http://www.theregister.co.uk/2012/11/15/adobe_forum_breach/

Adobe shuts down Connect user forum, confirms passwords raided

Connect itself untouched - unless you used the same login

An alternative to MP3 Toolkit:

Audacity, once considered just a simple wav editor, now possibly one of the most powerful sound file editors on the planet. Open source, free (as in free beer), and cross platform as well. I use it a lot to record old vinyl, clean up pops and clicks, automatically detect silence (between songs), and create track tags for the resulting FLAC files.

Only feature missing is "rip a CD". Lots of freeware solutions for that... I use VLC which is also free, open source and cross platform.

A stronger (but still more people-friendly!) form is illustrated here: http://xkcd.com/936/

(If you haven't met xkcd, I recommend it highly :) )

I though everyone knew this method of choosing passwords, hehe ;-}

Thanks, Hotdog, much appreciated.

http://www.wired.com/opinion/2012/10/passwords-and-hackers-security-and-practicality/

Fighting Hackers: Everything You’ve Been Told About Passwords Is Wrong

We – the users – are supposed to be responsible, and are told what to do to stay secure. For example: “Don’t use the same password on different sites.” “Use strong passwords.” “Give good answers to security questions.” But here’s the troublesome equation:

more services used = more passwords needed = more user pain

… which means it only gets harder and harder to follow such advice. Why? Because security and practicality are in conflict.
But they don’t have to be.
And it starts with recognizing that a lot of security advice hurts more than it helps.
Because hackers know all our tricks. Online criminals know much more about passwords than the good guys do.

They fool us into thinking that bad passwords are good – and that some good passwords are bad.

So how do we select strong and memorable passwords? Here’s how: Think of a story, something weird and memorable that happened to you. Like that time you went jogging and stepped on a rat (ugh). Your password? “JogStepRat”: Your personal story boiled down to three words. If this really happened to you, you won’t forget. And no one else can guess it – unless you’ve told everyone that story, but then you’d just pick another, more embarrassing source story you’d never share!

The best security questions, generally speaking, are those where:
there are many possible answers;
others can’t find the answers using a quick Google search; and
we can actually remember the answer, but others would have a hard time guessing it.

http://www.hotforsecurity.com/blog/windows-8-stores-logon-passwords-in-plain-text-3914.html

Windows 8 Stores Logon Passwords in Plain Text

Barely released to manufacturing and the first critical bug in the Windows 8 operating system has been discovered. Expected to reach market Oct. 26h, Windows 8 – Microsoft’s most secure OS to date – already faces issues with the way it stores passwords for local accounts.

Any user with administrator privileges can unlock the Vault and access the HEX-code representation of the password stored as UTF-16. This process is called reversible encryption and is not recommend to be used to protect in mission-critical data such as passwords.

The good news is that this type of vulnerability can’t be exploited remotely. The bad news is that this Vault is available to all local users, allowing any user in a shared environment to iterate through the stored passwords, decrypt them and, why not, check to see if the victim hasn’t reused the password for social networking accounts, for instance.

http://www.my-scrib.com/ctos-blog/

Windows 8 Picture Passwords – No More Hacking just Decrypt Them
11 October, 2012 8:43 am cto

This piece of news caught my attention.

Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.

I looked around a bit and found that there was an extensive discussion around the overall security of Windows 8 picture passwords on Slashdot almost a year ago.

This time the issue is about the implementation security of the new authentication system that is now available for developers. Notice the snake-oily security evaluation using theoretical complexity. If it were correct, we would have no problems with passwords whatsoever.

Once the user has switched to a new authentication method, his/her text password is encrypted using the AES algorithm and saved to protected Vault storage [...] The text password is not bound to the PIN or picture password; therefore, any user of the PC with the Administrator privileges can easily recover it.

