Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
We've all had them. Those emails you read with a growing sense of dread which tell you to change the password you use on this account, that social network or one of the many other online services you use. Those emails are common given that almost one billion login credentials have been stolen and shared online in the last year. Yahoo, MySpace, LinkedIn, Dropbox and Tumblr, have all been hit and the list goes on and on. The worst part is the uncertainty that comes in the wake of the warning - do you panic now or later? Computer scientist Jeremiah Onaolapo and colleagues from University College London decided to find out how quickly criminals react once they get access to an online account.
Yahoo logo on a smartphone
The team set up 100 Gmail accounts and then accidentally-on-purpose shared their login credentials on forums and sites that data traders are known to frequent. The accounts were made to look "live" by having message threads, alerts and updates flow through them. They were also surreptitiously locked down to limit abuse. Mr Onaolapo was sure the webmail accounts would be tempting because of the way people use them. More often than not, he said, they have data from other accounts, such as bank details, passing through them. "It's information that can be used for ID theft," he said.
Quiet period
They did indeed prove tempting. By the end of the study, 90 of the accounts had been visited by people who were not their rightful owner. "Judging by the activity on the accounts, I would say that the majority of the visitors did not know they were faked," he said.
Staying secure
* Use two-factor authentication where possible
* Use a sentence or a string of random words as a password
* Do not re-use passwords across sites or services
* Consider using a password manager for all your accounts
* Change the default passwords on gadgets you own
* Regularly check where account activity originates
MORE
The Pentagon has approved all so-called "white hat" hackers to test the cybersecurity of its public websites without fear of prosecution, the Defense Department announced Monday. Any hackers who promise to "do no harm" can attempt to hack into the Defense Department's many public websites as long as they report any potential security vulnerabilities directly to Pentagon officials, in an expansion of a pilot program launched earlier this year known as "Hack the Pentagon," defense officials announced. The new program, called the Vulnerability Disclosure Policy, marks the first time a federal agency has asked for public assistance in protecting its websites from threats. The program is backed by the Department of Justice.
Defense Secretary Ash Carter described the policy as "see something, say something." "We want to encourage computer security researchers to help us improve our defenses," Carter said in a statement. "This policy gives them a legal pathway to bolster the department's cybersecurity and ultimately the nation's security." Carter launched the initial "Hack the Pentagon" bug bounty challenge in April. The monthlong initiative allowed about 1,400 hackers approved by the Pentagon to test five Defense Department websites for security vulnerabilities that could have allowed malicious attacks where personal information could have been stolen, or where hackers could have hijacked the website to force it to post unauthorized content. The hackers discovered 138 vulnerabilities, and the Defense Department paid them a total of $75,000 for their efforts.
The new initiative will not pay any of the hackers. Pentagon officials hope they will challenge Defense Department websites' security as a public service. Monday also marked the opening of registration for "white hat" hackers to enroll in the Defense Department's second bug bounty program, "Hack the Army." The initiative asks vetted hackers to find vulnerabilities in some of the Army's non-public web applications in exchange for reward money. Army Secretary Eric Fanning announced the new bounty program earlier this month. He said it was designed to help prevent the kind of attack hackers launched in 2015 on the Office of Personnel Management's database that led to the theft of millions of Defense Department employees' personal information.
In addition to that hack, other federal government systems in recent years have faced repeated threats. In January 2015, an Islamic State group-affiliate called the "Cyber Caliphate" briefly hijacked some U.S. Central Command websites. Carter has vowed to continue to expand cybersecurity and find additional ways for the public to help the Pentagon secure its websites. Additional bug bounty programs through the other military services are expected in the future, according to the Defense Department.
Pentagon Waives Penalties for Hackers to Test its Cybersecurity | Military.com
