Password managers: The good, the bad, and the ugly

In a world where we’re being told to change our passwords every five minutes thanks to the latest massive breach, it’s hard to imagine life without a password manager. Though now that these killer apps are a dime a dozen, the market has predictably been flooded with options you should think twice about using.

Once you’ve started using a password manager, you realize just how absolutely insane things have gotten that we’d be expected to not only remember a jillion passwords, but also be able to spontaneously make up words and phrases that follow all the different and bizarre password-creation rules that sites require of us.

If you’re reading this and not using a password manager, keep reading. You’re in a high-risk category for getting hacked and exploited. Even if you’re already utilizing the best consumer tool for computer security since antivirus, you should also keep reading—because not all password managers are created equal.

Read more »


Mac malware: Coming soon to a computer near you

Computer security is science, yet it sure seems to traffic in enough beliefs to make it seem like a collection of warring cults. And no matter which infosec church you’re most swayed by, you’re probably one of the many who believe that Macs don’t get malware. Even if you’re not totally on board with this, chances are good you at least behave like Macs are immune.

In fact, the number of malware attacks on Apple’s operating system skyrocketed by 744 percent in 2016. Despite this, most people still believe that Macs don’t get viruses. Add to this the fact that, despite the seeming ubiquity of Apple’s products, the company’s user base is still growing. There are nearly 100 million Apple users worldwide, myself included.

screenshot mcafee report 02 McAfee

Malware on Macs has increased dramatically.

Read more »


How the new age of antivirus software will protect your PC

Antivirus software ain't what it used to be. The sneaky, sophisticated security threats your PC faces now have gone far beyond what traditional software can do. The future of protecting your PC will require a multi-pronged approach involving vigilant updates, bug bounties, and artificial intelligence.

Like any software, antivirus is susceptible to bugs. Earlier this summer, Google’s Project Zero discovered serious flaws in enterprise and consumer products from Symantec that allowed malicious actors to take control of a computer. Symantec provided updates for the bugs, but some required manual installation from users, who needed to be in the know.

Symantec isn’t alone. Project Zero regularly publishes findings that reveal security flaws in software made by Kaspersky Lab, McAfee, and FireEye, to name a few. Brian Soldato of NSS Labs, a security product testing organization, says his company has seen “unprecedented numbers” of vulnerabilities that are bypassing security software.

Read more »


Phone hacking: What the FBI won't reveal could hurt users, experts argue

WASHINGTON—We already know that law enforcement agencies can hack our phones. But we don’t know what they find, how they find it, or even who helps them discover the information. Top cybersecurity experts and lawmakers argued about how much should be revealed at a July 11 meeting of the Congressional Internet Caucus.

“Government hacking has already happened. The question of whether it should happen is actually way past the point,” said Harley Geiger, director of public policy at Rapid 7, an Internet security company. 

Geiger and others cited the FBI-Apple encryption dispute as a troubling example. Apple refused to help the FBI unlock the iPhone belonging to one of the terrorists involved in the December, 2015 attack in San Bernardino, California. The agency sued Apple, then dropped the lawsuit when it used a third party to crack the passcode in the phone instead. The issue of whether law enforcement should be able to take advantage of vulnerabilities remains unresolved, and government hacking is still unregulated.

Read more »


This is what your messaging app needs to be truly secure

You may love your messaging app, but your messaging app may not love your privacy and security. WhatsApp, arguably the most popular messaging app in the world with a billion users, made a significant step in April by introducing end-to-end encryption built on the Signal protocol, much to the chagrin of governments and police forces.

Some apps are much further ahead in the security game than others. As you wade through the glut of messaging services available, these are the features to look for.

End-to-end encryption

Read more »


How greed could destroy the ransomware racket

Ransomware scam artists have a good thing going. They infect some computers and inflict a distasteful—but ultimately logical—choice on the victims: Pay up or lose your data.

Ransoms can be an expensive lesson for most. Many consumers opt not to pay and rely on whatever backups they have. Businesses often pay—an act that may require dealing with Bitcoin markets as well as feeling like a chump. Yet, even the FBI has said it understands when victims pay.

Ransomware rules, broken

Read more »


All about your 'fullz' and how hackers turn your personal data into dollars

If cyber criminals have a Holy Grail, it’s your fullz, or your full set of personal information. And they’ll go to great lengths to get it.

Since 2005, more than 6,000 companies and organizations have reported breaches. Judging from prior trends, about half of those breaches likely involved the exposure of sensitive information, where consumers’ names are paired with additional data such as addresses, phone numbers, birth dates, Social Security numbers, and health records. In just 2015, for example, nearly 165 million records containing Social Security numbers were compromised in 338 breaches, according to the Identity Theft Resource Center.

Cyber crimimals are focused on bringing together an individual's full information to facilitate identity theft, allow the purchase of goods and services on the Internet, and enable criminals to open new accounts in a victim’s name. Fullz are also for sale in underground markets and the dark web, ranging in price from $15 to $65 for a U.S. citizen’s complete record, according to data collected by security services firm Dell Secureworks.

Read more »