The latest Yahoo breach holds the record for the largest single breach of user account. The hack, which occurred in 2014, enabled hackers to collect personal information associated with at least half billion Yahoo accounts—names, email addresses, phone numbers, birth dates, and even security questions and answers, according to Yahoo’s press release. What’s even scarier is that encrypted passwords, which are jumbled so only a person with the right passcode can read them, were also stolen. As consequence, Yahoo users are encouraged to review their accounts for suspicious activity, change their passwords and security questions, avoid clicking on suspicious links and consider using a new authentication tool called Yahoo Account Key. Of course, there is always the option to switch to Gmail or iCloud. According to research from Alertsec, about 97 percent of Americans lose trust in companies like Yahoo after massive data breaches, so it will take Yahoo quite some time before it starts rebuilding their users’ trust. However, when a company has allowed their customers’ data to fall into the hands of criminals, regaining trust is difficult, and in some cases, impossible. This breach serves as a reminder of how widespread hacking is and raises again the question of whether the current system of passwords and security questions provides the best kind of protection, and the answer seems pretty obvious, something needs to change. Cybersecurity specialists recommend using a different password for each account, while other experts are working on alternatives to passwords such as one-time passwords, biometrics and the two-factor authentication process. “Cybercriminals know that consumers use the same passwords across websites and applications, which is why these millions of leaked password credentials are so useful for perpetuating fraud,” said Brett McDowell, executive director of the FIDO Alliance, an organization that...
The New Black
Secure phones, ultimate privacy
The world is realizing more of the gadgetry from James Bond’s reality, and it’s about time. But we’re not talking about underwater jet packs or a BMW equipped with missiles. Secure phones that ensure secret-agent level privacy are in demand across consumer sectors. They’re even being made by military contractors. Boeing has unveiled a secure smartphone that marks a unique departure for the Chicago-based aerospace and defense company, best known for making jetliners. In order to accomplish defense and security missions, security and flexibility are key factors, and their smartphone is primarily aimed at government agencies and contractors who need to keep their data secure. Made in the United States after 36 months of development-stage, the Boeing Black Smartphone features a 4.3-inch qHD (540 x 960) pixels handset with dual SIM cards, to enable it to access multiple cell networks. The battery stops at 1590 mAh, and has Bluetooth v2.1 + EDR-enabled connectivity. It runs on Android OS and its key features include disk encryption designed to store sensitive information securely, hardware Root of Trust to ensure software authenticity, a Hardware Crypto Engine to protect stored and transmitted data, Embedded Secure Components to enable trusted operations, Trusted Platform Modules to provide secure key storage, Secure Boot to maintain device image integrity, and “hardware modularity” for multiple modularity capabilities. However, the central security feature of the Boeing Black is the PureSecure, an architectural foundation “built upon layers of trust from embedded hardware, operating system policy controls and compatibility with leading mobile-device management systems.” In addition to all these, the smartphone includes the ability to communicate via satellite transceivers and “discrete radio channels”, advanced location tracking and biometric sensors. But what takes this mobile device to another level is that on top of the call encryption...