One Month Later, Facebook Discloses Hack

by , on

As a Valentine’s Day gift to all its users, Facebook announced yesterday that it has been the target of a sophisticated hack…. for over a month.

Apparently a number of Facebook employees visited a compromised website, which attacked their computers with malware. However, according to Facebook’s post about the breach, no user data was compromised. This is only the latest in a series of attacks directed at big internet names, including the New York Times hack covered in our last post, and attacks on the Wall Street Journal and even Twitter.

From the blog post:

“We have found no evidence that Facebook user data was compromised.

As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future.”

As pointed out in this Huffington Post coverage of the story, nowhere in the blog post is the word “hack” used. This may have something to do with Mark Zuckerberg’s manifesto, “The Hacker Way,” which glorifies not the illegal breaching of private data but instead “testing the boundaries of what can be done.”

Read the original Facebook blog post here: https://www.facebook.com/notes/facebook-security/protecting-people-on-facebook/10151249208250766

So What’s the Deal with Anonymous, Anyway?

by , on

It’s everywhere. We’ve all seen it. Headlines in technology, cyber security, national security, politics, and more all seem to be ridden with this mysterious name: “Anonymous.” The image of a faceless figure wearing the iconic Guy Fawkes mask, or the group’s unofficial logo of a headless suit with a question mark over it, have become familiar—and chilling—images.

But what does Anonymous actually represent?

The short version, via Wikipedia: “Anonymous is a loosely associated hacktivist group. It originated in 2003 on the imageboard 4chan, representing the concept of many online and offline community users simultaneously existing as an anarchic, digitized global brain”

If that definition sounds a bit general, that’s because it is. Classified as a “decentralized affinity group,” Anonymous is comprised of anyone acting under the name. As the “hacktivist” moniker suggests, members use the alias for purposes of protest and vigilantism against internet censorship, surveillance, civil and human rights violations.  Vocal supporters of file-sharing websites like megaupload, devoted Occupy Wall Street sympathizers, and violently opposed to institutions they perceive as homophobic, the group has a definite agenda and an extremist attitude that inspires some, and frightens many.

Whatever their stance, however, their tactics are undeniably illegal.  Notable Anonymous hacks include high-profile Facebook and Twitter accounts, including Westboro Baptist Church, and several government websites, including the Pentagon and most recently, the Federal Reserve and the United States Sentencing Commission.

Obviously, we at Keeper want to keep the internet safe and secure for everyone. What do you think? Is hacking ever justified?

 

New York Times: “We’ve Been Hacked”

by , on

Breaking news: The New York Times announced yesterday that it has been the victim of hacking. And not on just one occasion. According to the report, this has been going on for four months.

So who is responsible?

According to them, China. It seems that in response to articles published in October about the Chinese prime minister, Wen Jiabao, Chinese hackers targeted the Times with malicious software in an attempt to investigate anyone who may have been involved or have provided information on the subject. The hackers used the malware to gain access to the corporate passwords and profiles of every member of the publication’s staff.

Computer security experts identified the computers used in the breach as the same machines used by the Chinese military. However, they found no evidence of the accessing or use of sensitive files. More importantly, customer data remained secure.

No harm, no foul? Not exactly. Large scale international cyber attacks on government records are one thing, but when the passwords and personal data of businesses and individuals are compromised, the implications are far reaching. That’s why password security is a concern for everyone, both in their personal and professional lives. We encourage companies to use Keeper as a way of protecting employees corporate passwords and records. With the option of unlimited folders and multi-device syncing, anyone can easily keep track of their personal and professional passwords on one simple database.

 

Source: http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?pagewanted=all&_r=0

Department of Homeland Security Recommends Password Managers

by , on

…This is big.

According to an article published by the United States Computer Emergency Readiness Team, a subset of the U.S. Department of Homeland Security, password managers are not simply useful but are in fact necessary in the internet age (you can download the article here).

We’ve all heard it before, but the fact that it’s now a matter of federal concern proves that password security is no longer something anyone can afford to ignore.

And the recommended solution? Password managers like Keeper. Check this out:

A password manager is software for storing all your passwords in one location that is protected and accessible with one easy-to-remember master passphrase. It is one of the best ways to keep track of each unique password or passphrase that you have created for your various online accounts—without writing them down on a piece of paper and risking that others will see them. When using a password manager, you have one master passphrase that protects all of your other passwords. This leaves you with the ease of having to remember only one.”

