Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare. It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information...
Members of the porn site xHamster should be changing their passwords today after a set of nearly 380,000 usernames, emails and poorly hashed passwords appeared online. The subscription-only breach notification site LeakBase has published the set of login credentials, which Motherboard reports were being traded online. It’s not clear exactly where the database originated, but it contains information for only a small subset of...
Dropbox disclosed earlier this week that a large chunk of its users’ credentials obtained in 2012 was floating around on the dark web. But that number may have been much higher than we originally thought. Credentials for more than 60 million accounts were taken, as first reported by Motherboard and confirmed by TechCrunch sources. The revelation of a password breach at Dropbox is an evolution of...
Despite a recent appellate court ruling that said sharing passwords could be grounds for prosecution under the Computer Fraud and Abuse Act, streamers who might be sharing Hulu or Netflix passwords don’t really have anything to be worried about. Here’s a summary of the case: David Nosal worked as a director for a headhunting firm called Korn Ferry International. He left the firm to...
No matter how many times we tell you to change your passwords and make it anything but your birthday, “123456,” or “password,” many still aren’t taking the efforts to make their accounts more secure. So Microsoft is actively doing something about it by banning weak passwords entirely. The team calls it “dynamically banned,” which means that if your account uses a password that appears in the most-used/stolen...
Microsoft is removing part of its controversial Wi-Fi Sense feature from Windows 10. This means they will stop sharing wi-fi passwords. “We have removed the Wi-Fi Sense feature that allows you to share Wi-Fi networks with your contacts and to be automatically connected to networks shared by your contacts,” says Microsoft’s Gabe Aul. “The cost of updating the code to keep this feature working...
California-based password management software specialist SplashData has released the results of its annual list of the internet’s worst passwords. For the first time “password” has been knocked off the number one slot. This doesn’t mean people are getting more security minded, however, as it’s been replaced by the equally obvious “123456”. SplashData compiles the list from files containing stolen passwords posted online during the...
By now many of you have heard of LulzSec. You may have heard of their recent activities such as launching DDoS attacks against gaming sites to hacking into government affiliated web sites. They have also been using Twitter to talk about what they’re doing along with cracking a few jokes. Recently, the group obtained a long list of e-mail addresses and approximately 62,000 passwords....
Recent Forum Activity