Yahoo deployed a stable version of its Account Key mechanism on Friday in hopes of eliminating the password on the company’s mobile apps.
Tag Archives: Security
VPN – The Virtual Private Network
VPN … You’ve heard the word but aren’t quite sure what to do with it. Your friends and maybe even kids are using it and you hear them going on about how useful it is and you just feel left out. So – what is a VPN and what can it do for you?
The post VPN – The Virtual Private Network appeared first on Avira Blog.
Why Can’t Apple Just Give the FBI What it Wants?
Recently the FBI obtained a court order that compels Apple to create and install a backdoor into its iPhone software to intentionally disable certain security measures. Although benign on the surface, this raises serious and pressing questions about the relationship between the government and technology companies, public safety, and user security. These concerns are so pressing that the tech industry, device manufacturers, and civil rights groups have nearly unanimously registered their opposition to the FBI’s actions to force Apple to weaken and alter its software for the FBI’s criminal investigation.
Given the importance of this issue and the high stakes, we, like others have articulated our opposition in publications and through media channels. Today, we took an extraordinary step of filing an amicus brief, prepared by Andrew Bridges and Tyler Newby, leading tech attorneys at the firm of Fenwick & West. The brief is intended to further educate the court on the adverse consequences of the order and the proper application of the relevant laws to the facts in this specific case.
At issue is how much authority we, as citizens, are truly willing to cede to the government in the name of national security and public safety. We think this order goes too far. Strong technical security fosters strong public safety. In a world where everyone’s digital footprint is a potential point of physical vulnerability, strong public safety in fact isn’t even possible without strong technical security.
This case won’t change that, regardless of who wins. A secure product, digital network, and device ecosystem improves safety by making it harder for criminals and those with malicious intent to compromise users’ security and privacy. We understand this may make it harder for law enforcement at times, but we made that decision when we signed the Bill of Rights 225 years ago this December.
The Vice Chairman of the United States Joint Chiefs of Staff Admiral James A. Winnefeld, agrees, having recently remarked, “I think we would all win if our networks are more secure. And I think I would rather live on the side of secure networks and a harder problem … on the intelligence side than very vulnerable networks and an easy problem [for our intelligence agencies].” The benefits of strong security outweigh the costs.
This debate is not new; it has been going on with the tech industry since at least the 70s, in various forms. The tech industry has also largely cooperated with law enforcement in the past, as did Apple in this case. But to cooperate here asks too much. To do so would be to take an action most companies would never willingly take—one that is antithetical to their very business.
Regardless of what happens in this case, we foresee that the tech industry response will be to adopt even more rigorous security measures, including ones they themselves cannot even exploit, balanced only by the business need to provide users data-based services. We are committed to continuing these vital conversations with fellow tech companies, legal experts, consumer advocates, and anyone else affected by this issue, one whose importance we cannot overstate and whose ramifications we likely cannot even yet conceive.
By Harvey Anderson, Chief Legal Officer and Justin Olsson, Product Counsel
Valentine’s Day and Romancing the Phone
Planning a pre-Valentine’s Day surprise? Let your iPhone — and the Avira Vault — help you make the big romantic decisions securely.
The post Valentine’s Day and Romancing the Phone appeared first on Avira Blog.
Avira’s Top Ten Internet Safety Tips
Security on a computer can be summarized as a two-way street: First, keeping the bad things from coming in and harming the device (like ransomware or viruses). Second, keeping news about your private life – with data, activities, and financial information – from leaving your device and falling into the wrong hands.
The post Avira’s Top Ten Internet Safety Tips appeared first on Avira Blog.
World’s 25 worst passwords revealed! Is yours one of them?
According to this report, the world’s most used passwords from 2015 were “123456” followed closely by “password” itself. And to make matters worse, out of the Top 25 over a third (40%) were lazy combinations of those first two passwords.
Also on the list were shockers such as “solo”, “starwars” and even “princess” more than likely referring to the latest Star Wars movie that has been top of mind for many.
Perennial favorites like “qwerty” and “1qaz2wsx” also appear on the list, as people continue to think that using a pattern on their keyboard will thwart the cybercriminals – who, by the way, have known about that technique for years!
| 1 | 123456 |
| 2 | password |
| 3 | 12345678 |
| 4 | qwerty |
| 5 | 12345 |
| 6 | 123456789 |
| 7 | football |
| 8 | 1234 |
| 9 | 1234567 |
| 10 | baseball |
| 11 | welcome |
| 12 | 1234567890 |
| 13 | abc123 |
| 14 | 111111 |
| 15 | 1qaz2wsx |
| 16 | dragon |
| 17 | master |
| 18 | monkey |
| 19 | letmein |
| 20 | login |
| 21 | princess |
| 22 | qwertyuiop |
| 23 | solo |
| 24 | passw0rd |
| 25 | starwars |
Okay yes, I’ll put my hand up, I’ve been guilty of using one of these passwords myself – have you? But the important question is why we do it.
Having to think of a new and unique password these days is annoying and frustrating, especially when we’re all being told to create different passwords for every online account we have. For some of us, that’s hundreds of accounts!
So what is the solution? Here are some password tips.
- Watch this video on why you should never use the same password twice – and understand how you can “separate” a common password for use across multiple sites in a reasonably secure way.
- When thinking up a new password, learn about the four common mistakes that people make with passwords, as I explain in this video.
- Where available, especially for important accounts like Email, Banking and Facebook, consider activating “2-Factor” or “2-Step” authentication where you can – it’s no excuse for creating a lazy password, but it does add another layer of security.
Until next time, stay safe out there.
How to create strong, unique passwords for all your accounts (and remember them!)
One of the best ways to protect yourself online is by using strong passwords. Yeah, right.
Do you write your passwords on sticky notes?
