Tagged: hacking Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:00 am on October 18, 2018 Permalink | Reply
    Tags: , , hacking   

    Latest Facebook hack was not politically motivated. The real explanation is worse. 

    Latest Facebook hack was not politically motivated. The real explanation is worse.

    It was back in late September, which was not all that long ago, when it was announced that Facebook was hacked to the tune of 50 million accounts. The hack not only exposed user information but allowed the hackers access to what’s been referred to as ‘access tokens’, which theoretically would allow the hackers to gain access to other platforms which use Facebook as a login. While Facebook is now claiming the number of accounts hacked was closer to 30 million, it was believed the attack was carried out by state-sponsored agents. Now, Facebook is walking back on that claim and the new claim isn’t much better.

    According to yesterday’s report from the Wall Street Journal, brought here via Business Insider, an anonymous Facebook insider has said that the hack was conducted by your run of the mill spam hackers. These hackers are the type who are in it for the money rather than any political ideal. Among some of the information that was taken from Facebook were birthdates, phone numbers, search history of Facebook users.

    In my opinion, it’s worse that Facebook was hacked by a group of spam hackers rather than a foreign power. To me, this means that Facebook’s security is lacking in a basic way since they can’t keep out the hackers who sell your information to email spammers and phone scammers. An attack from a world power can almost be understood against a platform that is as massive as Facebook. However, Facebook’s security should be above nickel and dime attacks like this that are more akin to the stereotypical hacker who lives in their parents’ basement.

    A saying that’s been going around in tech circles lately is that the only safe Facebook account is a deleted Facebook account.

     
  • Geebo 9:30 am on June 21, 2018 Permalink | Reply
    Tags: Global Emancipation Network, hacking,   

    Are online vigilantes needed to fight human trafficking? 

    Are online vigilantes needed to fight human trafficking?

    In fiction, vigilantes are a very entertaining subject. From movies like Boondock Saints to characters like Batman, fictional vigilantes bring justice to those who think they’re above the law. However, historically vigilantes in the real world have been nothing more than lynch mobs looking to further their own agenda. Much like their historical counterparts, online vigilantes tend to be virtual lynch mobs who more often than not target the wrong person as the victim of their ire and end up hurting innocent people in the process. One of the more infamous examples of that was when a Reddit group identified the wrong man as the Boston Marathon bomber. However, one group of white hat hackers are using their technical expertise to fight against human trafficking.

    The Global Emancipation Network is far from a group of ragtag hackers united by a common goal. It was founded by a computer scientist whose resume includes stints with the US Department of Defense, Microsoft, and NASA. The GEN collects information from all over the internet and the dark web in order to share this data with law enforcement agencies all over the world.

    As GEN points out, many law enforcement agencies from around the world either can not or will not devote the necessary resources needed to effectively fight human trafficking. GEN hopes to fill that gap with the information they collect. While it’s a harsh reality, it’s a shame that their services are needed in the first place. However, it’s refreshing to see such a well-organized volunteer community doing the dirty work that needs to be done to help rescue the millions of victims of human trafficking in all of its forms.

     
  • Geebo 8:59 am on October 16, 2017 Permalink | Reply
    Tags: hacking, KRACK,   

    Exploit makes all Wi-Fi vulnerable. Is it time to panic? 

    Exploit makes all Wi-Fi vulnerable. Is it time to panic?

    A leading security expert recently discovered an exploit in the algorithm that keeps most Wi-Fi devices secure. The exploit, named KRACK, allows a bad actor to hijack your Wi-Fi and tunnel in to any of your Wi-Fi enabled devices. This means that your private information could be compromised or any sort of malware could be injected into your devices. Here’s all the guts of how the exploit works.

    This makes any Wi-Fi enabled device vulnerable. That means it can effect phones, tablets, PCs, whether they run Windows, Android, iOS, MacOS and even Linux. So what can you do? Unfortunately, mostly wait. This exploit is so new that most distributors have not pushed any updates yet to fix the exploit. That’s not even taking into consideration that a lot of distributors, especially router manufacturers, never even update the firmware of their devices. The same goes for a lot of Android phone manufacturers too. You can use a virtual private network (VPN) to be more secure, however, they can be costly and some VPN providers can be shady themselves. For PCs and laptops you can go back to using your ethernet cables.

