Change your Facebook password now!
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).
Oh, feet of clay!
Facebook has just admitted that it has found many places – hundreds of millions of places, maybe – where it saved users’ passwords to disk in raw, unencrypted form.
In jargon terms, they’re known as plaintext passwords and it means that instead of seeing a password scrambled into a hashed form such as 379f1531753a7c43ab4f4faace212451
, anyone looking at the stored data will see the actual password, right there, just like that.
Like that: 123456789
, or that: mypassword99
, or that: jw45X$/6FsT8
.
Top 5 Security News
Why phone numbers stink as identity proof
Extracting bitlocker keys from a TPM
Norwegian phones sent personal information to China
Hackers take down Safari, Vmware and Oracle at Pwn2Own
Flaw in popular PDF creation library enabled remote code execution