SECURITY: Don’t Get ‘Juice Jacked’ While Recharging In Public

Do you plug your phone into free public charging stations? Be careful! According to NBC News , you may get ‘juice jacked’ by hackers who have installed malware that can tunnel and copy your sensitive personal information! Cybersecurity expert Jim Stickley demonstrates how a hacker could access a person’s phone through a public charging station.NBC News “Depending on the vulnerability they exploit, they would have access to everything you would have access to on your phone,” according to cybersecurity expert Jim Stickley.

Source: Don’t Get ‘Juice Jacked’ While Recharging In Public, Cybersecurity Expert Warns

# – # – # – # – #

Personally, I don’t use “public charging stations”.  I have several cheap battery blocks for the purpose.  In the rare instance that I have to, I “juice” the block and then connect the device to the block.

Can’t be too careful in “security”

— 30 —

SECURITY: Dump Verizon (aka AOL aka Yahoo) as well as your ISP email address NOW!

https://pjmedia.com/trending/yahoo-and-aol-can-now-read-your-emails-access-your-bank-records/

If you now have a Yahoo or AOL account, I recommend that you close your account.

​Seriously, not that I think​ Google is “Prince Charming”, but Verizon has now gone “over the edge”, imho.  Of course, it’s a giant PIA to change email addresses. 

That’s why I suggest that you have your own domain? The common wisdom, or is that common whizdumb, is to own your own name as a domain name. I own “reinke.cc”. (I like saying “sea sea me at reinke.cc”! me@reinke.cc will actually work!) I gives one quite a bit of control. 

And, it’s very cheap. I know three solutions at 15$/year using wordpressdotcom with gmail, 25$/year email only with 1and1, and 60$/year for domain+email+webspace also at 1and1. My point is not that you should use 1and1. http://www.1and1.com/?k_id=9113251 I could care less which one you use. It’s that getting on to your own domain with email is cheap and easy. And, it’s not hotmail, yahoo, or gmail. It IS your own “personal brand”.

If you find out later that you’ve been abused by Verizon aka AOL aka Yahoo or your ISP, then you can’t say you did get warned.

# – # – # – # – #

SECURITY: Don’t reuse passwords

It’s World Password Day

Passwords are in the spotlight today and it’s an important reminder to reconsider our online security routine. Our recent research project, The Psychology of Passwords, shows a startling reality of unsafe online practices. Here’s a little preview of the habits that make hackers very happy:

 59% mostly or always use the same password

 53% have not changed passwords in the last year

 64% want to easily remember their passwords
From this, we’ve learned that consumers are using the same easy-to-remember password for multiple accounts (despite the increase in cybersecurity threats and breaches).

Don’t let yourself be one of these stats – participate in World Password Day! Refresh your passwords today and secure your digital life.

# – # – # – # – # 2018-May-03 @ 12:21

SECURITY: FBI paid Geek Squad employees as informants

http://www.foxnews.com/tech/2018/03/07/fbi-paid-geek-squad-employees-as-informants.html

The FBI paid Geek Squad employees as informants

*** begin quote ***

The FBI has been in cahoots with Best Buy’s Geek Squad for at least the past decade, new documents obtained by the Electronic Frontier Foundation (EFF) via a Freedom of Information Act (FOIA) lawsuit reveal.

An FBI memo obtained by the nonprofit digital rights group reveals that Best Buy in September 2008 hosted a meeting of the law enforcement agency’s Cyber Working Group at a Geek Squad repair facility in Kentucky. The memo indicates that the local FBI division “has maintained close liaison with the Geek Squad’s management in an effort to glean case initiations and to support the division’s Computer Intrusion and Cyber Crime programs.”

*** end quote ***

While I have no love for child porn, its producers, to its consumers, I am concerned about the Fourth Amendment. It would seem that the Geek Squad has become agents of the police and subject to the usual requirements of warrants.