The bottom line: We will not have to break hashes any more — just simply hack a server and decrypt all the stored passwords.

http://www.computerworld.com/s/article/9231731/Researcher_finds_100K_passwords_user_IDs_on_IEEE_site

Researcher finds 100K passwords, user IDs, on IEEE site

Danish CS teaching assistant says he stumbled upon IEEE cache during search for research material

http://news.cnet.com/8301-13579_3-57503028-37/google-to-restore-passwords-eaten-by-chrome-ios-app/

Google to restore passwords eaten by Chrome iOS app

http://news.drweb.com/show/?i=2679&lng=en&c=14

The first Trojan in history to steal Linux and Mac OS X passwords

August 22, 2012

Russian anti-virus company Doctor Web is reporting the emergence of the first cross-platform backdoor to run under Linux and Mac OS X. This malicious program is designed to steal passwords stored by a number of popular Internet applications.

BackDoor.Wirenet.1 is the first such Trojan capable of running under any of these operating systems.

(it sends gathered keyboard input data to intruders); in addition, it steals passwords entered by the user in Opera, Firefox, Chrome, and Chromium, and passwords stored by such applications as Thunderbird, SeaMonkey, and Pidgin.

http://www.theregister.co.uk/2012/06/25/people_slack_about_passwords/

Users still slack about passwords: Trustwave
eHarmony analysis shows people just don’t care
Having recovered 80 percent of the 1.5 million passwords in the dump file, the company says only 0.5 percent contained a “special character”, with 41 percent containing letters only and 57 percent a combination of letters and digits.
As it was, more than 1.2 million passwords were cracked in 72 hours, using three NVIDIA GPUs and the oclHashcat and John the Ripper cracking tools.

http://news.cnet.com/8301-1009_3-57449325-83/what-the-password-leaks-mean-to-you-faq/

LastPass has created a site where people can check to see if their password for LinkedIn or eHarmony was among those posted to a hacker forum.
(Credit: LastPass)

Yes that would be brilliant and with today's tehnology shouln't be too hard to accomplish.

Though some crooks may start chopping fingers off, lol.

Sci-fi stories about that have been around for years! Even one of the early SeaQuest DSV episodes had a guy grafting the skin of a guy's fingertips to his hands so he could do just that!

Yes that would be brilliant and with today's tehnology shouln't be too hard to accomplish.

Though some crooks may start chopping fingers off, lol.

am looking forward to the day when log-ons will be based on eyeball and/or fingerprint scanning technology - most seure type of access approach.

According to an email I received from Opinion Outpost, eharmony.com had their passwords hacked as well.

They sent out the warning email because some people keep the same password for everything and if they did so and were part of these two hacking sweeps, they might be compromised elsewhere.

http://www.v3.co.uk/v3-uk/analysis/2183098/quick-guide-password-protection

https://www.pcworld.com/article/257270/another_breach_reveals_weak_passwords_will_we_ever_learn.html

Another Breach Reveals Weak Passwords: Will We Ever Learn?
It has been 18 months since more than 188,000 passwords for subscribers to Gawker were snatched by hackers and posted to the Web, but consumers don't seem any more inclined to protect their passwords now than they were then.
If you're looking for tips on creating a strong password, there are plenty of folks on the Net that can advise you on that subject, including Microsoft and Google. See also PCWorld's tips at "Create a Different, Secure, Easy-to-Remember Password for Every Site.")
strong passwords like 4shkenaz!Sp!tt!ng, which would take a desktop PC 14 quadrillion years to crack.

https://threatpost.com/en_us/blogs/linkedin-investigating-password-leak-could-affect-65-m-060612?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular

UPDATE Professional social networking site LinkedIn announced early Wednesday morning that it was looking into reports of stolen passwords, according to a post on their Twitter page.

http://www.smh.com.au/digital-life/consumer-security/lastfm-and-eharmony-passwords-stolen-20120608-1zzrq.html

http://www.makeuseof.com/tag/last-fm-eharmony-and-linkedin-have-passwords-stolen-updates/

http://www.stuff.co.nz/technology/digital-living/7056627/LinkedIn-passwords-hacked

LinkedIn passwords hacked

Business social network LinkedIn said it is investigating reports that more than six million passwords have been stolen and leaked on to the internet.

Although LinkedIn did not confirm if any user data had been hacked or leaked, researchers at UK web security company Sophos say they have confirmed that a file posted online does contain, in part, LinkedIn passwords "hashes." That's a way of encrypting or storing passwords in a different form.

