TwitterFacebook

Cloud-Based Password Manager LastPass Hacked

Password managers are a very attractive target for hackers
Technology • Views: 26,343
Image via Shutterstock

One of the most popular password managers, LastPass, announced today that their network has been compromised.

In a blog post at their website, CEO Joe Siegrist stated they have no evidence encrypted user vaults were stolen, or that any user accounts were accessed. However, the attackers did manage to grab account email addresses, password reminders, and authentication hashes and salts — so this is potentially quite serious, especially for people who didn’t use strong master passwords.

The possibility of an attack like this is one big reason why I prefer to use 1Password as my own password management system, with the password vault only stored locally on my system and shared with my various devices (computer, iPhone, tablet) only via wifi. It’s a little less convenient this way, but this hack shows it’s probably worth the slight extra hassle.

Here’s the full statement from Joe Siegrist; if you’re a LastPass user you should definitely follow the advice herein:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

Another “Massive Data Breach” of Federal Personnel - Originating in China

Yet another huge attack
Technology • Views: 29,787

Today we’re learning that the FBI is investigating a “massive data breach” of the federal Office of Personnel Management, involving the personal records of approximately four million people. Officials suspect hackers based in China are responsible for this wide-ranging penetration of federal data systems.

At this rate, China and Russia will have pretty much everything in our federal computer systems before much longer.

FCC Classifies Internet Service as a Public Utility

Almost as important as the llama chase
Technology • Views: 26,267
Image via Shutterstock

I know the amazing llama chase was huge news today, but this might be even more important: F.C.C. Approves Net Neutrality Rules, Classifying Broadband Internet Service as a Utility.

WASHINGTON — The Federal Communications Commission voted on Thursday to regulate broadband Internet service as a public utility, a milestone in regulating high-speed Internet service into American homes.

Tom Wheeler, the commission chairman, said the F.C.C. was using “all the tools in our toolbox to protect innovators and consumers” and preserve the Internet’s role as a “core of free expression and democratic principles.”

The new rules, approved 3 to 2 along party lines, are intended to ensure that no content is blocked and that the Internet is not divided into pay-to-play fast lanes for Internet and media companies that can afford it and slow lanes for everyone else. Those prohibitions are hallmarks of the net neutrality concept.

This ruling opens the way for communities to build their own Internet access services and frees them from the tyranny of the huge corporations who have no incentive to make things better. It’s a huge win for the citizens of the US, who have lived too long with substandard Internet connection speeds compared to the rest of the world — which means the Republican Party is going to freak out about it.

Twitter CEO Dick Costolo: ‘We Suck at Dealing With Abuse’

About time
Technology • Views: 22,664

Tonight we’re getting news of a fascinating statement from Twitter’s CEO: ‘We Suck at Dealing With Abuse’.

Twitter CEO Dick Costolo is taking personal responsibility for his platform’s chronic problems with harassment and abuse, telling employees that he is embarrassed for the company’s failures and would soon be taking stronger action to eliminate trolls. He said problems with trolls are driving away the company’s users. “We suck at dealing with abuse and trolls on the platform and we’ve sucked at it for years,” Costolo wrote in an internal memo obtained by The Verge. “It’s no secret and the rest of the world talks about it every day. We lose core user after core user by not addressing simple trolling issues that they face every day.”

“IT’S NOBODY’S FAULT BUT MINE.”

Costolo’s comments came in response to a question on an internal forum about a recent story by Lindy West, a frequent target of harassment on Twitter. Among other things, West’s tormentors created a Twitter account for her then recently-deceased father and made cruel comments about her on the service; West recently shared her story on This American Life and the Guardian. On Twitter’s forums, an employee asked whether anything could be done:

On Mon, Feb 2, 2015 at 4:37 PM, Adrian Cole wrote:

A must read in its own right about cyberbullying. One section suggests Twitter can just do more.

“I’m aware that Twitter is well within its rights to let its platform be used as a vehicle for sexist and racist harassment. But, as a private company - just like a comedian mulling over a rape joke, or a troll looking for a target for his anger - it could choose not to. As a collective of human beings, it could choose to be better.”

In response, Costolo made a frank acknowledgement of Twitter’s slowness to adopt tools to combat trolls.

On Mon, Feb 2, 2015 at 8:35 PM, Dick Costolo wrote:

We suck at dealing with abuse and trolls on the platform and we’ve sucked at it for years. It’s no secret and the rest of the world talks about it every day. We lose core user after core user by not addressing simple trolling issues that they face every day.

I’m frankly ashamed of how poorly we’ve dealt with this issue during my tenure as CEO. It’s absurd. There’s no excuse for it. I take full responsibility for not being more aggressive on this front. It’s nobody else’s fault but mine, and it’s embarrassing.

We’re going to start kicking these people off right and left and making sure that when they issue their ridiculous attacks, nobody hears them.

Everybody on the leadership team knows this is vital.