It sets up a very suspect set of circumstances.

How does one ensure that the evidence was planted?

Does Best Buy have a secure image taken before the staff works on it? Are patrons advised to take an image before submitting a computer for service?

Makes one think doesn’t it?

# – # – # – # – # 

SECURITY: “Mobile Witness” as a tool

http://www.zdnet.com/pictures/android-ios-apps-to-download-before-disaster-strikes/13/

Mobile Witness

If you are in the area when a situation calls for evidence — such as in the case of dubious behavior or crimes — Mobile Witness can provide a way to record audio and video.

Rather than store this footage on your mobile device, which may be lost, taken, or stolen, recordings can automatically be sent to third-party cloud storage providers including Dropbox and Google Drive.

# – # – # – # – #

Great idea!

# – # – # – # – #

SECURITY: A password manager is essential today

https://www.lifewire.com/password-managers-4151868

Password Managers You Need
Online security can be stress-free with a password manager in your corner
by Tom Nelson
Updated October 02, 2017

*** begin quote ***

A password manager is an application that can generate, store securely, retrieve, and manage passwords and other login credentials. And it may well end up being the best friend you have when it comes to keeping your privacy safe while browsing the web and accessing your favorite online services.

Password managers let you collect and store all of your passwords and login information for various accounts in one easy-to-access app that can log you in to any service you have subscribed to with just a couple of clicks or taps.

The ease of access to your passwords usually puts an end to two of the most common security problems involving online services: using the same password for multiple sites, and using easy to remember, and thus easy to guess, login credentials.

It’s important to use different passwords for each and every site/service you use because if one of the sites or services you use is hacked and the hackers gain access to your name and password, they will start trying your name and password combination on lots of sites (think banks and social media sites). By having completely different passwords for each site/service leaves you far less vulnerable.

*** end quote ***

I am a lastpass fanboy.

https://lastpass.com/f?408336

Just this week, I had to help two people with “password problems”.

Both were with IOS, which makes me suspect that IOS screwed something up?

In any event, one was with Yahoo mail. Of course, the noob had never set anything up with “disaster recovery” in mind.

(And, the Sprint tech, who swap her phone out on an upgrade, never backed up any of her “stuff”. She was in tears until I suggested that she request photos from her friends with whom she probably shared them with. That got her back a lot but no one knows if it was all. I set up Google Photos to archive all of them and turned on her iCloud back up. Argh!)

Any way, I was able to get her phone to register with Yahoo as a recovery alternative. And, then recover her original password. Eventually, Yahoo “timed out” and “excessive recoveried” her. But it was good enough to get her mail flowing again.

I set up her LastPass and it began automatically capturing passwords for her.

But why does everything have to be done AFTER a disaster?

Argh!

Do these technology companies not realize that it has to be brain dead simple and that the average User has no concept of what is going on?

Argh!

# – # – # – # – #

SECURITY: Print Your Google Backup Verification Codes

http://www.makeuseof.com/tag/print-google-backup-verification-codes-prevent-getting-locked/

Print Your Google Backup Verification Codes to Prevent Getting Locked Out
Saikat Basu October 26, 2017

*** begin quote ***

If you use Google’s two-step authentication system to protect your Google accounts, you could accidentally get locked out. It’s one of the biggest risks of two-factor authentication. And if you can’t get a mobile signal, then you can’t get the needed SMS messages in time.

*** end quote ***

The better question is WHY AREN’T you using two-step authentication anywhere it’s offered?

# – # – # – # – #  

SECURITY: He was moving terabytes of data off Congress’s system — why?

http://www.foxnews.com/opinion/2017/10/10/democrats-it-scandal-just-got-even-more-bizarre.html

The Democrats’ IT scandal just got even more bizarre
By Frank Miniter, Fox News

*** begin quote ***

I’m referring to the strange case of Imran Awan, the IT aide Rep. Debbie Wasserman Schultz, D-Fla., kept on her congressional payroll even after it became known he and his wife, Hina Alvi Awan, were being investigated by the Capitol Police for possible theft, fraud, moving terabytes of data off Congress’s system and more.

