Slack resets some user passwords after hackers have stolen them in a previous violation. The hackers compromised Slack's systems in 2015, copied encrypted passwords, and installed code to record clear-text passwords as they were entered by users.
Luckily, Slack hacked the passwords correctly, which means they are encrypted and far less useful. Unfortunately, the hackers also installed code that recorded plain text passwords as users entered them. When Slack discovered the problem, it tightened security, removed the bad code, and reset the passwords for anyone affected by the security breach.
] Recently, someone contacted Slack about his Bug Bounty program with a list of compromised user name and password combinations. The list was correct and when Slack investigated, he found that these passwords were used during the 2015 breach. While the company believed it had discovered and reset all compromised passwords at this time, that was not the case.
Now, as a precaution, Slack resets all user passwords that were created at or before the 2015 breach. According to Slack, the reset affects about 1% of users and directly contacts them with reset instructions.
If Slack contacts you, you should also change your credentials everywhere if you use your passwords again. If you reuse passwords, you should stop. Violations are now widespread. The safest way is to use a unique, randomly generated password for each site. For this purpose, we recommend the use of a password manager. [TechCrunch]
CONNECTION: Why You Should Use a Password Manager and How to Begin
In Other News:
- Firefox Warns Users Against Injured Passwords: Firefox wants to let you know if your passwords have been compromised. If you save your passwords in the browser, they will be compared with "I was checked". If Firefox finds matches, you'll be notified. [TechRadar]
- A Bluetooth vulnerability could show your location: Your Bluetooth devices should make secure connections so only you have access to them. Unfortunately, the way many Bluetooth devices generate random connection information does not prevent bad actors from tracking devices. Someone could place a series of beacons in a place like a mall and track their movements. Android is not affected, but iOS and Windows, and Fitbit is the easiest to follow. [Engadget]
- Google removed apps designed for stalking from the Play Store: Google removed seven apps from the Play Store for violating its commercial spyware policies. The apps advertised that once installed; You can track the location of a spouse, employee, or child, record contacts, call logs, and the context of text messages (including encrypted services such as WhatsApp). The apps included instructions for installing on the victim's phone and concealing the app so the owner of the phone would not notice. Good liberation. [Gizmodo]
- Microsoft showed holographic language translation: In a novel HoloLens demonstration, Microsoft showed a digital translator at the Microsoft Inspire Partner Conference. The hologram looked remarkably similar to the presenter and also spoke with similar mannerisms. However, it was spoken in Japanese, while the present spoke in English. According to Microsoft, with this hologram a live translation will be possible, even though the demo was a staged script. Pretty decent stuff. [The Verge]
- Google now warns about apps that are not intended for children: Previously, Google had told developers that they needed to specify an intended age range for their apps. Now, the company starts introducing the "Not Suitable for Children" warning for apps that show a child age range. Developers can even proactively apply the label. Good stuff. [9to5Google]
The zombifying ant mushroom is even more terrifying than we already thought.
Scientists have been researching a fungus that infects ants and significantly zombifies its body. Once infected, the fungal cells spread in the ant's body, forcing them to climb onto the nearest plant. After reaching the top of the plant, the ant is forced to clamp the jaw in the plant and stay there.
The mushroom continues to spread in the ant, before finally breaking out of the head and releasing more spores in the air to start the ant driving again. If you've played Last of Us this mushroom is the inspiration for the game's zombies.
Scientists have now discovered that the process leaves the brain intact until the end and only takes control of the body. In fact, the ant transforms into a puppet, watching her body move without being able to stop the process. Frightening. [Ars Technica]