    If any good news can come from this exploit it’s that someone has to be within distance of your Wi-Fi source to be able to launch an attack. So if you’re at home, someone would have to be in range of your home router to try to hijack your signal. Businesses will be more vulnerable as a hacker will have better access to try to hijack that signal. Hopefully, manufacturers, distributors and providers will realize just how massive this vulnerability is and will issue patches as soon as possible. If you have additional questions and concerns you can go to krackattacks.com.

     
  • Geebo 9:52 am on March 16, 2017 Permalink | Reply
    Tags: hacking, ,   

    So what exactly did the Russian hackers get from Yahoo? 

    So what exactly did the Russian hackers get from Yahoo

    As was posted yesterday, the Department of Justice did indict four hackers believed to be involved with the massive data breaches that have plagued Yahoo over the past few years. The alleged hackers have been identified as Dmitry Aleksandrovich Dokuchaev, 33, Igor Anatolyevich Sushchin, 43, Alexsey Alexseyevich Belan, 29, and Karim Baratov, 22. Dokuchaev and Sushchin are said to be Russian intelligence agents while Belan and Baratov were hired by the aforementioned agents. The only one of the four to be arrested was Baratov since he was living in Canada at the time of his arrest. The other three suspects are currently in Russia which does not have an extradition treaty with the United States.

    So while the hacks exposed hundreds of millions of Yahoo accounts, only a minority of those accounts turned out to be valuable to the hackers. Among those accounts were those of Russian journalists and cybersecurity experts. Considering Russia’s track record of allegedly targeting and suppressing opposition against the regime this should come as no surprise. Outside of Russia, targets included a Nevada gaming official, a high-ranking executive in a US airline and the CTO of a French transportation company.

    For the average Yahoo Mail user this means that you probably weren’t targeted by the Russians and your Aunt Betty’s recipe for peach cobbler is probably safe, however, it is recommended that you update your password if you haven’t done so in a while or consider moving to a more secure platform that hasn’t been hacked to the tune of 500 million users.

    On the geopolitical scale these hacks could be seen as the start of a new type of cold war where the battlefield is through cyberspace rather than blocs of puppet governments. While the battle may be contained to a confined virtual space that doesn’t make the possible outcomes any less concerning.

     
  • Geebo 9:51 am on March 15, 2017 Permalink | Reply
    Tags: DOJ, hacking, ,   

    DOJ to charge four in Yahoo hacks 

    DOJ to charge four in Yahoo hacks

    It seems that the Yahoo hacks have been in the news forever. For the past few months we’ve been hearing about hack after hack after hack that exposed hundreds of millions of accounts to the masses. The data breaches were so bad not only did it cause Verizon to ask for a $350 million dollar discount in their purchase of Yahoo, but it also basically cost Yahoo CEO Marissa Mayer her job. Now a new chapter in the Yahoo hack saga has developed.

    Bloomberg is reporting that the Department of Justice has discovered the identity of four hackers they believe are at least partly responsible for the Yahoo data breaches. According to sources close to the situation, the DOJ believes one of the hackers to be in Canada and four to be in Russia.

    While the Canadian hacker might be easy to extradite, the problem may be with the three Russian hackers. Despite what you feel about alleged relationships between the current administration and Russia, the DOJ seems to believe that the Russian hackers are state-sponsored. Even if there are friendly relations between the two administrations will Russia be willing to extradite these alleged hackers to the US? That remains to be seen and could be the most interesting chapter in this saga.

     
  • Geebo 11:31 am on March 2, 2017 Permalink | Reply
    Tags: hacking, ,   

    Yahoo CEO takes massive financial hit over breaches 

    Yahoo CEO takes massive financial hit over breaches

    Yahoo CEO Marissa Mayer has been penalized financially for the massive security breaches that have taken place on her watch. You can read bout some of those breaches from our blog’s archive. In an SEC filing Yahoo said that Mayer did not receive her annual bonus for 2016 because certain senior executives failed to act properly when the breaches were discovered. Mayer’s bonus is said to be around the $2 million mark. Mayer also said that she would forgo any bonus for 2017 as well.

