This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.
We’re excited to announce that the Auto-Password Change feature we released to our Pre-Build Team last week is now available for all users in beta. LastPass can now change passwords for you, automatically. We’re releasing this feature for free to all our users, on Chrome, Safari, and Firefox (starting with version 3.1.70).
Auto-Password Change already supports 75 of the most popular websites, including Facebook, Twitter, Amazon, Pinterest, Home Depot, and Dropbox. When clicking “edit” for a supported site, a “Change Password Automatically” button appears.
Once clicked, LastPass opens a new tab where it logs in for you, creates a new password, and submits the changes on the website, while also saving them to LastPass. Next time you log in to that website, LastPass will autofill with the newly-generated password. And all you had to do was click a button!
Read the full article @ Blog.LastPass.com
Harvard Law School Professor Lawrence Lessig interviewed Edward Snowden at Harvard Law School on Oct. 20.
This morning I received the following notice (read the PDF) from Wuala informing me that their secure storage will no longer be free come January 1, 2015. For those of you not familiar with Wuala, think Dropbox but with end-to-end trust-no-one encryption. Granted, for 5GB of space you need only pay $12/year so I’m thinking I’ll pay it. But there goes the one free secure Dropbox replacement that I was aware of.
Adobe came under fire a few weeks ago when news was brought to light that critical user data was being sent to their servers from anyone using Adobe Digital Editions 4. The most important aspect of this story was that it was being done in clear text, with no encryption. Adobe has just patched ADE 4, to solve this issue.
This is from May but I’m a bit behind in some of my reading. However it is worth every moment you’ll spend reading it.
A great deal of confusion has been created by the distinction between data and metadata, as though there were a difference and spying on metadata were less serious.
Illegal interception of the content of a message breaks your secrecy. Illegal interception of the metadata of a message breaks your anonymity. It isn’t less, it’s just different. Most of the time it isn’t less, it’s more.
In particular, the anonymity of reading is broken by the collection of metadata. It wasn’t the content of the newspaper Douglass was reading that was the problem – it was that he, a slave, dared to read it.
The president can apologise to people for the cancellation of their health insurance policies, but he cannot merely apologise to the people for the cancellation of the constitution. When you are president of the United States, you cannot apologise for not being on Frederick Douglass’s side.
Read the full article @ The Guardian.
This week, a group of hackers released a list of about 5 million Gmail addresses and passwords. This list was not generated as a result of an exploit of WordPress.com, but since a number of emails on the list matched email addresses associated with WordPress.com accounts, we took steps to protect our users.
We downloaded the list, compared it to our user database, and proactively reset over 100,000 accounts for which the password given in the list matched the WordPress.com password. We also sent email notification of the password reset containing instructions for regaining access to the account.
Read the full article @ blog.wordpress.com
Power exists to be used. Some wish for cyber safety, which they will not get. Others wish for cyber order, which they will not get. Some have the eye to discern cyber policies that are “the least worst thing;” may they fill the vacuum of wishful thinking. Presented by Dan Geer at Black Hat USA 2014.
I confess to feeling some kinship with Snowden. Like him, I was assigned to a National Security Agency unit in Hawaii—in my case, as part of three years of active duty in the Navy during the Vietnam War. Then, as a reservist in law school, I blew the whistle on the NSA when I stumbled across a program that involved illegally eavesdropping on US citizens. I testified about the program in a closed hearing before the Church Committee, the congressional investigation that led to sweeping reforms of US intelligence abuses in the 1970s. Finally, after graduation, I decided to write the first book about the NSA. At several points I was threatened with prosecution under the Espionage Act, the same 1917 law under which Snowden is charged (in my case those threats had no basis and were never carried out). Since then I have written two more books about the NSA, as well as numerous magazine articles (including two previous cover stories about the NSA for WIRED), book reviews, op-eds, and documentaries.
Another concern for Snowden is what he calls NSA fatigue—the public becoming numb to disclosures of mass surveillance, just as it becomes inured to news of battle deaths during a war. “One death is a tragedy, and a million is a statistic,” he says, mordantly quoting Stalin. “Just as the violation of Angela Merkel’s rights is a massive scandal and the violation of 80 million Germans is a nonstory.”
Read the full story @ Wired.com.
Adobe just patched up a gaping security flaw that could affect anyone who logs on to eBay, Tumblr, Instagram, or other popular sites. If you’re a person who visits any of those domains (or really, any website out there that might use Flash), you really should update your stuff right now.
Basically, the flaw—which security blogger Michele Spagnuolo says has been well known in the infosec community—made it possible for hackers to steal the cookies that authenticate returning users on sites like eBay, Twitter, Tumblr, and thousands more. Spagnuolo says that so far, no tools have been made public to exploit the fluke. Since there was no proof of concept that the exploit could work, “this led websites owners and even big players in the industry to postpone any mitigation until a credible proof of concept was provided,” Spagnuolo says.
Read the full article @ Gizmodo.com.