*** end quote ***

Sounds like this is getting more interesting.

Wonder when, or if, the whole story will come out?

I hope all the IT security folks are watching carefully!

# – # – # – # – # 

SECURITY: Don’t reuse the same password at ANY site

http://www.nytimes.com/2016/12/14/technology/yahoo-hack.html

TECHNOLOGY
Yahoo Says 1 Billion User Accounts Were Hacked
By VINDU GOEL and NICOLE PERLROTHD
EC. 14, 2016

*** begin quote ***

SAN FRANCISCO — Yahoo, already reeling from its September disclosure that 500 million user accounts had been hacked in 2014, disclosed Wednesday that a different attack in 2013 compromised more than 1 billion accounts.

*** end quote ***

There are too many good password utilities that make this unnecessary. 

I have over three hundred sites where I have accounts and no site has the same password.

AND, my passwords are as long as the site allows and with whatever mix of character types they allow.

My financial sites (i.e., the banks and brokerage) have their passwords written down off line.

(Yeah, that a small PIA but I sleep better.)

Ask me if you need information security advice.

Otherwise, you’re just a target waiting for the random hacker or script kiddie.

Argh!

# – # – # – # – # 

SECURITY: TDAMERITRADE delayed reaction

2016-Jul-01

 

Dear Valued Client, 

The security of client information is a top priority for us. As part of routine monitoring, we have learned that client email addresses and passwords from a breach at LinkedIn® were compromised and recently published online. While the breach is not TD Ameritrade-related, we believe that the User ID on your TD Ameritrade Institutional account matches an email address from that breach. 

As a precaution, we have expired the password on your TD Ameritrade Institutional account. We know that many people reuse the same passwords on multiple websites, so it is important that we take this proactive step.* 

You will need to log in to your TD Ameritrade Institutional account to change your password. Please be sure that the new password you create is different from your previous one. 

If you have trouble accessing your account, or if you have any questions, please contact your Advisor or call TD Ameritrade Institutional at 800-431-3500 option 2. 

Sincerely,

John Tovar 
John V. Tovar 
Managing Director, Brokerage Services

 

# – # – # – # – # 

Argh!

So because they have Clients that are boobs, I have to be inconvenienced?

And, I hate to tell them the LinkedIn breech was a LONG time ago.

I guess they had to figure out how to expire all the old passwords OR they just heard about it.

Argh!

# – # – # – # – # 

SECURITY: Tell me that this is for MY benefit

Dear Ferdinand,

As we move closer to joining together with Starwood®, we want you to continue taking advantage of everything the Marriott Rewards® program has to offer by making sure your account information is current and secure.

It is our ongoing priority to ensure your personal information is protected. For your continued security, we will be implementing enhanced password protections over the next few weeks. 

You are receiving this email because your account password needs to be updated to comply with our revised security measures. We encourage you to log in and follow the steps below as soon as possible to ensure uninterrupted access to your account when the new password requirements take effect.

As a reminder, experts recommend that you periodically change the passwords you use to access websites as a precaution. Changing your Marriott Rewards password is easy. All you will need to do is:

Log in to your Marriott Rewards account on your desktop or laptop
 
Select “My Account”
 
Select “Profile”
 
Select “Edit” in the Password section
 
Enter current and new password
 
Confirm your identity if you are not using a registered device
Log on now to your Marriott Rewards account to take action. Thank you very much for taking the time to update your password information. 

Sincerely,

Argh! I’m SURE that this id for MY benefit.

Argh! Laugh!

# – # – # – # – # 

 

SECURITY: United Airlines resets their security?

