This time Yahoo is who "lost" almost half million records with passwords and email addresses from one of its servers. The good news is that Sucuri Malware Labs made possible to check to see if your email account is safe. To do that, click here...

Online passwords are so insecure that one per cent can be cracked within 10 guesses, according to the largest ever sample analysis. In a recent research by Gates Cambridge scholar Joseph Bonneau, he was given access to 70 million anonymous passwords through Yahoo! ? the biggest sample to date ? and, using statistical guessing metrics, trawled them for information, including demographic information and site usage characteristics. Result: for all demographic groups password security was low, even where people had to register to pay by a debit or credit card. For the full story read this. ...

A new report by iMPERVA shows that from 2005 through today, SQL injection has been responsible for 83% of successful hacking-related data breaches. Based on the sites they were monitoring, over half of attacks originate in United States. Country Number of Originating Attacks % United States 48176 58 Sweden 8850 11 China 6709 8 Great Britain 4970 6 Vietnam 2412 3 Netherlands 1963 2 Bulgaria 1359 2 Ecuador 1356 2 European Union 1093 1 Germany 971 1 Other 4748 6 The vectors of attacks are: Direct Query Manipulation This is often done by appending a logical expression with a known value to the parameter that the application expects, like:? OR 1=1 to get a true value or 1?/**/ aND/**/?8?=?3 to get a false value. This type of vectors is most often used to establish the existence of a SQL in...

According to iMPERVA In December 2009, a major password breach occurred that led to the release of 32 million passwords. Further, the hacker posted to the Internet the full list of the 32 million passwords (with no other identifiable information). Passwords were stored in cleartext in the database and were extracted through a SQL Injection vulnerability. The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. In the past, password studies have focused mostly on surveys. Never before has there been such a high volume of real-world passwords to examine. The Imperva Application Defense Center (ADC) analyzed the strength of the passwords and here is what they found: About 30% of users chose passwords whose length is equal or below six characters. Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters. Nearly 50% of users used n...