We already have a ton of passwords to remember. Now Amazon.com (AMZN) wants us to remember something new–PayPhrase–which has already sparked an online pile on.

The program, which Amazon announced Wednesday, is supposed to replace ordinary login and password combinations with a phrase and PIN combination that are linked to a specific account and shipping address. The distinction is subtle: You have one Amazon login and password (which aren’t going away), but you can have multiple PayPhrases that are linked to specific aspects of your account, like different shipping addresses or credit cards.

Read the rest of this post on the original site

A sting operation led by Australian federal police against a well-known hacking ring ended in embarrassment after the police computer system was hacked by the very cybercriminals they’d aimed to wipe out, according the Sydney Morning Herald.

Aussie police reported on the TV show Four Corners that they had infiltrated the hacking forum r00t-you.org, which has about 5,000 members, by tracking hackers logging in to the site and then raiding the Melbourne home of the site’s administrator. Police had logged into the r00t-you.org forum as the administrator to gather information about other cybercriminals, and told the TV program that they had gained access “fairly seamlessly with no harm to our members with continual and actual significant penetration.”

What the police didn’t realize, though, was that they had failed to set a password on their own database application.

Read the rest of this post on the original site

You might be familiar with phishing attacks, those messages sent by criminals that look like they’re from a bank or Nigerian prince. But what about Twishing?

The term may enter the tech lexicon this week, thanks to an attack targeting the Web site Twitter, which runs a popular service that lets people share short updates about what they’re doing. (Blame Brian Krebs of the Washington Post if it sticks.) Over the weekend, cyber baddies sent phishing messages via Twitter’s service to other account holders. The message directed people to a Web site that looked like Twitter’s homepage, but was really operated by the bad buys. As people logged in to the fake Twitter site, the bad guys captured their user names and passwords. Twitter warned account holders Saturday about the scam in a post on its blog, and advised those concerned to change their passwords.

Read the rest of this post

Logging on to Gmail or other email service has become a routine of daily life, completed without a thought. What would you do, however, if you woke up tomorrow, plugged in your user name and password as you always do, but then received an unfamiliar message: “User name and password do not match”?

If you’re a Gmail user, what you’ll want to do after a few more unsuccessful, increasingly frantic attempts is to speak with a Google customer support representative, post haste. But that’s not an option. Google doesn’t offer a toll-free number and a live person to resolve the ordinary user’s problems.

Discussion forums abound with tales of woe from Gmail customers who have found themselves locked out of their account for days or even weeks.

Read the rest of this post

The Web is abuzz with how vice presidential candidate Sarah Palin’s email got hacked. Hackers who obtained Alaska Gov. Palin’s email password apparently used the “forgot my password” feature of Yahoo’s email service.

The hackers evidently used information they knew about Palin–her zip code, date of birth, and that she met her husband in high school–to convince Yahoo’s service into assigning a new password for Palin’s email account.

PC World notes that the security question that Palin chose didn’t turn out to be so secure. Most online services ask questions that only you should know. But in Palin’s case, it must have been something that could easily be guessed, given all of the public information available about her.

Read the rest of this post