Lost+Found: Pepper spray, passwords and OpenSSH exploits
Too short for news, too good to lose; lost+found is a round up of useful security information. Today, Pepper spray, passwords and OpenSSH exploits
Absa, a South African bank that decided to equip their ATMs with pepper spray modules to protect the cash machines from being tampered with, found their scheme backfired, when three of their service technicians had to visit hospital after an inadvertent release of the spray.
Researchers Dinei Florencio and Cormac Herley from Microsoft Research and Baris Coskun from the ECE Department at the Polytechnic University in Brooklyn, New York, prompted by recent widespread phishing attacks and the spread of trojans with keylogging capabilities, say they have found that traditional password advice given to users is now obsolete. According to their white paper, strong passwords do nothing to protect online users from current threats and place a considerable burden on users.
The ominous Anti-Sec hacker group has announced that in 48 hours (relative to 7.30am BST 20th July) they will publicly unveil their alleged zero-day exploit code for all versions of OpenSSH to the Full-Disclosure security mailing list. Ten hours after the release of the exploit code, Anti-Sec will reportedly unleash a worm that takes advantage of the exploit.