Krebs on Security

How Companies Can Beef Up Password Security

Separate password breaches last week at LinkedIn, eHarmony and Last.fm exposed millions of credentials, and once again raised the question of whether any company can get password security right. To ...
ZDNet

A quarter of major CMSs use outdated MD5 as the default password hashing scheme

Some of the projects that use MD5 as the default method for storing user passwords include WordPress, osCommerce, SuiteCRM, miniBB, SugarCRM, CMS Made Simple, MantisBT, Phorum, Observium, and X3cms.
Ars Technica

bcrypt cost best practice

I suspect it's a function of "what attack are you trying to mitigate against" and "how much cpu hardware do you have to handle the number of clients you have" Looks like this is precisely what the ...
MIT Technology Review

Smart cryptography may help limit the damage from the MyFitnessPal megabreach

It doesn’t look good for Under Armour. The apparel giant and owner of the diet-tracking app MyFitnessPal just suffered one of the biggest data breaches in cybersecurity history, with hackers getting ...