*** begin quote ***

To better protect your United MileagePlus® account, we’ll soon no longer allow you to use your PIN to sign in. Instead you’ll need to have security questions and a strong password.
If you haven’t done so already, please sign in to your account today. You’ll be asked to complete these steps:
(1)  
Validate your email address
(2)  
Choose and answer new security questions
(3)  
Update your password
For now, you will still need your PIN when you call the United® Customer Contact Center, so don’t lose track of that just yet.
Thank you for being a MileagePlus member and for taking the time to update your account.

*** end quote ***

I guess that someone has hacked United Airlines.

Didn’t hear about this in the media.

# – # – # – # – # 

 

 

SECURITY: Help wanted — an info sec person for an LA hospital

http://www.dailymail.co.uk/news/article-3452178/Los-Angeles-hospital-paid-17-000-ransom-hackers-regain-control-computers.html

Los Angeles hospital paid $17,000 ransom to hackers to regain control of computers

  • Hollywood Presbyterian Medical Center was hacked on February 5
  • The cyber criminals had demanded $3.4million to give them control back But the accepted a lower fee – the cash equivalent of 40 bitcoins 
  • CEO Allen Stefanek said patient care was not affected during the attack 

By WILLS ROBINSON FOR DAILYMAIL.COM and ASSOCIATED PRESSPUBLISHED: 20:17 EST, 17 February 2016 | UPDATED: 22:12 EST, 17 February 2016

# – # – # – # – # 

I guess they need to fire their current CEO, CIO, CTO, CISO, CDRP, and their IT audit leadership.

Some these should be working as clerks in Walmart or McDonalds. If they can make the cut!

Oh BTW where were “the regulators”?

Argh!

# – # – # – # – # 

SECURITY: Apple Tim Cook is wearing “the Emperor’s new clothes” with respect to “privacy”

http://www.france24.com/en/20160219-usa-apple-plays-digital-privacy-hardball-with-fbi-but-not-china

Business – Apple plays digital privacy hardball with FBI, ‘but not China’ – France 24

*** begin quote *** 

Apple was hailed as a champion of digital privacy this week after refusing to help the FBI hack into an iPhone belonging to a suspect in the San Bernardino shooting. But the firm hasn’t always been so scrupulous about user data, especially in China.

*** end quote ***

FURTHER undermining the Apple argument!

# – # – # – # – # 

SECURITY: Email security STARTS with your own domain name

http://www.pcmag.com/article2/0,2817,2497611,00.asp

Time Warner Cable Warns Users of Possible Data Breach
BY STEPHANIE MLOT JANUARY 7, 2016 02:24PM EST

# – # – # – # – # 

Here’s a reason NOT to use an ISP for your email address.

Another is that you’re locked into that ISP for email.

Argh!

May I suggest that you have your own domain?

The common wisdom, or is that common whizdumb, is to own your own name as a domain name. I own “reinke.cc”. (I like saying “sea sea me at reinke.cc”! me@reinke.cc will actually work!) I gives one quite a bit of control.

And, it’s very cheap. I know three solutions at 15$/year using wordpressdotcom with gmail, 25$/year email only with 1and1, and 60$/year for domain+email+webspace also at 1and1.

My point is not that you should use 1and1. http://www.1and1.com/?k_id=9113251 I could care less which one you use. It’s that getting on to your own domain with email is cheap and easy.

And, it’s not hotmail, yahoo, AOL, or gmail. It IS your own “personal brand”.

# – # – # – # – # 

SECURITY: Multiple questions are secondary passwords

Argh!

Why do I get frustrated when people insist on being insecure?

# – # – # – # – # 

To our eService Customers:
 
On December 21, 2015, Washington Gas launched its new eService portal in an effort to improve the overall online customer experience. We have expanded the online self-service options, provided you with energy consumption information and month-to-month usage comparisons, as well access to billing and payment options, such as our Budget Billing and Auto-Pay programs. 
 
