The Register: Cracking the passwords of some WPA2 Wi-Fi networks just got easier

The Register: Cracking the passwords of some WPA2 Wi-Fi networks just got easier . “The folks behind the password-cracking tool Hashcat claim they’ve found a new way to crack some wireless network passwords in far less time than previously needed. Jens Steube, creator of the open-source software, said the new technique, discovered by accident, would potentially allow someone to get all the information they need to brute force decrypt a Wi-Fi password, by snooping on a single data packet going over the air.”

PRNewswire: Practice what you preach? 45% of Infosec professionals reuse passwords across multiple accounts, Lastline research says (PRESS RELEASE)

PRNewswire: Practice what you preach? 45% of Infosec professionals reuse passwords across multiple accounts, Lastline research says (PRESS RELEASE). “Lastline Inc., the leader in advanced threat protection, today announced the results of a survey conducted at Infosecurity Europe 2018, which suggests that 45 percent of infosec professionals reuse passwords across multiple user accounts – a basic piece of online hygiene that the infosec community has been attempting to educate the general public about for the best part of a decade.”

EurekAlert: Decade of research shows little improvement in websites’ password guidance

EurekAlert: Decade of research shows little improvement in websites’ password guidance . “Leading internet brands including Amazon and Wikipedia are failing to support users with advice on how to securely protect their data, a study shows. More than a decade after first examining the issue, research by the University of Plymouth has shown most of the top 10 English-speaking websites offer little or no advice guidance on creating passwords that are less likely to be hacked.”

Krebs on Security: Sextortion Scam Uses Recipient’s Hacked Passwords

Krebs on Security: Sextortion Scam Uses Recipient’s Hacked Passwords. “Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.”

Digital Information World: Body Heat Gives Away Passwords

From Digital Information World, and filed in our “Are you freaking kidding me,” department: Body Heat Gives Away Passwords. “A recent study made by researchers from the University of California suggested that it was possible for hackers to steal one’s password by analyzing the heat left by one’s fingers on his/her keyboard. This news was both intriguing and shocking at the same time.”

BetaNews: Don’t panic! Hackers have not found a way to bypass the iPhone passcode limit

I mentioned this in an earlier issue so let me put this up-top: It does not appear that iPhones are vulnerable to brute force password attacks. From a BetaNews article: “One hacker thought he had cracked it. Security researcher Matthew Hickey proudly boasted at having discovered a delightfully simple method for brute-forcing entry into an iPhone — he even posted a video of his hack in action. But there’s no need to panic. Apple explains that ‘incorrect testing’ renders Hickey’s method worthless.”