Blog

A place for all things security.

Rough Going for Websites as Full Impact of Heartbleed Becomes Known

10 Apr 2014 // Andrew Stroup


The impacts of the OpenSSL encryption flaw Heartbleed are becoming more widely understood in what has been called one of the largest security threats the internet has ever seen. The flaw, which has impacted companies such as Google, Facebook, and Yahoo, could let hackers gain access to users’ passwords and fool people into using bogus versions of web sites.

Read full post >



Bug in OpenSSL puts secure online communications and passwords at risk

08 Apr 2014 // Andrew Stroup


Computer security experts are advising website and network administrators to fix a major flaw in a type of software used by millions of websites to encrypt sensitive communications.

Read full post >



Got a Boxee Account? Time to Change Your Password

03 Apr 2014 // Andrew Stroup


Ars Technica is reporting that the personal details of over 158,000 Boxee TV users have been leaked over the past week. Boxee, which was bought by tech giant Samsung for $30 million last year, is a web-based television service similar to Apple TV or Amazon Fire. It enables its users to view, rate, and recommend content to their friends through various social networks and interactive media channels.The breach occurred late last week and included user info such as IP addresses, passwords, and message archives–all of which was available online shortly after the hack.

Read full post >



Baffled by IT Security Buzzwords?

03 Apr 2014 // Andrew Stroup


IT security has its own confusing lingo that sometimes only the tech savvy can understand. And while most of us tend to leave the ‘tech talk’ to the professionals, business owners looking to choose the right platform to protect their data certainly need to know what some of that confusing lingo means! Recently our very own CEO and co-founder, Andrew Stroup, sat down with Software Advice’s IT security managing editor Daniel Humphries (along with other security experts) to help decipher a selection of security buzzwords. Here are some of Andrew’s contributions to the article.

Read full post >



When Cars Attack! Tesla password policy enables unauthorized user access

01 Apr 2014 // Andrew Stroup


Doors locking and unlocking, sunroofs opening, and horns honking uncontrollably may sound like a bad dream, but for Tesla drivers this could be a new reality. When someone buys a Tesla they are prompted to create a user account on the company’s website so they can lock and unlock their car, locate it, open the roof, and sound an alarm from their iPhones. While this feature is really cool, here’s the rub: the site doesn’t require the passwords to be longer than six digits, and allows unlimited login attempts. Essentially, this means that any hacker can crack your code by brute force, trying again and again until they get it right.

Read full post >