background preloader

How Apple and Amazon Security Flaws Led to My Epic Hacking

How Apple and Amazon Security Flaws Led to My Epic Hacking
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. In many ways, this was all my fault. Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location. Those security lapses are my fault, and I deeply, deeply regret them. But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. This isn’t just my problem. ‬The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.‪ I realized something was wrong at about 5 p.m. on Friday. Lulz. “Wait. “Mr.

Helping Students Create Positive Digital Footprints - ASCD Annual Conference 2012 Christine Fisher When asked what words come to mind when they think about students posting to the Internet, many educators list words like danger and safety. But with the likes of Robert Nay—who created one of the most downloaded iPad apps of 2011 when he was just 14—and even Justin Bieber—who began his international superstardom as a YouTube sensation—as inspiration, students and teachers alike should know the positives that posting to the Internet can offer. This was the message Steve Johnson, a technology skills teacher, parent, and author of two education books, shared during his Saturday session, "Digital Footprints: Your Students' New First Impression." "The main idea we get from surveying teachers [about students posting online] is there [are] a lot of negative connotations," Johnson said, as he aimed to reverse these negative perceptions and encourage educators to promote student-produced online content in their classrooms. "They are going to make mistakes," he said.

25 Worst Passwords of 2011 Pro tip: choosing "password" as your online password is not a good idea. In fact, unless you're hoping to be an easy target for hackers, it's the worst password you can possibly choose. "Password" ranks first on password management application provider SplashData's annual list of worst internet passwords, which are ordered by how common they are. ("Passw0rd," with a numeral zero, isn't much smarter, ranking 18th on the list.) The list is somewhat predictable: Sequences of adjacent numbers or letters on the keyboard, such as "qwerty" and "123456," and popular names, such as "ashley" and "michael," all are common choices. SEE ALSO: HOW TO: Protect Your Company’s Passwords As some websites have begun to require passwords to include both numbers and letters, it makes sense varied choices, such as "abc123" and "trustno1," are popular choices. SplashData created the rankings based on millions of stolen passwords posted online by hackers. SEE ALSO: 5 Tools for Keeping Track of Your Passwords 1.

OFSAD - Office Français pour la Sécurité et l'Archivage des documents Tiers de Confiance depuis + 10 ans Spécialisée dans les solutions d'archivage en ligne à valeur probatoire des documents d'origine papier et numériques, l'OFSAD s'est vite positionnée dans la conception et la gestion de produits d'assistance et de fidélisation comme une véritable source d'enrichissement de l'offre client. Depuis sa création en 2003, l'Ofsad a consolidé son expertise technique et intégré dans son équipe des hommes et des femmes possédant une grande expérience dans la gestion de ce type de projet. L'OFSAD - Office Français pour la Sécurité et l'Archivage des Documents - est une société anonyme simplifiée, SAS au capital de 186.640 euros fondée en 2003 pour préserver les intérêts et les droits du citoyen, des assurés, des épargnants, des consommateurs et des professionnels par l’archivage numérique en ligne et à valeur probante de tous leurs documents papier et numériques, dans les meilleures conditions de sécurité, d’ergonomie et de coût possibles.

10 Things Your Students Should Know About Their Digital Footprints Building a digital legacy is an issue I believe doesn’t garner enough attention in our personal and professional lives. In fact, some of the heaviest users of online tools and social media are our young students, who are growing up as a generation of visual learners and visual attention seekers. This is in fact the Facebook and YouTube generation, and the reality is that many teens are unconcerned about the dangers of sharing personal information online. A highly respected education advocate, Kevin Honeycutt, once asked me if any of us from our generation (GenX and before), had ever made a mistake in puberty. He then asked if our mistakes are “Googleable.” The reality is that our mistakes from puberty are not “Googleable”. With that in mind, I have developed some important facts and opinions that our students should be completely aware of as they live in their digital world, creating digital footprints along the way. 10 Things Your Students Should Know About Their Digital Footprints 1. 2.