Since the launch, we have experienced some technical issues, particularly related to log on and password reset. During log on, please be aware  that you may encounter delays as you are: 1) directed to the page where you are required to change your password; and 2) answer three brief security questions, both of which conform to sound security practices. We apologize for any delays you may experience during this process.
 
During the next few weeks, we will remain focused on identifying, addressing and resolving deficiencies in the new system. By the time you receive your next bill and log onto our system, we expect that your online experience on our new site will have improved significantly as we approach the level of service you expect and deserve.
 
Until we resolve all issues, please consider using your mobile device to access the eService site. Customers accessing the site in this way are experiencing faster site performance.
 
As a reminder, the following payment options are still available to you:
 

  • Call our automated payment line at 703-750-7944 to make a phone payment with a check or credit card. 
  • Contact our customer service center at 703-750-1000 for assistance with a payment. Customer service hours are 8 AM to 9 PM on weekdays and 8 AM to 4:30 PM on Saturday. The center is closed on Sundays.

 
There are no transaction fees for payments made through these two alternative methods. Late fees will be waived for eService customer payments delayed by the implementation of the new portal.
 
Thank you for your patience and for being a valued Washington Gas customer. Again, we apologize for the inconvenience these technical issues may cause. Our continued goal is to provide the best possible online experience and we will continue to provide updates and share information on the www.washgas.comhome page in the coming weeks.
 
Tanya Hudson
Division Head, Consumer Services

# – # – # – # – # 

SECURITY: How to spot a fake email?

http://www.foxnews.com/tech/2015/11/22/tech-q-spy-apps-fake-email-and-bluetooth-speakers.html?intcmp=hpff

How to spot a fake email?

*** begin quote ***

Q. I got an email from Amazon that was a security alert about my account. How can you tell if it’s legit or not?

A. The fake email is a favorite of scammers trying to steal your information. Major companies don’t send out emails that haven’t been checked by a team of professional writers and editors, so poor writing is a dead giveaway. They also won’t ask you to click on anything or download an attachment.

*** end quote ***

I have a better way. GET YOUR OWN DOMAIN!

May I suggest that you have your own domain? The common wisdom, or is that common whizdumb, is to own your own name as a domain name. I gives one quite a bit of control. And, it’s very cheap. I know three solutions at 15$/year using wordpressdotcom with gmail, 25$/year email only with 1and1, and 60$/year for domain+email+webspace also at 1and1. My point is not that you should use 1and1. http://www.1and1.com/?k_id=9113251 I could care less which one you use. It’s that getting on to your own domain with email is cheap and easy. And, it’s not hotmail, yahoo, or gmail. It IS your own “personal brand”.

https://reinkefaceslife.com/2010/02/27/service-your-isp-email-address-is-a-trap/

And you don’t want your ISP, like comcast, twc, or aol, to lock you into their service.

https://reinkefaceslife.com/2007/07/14/productivity-changing-email-addresses/ 

And you don’t want the hassle of changing your email and risk “losing” people.

Use my trick of assigning specific emails to your correspondents. For example, XRAY0001 at my domain is American Express. If I EVER get an email from Amex that doesn’t come in on that address, I know it’s a fraud and I delete it right away. Easy peasy!

Simple!

For cheap protection. Do it now. Lest a Nigerian Prince catch you “asleep at the switch”.

# – # – # – # – # 

 

SECURITY: Why not require photo id?

http://www.unionleader.com/article/20150506/NEWS03/150509580&source=RSS

Woman advocates vigilance after thieves took wallet and spent $20,507 in 2 hours
By CASSIDY SWANSON
Union Leader Correspondent

*** begin quote ***

BEDFORD — After having her wallet stolen out of her shopping cart at the Bedford Mall and more than $20,000 charged to her credit cards, a Manchester woman is cautioning women and seniors to be more vigilant about their belongings while out shopping.

*** and ***

“Why isn’t it mandatory to ask for an ID? You know, we’re talking 15 seconds here,” she said.

