Dropbox employee’s password reuse led to theft of 60M+ user credentials

Dropbox employee’s password reuse led to theft of 60M+ user credentials

Kate Conger, reporting at TechCrunch:

Dropbox disclosed in 2012 that an employee’s password was acquired and used to access a document with email addresses, but did not disclose that passwords were also acquired in the theft. Because Dropbox stores its user passwords hashed and salted, that’s technically accurate — it seems that hackers were only able to obtain hashed files of Dropbox user passwords and were unable to crack them. But it does appear that more information was taken from Dropbox than was previously let on, and it’s strange that it’s taken this long for the breach to surface.

Don’t reuse passwords folks. Find a password manager and learn to love it. There’s 1Password, LastPass, Dashlane and many others. That means there’s no excuse for you to keep using your dog’s name combined with your college graduation year or whatever terrible password you’re using for everything.

Apple users targeted in first known Mac ransomware campaign

Apple users targeted in first known Mac ransomware campaign

Jim Finkle reports for Reuters:

Hackers infected Macs through a tainted copy of a popular program known as Transmission, which is used to transfer data through the BitTorrent peer-to-peer file sharing network, Palo Alto said on a blog posted on Sunday afternoon.

The cynical part of me wonders whether this is a clever move by one or more media companies to discourage the use of BitTorrent clients.

I know, maybe I need to order a tin-foil hat. But when even Kanye is pirating stuff it’s really time to bust out some innovative new tactics.

Hackers Can Silently Control Siri From 16 Feet Away

Hackers Can Silently Control Siri From 16 Feet Away

Well this is concerning:

A pair of researchers at ANSSI, a French government agency devoted to information security, have shown that they can use radio waves to silently trigger voice commands on any Android phone or iPhone that has Google Now or Siri enabled, if it also has a pair of headphones with a microphone plugged into its jack. Their clever hack uses those headphones’ cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone’s operating system to be audio coming from the user’s microphone. Without speaking a word, a hacker could use that radio attack to tell Siri or Google Now to make calls and send texts, dial the hacker’s number to turn the phone into an eavesdropping device, send the phone’s browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter.

You can disable Siri whenever your iOS device is locked by going to Settings > Touch ID & Passcode > Allow Access When Locked and toggling the Siri switch to the “off” (as in not green) position. This doesn’t guarantee a hack like the one deascribed above won’t work on your device, but it does guarantee you’ll see Siri doing something weird and can thus be alerted to the hackery.

Obama May Back F.B.I. Plan to Wiretap Web Users

Obama May Back F.B.I. Plan to Wiretap Web Users

China is very serious about cyberespionage

China is very serious about cyberespionage

Facebook is buying your loyalty card history

Facebook is buying your loyalty card history

Keycard: A neat little Mac app that secures your computer by detecting the proximity of your mobile device – The Next Web

Keycard: A neat little Mac app that secures your computer by detecting the proximity of your mobile device – The Next Web