Wednesday, August 06, 2014
For my Ethical Hackers: Now that they have them, what will they do with them?
Russian hackers amass biggest ever password haul
A Russian criminal gang is believed to have stolen more than a billion internet usernames and passwords – the largest stockpile of web credentials yet amassed by cybercriminals.
The gang is thought to be made up of a dozen individuals, based in south-central Russia.
The extent of its cache of stolen passwords was revealed by Hold Security, an American company, which says that the data was stolen from around 420,000 websites.
The affected sites are not being named because many are thought to still be vulnerable to the techniques that allowed the Russian gang to strip them of data.
(Related) Maybe my Ethical Hackers could do it for $19.95!
Firm That Exposed Breach Of ‘Billion Passwords’ Quickly Offered $120 Service To Find Out If You’re Affected
Eight tips to improve your internet security
If ‘password’, ‘123456’, 'admin', or ‘letmein’ is your password of choice, you could do with a few lessons in internet security.
A Russian crime gang has managed to amass 1.2 billion stolen internet credentials of unsuspecting individuals and businesses, collected from a number of high-profile hacks including the Adobe breach last year, according to The New York Times.
The incident has prompted experts to call on Australians to change their passwords and update their internet security measures, and fortunately there are some simple ways to sharpen your defences against hackers.
1. Keep software up-to-date
2. Regularly change your password
3. Use password management apps
4. Be wary of untrusted networks
5. Secure your email account
6. Know the latest scams
Scammers are constantly changing their tactics, so staying up to date can be difficult, but websites such as SCAMwatch and Stay Smart Online provide the latest information on known scams.
7. Use secure websites
8. Use fake details
McKinnon said when possible, people should use fake birth dates and details on websites so if hackers do steal them, they'll have a harder time using, or selling, your true credentials.
“This is a contentious point, but if it’s not a legal site or something you’re bound to, and the website doesn’t have a clear reason for asking you certain pieces of private information, don’t feel obligated to provide it,” he said.
Mark Ward reports:
All 500,000 victims of Cryptolocker can now recover files encrypted by the malware without paying a ransom.
The malicious program encrypted files on Windows computers and demanded a substantial fee before handing over the key to the scrambled files.
Thanks to security experts, an online portal has been created where victims can get the key for free.
Read more on BBC.
Latest US Media Intel Scoop Suggests New Leaker
The latest media scoop about the internal workings of the US intelligence community has convinced officials they have a new leaker feeding information to journalists, reports said Tuesday.
The concerns came after The Intercept, a news site that has access to documents from known leaker Edward Snowden, published new revelations about the scope of the US terrorism watchlist.
The Intercept report was "obtained from a source in the intelligence community." Previously, it has not hidden when Snowden was its source, suggesting the latest scoop came from someone else.
I think this goes back much farther than two years.
Kevin Poulsen reports:
Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor. It’s one of the most powerful tools in the black hat arsenal, capable of delivering thousands of fresh victims into a hackers’ clutches within minutes.
Now the technique is being adopted by a different kind of a hacker—the kind with a badge. For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system.
Read more on Wired.
An interesting article. Something to consider at least.
Teens Are Waging a Privacy War on the Internet — Why Marketers Should Listen
Back in the early days of social media, Danah Boyd was asked to participate on a panel alongside some representatives from various consumer brands. A fellow panelist who worked at Coca-Cola commented with satisfaction that his company was the most popular brand on MySpace. Without meaning to, Boyd (who writes her name in all lowercase letters) laughed audibly. At the moderator’s prompting, she explained that she, too, had noticed how popular Coke was on the site, and investigated. The most popular “brand” turned out to be not the soft drink, but cocaine.
Web-savvy brand managers, marketers, programmers and data analysts would never make that kind of mistake today — or would they? Boyd, an internationally recognized authority on social media — the Financial Times has dubbed her the “high priestess” of social networks — told the audience at the recent Wharton Web Conference that it is becoming more and more difficult even for web professionals to crack the ever-shifting code of people’s online interactions.
Worth looking at...
– makes it easy for you to adjust, check, test, and maintain your online privacy. You can click on each logo to find the privacy page for each service. Next, you can test your privacy settings by seeing how easily you can find yourself using this custom people search engine. This search provides results from other people directories.
Actually old tech (bouncing lasers off of windows to pick up vibrations has been a tool for years)
Eavesdropping On A New Level
… Researchers from MIT, Microsoft, and Adobe have shown that they can recover sound from video imagery, a technique that promises to pique the interest of intelligence agencies and forensic investigators. While the technique will need to be refined to be practical outside the laboratory, it has the potential to enable retroactive eavesdropping at events that were videoed with sufficient fidelity.
… In a paper to be presented in mid-August at SIGGRAPH 2014, the researchers describe how they filmed a series of objects using both a high-speed video camera and a consumer video camera and were able to reproduce sounds that had been playing near objects using only video information -- the object's minute vibrations in response to the impact of sound waves.
… US intelligence presumably already has more sophisticated eavesdropping technology. A decade-old patent application arising from work at NASA, "Technique and device for through-the-wall audio surveillance," describes a way to listen in on even soundproofed locations by using "reflected electromagnetic signals to detect audible sound." But MIT's Visual Microphone technique could become a useful addition to an already formidable set of surveillance tools.
For my Ethical Hacker's “Guide to Hacking”
How Hackable Is Your Car? Consult This Handy Chart
… All the cars’ ratings were based on three factors: The first was the size of their wireless “attack surface”—features like Bluetooth, Wi-Fi, cellular network connections, keyless entry systems, and even radio-readable tire pressure monitoring systems. Any of those radio connections could potentially be used by a hacker to find a security vulnerability and gain an initial foothold onto a car’s network. Second, they examined the vehicles’ network architecture, how much access those possible footholds offered to more critical systems steering and brakes. And third, Miller and Valasek assessed what they call the cars’ “cyberphysical” features: capabilities like automated braking, parking and lane assist that could transform a few spoofed digital commands into an actual out-of-control car.
You can autocomplete all of the people some of the time and some of the people all of the time, but you can't avoid litigation any time.
Now Google Autocomplete Could Be Found Guilty Of Libel In Hong Kong
Another story to illustrate a favourite theme of mine. This time it’s the possibility that Google's autocomplete function will get the company sued for, and found guilty of, libel in Hong Kong.
A court has ruled that a Hong Kong tycoon can sue Google over its autocomplete results suggesting he has links to organized crime.
In a judgment released Wednesday, the court dismissed the Internet search giant’s objections to tycoon Albert Yeung’s defamation lawsuit.
Yeung filed the lawsuit after Google refused to remove autocomplete suggestions such as “triad,” as organized crime gangs are known in China, which popped up with searches on his name.
For my Computer Security and IT students.
IT Salary Guide 2014
(Please note: These IT salary numbers are for starting pay only. Factors like seniority and performance reports are impossible to calculate.)
For all my students, please!
8 Ways To Spell & Grammar Check In Microsoft Word Using Different Dictionaries & Languages