Profile cover photo
Profile photo
Intuitive Password
76 followers -
The world's best online password manager
The world's best online password manager

76 followers
About
Intuitive Password's posts

Post has attachment
Hacker Tries To Sell 427 Milllion Stolen MySpace Passwords For $2,800

There’s an oft-repeated adage in the world of cybersecurity: There are two types of companies, those that have been hacked, and those that don’t yet know they have been hacked.

MySpace, the social media behemoth that was, is apparently in the second category. The same hacker who was selling the data of more than 164 million LinkedIn users last week now claims to have 360 million emails and passwords of MySpace users, which would be one of the largest leaks of passwords ever. And it looks like the data is being circulated in the underground by other hackers as well.

It’s unclear when the data was stolen from MySpace, but both the hacker, who’s known as Peace, and one of the operators of LeakedSource, a paid hacked data search engine that also claims to have the credentials, said it’s from a past, unreported, breach.

Neither Peace nor LeakedSource provided a sample of the hacked data. But Motherboard gave LeakedSource the email addresses of three staffers and two friends who had an account on the site to verify that the data was real. In all five cases, LeakedSource was able to send back their password.

The database contains 427,484,128 passwords, but there are only 360,213,024 million emails, according to LeakedSource, which announced the leak on Friday in a blog post. Each record in the hacked dataset contains “an email address, a username, one password and in some cases a second password,” according to the site.

Read more

Post has attachment
Let’s Encrypt accidentally shares user email addresses

Here at Naked Security, we’re well-disposed towards encryption, especially TLS, which is the cornerstone of secure web browsing.

TLS is short for Transport Layer Security, and it’s the technology that puts the padlock in your browser’s address bar when you use HTTPS to visit a secure website.

In theory, TLS is easy, because software at each end does all the hard cryptographic work of securing the connection.

TLS is short for Transport Layer Security, and it’s the technology that puts the padlock in your browser’s address bar when you use HTTPS to visit a secure website.

In theory, TLS is easy, because software at each end does all the hard cryptographic work of securing the connection.

TLS also deals with authenticity and integrity, using encryption to help you verify not only that you’re talking securely, but also that you are talking to the right person.

(No point in having a strongly-encrypted session with a crook instead of your bank!)

But TLS has one tricky part: before your web server can “prove” who you are, you have to get a digitally-signed certificate that vouches for you, issued by someone who is themselves trusted by everyone’s browsers.

Read more

Intuitive Password v6.4.1 has just been release!

New: Developed a free tool that is used to generate secure passwords.
New: Added a maintenance notification system to the platform.
New: Developed a free tool for all users called One-Time Secret Notes.
New: You can now cancel a process if its taking longer than usual.
New: Added a security confirmation when updating your Security Reminder options.
New: You can now easily organize your Password Items by creating custom folders.
New: The video tutorials are now hosted locally and embedded in the platform.
Improved: Improved the user interface on View Shared Passwords page.
Improved: Improved validation process for the Secure Messenger.
Improved: A few minor user interface improvements.
Improved: Improved text translation for the Time Zone panel.
Fixed: Fixed a bug where the city names were not displayed in the Time Zone settings.

Post has attachment
TaxSlayer data breach leaves thousands of US financial accounts and tax filings at risk.

US-based tax preparation firm TaxSlayer has admitted that thousands of user records may have been compromised in a data breach, leaving a slew of financial accounts and tax filings at risk. The breach, blamed on what it has called an "unauthorised third party", was identified on 13 January as part of an ongoing security review.

The firm has said it believes usernames and passwords may have been accessed by the unknown hackers. Additionally, social security numbers and even previously filed tax returns are suspected to have been put at risk. According to SC Magazine, the hack has affected a total of 8,800 TaxSlayer users.

Lisa Daniel, director of customer support at TaxSlayer, said in a filing to the Californian Department of Justice that the illegal access took place between 10 October and 21 December 2015. In the filing, Daniels outlined what data is thought to have been exploited and what steps the firm is now taking to mitigate the problem. "The unauthorised third party may have obtained access to any information you included in a tax return or draft tax return saved on TaxSlayer, including your name and address, your social security number, the social security numbers of your dependents, and other data contained on your 2014 tax return," the letter stated.

"We recommend that you immediately change your username and password for any other online account for which you use the same username and password. We also strongly recommend that you obtain an Identity Protection PIN from the IRS. This is a unique PIN assigned to you that would be required to file your tax return. It will ensure that someone else cannot file a return with your social security number."