A brief Sony password analysis So the Sony saga continues. As if the whole thing about 77 million breached PlayStation Network accounts wasn’t bad enough, numerous other security breaches in other Sony services have followed in the ensuing weeks, most recently with As bad guys often like to do, the culprits quickly stood up and put their handiwork on show. Sony stored over 1,000,000 passwords of its customers in plaintext Well actually, the really interesting bit is that they created a torrent of some of the breached accounts so that anyone could go and grab a copy. I thought it would be interesting to take a look at password practices from a real data source. What’s in the torrent The Sony Pictures torrent contains a number of text files with breached information and a few instructions: The interesting bits are in the “Sony Pictures” folder and in particular, three files with a whole bunch of accounts in them: Analysis Here’s what I’m really interested in: Length Character types Randomness Uniqueness Summary

A-CFN How School Librarians Can Assist You:Internet Safety and Filtering Insafe, a network of national nodes that coordinate Internet safety awareness in Europe makes the case for empowerment as the key to online safety. Safety risks are increased …”in the online environment by the fact that we can’t usually see whom we are communicating with, probably don’t know who provided the data we are accessing, and online content comes without any quality assurance from a reputable publisher or editor. In order to compensate for this, we need to develop our information literacy skills and behave in a more discriminating manner when online.” The following resources for parents should help you to better understand the complexities of the online environment and provide you with the tools to keep your child safe when online. Center for Safe and Responsible Internet Use (CSRIU) This site hopes to mobilize educators, parents, students, and others to combat online social aggression. Children's Internet Protection Act CyberSmart! CyberSmart! InSafe

tech blog » Blog Archive » zxcvbn: realistic password strength estimation Over the last few months, I’ve seen a password strength meter on almost every signup form I’ve encountered. Password strength meters are on fire. Here’s a question: does a meter actually help people secure their accounts? It’s less important than other areas of web security, a short sample of which include: Preventing online cracking with throttling or CAPTCHAs.Preventing offline cracking by selecting a suitably slow hash function with user-unique salts.Securing said password hashes. With that disclaimer — yes. These are only the really easy-to-guess passwords. Strength is best measured as entropy, in bits: it’s the number of times a space of possible passwords can be cut in half. This brute-force analysis is accurate for people who choose random sequences of letters, numbers and symbols. As a result, simplistic strength estimation gives bad advice. The table below compares zxcvbn to other meters. A few notes: I took these screenshots on April 3rd, 2012. Installation The model Data Conclusion

Cyberbullying What does cyberbullying look like? Children can cyberbully each other in a number of ways including: abusive texts and emails hurtful messages, images or videos imitating others online excluding others online nasty online gossip and chat Cyberbullying can happen to anyone, however often the children involved in cyberbullying are also involved in other kinds of bullying. Cyberbullying is the use of technology to bully a person or group. Cyberbullying can involve social, psychological and even, in extreme cases, physical harm. Because children and young people are often online it can be hard for them to escape cyberbullying. How teachers can help Research shows students often don’t tell adults about cyberbullying. Responding to cyberbullying If you notice a child in your class or the school yard showing any of the above signs, or other worrying and out of character behaviours, tell them you are worried and want to help. Safe schools address cyberbullying before it happens >Useful websites

Piratage de compte : Apple audite ses méthodes de vérification d'identité Nous avons fait écho hier dans nos colonnes de la mésaventure d’un journaliste du magazine Wired. Un pirate a pris le contrôle de trois de ses machines reliées par un compte iCloud, en s’en prenant directement à ce dernier. Le pirate n’a eu besoin que d’appeler l’Apple Care et de se faire passer pour sa victime afin d’obtenir une demande de réinitialisation du mot de passe. La source du problème : des informations pas si anodines L’histoire du journaliste Mat Honan fait la synthèse puis cristallise toutes les peurs liées au cloud. Le pirate avait récupéré les informations nécessaires auprès du support technique d’Amazon : l’adresse email, les quatre derniers chiffres de la carte bancaire ou encore l’adresse. Comme Honan le raconte lui-même dans sa version complète de l’histoire sur Wired, c’est à la base une faille de sécurité chez Amazon qui a mené au désastre. Apple bloque les réinitialisations par téléphone La sécurité ne doit pas venir que de l'utilisateur Vincent Hermann