For
my Ethical Hackers: Now that they have them, what will they do with
them?
Russian
hackers amass biggest ever password haul
A
Russian criminal gang is believed to have stolen more than a billion
internet usernames and passwords – the largest stockpile of web
credentials yet amassed by cybercriminals.
The
gang is thought to be made up of a dozen individuals, based in
south-central Russia.
The
extent of its cache of stolen passwords was revealed by Hold
Security, an American company, which says that the data was stolen
from around 420,000 websites.
The
affected sites are not being named because many are thought to still
be vulnerable to the techniques that allowed the Russian gang to
strip them of data.
(Related)
Maybe my Ethical Hackers could do it for $19.95!
Can't
hurt.
Eight
tips to improve your internet security
If
‘password’, ‘123456’, 'admin', or ‘letmein’ is your
password of choice, you could do with a few lessons in internet
security.
A
Russian crime gang has managed to amass 1.2 billion stolen internet
credentials of unsuspecting individuals and businesses, collected
from a number of high-profile hacks including the Adobe
breach last year, according to The New York Times.
The
incident has prompted experts to call on Australians to change their
passwords and update their internet security measures, and
fortunately there are some simple ways to sharpen your defences
against hackers.
1. Keep software up-to-date
2. Regularly change your password
3. Use password management apps
4. Be wary of untrusted networks
5. Secure your email account
6. Know the latest scams
Scammers are constantly changing their tactics, so staying up to date
can be difficult, but websites such as SCAMwatch
and Stay Smart Online
provide the latest information on known scams.
7. Use secure websites
8. Use fake details
McKinnon said when possible, people should use fake birth dates and
details on websites so if hackers do steal them, they'll have a
harder time using, or selling, your true credentials.
“This is a contentious point, but if it’s not a legal site or
something you’re bound to, and the website doesn’t have a clear
reason for asking you certain pieces of private information, don’t
feel obligated to provide it,” he said.
About
time!
Mark
Ward reports:
All 500,000 victims of Cryptolocker can now recover files encrypted
by the malware without paying a ransom.
The malicious program encrypted files on Windows computers and
demanded a substantial fee before handing over the key to the
scrambled files.
Thanks to security experts, an online portal has been created
where victims can get the key for free.
Read
more on BBC.
Interesting
speculation?
Latest
US Media Intel Scoop Suggests New Leaker
The
latest media scoop about the internal workings of the US intelligence
community has convinced officials they have a new leaker feeding
information to journalists, reports said Tuesday.
The
concerns came after The Intercept, a news site that has access to
documents from known leaker Edward Snowden, published new revelations
about the scope of the US terrorism watchlist.
The
Intercept report
was "obtained from a source in the intelligence community."
Previously,
it has not hidden when Snowden was its source, suggesting the latest
scoop came from someone else.
I
think this goes back much farther than two years.
Kevin
Poulsen reports:
Security experts call it a “drive-by download”: a hacker
infiltrates a high-traffic website and then subverts it to deliver
malware to every single visitor. It’s one of the most powerful
tools in the black hat arsenal, capable of delivering thousands of
fresh victims into a hackers’ clutches within minutes.
Now the technique is being adopted by a different kind of a
hacker—the kind with a badge. For the last two years, the FBI has
been quietly experimenting with drive-by hacks as a solution to one
of law enforcement’s knottiest Internet problems: how to identify
and prosecute users of criminal websites hiding behind the powerful
Tor anonymity system.
Read
more on Wired.
An
interesting article. Something to consider at least.
Teens
Are Waging a Privacy War on the Internet — Why Marketers Should
Listen
Back
in the early days of social media, Danah Boyd was asked to
participate on a panel alongside some representatives from various
consumer brands. A fellow panelist who worked at Coca-Cola commented
with satisfaction that his company was the most popular brand on
MySpace. Without meaning to, Boyd (who writes her name in all
lowercase letters) laughed audibly. At the moderator’s prompting,
she explained that she, too, had noticed how popular Coke was on the
site, and investigated. The most popular “brand” turned out to
be not the soft drink, but cocaine.
Web-savvy
brand managers, marketers, programmers and data analysts would never
make that kind of mistake today — or would they? Boyd, an
internationally recognized authority on social media — the
Financial Times has dubbed her the “high priestess” of social
networks — told the audience at the recent Wharton Web Conference
that it is becoming more and more difficult even for web
professionals to crack the ever-shifting code of people’s online
interactions.
Worth
looking at...
–
makes it easy for you to adjust, check, test, and maintain your
online privacy. You can click on each logo to find the privacy page
for each service. Next, you can test your privacy settings by seeing
how easily you can find yourself using this custom people search
engine. This search provides results from other people directories.
Actually
old tech (bouncing lasers off of windows to pick up vibrations has
been a tool for years)
Eavesdropping
On A New Level
…
Researchers from MIT, Microsoft, and Adobe have shown that they can
recover sound from video imagery, a technique that promises to pique
the interest of intelligence agencies and forensic investigators.
While the technique will need to be refined to be practical outside
the laboratory, it has the potential to enable retroactive
eavesdropping at events that were videoed with sufficient fidelity.
…
In a
paper to be presented in mid-August at SIGGRAPH
2014, the researchers describe how they filmed a series of
objects using both a high-speed video camera and a consumer video
camera and were able to reproduce sounds that had been playing near
objects using only video information -- the object's minute
vibrations in response to the impact of sound waves.
…
US intelligence presumably already has more sophisticated
eavesdropping technology. A decade-old patent application arising
from work at NASA, "Technique
and device for through-the-wall audio surveillance,"
describes a way to listen in on even soundproofed locations by using
"reflected electromagnetic signals to detect audible sound."
But MIT's Visual Microphone technique could become a useful addition
to an already formidable set of surveillance tools.
For
my Ethical Hacker's “Guide to Hacking”
How
Hackable Is Your Car? Consult This Handy Chart
…
All the cars’ ratings were based on three factors: The first was
the size of their wireless “attack surface”—features like
Bluetooth, Wi-Fi, cellular network connections, keyless entry
systems, and even radio-readable tire pressure monitoring systems.
Any of those radio connections could potentially be used by a hacker
to find a security vulnerability and gain an initial foothold onto a
car’s network. Second, they examined the vehicles’ network
architecture, how much access those possible footholds offered to
more critical systems steering and brakes. And third, Miller and
Valasek assessed what they call the cars’ “cyberphysical”
features: capabilities like automated braking, parking and lane
assist that could transform a few spoofed digital commands into an
actual out-of-control car.
You
can autocomplete all of the people some of the time and some of the
people all of the time, but you can't avoid litigation any time.
Now
Google Autocomplete Could Be Found Guilty Of Libel In Hong Kong
Another
story to illustrate a favourite theme of mine. This time it’s the
possibility that Google's
autocomplete function will get the company sued for, and found
guilty of, libel in Hong Kong.
A court has ruled that a Hong Kong tycoon can sue Google over its
autocomplete results suggesting he has links to organized crime.
In a judgment released Wednesday, the court dismissed the Internet
search giant’s objections to tycoon Albert
Yeung’s defamation lawsuit.
Yeung filed the lawsuit after Google refused to remove autocomplete
suggestions such as “triad,” as organized crime gangs are known
in China, which popped up with searches on his name.
For
my Computer Security and IT students.
IT
Salary Guide 2014
(Please
note: These IT salary numbers are for starting pay only. Factors like
seniority and performance reports are impossible to calculate.)
For
all my students, please!
8
Ways To Spell & Grammar Check In Microsoft Word Using Different
Dictionaries & Languages
No comments:
Post a Comment