*** and ***

Fellbaum said at Best Buy, the thieves tried to use Fellbaum’s Chase Visa card for the two transactions. It was declined, so the store allowed them to use her Bank of America card.

The thieves also paid in two transactions at the Apple Store.

The Bank of America card was denied at the Apple Store, and that store allowed the thieves to use Fellbaum’s Citizens Bank card. On the second transaction, the thieves used her Sam’s Club MasterCard.

At Finish Line, Fellbaum’s Bank of America card was declined, but the store allowed the thieves to use her Citizens MasterCard.

“Nobody asked for ID,” she said. Fellbaum also said she was told by a manager at Best Buy that credit card companies prohibit the store from asking customers for identification when paying with a card.

“I don’t believe that’s true,” she said.

*** end quote ***

It would seem that this type of crime would immediately be reduce by requiring photo id.

Need it to get on a plane.

So why not to vote or to charge?

And, I’m sorry, after a decline, why not take some extra precautions.

Multiple declines?

Argh!

“Photo id required” goes on all my cards!

# – # – # – # – # 

SECURITY: Unauthorized iPad and iPhone

http://www.judicialwatch.org/blog/2015/03/state-dept-source-hillary-likely-used-unauthorized-ipad-iphone-as-sec-of-state/

State Dept. Source: Hillary Likely Used Unauthorized iPad, iPhone as Sec. of State
MARCH 10, 2015

*** begin quote ***

Clinton’s persistent efforts to persuade the State Department’s technology security experts to approve the use of her favorite Apple devices led those in the division to conclude that she did in fact go through with it. “My guess is she did it and wanted approval after the fact,” JW’s source said. “But no waivers were ever issued.” JW reached out to the State Department for a comment on this latest potential scandal surrounding its former leader, but failed to get a response.

*** end quote ***

For the “little people”, you do this and you get fired.

For the “big people”, “what difference does it make?”

Argh!

# – # – # – # – # 

 

Lead Independent Director of Tiptree Financial 

SECURITY: Hillary violated the Records Act

http://www.washingtonpost.com/blogs/the-fix/wp/2015/03/02/hacked-emails-indicate-that-hillary-clinton-used-a-domain-registered-the-day-of-her-senate-hearings/

Hacked emails indicate that Hillary Clinton used a domain registered the day of her Senate hearings
By Philip Bump March 2 at 10:15 PM

*** begin quote ***

The New York Times reported Monday night that, during her tenure at the State Department, Hillary Clinton never used her official email account to conduct communications, relying instead on a private email account. As the Times notes, only official accounts are automatically retained under the Federal Records Act, meaning that none of Clinton’s email communication was preserved.

*** end quote ***

Who goes to jail?

# – # – # – # – #  2015-Mar-03 @ 09:50  

SECURITY: A “stuck backspace key”? You’re joking!

http://www.washingtonpost.com/blogs/erik-wemple/wp/2015/01/29/justice-departments-ig-report-disputes-attkissons-computer-intrusion-allegations/

Justice Department’s IG report disputes Attkisson’s computer-intrusion allegations
By Erik Wemple January 29 at 2:30 PM

*** begin quote ***

Lastly, Attkisson reported to the OIG that a “suspicious” cable was attached to her Internet Service Provider’s connection box installed on her house. She opined to the OIG that perhaps this cable was being used to “tap” her house. Further investigation by the OIG revealed that the cable was a common cable used by the provider and could not be used to monitor or otherwise affect the phone or internet service at her residence.

And in response to Attkisson’s videotape of an alleged hacker deleting content from her computer screen, the report says that the activity was caused by “the back space key being stuck.”

*** end quote ***

Pardon my French, but are you <synonym for the act of procreation in real time> kidding me.

I bought and read her book.

How can they comment on the “suspicious cable” when it was removed by person or persons unknown?