Read more at:

Post has attachment
Intuitive Password new version 6.0.0.106 released! For more information please check out our Release Notes here:

Post has attachment
Hilton is the Latest Hotel Chain to Confirm a Data Breach.

Hackers twice broke into Hilton’s computer systems. Hilton Hotels said on Tuesday it had been the victim of a security breach.

The hotel chain’s notice comes two months after the company began investigating whether hackers had attacked its properties. The news also follows initial reporting by Brian Krebs, an independent cybersecurity journalist, who caught wind that payment card terminals at the company’s restaurants, bars, and gift shops may have been compromised.

Hilton confirmed the cyber intrusion in a recent statement, saying it had “identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems.” The company, based in McLean, Va., said it “immediately launched an investigation” and “further strengthened” its systems.

Hilton did not reveal how many properties might be affected, nor did it confirm how many customers’ credit card or debit card information might have been stolen. “We cannot address the actual number of cards impacted,” the company said in an FAQ about the incident, adding that the potentially stolen information includes “cardholder names, payment card numbers, security codes and expiration dates, but no addresses, personal identification numbers (PINs) or Hilton HHonors account information.”

Read more

Post has attachment
Inside the VTech hack that jeopardized data of more than 200,000 kids

Just this morning Motherboard exposed one of the largest attacks yet, a massive breach of private user data from tech toy manufacturer VTech.

The hack exposed nearly 5 million parents as well as the names, genders and birthday information of more than 200,000 kids. What’s worse, the kids’ data is easily matched to that of the parents which would make it relatively easy to find their home addresses.

During his attempt to verify the leak, the journalist that originally penned the story,Lorenzo Franceschi-Bicchierai, reached out to Microsoft MVP for Developer Security, Troy Hunt.

It’s from Hunt’s analysis that we see just what went wrong.

Hunt’s first step was to verify the data. He did this through his own service, ‘Have I been pwned?’ (HIBP). HIBP is a free opt-in service that attempts to notify users if their accounts have been compromised in a data breach.

In 24 hours, he received six responses that seemed to back up the validity of the unnamed hackers claim.

From there he went about seeing just how severe the leak was.

Read more

Post has attachment
The FBI believes a single hacker has hold of 1.2 billion internet logins, and EL James fans be warned, he's known as Mr Grey. 

The logins for sites such as Facebook and Twitter were most likely stolen last year by a Russian crime ring dubbed CyberVor, which harvested data from a whopping 420,000 websites using botnets looking for SQL injection vulnerabilities -- the same technique used to target TalkTalk.

That was revealed in August last year by Milwaukee security firm Hold Security, which told journalists at the time that the Russian hackers had hold of 1.2 billion credentials as well has half a billion email addresses.

In its subsequent investigation, the FBI has been tracking one hacker, known as "mr grey" or "mistergrey", according to court documents seen by Reuters. 

The search for "mr grey" has turned up an email address in spam-sending tools, as well as posts on a Russian hacking forum offering to get information for users of Facebook, Twitter and VK, a Russian social network. Mr Grey offered to locate the records of such users, which Hold Security told Reuters suggested the hacker had a database or access to one holding the massive pile of stolen data. 

Post has attachment
Apple, Microsoft, Google, Samsung, Twitter, Facebook and 56 other technology companies have joined together to reject calls for weakening encryption saying it would be “exploited by the bad guys”.

After Apple’s chief executive Tim Cook’s claims that “any backdoor is a backdoor for everyone”, the Information Technology Industry Council, which represents 62 of the largest technology companies worldwide,said: “Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety.”

The debate over encryption, which has become the bedrock of the internet used by almost every transmission that needs to be secure and increasingly those that don’t, has erupted after the terrorist attacks on Paris.

The Information Technology Industry Council’s chief executive, Dean Garfield, said: “Weakening security with the aim of advancing security simply does not make sense.”

End-to-end encrypted communications mean that only the sender and receiver can view the contents of the message, which governments say has put intelligence services at a disadvantage.

Governments, including the UK’s, have said that backdoors – holes in the security software powering various forms of encryption – should be created through which security services could view communications.

Read more http://buff.ly/1Nm7kjb

We are pleased to announce that we have just released a new version of Intuitive Password. Here is the change log:

Version 5.0.5.1123
- Upgraded the security framework of the system.
- Enhanced the Intuitive Password security measures.
- Improved the loading performance of the system.

Kind Regards,
The Intuitive Password team
Wait while more posts are being loaded