Hasta La Gadget!

Most browsers will ask if you want your passwords saved so when you’re next jumping around the web, logging into sites is that much easier. Of course, you’d like think those passwords are squirreled away where no one can dig them up, but in Chrome it’s actually very easy to find them. As highlighted by software developer Elliott Kember, getting access to the list of saved passwords requires only that you point the browser at “chrome://settings/passwords” (or simply find the password management option in advanced settings) and click on one of the saved entries. A small “show” button will then appear next to the hidden password — hit that and it’ll be revealed. Justin Schuh, Chrome security tech lead, has responded to various comments on this, saying that once someone’s gotten past the OS login stage, they could theoretically find your passwords and all manner of other info out anyway, using various underhand means. No doubt the attention this is bound to receive will force an update from Google that actually hides users’ passwords. Until then, keep your laptop away from any malicious friends that, given half the chance, would wreak havoc to your Facebook account.

Filed under: Software, Google

Comments

Via: Business Insider

Source: Elliott Kember

A fresh version of Tumblr just hit iOS devices less than a week ago, but now the Yahoo-owned service is pushing out a newer release with “a very important security update.” Not only is the outfit recommending that users download the tweaked app immediately, but it’s also asking folks to change their password on Tumblr and on any other service they use the same passphrase. There’s no mention of a breach or exactly what the new code patches up, but we’ll keep you in the proverbial loop as we learn more.

Update: We’ve gotten word from Tumblr that it was notified of a security vulnerability and immediately dispatched the update to remedy the issue. Hit the break to read the outfit’s entire statement.

Comments

Via: The Next Web

Source: Tumblr, iTunes

Anyone who’s tried to tether to their iPhone or iPad will recall how iOS manages to craft its own passwords when used as a personal hotspot. The aim is to ensure that anyone sharing a data connection will get some degree of security, regardless of whether or not they tinker with the password themselves. However, three researchers from FAU in Germany have now worked the structure behind these auto-generated keys — a combination of a short English word and a series or random numbers — and managed to crack that hotspot protection in under a minute. To start, the word list contains about 52,500 entries, and once the testers were able to capture a WiFi connection, they used an AMD Radeon HD 6990 GPU to cycle through all those words with number codes, taking just under 50 minutes to crack with rote entry. Following that, they realized that only a small subset (just 1,842) of the word list was being used.

With an even faster GPU — a cluster of four AMD Radeon HD 7970s — they got the hotspot password cracking time to 50 seconds. The Friedrich-Alexander University researchers added that unscrupulous types could use comparable processing power through cloud computing. “System-generated passwords should be reasonably long, and should use a reasonably large character set. Consequently, hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters,” says the report, which outlines the trade-off between security and usability. However, as ZDNet notes, Apple’s cycled password approach still offers more protection than static options found elsewhere. Check out the full paper at the source.

Filed under: Cellphones, Internet, Mobile, Apple

Comments

Via: ZDNet

Source: Department of Computer Science, Friedrich-Alexander University (PDF)

Think you’ve got a mean funny face that nobody else can replicate? Good, as that is what Google wants to use for future passwords.

Like It , +1 , Tweet It , Pin It Original content from Ubergizmo.

In an effort to reducing keyboard wear-and-tear, Amazon is opening up its own login service to both app developers and websites. Login With Amazon taps into your account credentials to login, with the ability to even share parts of your profile through apps, games and sites. It uses the retailer’s existing trusted sign-in security and has already been tested on both Zappos and Woot, with both trials apparently noting “significant” pickup from customers. The service is free to use and if you’re thinking of adding it to your own site (and tapping into those 200 million registered Amazon users), you can find all the technical details at the source — or a gentler explanation in a video after the break.

Filed under: Internet, Amazon

Comments

Source: Amazon (1), (Login with Amazon)