Scanning Twitter for responses to the Zappos breach, we have a few favourites that are awfully telling: From @jjmartucci: I bet 99% of the stolen Zappos passwords were “shoes”. // Fact: most passwords are frighteningly easy to guess. We bet that those passwords aren’t “shoes” at all, but rather “password”, “abc123″ and others from the [...]

Zappos has remained tight-lipped about the nature of their data breach this week. As many as 24 million consumer accounts may have been accessed through an attack on their server in Kentucky. That is as detailed as they’re willing to go. Full credit card numbers were not stolen, since those were stored separately. It would [...]

These days it seems that while hackers evolve with trends in technology, the general computer user is no more identity savvy than he was before Facebook made identities a virtual open book. Data breaches, hacks, and attempted hacks are in the news regularly, and yet Joe Consumer still uses “password” or “password1″ for all his [...]

The Internet Crime Complaint Center (IC3) recently released their report on 2009 Internet crime statistics.  As you can probably guess, there were more complaints, more losses, higher average loss per incident.  IC3 is a federally funded non-profit, a joint operation between the FBI and the National White Collar Crime Center (NW3C). In brief: Complaints received:  [...]

Several researchers the University of Michigan have succeeded in cracking  the RSA security technology which protects all ecommerce and online banking transactions. The university scientists found that they could deduce tiny pieces of a private key by injecting slight fluctuations in a device’s power supply as it was processing encrypted messages. In a little more [...]

First Direct bank in the UK has been the first British bank to embrace Twitter. Does that really surprise anyone? As a 100% online bank, they’ve maintained a business pace a few clicks ahead of competitors in online services. But last weekend their clients and colleagues got a little surprise. First Direct’s Twitter account was [...]

Browsing on the web just became a little more scary.   A group of researchers found a way to deploy an attack that can “de-anonymize” the users behind the browser (research paper available in PDF format).  Focusing on the users of social networking sites (LinkedIn.com, Facebook, Xing.com, etc.), these security researchers show how to de-anonymize a [...]

A world wide phishing attack on carbon emissions trading registries forced registries in nine countries to shut down, while in other countries trading was temporarily suspended.  Fake registries (phishing sites) were set up by a group of criminals who then sent out messages to thousands of users in different companies, making off with about 250,000 [...]

2 of my 3 Twitter accounts asked me to reset my password this morning when I signed in. It seems that a third party application may have compromised accounts, but stories abound about what really happened. What I can tell you is that I know enough about where to share my passwords that I didn’t [...]

We read stories about phishing and data breaches and we get worried. Some of us start thinking that maybe we’re better off (security-wise) with paper-based banking. Sending checks, receiving statements in the mail, paying bills the old fashioned way – manually with a checkbook and a stamp. But as Jean Chatzky said this morning on [...]