UPDATED 16:18 GMT: We've just received the following statement from Skype: "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts…
Revolutionary digital music streaming service Spotify has revealed a serious security breach that affected its servers before December 19th last year. The company thought that it had managed to fix it before any damage was done, but last week Spotify found out that “a group” of some sort had managed to gain access to information necessary to guess passwords.
Although security breaches are par for the course at most internet startups, so far Spotify had managed to avoid them. It’s almost a rite of passage for new companies. The company is recommending that anyone who hasn’t changed their password since December 19th to change it immediately, and is emailing all its users to that effect.
There’s a lot of software out there for cracking wireless passwords, and most of it’s legal. Why? Because it’s sold as a way for network administrators to ‘test’ their network’s security. Of course, there’s nothing to stop you ‘testing’ a network that you don’t own, in a coffee shop or airport, for example.
Most cracking programs use your PC’s CPU to do the hardcore number-crunching, but it turns out that the graphics card is actually far better at doing the kinds of calculations necessary. How good? Well, an above average quad-core CPU, the Intel Q6600 can only accomplish 1,100 passwords per second, whereas a similarly above-average ATI HD4870 graphics card can smash through 15,750 passwords per seconds.
Who woulda thunk it? Luckily, we might be seeing some of this power hit regular programs too, with Nvidia’s CUDA, ATI’s Stream, and Apple’s OpenCL frameworks. The graphics card isn’t best at every type of calculation, but if a program can intelligently route calculations to their fastest solver, then we could see blazing program speed increases in the near future.
When’s the last time you gave out your username and password for something crucial to a random web service? That’s what a lot of people have been doing with Twply.com. The site asks you for your username and password, and then promises to send any @replies that you get on Twitter to your email account.
However, it’ll also spam its own URL across your Twitter account – “Just started using http://twply.com/ to get my @replies via email. Neat stuff!“. That means they’ve got a big database of Twitter usernames and passwords, ripe for spamming. I wonder what could happen if they got bought by someone without a conscience… Oh, wait.
If you’ve used the site, now would be a great time to go change your password. If you’ve not, then remember basic security advice. If you’re not sure about giving out your username and password to a website, then don’t do it. Have you got any tales of Web 2.0 privacy woe? I want to hear them. Drop me a comment below.
Oh, and for a service which does the same thing without asking for your password, try replies.twittapps.
With the ongoing marketing push for BT broadband and other integrated goodness via their Home Hub, there’s a good chance that a large section of the population are using an insecure router to access the Internet.
These are generally the same people — he says both stereotypically and self-righteously — who don’t install and keep anti-virus software up-to-date, or have the faintest idea what a firewall is…