Graham Cluley, a consultant with Sophos, recommended that LinkedIn users change their passwords immediately.

http://www.h-online.com/security/news/item/Worth-Reading-Passwords-guessed-replaced-still-with-us-1584713.html

http://www.lightbluetouchpaper.org/2012/05/22/the-quest-to-replace-passwords/

The quest to replace passwords
As any computer user already knows, passwords are a usability disaster: you are basically told to “pick something you can’t remember, then don’t write it down“, which is worse than impossible if you must also use a different password for every account. Moreover, security-wise, passwords can be shoulder-surfed, keylogged, eavesdropped, brute-forced and phished.

Why? Can’t we do any better? Don’t the suggested replacements offer any improvements?
We build a large 2D matrix. Across the columns we define a broad spectrum of 25 benefits that a password replacement scheme might potentially offer, starting with USABILITY benefits, such as being easy to learn, or not requiring a memory effort from the user, and SECURITY benefits.

SnowFox Total Video Converter can easily be replaced [and bettered] for free by
Freemake Video Converter

A very good alternative to 1AVCapture is BB FlashBack Express – at least if it's as good
(or better) than version 2.0.2 build 455 (which is the one I've got).
To view info and download, go to http://www.bbsoftware.co.uk/BBFlashBack_FreePlayer.aspx
I believe the program has no spyware.

Thank you very much for letting us know about your Halloween holiday offer, Vlad1980!! It's greatly appreciated!

For all these who missed AllMyNotes giveaway in August 7. Due to Halloween holiday we are doing giveaway of version 1.37 here:
http://vladonai.com/allmynotes_support_self_service_giveaway_donationcoder10_31.php

Quoting Vladonai Software in the comment section:

Here is an instruction how to convert this GOTD build in to a PORTABLE version:

1. Go to the directory where AllMyNotes is installed. By default it’s folder path “c:\Program Files\AllMyNotes Organizer\”
2. Copy this folder to your USB media (any location)
3. Create empty Portable.sig file in to the folder (must be same path where allmynotes.exe file is located). Existence of this file will SWITCH PORTABLE MODE ON. You will see this in About screen, it will say ‘Portable Mode’.

That’s it! Your AllMyNotes is Portable now!

Note: This Portable version only launches in Deluxe mode on the PC(s) on which the program was activated August 7, 2010.

Screen Monkey - 100% Multimedia Presentation Freeware for Two-Monitor PCs

Thank you Robert for this added bit of info.

Alternatives to AllMyNotes I use (or have used) are:

Keynote (both the original from Marek Jedlinski (AKA Tranglos) and the NF (for New Features) taken up by Daniel Pradov after Tranglos declared a "hobby programmer bankruptcy, a writer's block, an intellectual meltdown to incapacity".

Original (Still available but quite old): http://www.tranglos.com/free/keynote.html

Daniel Pradov's version: http://code.google.com/p/keynote-nf/

Evernote (both the new (limited when free) 3 version and the older version 2).

I'm fortunate to have kept a copy of version 2 from my old computer as this is the one I use (and like) the most for its capacity for text, graphics and HTML (Web page) abilities.

The two programs Ashraf has mentionned are flawed (for my use at least), Cintanotes is too simple and only text oriented and FruitfulTime Notekeeper is an end-of-line product (no longer maintained) which I have tested and found so intrusive (it would insist on loading at Windows startup with no way of telling it not to) and was so awkward to use that I just gave up on it.

Another nice gesture from the developer

It will be possible to use Portable version in Deluxe mode, but with
one restriction – on computers where GOTD installer wasn’t used it will work as Free version.

For details how to do it please contact technical support Monday – we’ll provide details how to do it, cause special steps are needed to convert GOTD build in to Portable version. As it’s day off today we have bit limited support resources to provide all needed instructions today.

Evernote version 2 is/was great.
Too bad the FF addon doesn't work anymore on the newer versions of Firefox.
(Clipping extension still works in IE though)
... but there's still the (less practical) universal clipper.

If AllMyNotes had some sort of web clipper.. I'd dump Evernote for sure.
:)