Tuesday 1st June 2015
Password hacking, data breaches and new online protection – five of this week’s biggest stories
In the first of a regular news slot, we’re gathering together all the latest developments in internet security, technology and password protection – as well as the more serious breaches around the world you need to be aware of…
- FACEBOOK TEST NEW SECURITY CHECKUP
Research shows that many Facebook users are unaware of, or simply ignore, the security tools – so the social media giant is testing a new feature that takes the options out of a drop down menu and makes them unavoidable. A percentage of users will see the “Security Check” tool appear on their News Feed, enabling them to change their passwords, turn on login alerts, and clean up login sessions simply by clicking through the screen prompts.
- PEOPLESOFT FLAWS EXPOSED
Oracle’s PeopleSoft software – used around the world in human resources, financial management, customer relations management and others – may be vulnerable to hackers, according to experts. Security hackers Alexander Polyakov and Alexey Tyurin say the software contains unpatched weaknesses, where attackers could use password reset sites to easily obtain admin passwords.
- HACKERS STEAL $50M WORTH OF US TAX REBATES
Using stolen social Security numbers, birth dates, street addresses and other personal information, criminal hackers managed to breach the multistep authentication website of the US Internal Revenue Service. After receiving fraudulent returns, the I.R.S. said, the agency sent nearly $50 million in refunds before it detected the scheme.
- NEW DATABASE PROTECTION CREATED
Stealing usable passwords from a data breach using brute-force attack techniques has just got harder, thanks to a new system from researchers at Purdue University in Indiana. ErsatzPasswords uses hardware security modules to add an extra step in the encryption process – so while hackers will still be able to crack a database file, “the passwords they will get back are fake passwords or decoy passwords”.
Further reading: Dashlane’s Guide to Military Grade Encryption
- AND FINALLY…
From xkcd: “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”