You’ve seen the rules before
1. Use long, strong passwords that mix letters, numbers, special characters, and capital letters
2. Avoid using the same password on different websites.
But since we have so many to remember, the average is 19 per person, then most people default to using easy-to-remember passwords. The most popular passwords for the past few years have been 123456 and password.
Is it safe to store my passwords in the browser?
Most browsers offer to store your passwords, and on the surface it seems like a convenient way to keep them handy. But the problem is, when you store passwords in your browser, they are stored on your device along with the information necessary to decrypt them – which makes them easy to hack.
One password to rule them all
What if you could remember only one password, but still follow the rules for creating strong, unique passwords? Cue the angels, because Hallelujah, you can!
Avast Passwords is a password manager free to all Avast 2016 users. Avast Passwords helps you manage passwords across all your devices and all you need to remember is one main password! Avast Passwords automatically imports passwords stored in your browser and when you need to create a new password, all you do is click a button and a secure password is automatically generated and stored.
Avast Passwords is available for Google Chrome, Firefox, and Internet Explorer. Even better – you can sync your passwords with other devices when they are connected to the same Avast account. Opera and Google Chrome are supported on Android phones, and Apple Safari on iPhones.
Watch this video to learn How to set up Avast Passwords on your Windows desktop.
Passwords is available on all editions of Avast Antivirus 2016, including Avast Free Antivirus. For additional features, you can upgrade to the premium version.
WordPress 4.4.2 Security and Maintenance Release
WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.
Thank you to both reporters for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the release notes or consult the list of changes.
Download WordPress 4.4.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.2.
Thanks to everyone who contributed to 4.4.2:
Andrea Fercia, berengerzyla, Boone Gorges, Chandra Patel, Chris Christoff, Dion Hulse, Dominik Schilling, firebird75, Ivan Kristianto, Jennifer M. Dodd, salvoaranzulla
The cat and mouse game of internet security
Virus Lab analysts can see real-time threats on the monitoring wall
Security is an evolutionary business rather than a revolutionary one.
“Computer security has been around for 25 or 30 years and the threats keep evolving,” Avast CEO Vince Steckler in a video interview with ValueTech.
The solutions keep evolving too. “If you go back 20 years ago, the big issue was script kiddies and big public splashes of viruses that frankly didn’t cause any harm. These days, things are much more complicated. You don’t have big flaws, big loopholes for bad guys to take advantage of. What this turned into is a cat and mouse game.”
Avast CEO Vince Steckler
Keeping up with the bad guys
To combat today’s cybercrooks, Avast Virus Lab analysts must study what the bad guys have done previously.
“You start trying to predict what the bad guys might be trying to take advantage of in the future and closing off those holes. At the same time, those guys are finding other little ways in and you have to catch up with them,” said Steckler.
Antivirus companies have done an excellent job at protecting the consumer and small business “endpoint” – such a good job that it’s actually very difficult to break into the endpoint itself. This forces cybercrooks to look for other entry points.
Avast experts agree that the likely path cybercrooks take is through the home router.
Home routers give cybercrooks an easy target
Consumer routers tend to be acquired based on price and they have a lot of flaws. Steckler estimates that, “We can break into probably about 70% of home routers in the world.”
The reason home routers are so vulnerable, he says, is that, “They are very poorly protected and the username-password on them is something that’s easy to crack. It’s not that difficult for someone to break in remotely over the Internet via the username and password or in a drive-by, in which case it’s even easier.” Most routers also have unpatched software leaving them with a number of vulnerabilities.
Recently the hacktivist group, Anonymous, launched a DDoS attack using compromised home routers so Steckler thinks that the frequency of those types of attacks will increase.
How to secure the Internet of Things,the Smart Home, and Industry 4.0
“The Internet of Things and 4.0 get a lot of press because they have nice catchy buzz words,” said Steckler. People have connected refrigerators, connected thermostats, door locks, security cameras, and baby cameras, but, “Right now a lot of internet-connected refrigerators don’t do anything. They are just a browsing tablet.”
“But when people start looking at what kind of protection is needed, you have to be thinking about what’s the risk. If my internet-connected refrigerator gets hacked, what happens? If my thermostat gets hacked, what happens?,” asked Steckler.
“The common thing with all of this is that none of these devices in the so-called Internet of Things really have any direct connection to the Internet. They are all connected, once again, through the home router,” said Steckler.
Since the home router is a vulnerable entry point that means that the risk for attack exists. “If you can harden your home router, that really goes a long way towards protecting the Internet of Things.”
The risk of BYOD
“The Enterprise is a much different story, when you get into the BYOD (Bring Your Own Device). We all have mobile devices, and for many reasons it’s much more convenient to use one mobile device for both your personal and your business,” said Steckler. “Some businesses encourage it by providing a device, but the fact of the matter is most everyone is going to be using one mobile device for both.”
That co-existence of personal and business-related data on one device that the employee is responsible for causes a risk to the consumer and the business. To the business it means that their data can be lost if access to the internal systems is compromised. If the employee loses the device, the typical company response will be to remotely wipe everything on it including all their personal stuff – then they suffer a big data loss.
“A solution is really to virtualize the entire corporate usage of it and run all the corporate usage on the corporate servers,” said Steckler. “That’s why we’ve brought out a new solution this year that does exactly that.”
Avast Virtual Mobile Platform (VMP) addresses these security risks, helping IT organizations liberate their businesses from leaks of confidential data and minimize mobile device costs.
Watch the entire interview including Mr. Steckler’s opinion about when Artificial Intelligence will become a threat to humanity and why Avast built a Silicon Valley-style building for its headquarters.
Threatpost News Wrap, January 29, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest on the BlackEnergy APT Group, Amazon getting into the SSL certificate game, and government agencies being told to audit their systems for the Juniper backdoor.