Security theater, ’80s style

It’s the late 1980s and pilot fish is working on business application development for an aerospace and defense contractor where physical security is surprisingly lax. There’s a guard on duty at the front desk during business hours, but that’s about the extent of it. That changes with the announcement that …

We’re still waiting for that Facebook Clear History button they promised

It’s almost been a year since Facebook founder Mark Zuckerberg announced that they’re working on a Clear History button that would let users clear all the traces of what they’re doing on the social network, whenever they wanted to and without actually deleting their account. This would have been a …

Millions of Instagram passwords stored unsecurely, Facebook admits

It was just four weeks ago when Facebook admitted that they discovered that millions of users’ passwords were being stored in plain text and in an unsecured program. At that time, they said that around tens of thousands of Instagram users were also included in the unencrypted document. Well they …

Update: Facebook passwords for hundreds of millions of users were exposed to Facebook employees

Facebook confirmed Thursday that hundreds of millions of user passwords were being stored in a “readable format” within its servers, accessible to internal Facebook employees — including millions more Instagram users than previously thought. Affected users will be notified, Facebook said, so they can change those passwords. Interestingly, Facebook downplayed …

Here’s an easier way to block the IE XXE zero day security hole

The latest Internet Explorer XXE zero-day depends on you opening an infected MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on …

Win7/8.1/Server patch conflicts abated, somewhat, but it’s still too early to install the April crop

A week ago, Microsoft released six patches that brought many machines to their knees. As I explained last Friday, when the dust cleared, it was apparent that all six of these April patches: Win7 and Server 2008 R2 Monthly Rollup (KB 4493472) and Security-only (KB 4493448) patches Win8.1 and Server …

How Apple’s iCloud authentication system fails to protect your account when using a browser

Update 4/15/19: Apple says the problem isn’t with iCloud’s two-factor system, but rather with the way browser is treated: “The experience of receiving a code on the same device that you are using a browser on derives from the limitation that a browser must be treated as a separate device.” With …

Safari: macOS browser now autosubmits logins. Here’s how to disable it

Apple changed the behavior of Safari in macOS 10.14.4, and you may have noticed it and thought it was a bug. Now, if you have stored a password for a website, when you select a login entry to autofill, Safari 12.1 for macOS automatically submits the login. Previously, it would …

Microsoft notifying Outlook users they may have been breached

It’s not just Facebook and Google that are experiencing several security issues the past few months. Now it’s Microsoft’s turn to have some compromised data problems as they have informed some of their outlook.com users that there may have been some unauthorized access happening earlier this year. They are downplaying …