Not only are we psyched about this kind of endorsement from the higher-ups, we’re thrilled that password security is being taken so seriously. It’s the US-CERT’s job to protect citizens against cyber threats, and it’s ours to provide them with the necessary tools. Together we can fight back against hacking and make the internet a safer place for everyone.

 

Source: www.us-cert.gov/reading_room/PasswordMgmt2012.pdf

New Report Says 90% of User-Generated Passwords Are Hackable

by , on

Are your passwords safe? Bad news. Almost certainly not.

According to some troubling new data released Tuesday by Deloitte, password security will be a primary concern for all connected users in 2013. The global consulting firm predicts that over 90%—yes, you read that right, 90%—of passwords generated by users will be vulnerable to hacking this year.

You may be thinking: Not mine! I’ve got the recommended 8-character mix of letters, numbers and symbols. Think again. In this new era of crowd-hacking and sharing passwords across multiple accounts (big no-no), even passwords that in the past were considered strong are now highly hackable. The truth is, one symbol and a capital letter at the beginning of a word is just not enough. According to a study cited by Deloitte, the vast majority of a sample of 6 million accounts were accessible with the only the 10,000 most common passwords.

Users tend to rely on the same character combinations and the reuse of passwords for multiple accounts for one simple reason: it’s easier to remember. Online bank accounts, PayPal accounts, social media, work email, personal email… The passwords pile up, and most people choose to put themselves at risk for the sake of ease and convenience.

This article about the Deloitte study, however, suggests a solution: password managers. Not only does a password vault like Keeper keep track of your passwords for you, it encrypts them heavily to protect against hacking. And as an added level of protection, Keeper generates random password with a roll of the dice for seriously strong combinations of symbols. It’s a simple and highly effective solution, eliminating the deficiencies of human memory and predictability.

Three New Year's Resolutions Anyone Can (And Should) Keep

by , on

Happy New Year, Keepees! Welcome to the future.

January should be a month of fresh starts and optimism, but sometimes making resolutions can feel like more of a burden than anything else. The pressure to be better can take all the fun out of the New Year. Luckily, there’s one area of your life that you can vow to enhance without any self-denial, suffering, or—worst of all—hard work. What area is that? Your cyber life.

Protecting your identity is imperative, and yet luckily, extremely easy. Here are some ideas for simple New Year’s resolutions anyone can make to ensure they have a better, safer year.

1. Choose different passwords.

The biggest mistake anyone can make when using password-protected websites is to use the same login info for multiple accounts. While many sites are securely encrypted, others are not, and hackers might be just one low-security account away from gaining access to all of your most sensitive financial and personal data. While a different password for each account can be difficult to remember, a password manager like Keeper does the storing and organizing work for you. All of your data in one place makes having varied passwords, and staying one step ahead of hackers, easy as pie.

2. Choose strong passwords.

If you didn’t see it already, CNN recently published a round-up of the 25 worst passwords of 2012. All of  the more expected contenders were there, like “password” and “12345,” but some more unusual suspects cropped up on the list as well. “Jesus,” “shadow,” and “trustno1” were our favorites, and good reminders that any one word, no matter how uncommon, is incredibly easy to guess. Instead, choose passwords with a mixture of letters, numbers and symbols, and that uses both lowercase and uppercase characters. Keeper’s random password generator makes this a cinch.

3. Back up your passwords.

What would happen if you lost your smartphone tomorrow? If someone found it, would all of your private and sensitive information—credit card data, social security number, banking info—pop up in a notepad application? Would it be lost to you forever? Don’t take that risk. Keeper Backup offers unlimited cloud storage for everything from security questions to personal memos. And now the Keeper Web App allows you to access those records from any device, so losing your phone doesn’t mean losing your identity.

Resolutions that will make your year better and are easy to keep? Done and…. done.

Keeping a Bright Outlook In 2013

by , on

As 2012 winds to a close, it’s easy to focus on the doom-and-gloom side of recent events in cyber security. From malware-ridden apps to individual hacks on personal information to large-scale cyber attacks from organizations like Anonymous, you might not want to ever take that new tablet out of its box.

