Lastpass, my favorite password management solution, noticed a “network traffic anomaly” on their servers yesterday which they couldn’t account for. They immediately notified users that they were investigating if any data was breached, and said this:
Because we can’t account for this anomaly either, we’re going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transferred and that it’s big enough to have transferred people’s email addresses, the server salt and their salted password hashes from the database.
It must be security month here on my blog, since I’ve already written a couple of posts on that subject, with one or two more on the way. Regardless, I felt this was important enough to share with readers.
Google announced yesterday that they’re enabling two part authentication on all Google accounts. Originally offered back in September 2010 to Google Apps customers, this security enhancement feature is now rolling out to users of standard Google/Gmail accounts.
As anyone who knows me well will tell you, I’m kind of a security geek. I’m fascinated by encryption, data protection, strong passwords, and generally locking things down just because I can. For a long time there was a challenge with some of my friends to see if any of them could get into my computer, or at the very least figure out one of the 4 passwords required to boot it up to a desktop.
I realize that this is actually kind of old news (a week or so), but I still felt it was important enough to share with my readers that may not be aware of this feature, and the reason for needing it.
Facebook recently enabled the ability to use a persistent secure connection to their servers when accessing the Facebook site. What this means is that, once you turn it on in your account settings, all data sent between your computer and Facebook will be fully encrypted.
Recently on Security Now! they did an entire episode dedicated to embedded RFID tagging. I wrote an email in response to that episode with some thoughts about the security of RFID, and my email was selected for this past week’s Q&A episode!
About two months ago I started using a service called LastPass, based in large part on the review and recommendation of Steve Gibson on Security Now. He explained in-depth why LastPass is safe, effective and a much better solution than maintaining passwords yourself. Intrigued by this product that Steve seemed so enthusiastic about (and given that I trust Mr. Gibson’s opinions when it comes to computer security) I created an account & tried it out.
