By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

While many of us unplugged from the internet over the holidays to spend time with loved ones, LastPass, the maker of a popular security program for managing digital passwords, delivered a most unwanted gift.  It recently published details about a security breach in which cybercriminals obtained copies of customers’ password vaults, potentially exposing millions of people’s online information. From a hacker’s point of view, this is equivalent to hitting the jackpot. When you use a password manager like LastPass or 1Password, it stores a list containing all the usernames and passwords for the sites and apps you use, including banking, healthcare, email, and social networking accounts Huh. It keeps track of that list, called a vault, in its own online cloud so you can easily access your passwords from any device. LastPass said the hackers stole a copy of the list of usernames and passwords for each customer from the company’s servers. This breach was one of the worst things that could happen to a security product designed to take care of your passwords. But besides the obvious next step — to change all your passwords if you used LastPass — there are important lessons we can learn from this debacle, including that security products are not foolproof, especially when they Store our sensitive data in the cloud. First, it’s important to understand what happened: The company said the intruders gained access to its cloud database and a copy of the data vault containing millions of customers using credentials and keys stolen from a LastPass employee. LastPass, which published details about the breach in a blog post on December 22, attempted to reassure its users that their information was likely to be secure. It said that some parts of people’s vaults – such as the website addresses for sites they logged into – were unencrypted, but sensitive data including usernames and passwords were encrypted. This shows that hackers can know the banking website that someone uses but do not need the username and password to log into that person’s account. Most important, the master password that users set to unlock their LastPass vaults was also encrypted. This means hackers would have to crack the encrypted master password to get to the rest of the passwords in each vault, which would be difficult to do as long as people used a unique, complex master password. LastPass CEO Karim Touba declined to be interviewed but wrote in an emailed statement that the incident demonstrated the strength of the company’s system architecture, which he said kept sensitive Vault data encrypted and secure. Is. He also said that it was the users’ responsibility to “practice good password hygiene”. Many security experts disagreed with Mr. Touba’s optimistic spin, saying that every LastPass user should change all of their passwords. “It’s very serious,” said Sinan Eren, an executive at security firm Barracuda. “I think all those managed passwords have been compromised.” Casey Ellis, chief technology officer at security firm BugCrowd, said it was important that the intruders had access to lists of website addresses that people used. “Let’s say I’m following you,” said Mr. Ellis. “I can see all the websites you have saved information for and use that to plan an attack. Every LastPass user has that data now in the hands of an adversary. We can all learn from this breach to stay safe online. While many of us unplugged from the internet over the holidays to spend time with loved ones, LastPass, the maker of a popular security program for managing digital passwords, delivered a most unwanted gift. It recently published details about a security breach in which cybercriminals obtained copies of customers’ password vaults, potentially exposing millions of people’s online information. From a hacker’s point of view, this is equivalent to hitting the jackpot. When you use a password manager like LastPass or 1Password, it stores a list containing all the usernames and passwords for the sites and apps you use, including banking, healthcare, email and social networking accounts Huh. It keeps track of that list, called a vault, in its own online cloud so you can easily access your passwords from any device. LastPass said the hackers stole a copy of the list of usernames and passwords for each customer from the company’s servers. This breach was one of the worst things that could happen to a security product designed to take care of your passwords. But besides the obvious next step — to change all your passwords if you used LastPass — there are important lessons we can learn from this debacle, including that security products are not foolproof, especially when they Store our sensitive data in the cloud. First, it’s important to understand what happened: The company said the intruders gained access to its cloud database and a copy of the data vault containing millions of customers using credentials and keys stolen from a LastPass employee. LastPass, which published details about the breach in a blog post on December 22, attempted to reassure its users that their information was likely to secure. It said that some parts of people’s vaults – such as the website addresses for sites they logged into – were unencrypted, but sensitive data including usernames and passwords were encrypted. This shows that hackers can know the banking website that someone uses but do not need the username and password to log into that person’s account. Most important, the master password that users set to unlock their LastPass vaults was also encrypted. This means hackers would have to crack the encrypted master password to get to the rest of the passwords in each vault, which would be difficult to do as long as people used a unique, complex master password. LastPass CEO Karim Touba declined to be interviewed but wrote in an emailed statement that the incident demonstrated the strength of the company’s system architecture, which he said kept sensitive Vault data encrypted and secure. Is. He also said that it was the users’ responsibility to “practice good password hygiene”. Many security experts disagreed with Mr. Touba’s optimistic spin, saying that every LastPass user should change all of their passwords. “It’s very serious,” said Sinan Eren, an executive at security firm Barracuda. “I think all those managed passwords have been compromised.” Casey Ellis, chief technology officer at security firm BugCrowd, said it was important that the intruders had access to lists of website addresses that people used. “Let’s say I’m following you,” said Mr. Ellis. “I can see all the websites you have saved information for and use that to plan an attack. Every LastPass user has that data now in the hands of an adversary. We can all learn from this breach to stay safe online. More details can be found on OUR FORUM.

