Google employees say they have begun developing new user authentication technologies that do not use passwords.

The company’s security division released a report on the possible ways of lowering the risk that websites’ authorization mechanisms will be broken into. According to the report, user passwords are no longer a sufficient method for protecting information.

Google’s ideas for protecting its e-mail service, Gmail (and connections to it), include miniature cryptographic USB cards that allow users to be authorized after registration without entering a password. It has been suggested that in time the USB interface will move way to wireless technology that would allow any accessory — watches, rings, etc. — to be used to grant access.

A research by German scientists from the AV-Test information security institute revealed a drastic decrease of the efficiency of anti-virus tools. The research included the testing of 25 anti-virus tools for home use and 8 corporate products.

Anti-virus programs managed to block 92% of low-level attacks and clean 91% of infected systems, of which only 60% were able to operate normally.

Three out of 25 tested programs could not score high enough to get a security certificate: Microsoft Security Essentials, PC Tools and AhnLabs. Another corporate solution from Microsoft, Forefront, also didn’t score high enough in the tests.

A similar alternative research was conducted by a company called Imperva in late 2012 with similarly discouraging results: all anti-virus tools of the VirusTotal service successfully detected less than 5% of malware.

A large group of activists comprised of organizations, journalists, lawyers and regular Internet users issued an open letter to Skype’s current owner, Microsoft. This letter focused on the confidentiality of Skype communications. They believe that the service’s confidentiality policy is somewhat fuzzy and the description of possible interactions with third parties and law enforcement agencies is insufficient.

Microsoft’s agreement with China’s TOM Оnline on the creation of a custom version of Skype for Chinese users was especially criticized. This version had a special filter that blocked specific messages. And since this version was identical to the regular one, it meant that any Skype user could eventually be monitored.

Activists reckon that the main reason for such changes in Skype policies is the recent acquisition of the company by Microsoft. That is why it is now held responsible for letting the public know about the ways the service works with confidential data and interacts with law enforcement agencies.

Microsoft employees confirmed the receipt of the letter and promised to issue an official response to these questions.

According to the experts of BitDefender, a developer of anti-virus tools, the hacking of a large number of mailboxes of Yahoo users was the result of a missed update of the WordPress CMS that was installed on the servers of the mail service.

The WordPress vulnerability that was used by the hackers had been known before and was only fixed in spring 2012. However, the CMS simply wasn’t updated on the developer.yahoo.com portal. After WordPress was hacked, the intruders managed to gain access to the cookie files of user sessions for the entire yahoo.com domain.

They used the obtained files and special JavaScript constructs on fake sites to get session-based access to a large number of mailboxes of Yahoo users.

User passwords were not compromised, but the hackers could read and send emails on behalf of Yahoo users. They could, for instance, gain access to users’ social accounts associated with the hacked mailbox.

At the moment, the consequences of the compromise threat have been dealt with. WordPress has been updated.

The time that an average user spends to come up with a password is considerably longer than the time needed to break it. Furthermore, 90% of users’ passwords can be broken within seconds.
These are the results of a research conducted by Deloitte Canada.

The most typical mistakes that users make while selecting a password: use of the same password for different accounts (sites and services), predictable passwords, simple passwords (digital, same letter case, dictionary-based).

Considering today’s growth of available computing power and the possibility of using cluster computing (uniting many computers into a single network for solving a specific computing task), the efficiency of password breaking techniques has increased manifold.

Large companies are already working on additional user authentication method that will be more efficient than passwords in the long run.
It is assumed that these methods will include passwords delivered in text messages, fingerprint scanning and so on. Google, for instance, is working on special RFID tags for user authorization.
The most popular (and, therefore, the least reliable) passwords in 2012 were:

• password
• 123456
• 12345678
• abc123
• qwerty
• monkey
• letmein
• dragon
• 111111
• baseball
• iloveyou
• trustno1
• 1234567
• sunshine
• master
• 123123
• welcome
• shadow
• ashley
• football
• Jesus
• michael
• ninja
• mustang
• password1

Vladimir Zdorovenin, a Russian national, was sentenced to 2 years in prison by the New York court for a series of cybercrimes involving the theft of personal details and credit card information. The hacker committed crimes remotely from Russia, targeting American citizens.

Zdorovenin and his son used phishing and viruses since 2004 to steal the personal details of credit card holders. Apart from carding and other types of online fraud, Zdorovenin was also interested in the stock exchange market – he attempted to make money by manipulating stock prices and closing deals on behalf of people whose details he had previously stolen.

He was arrested in Zurich, Switzerland in March 2011 and extradited to the U.S. following an official order. The fraudster pleaded guilty to two charges.

The reputation of the anti-virus software developer has been seriously tarnished by the recent scandal involving its founder, John MacAfee. He is accused of murdering a Belize citizen.

McAfee Associates was founded by John back in 1987, but he left the company in 1994 (after it became one of the leading companies on the market). In early 2011, Intel purchased it for $7 billion.

A BrandIndex expert studied the rating of the McAfee anti-virus software brand and made an unusual conclusion: despite the fact that John hasn’t been with the company for over 20 years, his association with the brand is still so strong that his personal problems resulted in a -17 downslide of the company’s rating (on a -100 to 100 scale). This is the lowest rating of the McAfee brand since over 5 years ago when this monitoring was started.

McAfee’s brand rating plummeted after mass media announced that the Belize government had doubts as to the mental health of the company’s founder.

Experts of the U.S. Federal Trade Commission are convinced that the technological progress has reached such a stage that we must revise the rules of protecting children’s online privacy.

This document was adopted in 1998 and obliged ISP’s to provide a certain level of protection for confidential information about children under 13.

FTC believes that most parents today are not fully aware of what information is being collected about their children, where it is stored and for what purpose. This is especially true for social networks, mobile platforms and various applications.

Amendments to COPPA contain several definitions of new terms that appeared since the adoption of the original document. The very notion of “personal data” has also been revised and redefined by including geolocation data, photos and videos.

The full list of proposed amendments is available on FTC’s website.

Google announced plans to implement parental control features in the settings of its Chrome browser. These features will help parents efficiently control their children’s web browsing.

This update will enable users to launch the browser with different settings under different accounts. Unlike the full-featured ”parent” account, a “child” account will not allow browsing of blacklisted websites. It will also be possible to restrict browsing only to a “white list” of allowed sites.

Moreover, the “child” account will not support the private browsing mode and deletion of browsing history. The release date of the updated version of Chrome with these features has not yet been confirmed.

If you are interested in parental control, feel free to check out Time Sheriff, our program that is currently distributed free of charge.

A group of hackers called The Hackers Army announced a successful breach of a server belonging to the U.S. Federal Bureau of Investigations (FBI). They claim to have hacked the authentication server and secured access to logins and passwords of FBI employees.

As a proof of this breach, the hackers provided details of server configurations and versions of software used on them, as well as login credentials of several employees.

The Anti-Malware.Ru analytical center has conducted a brief analysis of these data and concluded that “many of these addresses really exist, but it’s impossible to tell right now whether these passwords are valid.”

Traditionally, FBI representatives have not provided any official comments on this matter.