@dickc

I hope this isn’t just a PR statement, and that it leads to a real commitment to putting a stop to the outrageous harassment Twitter has been enabling and tolerating for years. The worst of it is directed at women; they’re the targets of unbelievably misogynistic stalking on Twitter. But it’s not just women; people who follow me on Twitter are no doubt aware that there is a sizable group of right wing lunatics who have been stalking and harassing me and my followers ever since I opened my account years ago.

It’s time for Twitter to step up and deal with this huge problem.

Report: NSA Breached North Korean Networks Before Sony Attack

Not a fairy tale
Technology • Views: 27,669

Apparently the FBI and President Obama actually did have good reason to implicate North Korea in the Sony hack. Imagine that: N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say.

WASHINGTON — The trail that led American officials to blame North Korea for the destructive cyberattack on Sony Pictures Entertainment in November winds back to 2010, when the National Security Agency scrambled to break into the computer systems of a country considered one of the most impenetrable targets on earth.

Spurred by growing concern about North Korea’s maturing capabilities, the American spy agency drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document.

A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of the computers and networks used by the North’s hackers, a force that South Korea’s military recently said numbers roughly 6,000 people. Most are commanded by the country’s main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large outpost in China.

The evidence gathered by the “early warning radar” of software painstakingly hidden to monitor North Korea’s activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts, who spoke on the condition of anonymity about the classified N.S.A. operation.

Video: President Obama Announces New Steps to Create Affordable High-Speed Broadband

Treating the Internet like a public utility
Technology • Views: 26,146

YouTube

The state of Internet broadband access in the US is a national disgrace, and the big providers have very little incentive to change it because they have de facto monopolies and are able to charge exorbitant prices for sub-par service. It’s good to see the President working on solutions to this very important problem. Treating the Internet as a locally-owned public utility is a great place to start.

President Obama speaks on the need for affordable high-speed broadband for all Americans, and how certain small cities and towns are taking steps to lay a foundation for broadband access that rivals the most connected cites in the world.

UPDATE at 1/14/15 6:06:24 pm by Charles Johnson

Here’s a related audio segment from NPR’s All Things Considered:

MP3 Audio

CENTCOM Social Media Accounts Hacked by Apparent ISIS Supporters

Embarrassing
Technology • Views: 27,399

A major embarrassment for the Pentagon today, as apparent ISIS supporters took over the YouTube and Twitter accounts of CENTCOM.

A group describing themselves as the “CyberCaliphate” apparently gained control of the official Twitter and YouTube pages of U.S. Central Command (CENTCOM) on Monday and began posting messages supportive of the jihadist group Islamic State (also known as ISIS).

The hack occurred at the same time as President Barack Obama was giving a speech on cybersecurity at the offices of the Federal Trade Commission in Washington, D.C.

On Twitter, the group posted a message that declared “Pentagon networks hacked” where they indicated they broke into military “networks and personal devices.” In the message the “CyberCaliphate” identified themselves as being “under the auspices of ISIS.” They also included links to what they described as leaked military files. They then began posting screenshots they described as “China scenarios.”

The @CENTCOM accounts on Twitter and YouTube are now suspended.

UPDATE at 1/12/15 2:09:47 pm by Charles Johnson

NPR: FBI Offers New Evidence Connecting North Korea to Sony Hack

Proxy fail
Technology • Views: 26,355

MP3 Audio

NPR’s All Things Considered has a report on the Sony hack, and the FBI’s new evidence that North Korea was responsible for the cyber attack. According to FBI director James Comey, the attackers screwed up and occasionally used IP addresses to send email that were “exclusively used by the North Koreans.”

North Korea’s Internet Access Is “Toast”

Denial of service
Technology • Views: 33,484
Image via Shutterstock

Even if the US had something to do with this, the government would probably never admit it, but I think it’s doubtful. North Korea’s network is very small by world standards, and it wouldn’t require a nation state to take it offline with a simple brute force DDoS attack; it seems more like something Anonymous would do: Attack Is Suspected as North Korean Internet Collapses.

Doug Madory, the director of Internet analysis at Dyn Research, an Internet performance management company, said that North Korean Internet access first became unstable late Friday. The situation worsened over the weekend, and by Monday, North Korea’s Internet was completely offline.

“Their networks are under duress,” Mr. Madory said. “This is consistent with a DDoS attack on their routers,” he said, referring to a distributed denial of service attack, in which attackers flood a network with traffic until it collapses under the load.

North Korea does very little commercial or government business over the Internet. The country officially has 1,024 Internet protocol addresses, though the actual number may be somewhat higher. By comparison, the United States has billions of addresses.

[…]

CloudFlare, an Internet company based in San Francisco, confirmed Monday that North Korea’s Internet access was “toast.” A large number of connections had been withdrawn, “showing that the North Korean network has gone away,” Matthew Prince, CloudFlare’s founder, wrote in an email.

Although the failure might have been caused by maintenance problems, Mr. Madory and others said that such problems most likely would not have caused such a prolonged, widespread loss.

Watch: President Obama Learns to Code

As Angry Birds plays in the background
Technology • Views: 31,176

YouTube

On December 8, 2014, President Obama met with students participating in an “Hour of Code” event at the White House, which is really cool and all that, but somebody in the room is playing Angry Birds and the sound effects are louder than the people’s voices, and I have to admit I cracked up every time the birds won a round.