The Irish Data Protection Commission (DPC) has launched an inquiry following last month's news reports of a massive Twitter data leak. This leak affected over 5.4 million Twitter users and included both public information scraped from the site as well as private phone numbers and email addresses. The data was obtained through the exploitation of an API vulnerability that Twitter had fixed in January. In a statement on Friday, the Irish privacy regulator said, "The DPC corresponded with Twitter International Unlimited Company ('TIC') in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance." It also added that it believes "one or more provisions of the GDPR and/or the Act may have been, and/or are being, infringed in relation to Twitter Users' personal data." The DPC, which serves as Twitter's lead EU watchdog, wants to determine if the social media giant has fulfilled its obligations as a data controller regarding the processing of user data and whether it has violated any provisions of the General Data Protection Regulation (EU GDPR) or the Data Protection Act 2018. Two years ago, the DPC fined Twitter €450,000 (~$550,000) for failing to notify the DPC of a breach within the 72-hour timeframe required by the GDPR and for inadequate documentation of the breach. In November 2021, the DPC also fined Meta €265 million ($275.5 million) for a major data leak on Facebook that exposed the personal information of hundreds of millions of users worldwide. In July 2022, the private information of more than 5.4 million Twitter users was put up for sale on a hacking forum for $30,000. While most of the data was publicly available, such as Twitter IDs, names, login names, locations, and verified status, the leaked database also included non-public information, such as email addresses and phone numbers. This data was collected in December 2021 through a Twitter API vulnerability disclosed through the HackerOne bug bounty program, which allowed anyone to submit phone numbers or email addresses into the API to link them to their associated Twitter ID. After BleepingComputer shared a sample of the stolen user records with Twitter, the company confirmed it had experienced a data breach linked to attackers using this API bug, which was fixed in January 2022. BleepingComputer found that the bug was exploited by Pompompurin, the owner of the Breached hacking forum, who also harvested the information of an additional 1.4 million suspended Twitter users using a different API. This brought the total number of Twitter profiles scraped for private information to almost 7 million. Stay in the loop by visiting OUR FORUM.

 

A couple of days ago, Elon Musk launched a poll asking Twitter users to vote on whether he should resign as the Twitter CEO. More than 50 percent of people think that the multi-billionaire should resign from that post.  Now Musk has announced that he will abide by the results and resign as the CEO of the social media company. But it may not happen anytime soon. While Musk says he will resign, he will not do so until he finds “someone foolish enough to take the job.” And no one really knows when that will happen. But according to reports, it’s not the poll result that has decided Musk’s future roles at Twitter, as he was looking for a CEO even before that. After taking over Twitter, Elon Musk also said that his role as the Twitter CEO would be “temporary.” However, Musk will continue to oversee software and server teams even after resigning as the CEO. Either way, while Musk may not be the CEO, he will definitely have a say in everything that Twitter will do in the future, at least until he keeps the company as a private entity. Under Musk’s leadership, Twitter underwent massive changes, including a Twitter Blue Verified system allowing genuine people to be verified. Its latest big announcement was that it would launch a poll on Twitter before making major policy decisions. This way, the company may be trying to avoid the kind of outrage it had to face after launching the now-deleted “Promotion of alternative social platforms policy.” However, polls regarding Twitter’s policy changes may not always remain free. Musk recently commented on whether Twitter should give voting power on major policy decisions to Blue subscribers only. The chief of Twitter said, “Good point. Twitter will make that change.” While giving voting power to Blue subscribers will make them feel special, it will be another polarizing decision and will definitely lead to outrage. It will be interesting to see if Musk launches a new poll asking users whether voting power should become a paid feature. Amid outrage over its now-deleted policy platform promotion policy, Twitter recently launched a new badging system for Business users. It allows a company to link any number of its affiliated individuals, businesses, and brands to its account. After linking, affiliated accounts will get a small square badge of their parent company’s profile picture next to their blue or gold checkmark. Follow this thread on OUR FORUM.

