Google employees say they have begun developing new user authentication technologies that do not use passwords.

The company’s security division released a report on the possible ways of lowering the risk that websites’ authorization mechanisms will be broken into. According to the report, user passwords are no longer a sufficient method for protecting information.

Google’s ideas for protecting its e-mail service, Gmail (and connections to it), include miniature cryptographic USB cards that allow users to be authorized after registration without entering a password. It has been suggested that in time the USB interface will move way to wireless technology that would allow any accessory — watches, rings, etc. — to be used to grant access.

A research by German scientists from the AV-Test information security institute revealed a drastic decrease of the efficiency of anti-virus tools. The research included the testing of 25 anti-virus tools for home use and 8 corporate products.

Anti-virus programs managed to block 92% of low-level attacks and clean 91% of infected systems, of which only 60% were able to operate normally.

Three out of 25 tested programs could not score high enough to get a security certificate: Microsoft Security Essentials, PC Tools and AhnLabs. Another corporate solution from Microsoft, Forefront, also didn’t score high enough in the tests.

A similar alternative research was conducted by a company called Imperva in late 2012 with similarly discouraging results: all anti-virus tools of the VirusTotal service successfully detected less than 5% of malware.

According to the experts of BitDefender, a developer of anti-virus tools, the hacking of a large number of mailboxes of Yahoo users was the result of a missed update of the WordPress CMS that was installed on the servers of the mail service.

The WordPress vulnerability that was used by the hackers had been known before and was only fixed in spring 2012. However, the CMS simply wasn’t updated on the developer.yahoo.com portal. After WordPress was hacked, the intruders managed to gain access to the cookie files of user sessions for the entire yahoo.com domain.

They used the obtained files and special JavaScript constructs on fake sites to get session-based access to a large number of mailboxes of Yahoo users.

User passwords were not compromised, but the hackers could read and send emails on behalf of Yahoo users. They could, for instance, gain access to users’ social accounts associated with the hacked mailbox.

At the moment, the consequences of the compromise threat have been dealt with. WordPress has been updated.

The time that an average user spends to come up with a password is considerably longer than the time needed to break it. Furthermore, 90% of users’ passwords can be broken within seconds.
These are the results of a research conducted by Deloitte Canada.

The most typical mistakes that users make while selecting a password: use of the same password for different accounts (sites and services), predictable passwords, simple passwords (digital, same letter case, dictionary-based).

Considering today’s growth of available computing power and the possibility of using cluster computing (uniting many computers into a single network for solving a specific computing task), the efficiency of password breaking techniques has increased manifold.

Large companies are already working on additional user authentication method that will be more efficient than passwords in the long run.
It is assumed that these methods will include passwords delivered in text messages, fingerprint scanning and so on. Google, for instance, is working on special RFID tags for user authorization.
The most popular (and, therefore, the least reliable) passwords in 2012 were:

• password
• 123456
• 12345678
• abc123
• qwerty
• monkey
• letmein
• dragon
• 111111
• baseball
• iloveyou
• trustno1
• 1234567
• sunshine
• master
• 123123
• welcome
• shadow
• ashley
• football
• Jesus
• michael
• ninja
• mustang
• password1

Experts of the U.S. Federal Trade Commission are convinced that the technological progress has reached such a stage that we must revise the rules of protecting children’s online privacy.

This document was adopted in 1998 and obliged ISP’s to provide a certain level of protection for confidential information about children under 13.

FTC believes that most parents today are not fully aware of what information is being collected about their children, where it is stored and for what purpose. This is especially true for social networks, mobile platforms and various applications.

Amendments to COPPA contain several definitions of new terms that appeared since the adoption of the original document. The very notion of “personal data” has also been revised and redefined by including geolocation data, photos and videos.

The full list of proposed amendments is available on FTC’s website.

A group of hackers called The Hackers Army announced a successful breach of a server belonging to the U.S. Federal Bureau of Investigations (FBI). They claim to have hacked the authentication server and secured access to logins and passwords of FBI employees.

As a proof of this breach, the hackers provided details of server configurations and versions of software used on them, as well as login credentials of several employees.

The Anti-Malware.Ru analytical center has conducted a brief analysis of these data and concluded that “many of these addresses really exist, but it’s impossible to tell right now whether these passwords are valid.”

Traditionally, FBI representatives have not provided any official comments on this matter.

The thief entered a hotel room by opening its electronic lock using a special device and stole a laptop. Quite naturally, the police found no evidence of a break-in and none of the hotel’s keys were used. The investigation showed that the lock was opened using a special electronic tool. As the result, the police arrested the 27-year-old Matthew Allen Cook, who had been previously convicted for theft. He was caught trying to sell the stolen equipment.

He entered the hotel room using a security flaw in electronic locks made by Onity. Such locks are used in 4 million hotels around the globe.

The vulnerability was presented at the Black Hat Security conference by Cody Brocious, a security expert who used a sub $50 programming device to demonstrate how any hotel room can be easily opened. The vulnerability exists due to the fact that opened unencrypted ports of the lock allow any device to read device management data from its memory.

The manufacturer of electronic locks who obviously underestimated the value of information security, has been refraining from comments so far.

For several years now, the U.S. Central Intelligence Agency (CIA) has had a special unit for monitoring social networks all over the world. The official name of this bureau is “Open Source Center”. Its employees are mostly hackers and linguists.

The primary goal of the bureau is the collection, filtration and analysis of information coming from social networks, as well as local forums, TV channels and other mass media. The reports of the bureau go directly to the White House.

Linguists and professional hackers from OSC are capable of filtering millions of posts in Twitter alone and finding information that others don’t have a clue about.
The bureau was created after 9/11 and the official reason for this was, obviously, “war on terrorism”.

One of the American schools competing for a 2 million-dollar government grant from the state of Texas has started using RFID (Radio Frequency Identification) tags to control the location of students hoping to improve the attendance rate. According to the school’s administration, this should have a positive effect on the safety of students as well, since they believe that public schools are safe places to be in.
However, students and their parents do not always agree with this opinion. Andrea Hernandez was suspended from classes for a categorical refusal to wear an RFID tag. Her agitation among peers against the use of this technology was also prohibited. The student believes that this new practice violates her right to privacy and infringes her religious beliefs and freedom of expression.
Andrea goes to another school now, while her parents and a group of civil rights activists are trying to sue the administration of the old school that refused to let her continue her education. They may well win the case — personal rights and freedoms have always been prioritized in the US.

Neil Smith, an IT security expert, found a hidden embedded program in Samsung printers that makes it possible to remotely connect to them, change settings and manage printing. This is a real backdoor created by the manufacturer for the convenience of technical support experts.

Apparently, the company never disclosed the existence of such functionality. The same kind of program was found in Dell printers, which can be attributed to their mutual manufacturing contracts.

This backdoor uses a modified version of the SNMP protocol that is not visible in the list of connections and continues to work even if the user disables SNMP in the printer settings.

Since the information has been made public, emergence of working exploits for this vulnerability is just a matter of time. Obviously, these exploits will not try to intercept documents being printed, but will aim to execute arbitrary unauthorized code with administrator rights in an external network. Samsung believes that it will be able to release a patch before hackers find a way to create an exploit.