This is a system for preventing password theft, by mixing several dummy cursors in with the real cursor.
The software keyboards used in online banking are effective against key loggers, but by taking screen captures or looking over your shoulder, people would be able to work out your password.
With this system, only the user knows which cursor is the real one, so there’s no concern about people stealing passwords just by being able to see the screen.
“At first sight, it looks as if …
In the digital age, passwords are a complete necessity in order to keep others out of your private accounts. What would Facebook, Gmail or any other service be without a password that only allows you to access it while keeping others out? We’d have absolutely no privacy whatsoever as anyone and everyone could just access any account they want.
The tricky thing about passwords is you need to remember them, or at least use a service that remembers them for you. But then, ironically, you’d need to remember a password that would unlock that service so you could access other passwords. Don’t worry – our heads hurt, too. That’s why there are minds at Google who are looking into changing the way you access your private accounts that do away with the traditional password method.
By Ubergizmo. Related articles: Skype Makes It Easier To Find Free Calls Using Click To Call, Nike Launches Its Nike+ API Developer Site, 
By now, you may have heard the story of the identity ‘hack’ perpetrated against Wired journalist Mat Honan. Using easily obtained data, an anonymous duo bluffed its way into changing his Amazon account, then his Apple iCloud account, then his Google account and ultimately the real target, Twitter. Both Amazon and Apple were docked for how easy it was to modify an account over the phone — and, in close succession, have both put at least a momentary lockdown on the changes that led to Honan losing much of his digital presence and some irreplaceable photos. His own publication has reportedly confirmed a policy change at Amazon that prevents over-the-phone account changes. Apple hasn’t been as direct about what’s going on, but Wired believes there’s been a 24-hour hold on phone-based Apple ID password resets while the company marshals its resources and decides how much extra strictness is required.
Neither company has said much about the issue. Amazon has been silent, while Apple claims that some of its existing procedures weren’t followed properly, regardless of any rules it might need to mend. However the companies address the problem, this is one of those moments where the lesson learned is more important than the outcome. Folks: if your accounts and your personal data matter to you, use truly secure passwords and back up your content. While Honan hints that he may have put at least some of the pieces back together, not everyone gets that second chance.
Filed under: Internet
Amazon, Apple stop taking key account changes over the phone after identity breach originally appeared on Engadget on Tue, 07 Aug 2012 23:40:00 EDT. Please see our terms for use of feeds.
Permalink | 
Wired (1), (2) | Email this | Comments
Online account security breaches are seemingly commonplace these days — just ask LinkedIn or Sony — and now we can add Yahoo’s name to the list of hacking victims. The company’s confirmed that it had the usernames and passwords of over 400,000 accounts stolen from its servers earlier this week and the data was briefly posted online. The credentials have since been pulled from the web, but it turns out they weren’t just for Yahoo accounts, as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login info was also pilfered and placed on display. The good news? Those responsible for the breach said that the deed was done to simply show Yahoo the weaknesses in its software security. To wit:
We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.
In response, Yahoo’s saying that a fix for the vulnerability is in the works, but the investigation is ongoing and its system has yet to be fully secured. In the meantime, the company apologized for the breach and is advising users to change their passwords accordingly. You can read the official party line below.
At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.
Filed under: Internet
Yahoo confirms server breach, over 400k accounts compromised originally appeared on Engadget on Thu, 12 Jul 2012 14:41:00 EDT. Please see our terms for use of feeds.
Permalink | TechCrunch, New York Times | Email this | Comments
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
