Spotify gets hacked


Revolutionary digital music streaming service Spotify has revealed a serious security breach that affected its servers before December 19th last year. The company thought that it had managed to fix it before any damage was done, but last week Spotify found out that “a group” of some sort had managed to gain access to information necessary to guess passwords.

Although security breaches are par for the course at most internet startups, so far Spotify had managed to avoid them. It’s almost a rite of passage for new companies. The company is recommending that anyone who hasn’t changed their password since December 19th to change it immediately, and is emailing all its users to that effect.

Official Spotify Blog

Graphics cards are much better than CPUs at cracking Wi-Fi passwords


There’s a lot of software out there for cracking wireless passwords, and most of it’s legal. Why? Because it’s sold as a way for network administrators to ‘test’ their network’s security. Of course, there’s nothing to stop you ‘testing’ a network that you don’t own, in a coffee shop or airport, for example.

Most cracking programs use your PC’s CPU to do the hardcore number-crunching, but it turns out that the graphics card is actually far better at doing the kinds of calculations necessary. How good? Well, an above average quad-core CPU, the Intel Q6600 can only accomplish 1,100 passwords per second, whereas a similarly above-average ATI HD4870 graphics card can smash through 15,750 passwords per seconds.

Who woulda thunk it? Luckily, we might be seeing some of this power hit regular programs too, with Nvidia’s CUDA, ATI’s Stream, and Apple’s OpenCL frameworks. The graphics card isn’t best at every type of calculation, but if a program can intelligently route calculations to their fastest solver, then we could see blazing program speed increases in the near future.

(via HotHardware)

Related posts: Lightbulbs to replace Wi-Fi? | Another wi-fi detecting thing – this time it’s a SHOE

Twply takes a spam-and-grab approach to violating your privacy


When’s the last time you gave out your username and password for something crucial to a random web service? That’s what a lot of people have been doing with The site asks you for your username and password, and then promises to send any @replies that you get on Twitter to your email account.

However, it’ll also spam its own URL across your Twitter account – “Just started using to get my @replies via email. Neat stuff!“. That means they’ve got a big database of Twitter usernames and passwords, ripe for spamming. I wonder what could happen if they got bought by someone without a conscience… Oh, wait.

If you’ve used the site, now would be a great time to go change your password. If you’ve not, then remember basic security advice. If you’re not sure about giving out your username and password to a website, then don’t do it. Have you got any tales of Web 2.0 privacy woe? I want to hear them. Drop me a comment below.

Oh, and for a service which does the same thing without asking for your password, try replies.twittapps.

Twply (via Helloform)

Related posts: Twitterer liveblogs his own plane crash | Evening Standard fails in its meagre attempts to understand Twitter

BT Home Hub defaults to being insecure, sez security firm


With the ongoing marketing push for BT broadband and other integrated goodness via their Home Hub, there’s a good chance that a large section of the population are using an insecure router to access the Internet.

These are generally the same people — he says both stereotypically and self-righteously — who don’t install and keep anti-virus software up-to-date, or have the faintest idea what a firewall is…