarily targets Linux-based consumer routers but that can infect other Linux-based embedded systems in its path: Dissecting Linux/Moose.
The post Dissecting Linux/Moose: a Linux Router-based Worm Hungry for Social Networks appeared first on We Live Security.
A research paper from Google has looked into the difficulties of standard ‘forgotten password’ personal information verification.
The post Google reveals failure of ‘secret question’ password recall appeared first on We Live Security.
A new update to the Apple Store app for iPhone and iPad has bolstered its security features, adding two-factor authentication (2FA) and increased Touch ID support.
The post Apple bolsters app store security with 2FA and Touch ID appeared first on We Live Security.
Researchers have developed a system to protect password databases, allowing hackers to believe they have cracked the file, only to be given fake credentials.
The post Researchers design ‘decoy password’ system to fool hackers appeared first on We Live Security.
The system, called ErsatzPasswords (German for: Replacement Password ), should make it much harder for hackers to crack passwords. That could especially come in handy with data breaches, where cybercriminals gain access to a lot of hashed passwords from the leaks.
Since passwords are normally encrypted (storing a plain-text password would be a huge security risk!) hackers need to decrypt them somehow. A common approach would be the brute-force attack, where one would try guesses repeatedly for the password and check them against the available cryptographic hash of it. Ordinary desktop computers can test over a hundred million passwords per second using password cracking tools like John the Ripper. And that’s where ErsatzPassword comes into play:
“[…] when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords he will get are the ersatz passwords — the “fake passwords”. When an attempt to login using these ersatz passwords is detected an alarm will be triggered in the system that someone attempted to crack the password file”, says Mohammed H. Almeshekah, one of the authors of the paper. “Even with an adversary who knows the scheme, cracking cannot be launched without physical access to the authentication server.”
Sounds pretty cool and secure, right? If you want to find out more about the idea behind ErsatzPassword, take a look at the research paper or the code directly.
The post ErsatzPassword Gives Fake Passwords to Hackers appeared first on Avira Blog.
If you are like me, you have a love-hate relationship with passwords. You know you need them. You love them, because you they keep your data and internet-self secure. You hate them, because you have to come up with good ones in order to do so and because if they are finally really good, you most likely will forget them at one point.
The easiest solution would be to get a password manager that automatically 1) Generates complex passwords, 2) Encrypts and store them for you.
A run-of-the-mill six-letter password has 310 million possible combinations – and can be cracked by a fast PC in 30 seconds. The kinds of passwords generated by a password manager would take 23 years …
A password manager is out of the question for you? Then make sure you at least consider the following security tips:
If you have trouble coming up with a good, strong, and complex enough password, try one of the many password generators out there. Just make sure to remember it afterwards. 
What are your password tips?
The post World Password Day: Make Sure Your Password is Secure appeared first on Avira Blog.
First off there is Yahoo, who wants you to unlock mobile phones with your ears and knuckles. Then there is research going on which is centered on the “secrets” you and your smartphone share. And now PayPal has its own idea on what the new way to make your password safe and easy should look like.
The idea is actually a rather simple one. Instead of having to remember your password and trying to make sure that it stays really secure so that no one can steal it, PayPal wants you to swallow a pill. It’s not a normal pill though but one which thrives in the acid environments of your stomach. Embedded in it is a tiny microchip with all relevant information – it will allow you to log into your account without ever having to create and/or remember a password again.
According to PayPal the next wave of passwords will be edible, ingestible or injectable.
Johnathan Leblanc, the Global Head of Developer Evangelism at PayPal, believes that the next wave of passwords will be edible, ingestible or injectable and will remove the – what he calls – “antiquated” ways of confirming your identity. To protect against being hacked all data would be of course encrypted.
Find out more about this and other ideas from PayPal in the report from the Wall Street Journal.
The post PayPal says: This Microchip Will Be Your Password appeared first on Avira Blog.
Smartphone authentication: is biometric technology ready to replace PINs and passwords?
The post Smartphone Authentication: the Passing of the Passcode? appeared first on We Live Security.
“It won’t happen to me” is often uttered by citizens and businesses who are adamant that they won’t become a victim of cybercrime. But this confidence is often misplaced, with even the most basic security errors exploited by hackers.
The post 5 signs you’re in hackers’ sights appeared first on We Live Security.
Some companies try to help us out and make the login process into mobile phones and other devices easier – the most recent example being Yahoo with its ideas of using you ear and knuckles to do so. It sounds cool, but will it help you getting rid of the good old password altogether? Probably not.
Researchers believe that a very personalized authentication process could help out though. It would be a bit creepy if your smartphone asked you “Which YouTube-Video did you watch yesterday evening”, but at the same time it would also be pretty secure. Romit Roy Choudhury, an associate professor at the University of Illinois who researched the topic and wrote a paper on it, says: “Whenever there’s something you and your phone share and no one else knows, that’s a secret, and that can be used as a key.”
There are some drawbacks though:
Overall the results were not bad. The study showed that the password prompt works well enough – users were able to answer three questions correctly 95% of the time.
For more information head over to the article from MIT Technology Review.
The post Can your next password be found in your browsing history? appeared first on Avira Blog.