Unless they have the cable.

Then the question is HOW did it come into their possession.

And, really, a “stuck backspace key”, seriously. That’s the story they are going with?

Argh!

Someone should be in jail. 

Correction, lots of someones!

Argh!

Maybe that’s what caused the Target breech, the SONY leak, and global cooling / warming?

Argh!

# – # – # – # – # 

SECURITY: Tricks for passwords

http://www.networkworld.com/article/2860418/security0/6-simple-tricks-for-protecting-your-passwords.html?nsdr=true

6 simple tricks for protecting your passwords
By Maria Korolov Follow
Network World | Dec 22, 2014 3:00 AM PT

*** begin quote ***

We all know that the current username-and-password system is broken. With Russian hackers reportedly sitting on over a billion passwords, and new breaches hitting the news on a regular basis, it’s fair to assume that if hackers don’t have your password already, they’re about to.

“Most websites and companies require passwords that are at least eight characters long, contain lower and upper case characters, a number, and one or more special characters,” says Vincent Berk, CEO of network security firm FlowTraq.

These kinds of password policies have actually reduced security overall, argues Jacob West, CTO at HP Enterprise Security Products. “We need to bring some sanity back to our password policies,” he says. “A human will never be able to meet these requirements.”

*** and ***

1. Letter substitution cipher: a=b

2. Letter substitution cipher: a=s

3. Never write down encrypted passwords; banana, not nsmsms

4. Use earworms to your advantage: Wheels on the bus go round and round

5. The mnemonic code: a=alpha

6. Add site name to end of password: banana-twitter

*** and ***

One popular alternative is to use a password management tool that keeps all your passwords in an encrypted file, usually in combination with apps on your desktop, laptop and mobile devices.

*** end quote ***

I have used all of these at one time or another.

I think LASTPASS with a complex master password written no where is “good enough” for my non-financial passwords. The few financial ones I have memorized.

AND … …

For those sites who use “security questions”, Users should treat those just like passwords. Do NOT use real answers.

Happy New Year!

# – # – # – # – #   

SECURITY: Use unique passwords at every site

http://arstechnica.com/staff/2014/12/ars-was-briefly-hacked-yesterday-heres-what-we-know/#p3

Ars was briefly hacked yesterday; here’s what we know
Readers, please change your passwords.

by Ars Staff – Dec 16 2014, 4:52pm EST

*** begin quote ***

Log files show the hacker’s movements through our servers and suggest that he or she had the opportunity to copy the user database. This database contains no payment information on Ars subscribers, but it does contain user e-mail addresses and passwords. Those passwords, however, are stored in hashed form (using 2,048 iterations of the MD5 algorithm and salted with a random series of characters).

Out of an excess of caution, we strongly encourage all Ars readers—especially any who have reused their Ars passwords on other, more sensitive sites—to change their passwords today.

We are continuing with a full autopsy of the hack and will provide updates if anything new comes to light.

Thanks to everyone who offered their support!

*** end quote ***

LASTPASS ensures a unique password every time.

# – # – # – # – #   

SECURITY: Government-grade malware is a problem for all

https://www.schneier.com/blog/archives/2014/12/corporate_abuse.html

Corporate Abuse of Our Data
Bruce Schneier

*** begin quote ***

That is not a good enough excuse, though. As nation-state malware becomes more common, we will often lack the whole story. And as long as countries are battling it out in cyberspace, some of us will be targets and the rest of us might be unlucky enough to be sitting in the blast radius. Military-grade malware will continue to be elusive.

Right now, antivirus companies are probably sitting on incomplete stories about a dozen more varieties of government-grade malware. But they shouldn’t. We want, and need, our antivirus companies to tell us everything they can about these threats as soon as they know them, and not wait until the release of a political story makes it impossible for them to remain silent.

*** end quote ***

Can’t do anything about it!

Don’t worry about it!

Argh!

# – # – # – # – #