Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

+ - Apple devices leaving the store insecurely configured-> 1

Submitted by troyhunt
troyhunt (548831) writes "It seems that Apple, as part of their demo and support processes, are connecting new Macs and iOS devices to an in-store Wi-Fi network without any encryption. Whilst not necessarily transferring any sensitive data at the time, the devices have been found to then willingly connect to rogue access points such as a Wi-Fi Pineapple as soon as they leave the store. Is Apple’s in-store process putting customers at risk?"
Link to Original Source
Security

+ - Our password hashing has no clothes->

Submitted by
troyhunt
troyhunt writes "Software developers have long relied on using a salt to add randomness to passwords before they’re hashed and stored in the database. The theory has always been that the unpredictability of the salt protected passwords by making them too computationally expensive to crack as it ruled out techniques such as rainbow tables which rely on pre-computed hashes. But the hardware of today – particularly GPUs – have now progressed to the point where cracking even salted passwords using fast hashing algorithms like MD5 and SHA is trivial, as this article demonstrates."
Link to Original Source
Security

+ - Interview with the man behind Comantra, the "cold call virus scammers"->

Submitted by
troyhunt
troyhunt writes "If you live in a western country and have a landline telephone with a listed phone number, chances are you’ve been “cold called” by someone on the other side of the world with an introduction that goes something like this:

"Hello, I am from the Microsoft technical support division and I am calling you because we have detected some problems with your computer. This is very important – I need you to go and turn your computer on right away..."

It doesn’t matter if you have a computer, in fact it doesn’t matter if you’ve never even touched a computer because these calls are totally random. It's a scam intended to prey on the fear of unsuspecting people who can be convinced there are genuine problems with their PC. I decided to contact the man behind the company which most frequently features in these scam calls and surprisingly, he agreed to answer some questions about his business."

Link to Original Source
Censorship

+ - Browsing the broken web: a software developer behind the Great Firewall of China->

Submitted by
troyhunt
troyhunt writes "Whilst we’ve long known that China takes a fairly aggressive stance on internet censorship, I thought a visit to Shanghai this week would pose a good opportunity to look at just how impactful this was to software developers behind the Great Firewall of China. It turns out that the access control policies make life very difficult at all sorts of levels when accessing simple technology resources we use every day from other countries. But I also found an amazing level of inconsistency with sites and services intended to be off limits being accessible via other means. It’s an interesting insight into how our developer peers can and can’t work in the country with the world’s largest internet population."
Link to Original Source
Security

+ - Scamming the scammers – catching the virus call centre scammers red-handed-> 1

Submitted by
troyhunt
troyhunt writes "It seems those scammers who keep cold-calling unsuspecting victims in an attempt to convince them their PC is infected with viruses just won’t let up. The scam is now rampant across the globe and it often ends with innocent victims being parted with cash for “fixes” they don’t need and their machine being left in a state where it can be remotely controlled at the scammers’ will. But this time the tables are turned; the entire episode is caught on video including the software products installed by the scammer and his attempt to extract payment from the “victim”. The video wraps up after the call is over with a look at what was installed and what the “problems” actually were."
Link to Original Source
Security

+ - Breaking CAPTCHA with automated humans->

Submitted by
troyhunt
troyhunt writes "We’ve all become accustomed to dealing with CAPTCHAs during the signup process for all sorts of different online accounts where the service owner wants protection from automation via bots. The basis of CAPTCHA is that it takes a human to solve; but what if we automate the humans? And then multithreaded them to work in parallel? Turns out the entire process can be implemented very easily and very cheaply such that CAPTCHAs can be circumvented for a fraction of a cent each."
Link to Original Source
IOS

+ - Secret iOS business; what you don't know about you->

Submitted by
troyhunt
troyhunt writes "After a bit of analysis of iOS network behaviour, it turns out today’s apps are doing some pretty nasty things under the convers. Excessive bandwidth consumption, data logging of even the most mundane tasks to remote services and glaring security vulnerabilities that don’t exist in their browser-based counterparts. There’s a seedy underbelly of very bad app design just under that shiny Apple veneer."
Link to Original Source
Privacy

+ - The Westfield's iPhone app privacy smorgasbord->

Submitted by
troyhunt
troyhunt writes "We’ve all become used to being monitored by centre management when we come and go from car parks, but what Westfield hasn’t told anyone is that their new iPhone app allows anyone to monitor the movements of any vehicle. The service behind the app serves up a veritable smorgasbord of number plates easily consumable by anyone with an internet connection."
Link to Original Source
Security

+ - The science of password selection->

Submitted by
troyhunt
troyhunt writes "We all know by now that most people do a pretty poor job of choosing passwords, but what’s behind the selection process? What’s the inspiration for choosing those short, simple passwords that so often adhere to such predictable patterns? It turns out there’s a handful of classic routes that people follow to consistently arrive at the same poor choices – and some of them are pretty shocking."
Link to Original Source
Security

+ - A brief Sony password analysis->

Submitted by
troyhunt
troyhunt writes "So the Sony saga continues. As if the whole thing about 77 million breached PlayStation Network accounts wasn’t bad enough, numerous other security breaches in other Sony services have followed in the ensuing weeks, most recently with SonyPictures.com where a significant portion of the database was publicly disclosed a few days back.

With all this customer data now unfortunately out there for public viewing, I thought it would be interesting to do some analysis on password practices. There are some rather alarming (although not entirely surprising) findings including:

36% of passwords appear in a common password dictionary.
50% of passwords are 7 characters or less.
67% of accounts on both Sony and Gawker use the same password.
82% of passwords are lowercase alphanumeric of 9 characters or less.
99% of passwords don’t contain a single non-alphanumeric character."

Link to Original Source

Comment: Automate your backups offsite (Score 1) 680

by troyhunt (#34959940) Attached to: How Do You Store Your Personal Photos?

There are plenty of easy ways to find the additional local capacity, but in terms of backups, IMHO any practice that requires you to manually perform tasks is setting you up for failure. You'll forget to put that backup disk at your mother in laws or you'll carry a few weeks of extra risk because you've been busy or any number of other reasons. And as for keeping backups at home, there's the risk of burglary, fire, flood, four horses of the apocalypse etc, etc.

There are some great online backup services these days that take care of the whole thing for you. Point it at your data, define a backup schedule and let it run. SugarSync gets some good feedback. Personally, I've found Mozy very good and for the sake of $5 per month for unlimited storage, I reckon it's a bargain. Here's my setup: http://troy.hn/bhP4F9

In terms of network and speed, even from Australia (typically slower connection to US based services), I pushed up over 100GB in about 4 days recently. A combination of fast, cheap bandwidth, unlimited storage and a reasonable rate of data collection makes this perfect for the scenario you describe.

Never tell people how to do things. Tell them WHAT to do and they will surprise you with their ingenuity. -- Gen. George S. Patton, Jr.

Working...