As the year comes to an end, network providers are putting a stop to their 3G satellites. Here's how the closure may affect the tech that you rely on every day. 3G is shutting down and some of your most essential tech may soon -- or, may have already -- become unusable. What steered the evolution of how we use, interact, and communicate with technology 20 years ago will officially retire by the end of 2022 (which is in two weeks), with major US carriers having nearly finished repurposing their 3G satellites. In their place: 5G, the next-generation network that promises considerably faster speeds than 4G LTE and a more unified system for Artificial Intelligence (AI) and Internet of Things (IoT) expansion. So, what does this all mean for older hardware like cell phones, alarms, and GPS systems that thrive on the 3G spectrum? To put it bluntly, many of the network-driven features will become obsolete, presenting some unforeseen dangers. Fortunately, there are steps that you and your loved ones can take to safely transition from aging to future-proof tech. In some cases, manufacturers may even be able to give your older gadgets new life through software upgrades. Here is everything you need to know about the "3G sunset", how it will affect the technology that you use, and what you can do to stay afloat in the ever-changing landscape. While carriers have been planning the closure of 3G since 4G LTE took the reins (and the prospect of 5G being another catalyst) the agenda took a pause during the pandemic. Over the past two years, 3G-reliant services like home security systems and tech for the elderly have become more essential than ever, keeping telecommunications companies from pulling the plug. That is, until 2022, with major US carriers finally giving in and having already shut down their 3G satellites. For the greater portion of the 3G era, smartphones enabled users to browse the web, share viral videos, update statuses, and connect with people from around the world. That all remains possible through 4G LTE, 5G, and Wi-Fi networks. With 3G turned off, the iPhone 3GS, for example, won't be able to make calls or text messages, but can still connect to Wi-Fi to access internet-based applications. According to the CTIA, "fewer than nine percent of the US wireless connections are 2G or 3G subscriptions." If you're using a smartphone that launched after 2014, you likely won't experience any setbacks from the 3G shutdown. The same applies to flip phones that were released after 2017. Unsure of what year your device was manufactured? The best solution is to check with your local carrier -- in person or online -- to see if there are any compatibility issues. Besides ushering in the revolution of smartphones, 3G has played a foundational role in the navigation and alarm-based systems that we rely on during our everyday commutes. With the institution of faster and more reliable 5G, roadside assistance and emergency crash alerts are among the many network-based features that will be affected by the shutting down of 3G. Many cars also have an emergency SOS button that, when pressed, dials first responders via 3G. That, too, will lose functionality. Vehicles from popular automakers like Toyota, Lexus, Nissan, Hyundai, Dodge, and more released before 2019 are susceptible to the issues mentioned above. The main reason that newer models still carry 3G receivers, according to Roger Lanctot, director of automotive connected mobility at Strategy Analytics, is for automakers to save on manufacturing costs. Further details can be found on OUR FORUM.

