A selection of this week’s more interesting vulnerability disclosures and cyber security news. This week’s news is dominated by another revelation at Yahoo. Yet another reminder of the risk of password reuse which I mentioned last week. In this case, I suspect due to the lack of any serious financial data the objective is to provide more information in password creation patterns which can feed into other attacks.
I’m certain, and like most out there, there must be services I have signed up for that may have reused passwords, but for the life of me I can’t remember which ones. I do track in more recent times but older ones? With so many services out there that require their own logins its a nightmare to deal with the increasing number of credentials even with a password keeper.
What solutions do we have then? Single sign-on is a marvellous idea but provides a single point of failure. Could use multiple single sign-ons perhaps, use some sites with Facebook, others with Google, that would spread the risk maybe? Certainly 2FA helps a lot, and I would imagine unless you have someone determined to get you, any attacker will move on to more easy pickings if you make it hard enough.
- New World Hackers group revealed as college students: sources Some great reporting by Zack Whittaker