Of course, it’s good to be aware of the potential threats that concern everyone with a connected device. McCafee released a report ofsecurity predictions for 2013 and its outlook, while grim, is nonetheless realistic. One major concern is mobile and wireless security. With more and more Americans relying on smartphones and tablets to manage finances, shop online, pay bills and otherwise use and store sensitive personal information, mobile devices are increasingly appealing targets for hackers and cybercriminals. Identity theft, malware and hijacked accounts are only some of the threats waiting for the 21st century digital citizen.

It’s all enough to make you forget why all this technology is here in the first place: to improve your life. And so while new devices and software do invite attention from criminals, technological innovation is also what will protect you and make your life easier— like it’s supposed to. Protecting yourself from threats like malware is often a matter of always verifying the security of your internet connection, background checking suspiscious apps, and continuously downloading and installing security updates to protect against new malicious programs. But luckily not all security measures are so involved.

A good password manager like Keeper Password and Data Vault is a simple security option that can protect your entire identity: social security number, credit card info, online account logins, and more.Strong, varied and heavily-encrypted passwords are the key to safeguarding your information, and keeping them all in one place ensures that you’ll never forget a password or username ever again. All it requires is a quick download on each device, and then you’re set for a year.

If you didn’t have Keeper last year, then 2013 is the perfect year for a fresh and secure start.

The Truth About Cybercrime Today

by , on

December is Identity Theft Prevention and Awareness month. Amidst all the bells-a-ringing and people singing that also come around this time of year, it can be easy to ignore the more sober reality of this important topic.

Are You Aware?
A great place to start on the “awareness” side of all this is with Norton Security’s 2011 cybercrime report: a sleek, user-friendly chart with surveys, maps, and even animations breaking down everything you need to know about the current state of cybercrime in the U.S. Some of the statistics are pretty grim, but eye-opening. Here are some numbers you really need to see:

  • Last year, in 24 countries, 14 people suffered from cybercrime every second
  • Altogether cybercrime cost victims (in those same countries) $113,882,054,117
  • The odds an online adult will become a victim of cybercrime this year is almost 1 in 2
  • 10% of all online adults have experienced cybercrime on their mobile phones

Are You Protected?
So what can you do to protect yourself from cybercrime? That’s where the “prevention” part comes in, and there are steps you can take. Your online identity is the sum total of your vulnerable personal information, including credit card numbers, social security number, usernames, email addresses and passwords. This data can and must be protected.

A secure password manager like Keeper is essential to make sure your passwords are strong and encrypted, and to ensure that private data stays exactly that: private. Keeper for your computer, your smartphone, or your tablet is the solution to the scary threat of cyber attacks.

Shopping Online This Holiday?

by , on

It’s that time of year again! Holiday shopping time.

If you’ve ever bought anything online, you know that credit card information, banking passwords and PayPal login data are like little digital children: they can be hard to keep track of, they need protection, and they’re each special in their own unique way.

Whether you’re someone who gets yours done months in advance, or the kind of person to wait till the very last minute, chances are you do at least some of your shopping online. According toa report by Statista.com, U.S. retail e-commerce sales hit an all-time high last year during the holiday season. Shoppers spent an estimated 37.2 billion dollars online during the months of November and December alone!

Here at Keeper, we want everyone’s online shopping experience to be a safe and easy one. That’s why Keeper stores all of your personal information in one convenient location, safeguards it with military-grade encryption, and backs it all up onto a secure cloud.

This holiday season, don’t ask for identity theft—ask for Keeper.

A Day Without Internet

by , on

As of today, internet in Syria is reported at least partially restored, according to tech blog CloudFlare. The blackout began on Thursday, Novemeber 29, with a sudden shutdown of all traffic from Syria to the rest of the internet. In addition, some cellphone connections were reported shut off.

While connectivity may have been repaired, the cause of the blackout remains uncertain, and the implications are grim. Syria’s bitter civil war has been ongoing for 20 months, and this event may mark something of a new phase. While Syrian officials have publicly blamed “terrorists” for the shutdown, analysts speculate that it is much more likely to have been the responsibility of President Bashar al-Assad and his government as a blow against rebel forces, for whom the internet has served as a vital source of information and communication.

For many of us, it’s difficult to imagine what it would be like to live in a reality where something as integral to our lives and fundamental to our freedom as the internet can be simply taken away. Email, social media, news, blogs and forums are only some examples of the venues we now depend on for personal and political liberty, and yet take for granted every day.

While we may not be at risk of a blackout, our internet access and identities are always vulnerable. We’re lucky to have ways of protecting them.