New Features in LastPass to Focus on Family Digital Life

The LastPass family is about to get bigger. Coming your way this summer, we’re excited to announce LastPass Families that will make it easy to manage your family’s digital life. The LastPass Families addition is just one more way we’re delivering a faster, simpler, and more intuitive password manager for all our users.

When it comes to keeping your loved ones safe online, recent research found that 91% of people feel that having a strong password allows them to protect their family better. We’ve seen this reflected in your requests for more shared folders and the ability to buy and manage licenses on behalf of others. We also know it’s a growing challenge to keep track of all your family’s information online: healthcare provider logins, school passwords, streaming media accounts. What worked 10 years ago, even five, just doesn’t cut it anymore.

Enter LastPass Families, where you can store everything from bank accounts to passports to credit cards. Your details are secure, organized the way you want, and easily shared with your spouse, kids, in-laws, and more. You can even give access to others in the event of an emergency. The family manager can quickly add and remove members to the account, making it easy to get everyone up and running.

Read the rest of the article here: https://blog.lastpass.com/2017/07/from-passwords-to-passports-a-new-way-to-manage-your-familys-digital-life.html/

Security Research Procedure

Georgia Tech Cyber Security realizes that sometimes researchers need to do some things that fall outside of the technical rules in our policies – especially when researching hacking and hackers, etc.

Because of this, we have created a Security Research Procedure that allows Cyber Security researchers to conduct their research without violating the law, violating Institute policy, or introducing reputational risk.

It’s published here: https://security.gatech.edu/security-research-procedure – so please read the procedure and familiarize yourself with it.

Security Sense: Security is Becoming Too Hard for the Layperson

This article addresses a concern that I think many of us who provide IT support with a focus on security share.  Namely that the implementation of what’s available to better secure a user has become too complex for them to easily adopt.

http://windowsitpro.com/troy-hunts-security-sense/security-sense-security-becoming-too-hard-layperson

University Credentials for Sale on ‘Dark Web’

Ever wonder what can happen with the accounts that get compromised on campus? Read on!

https://www.insidehighered.com/quicktakes/2017/03/31/university-credentials-sale-dark-web#.WN5hvfYJvks.mailto

Security Update for the LastPass Extension

LastPass comments on recent security vulnerabilities discovered in the LastPass client code:

Security Update for the LastPass Extension

XMLRPC or WP-Login: Which do Brute Force Attackers Prefer

Wordfence blog has an article discussing common attack methods in brute-forcing WordPress login attempts:

https://www.wordfence.com/blog/2017/01/xmlrpc-wp-login-brute-force/

How Stolen iOS Devices Are Unlocked

For a number of years now, Apple has been implementing “Activation Lock” and “Find my iPhone” to deter the theft of iOS devices. According to some statistics, this effort has had some success. But with millions of users carrying devices costing $500 and more loosely secured in their pockets, mobile devices far exceed the value of an average wallet.

Activation Lock links a device to a user’s iCloud account. If a user configures a new device, the user is asked for iCloud credentials or offered to set up a new iCloud account. A device can not be activated without providing this information. If you sell or pass on a device, deleting the data from the device is not sufficient, but you will also have to remove the link to your iCloud account, for example by turning off “Find My iPhone.” Changing the setting always requires at least a password (and if configured two-factor authentication). Biometrics can be used to unlock the phone, but it can not be used to remove the iCloud link.

But iOS devices are still being stolen, and thieves have come up with some rather ingenious methods to unlock them…

https://isc.sans.edu/forums/diary/How+Stolen+iOS+Devices+Are+Unlocked/21621/

Battling the Botnet Armies

Botnet armies have become bigger, more active and more heavily armed than ever before. In the first quarter of 2016, attacks launched by bots reached a record high of 311 million—a 300 percent increase compared with the same period in 2015 and a 35 percent increase compared with the final quarter of 2015.

http://www.securityweek.com/battling-botnet-armies