The Tor Project team has announced the release of Tor Browser 12.0, a major version release introducing support for Apple Silicon chips and several enhancements for the Android version. Tor is a Firefox-based browser created for accessing special .onion domains only accessible on the Onion network and browsing the web with more anonymity and privacy. The browser achieves this by routing traffic through network nodes while encrypting network data. The connection requests reach the destination through an exit node that is used to relay the information back to the user. Tor browser version 12.0 is based on Firefox 102, an upgrade from Firefox version 91, which was used as the base for the previous Tor release, v11.5. This means that all security fixes, performance enhancements, and code improvements Firefox implemented in the new ESR (Extended Support Release) have now landed on Tor. One notable new feature on Tor 12.0 is the introduction of native support for Apple Silicon chips, i.e., M1 and M2 devices. Tor now uses a universal binary that bundles x86-64 and ARM64 builds and automatically picks the correct version for the platform it runs on. The main benefit of native support for Apple's new architecture is better performance of the Tor browser on macOS systems. Android, which has been previously neglected by the Tor Project team, receiving infrequent updates and delays in getting new features, is now catching up to the desktop version. "Since the beginning of the year, our developers have been working hard to recommence regular updates for Android, improve the app's stability, and catch up to Fenix's (Firefox for Android's) release cycle," reads Tor's release announcement. "The next phase in our plan for Android is to begin porting selected, high-priority features that have recently been launched for desktop over to Android." Tor version 12.0 introduces the http-only mode that first landed on version 11.5 for desktops, which enables the browser to automatically switch to the http version of visited sites when available. http is preferable to HTTP connections because the information exchange between the site visitor and the server hosting the site is encrypted, preventing man-in-the-middle attacks and sensitive data exposure. Another new feature added in the Android version of the Tor browser is "prioritize .onion sites," which redirects to the '.onion' version of the visited site if available. The new option was added to the 'Privacy and security settings menu. To learn more or to download please visit OUR FORUM.

Intel's plans for the workstation market with its Sapphire Rapids-WS are taking shape as a well-known hardware leaker published preliminary specifications for the new CPUs. Intel's lineup of next-generation Xeon products for workstations and high-end desktops will include overclockable CPUs with up to 56 cores, eight memory channels, and 112 PCIe lanes if the information revealed by reputable hardware leaker Enthusiastic Citizen (ECSM_Official) is correct. Intel's family of next-generation Xeon W processors for W790-based workstations will reportedly consist of two families of products that will offer slightly different capabilities. The Xeon W 3400-series CPUs will be derived from a multi-chiplet Sapphire Rapids design and will feature up to 56 cores, eight DDR5 memory channels, and 112 PCIe lanes. In addition, CPU cores used by these processors will be Golden Cove-derived cores with AVX-512 and AMX instructions enabled. By contrast, the Xeon W-2400-series processors will use a single-die design with up to 24 cores, four DDR5 memory channels, and 64 PCIe lanes. Intel's Xeon W-2400 and W3400-series processors are expected to come in LGA4677 packaging and use W790-based workstation motherboards. One of the first W790 mainboards leaked last week, which suggests that some of Intel's partners are getting ready to ship these products sooner rather than later. Meanwhile, a rumor suggests that Intel only intends to roll out its W790 platform next April, so it is too early to ship appropriate motherboards. Then again, Intel has never officially confirmed the launch timeframe for its W790 platform and only confirmed that this one is designed for workstations. Intel's Xeon W-3400-series lineup will allegedly include nine models, four of which will be overclockable. Even the flagship Xeon W9-3495X is expected to come with an unlocked multiplier making for overclocking support. Linux boot logs unearthed earlier this year essentially confirm the existence of Intel's Xeon W-3400-series CPUs (which come with AVX-512 and AMX enabled). Still, they also mention the Xeon W9-3495 (non-X) CPU clocked at 1.80 GHz base, which Enthusiastic Citizen does not list. We have no idea whether Intel changed its plans concerning its Sapphire Rapids-WS lineup in July, but we are dealing with preliminary information, so some details may be inaccurate. Intel's Xeon W-3400-series relies on Sapphire Rapids silicon, which will offer AVX-512 support and AMX instructions for artificial intelligence and machine learning applications. Advanced Matrix Extensions is a tiled matrix multiplication accelerator, a grid of fused multiply-add units supporting BF16 and INT8 input types that can be programmed using only 12 instructions and perform up to 1024 TMUL BF16 or 2048 TMUL INT8 operations per cycle per core. More complete details can be found on OUR FORUM.