^ back to top ^

TwitterFacebook

Turn off all ads for a full year by subscribing!
Take advantage of our yearly subscription, and save 50% off the normal subscription price! One-year ad-free subscriptions are just $59.95. Turn off all ads for a full year by subscribing now and save!
Read more...

► LGF Headlines

  • Loading...

► Tweeted Articles

  • Loading...

► Tweeted Pages

  • Loading...

► Top 10 Comments

  • Loading...

► Bottom Comments

  • Loading...

► Recent Comments

  • Loading...

► Tools/Info

► Tag Cloud

► Contact

You must have Javascript enabled to use the contact form.
Your email:

Subject:

Message:


Messages may be published unless you request otherwise.
Tech Note:
Using the Contact Form
LGF Pages

This button leads to the main index of LGF Pages, our user-submitted articles. You can post your own LGF Pages simply by registering a free account with us.

Create a Page

This is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.

Or... you can just click this button to open the Pages posting window right away.

Last updated: 2015-06-25 5:21 pm PDT

LGF User's Guide RSS Feeds
Recent Pages
Thanos
6 String Drag - Give Up the Night
6 String Drag stopped by the WNRN Studios for an acoustic session of songs from their new record "Roots Rock'n'Roll". Please subscribe to our WNRN YouTube video channel.

5 hours, 39 minutes ago
Views: 50 • Comments: 0
Tweets: 0 • Rating: 0
Fred72
The SCOTUS gay marriage FAQ, by Conservative Reason
My favorite: It was conservatives who were largely against interracial marriage in the 1960s. Does that mean that they're still against interracial marriage? A huge, very emphatic NO. Conservatives at the time were against interracial marriage. Conservatives get unfairly portrayed ...

7 hours, 31 minutes ago
Views: 98 • Comments: 0
Tweets: 0 • Rating: 1
Cheechako
Test Pilot Admits the F-35 Can’t Dogfight
War Is Boringby DAVID AXE A test pilot has some very, very bad news about the F-35 Joint Strike Fighter. The pricey new stealth jet can't turn or climb fast enough to hit an enemy plane during a dogfight ...

3 days, 23 hours ago
Views: 602 • Comments: 5
Tweets: 11 • Rating: 3
Rocky-in-Connecticut
NBC Hands an Asshat his Ass
money.cnn.com Business is business. And business is pretty sweet these days when blowhard Know-nothings like Trump get what's coming.

4 days, 12 hours ago
Views: 371 • Comments: 0
Tweets: 0 • Rating: 3
PhillyPretzel
Patrick Macnee dies
I was looking at Philly com this morning and I saw this article. I was one of those who watched some episodes of this old series and liked it. Please read this article on Patrick Macnee from their website: philly.com ...

5 days, 15 hours ago
Views: 337 • Comments: 1
Tweets: 0 • Rating: 2
FemNaziBitch
Many See a Victory for Children, Too - Video
Thousands, including parents, babies and dogs, flocked to the Supreme Court after its ruling on same-sex marriage. Supporters spoke about how they thought the ruling helped maintain and support families. More: Many See a Victory for Children, Too - ...

5 days, 22 hours ago
Views: 290 • Comments: 0
Tweets: 0 • Rating: 0
Lumberhead
‘It’s Time for Good Cops to Do Something About Bad Cops’
Today's relationship between the Baltimore police department and the city's black residents was determined by neither Obama Administration statements nor New York Times editorials nor liberal hashtag activists. Rather, it was determined by years of interactions between residents of ...

6 days, 7 hours ago
Views: 780 • Comments: 0
Tweets: 36 • Rating: 1
SteveMcGaziBolaGate
Schoolchildren Build a Better Condom
From philly.com "A group of schoolchildren from Essex, England, have invented a condom that detects sexually transmitted infections such as chlamydia and syphilis."The condom would change color to warn the couple if a strain of bacteria is present." That's the ...

1 week, 2 days ago
Views: 434 • Comments: 3
Tweets: 0 • Rating: 1
aagcobb
A New Study Gives Us Another Reason to Celebrate Working Mothers - Vox
Matthew Yglesias, Vox: A New Study Gives Us Another Reason to Celebrate Working Mothers - Vox The researchers find statistically significant differences in outcomes for both boys and girls, though the outcomes are different. Daughters of working moms grow up ...

1 week, 2 days ago
Views: 324 • Comments: 0
Tweets: 0 • Rating: 1
Great White Snark
Hypocritical Taylor Swift Photo Contract: Break Our Rules, and We Can Break Your Gear
Pop star power play. Yesterday, photographer Jason Sheldon published an open letter to Taylor Swift, accusing the singer of being a hypocrite by accusing Apple of treating artists unfairly while herself handing out heavy-handed contracts for concert photographers to sign. ...

1 week, 3 days ago
Views: 722 • Comments: 7
Tweets: 0 • Rating: 3
 Frank says:

Nobody looks good with brown lipstick on -- from The Real Frank Zappa Book