    Mayer has asked that her bonus be distributed to Yahoo employees saying that they were the ones who contributed to Yahoo’s success in 2016. All of this comes in the wake of Verizon’s proposed purchase of Yahoo. Due to the breaches Yahoo’s price has been discounted by $350 million. If Mayer were to be fired by the Yahoo board she would receive a golden parachute of $44 million.

    Yahoo general counsel Ronald Bell did not make out as well as Mayer. He resigned in wake of the breaches and received no financial payout from the struggling company.

     
  • Geebo 11:31 am on February 28, 2017 Permalink | Reply
    Tags: cloudpets, hacking, ,   

    Cloud connected child’s toy leads to personal data breach 

    Cloud connected child's toy leads to personal data breach

    As seen on TV toy CloudPets is actually a pretty clever concept. By using a smart phone app a traveling parent or a relative that lives far away can leave a voice message to a child on one of the stuffed animals.

    Except there’s that one inherent problem that affects any device connected to the cloud, there’s a chance that personal data stored there could be compromised. CloudPets seems to be having that problem currently as reports say that an insecure database led to third-parties accessing the personal information of many of their users. This information includes names and dates of birth. This is made doubly disturbing considering that a lot of this information belongs to children, not to mention that their voice messages could possibly have been stolen as well. Some reports even state that it’s possible to send unauthorized messages to the devices if someone so desired.

    As with any device that’s connected to the cloud you have to assume a certain amount of risk that the data could be stolen, but when it comes to your children you should double that amount and take proper steps to try and keep that information secure such as using strong passcodes. Or you may want to consider not sharing your child’s personal information at all with a company that advertises on basic cable commercials.

     
  • Geebo 10:57 am on February 16, 2017 Permalink | Reply
    Tags: hacking, , ,   

    Yahoo reveals that hack was worse than previously thought 

    Yahoo reveals that hack was worse than previously thought

    It seems that getting any kind of vital information out of tech dinosaur Yahoo is like pulling teeth, from a rabid badger. It was made public recently that Yahoo’s infamous hack that compromised 500 million accounts was worse than just stolen passwords. Now Yahoo is revealing that some of the accounts were compromised using a forged cookie.

    A cookie is a piece of code that allows your browser to remember such information as your username for certain sites and in some cases your password. This means that someone with a forged cookie doesn’t even need your password to access your account. Yahoo claims that the hack was carried out by a state actor which means a government sponsored attack.

    This comes at a time where Verizon is still trying to negotiate a price to purchase Yahoo. Verizon just recently requested a $300 million price cut on the pending acquisition. Then again, if it wasn’t for this acquisition we may have never heard about these hacks at all.

    If anyone is still using any Yahoo services that deal with any kind of personal information you may want to think of deleting your account. While any online service can fall victim to a large-scale hack of this nature, Yahoo seems to be inordinately porous when it comes to user security.

     
  • Geebo 2:49 pm on January 27, 2017 Permalink | Reply
    Tags: , hacking,   

    Facebook offers new level of security 

    Facebook offers new level of security

    Recently, Facebook rolled out a new security feature designed to keep your account out of the hands of hackers and identity thieves. You can now purchase a USB key that will only allow someone with the key to access your account. This is a lot more secure than the regular two factor authentication as SMS messages can be intercepted.

    However, there are drawbacks to using this method of security. The first is that it only applies to using Facebook on your PC, a mobile version of this method has yet to be implemented. The second problem is that it will only work with the Chrome and Opera browsers, so if you’re a Firefox or Explorer user, you’re out of luck. Lastly, if you lose the key you’ll be locked out of your Facebook account.

    Unless you use Facebook for business purposes or are some kind of public figure you can probably get away with just the regular two factor authentication with no problem. However if your livelihood revolves around your Facebook, the security key may not be such a bad idea.

     
  • Geebo 12:20 pm on January 17, 2017 Permalink | Reply
    Tags: hacking, ,   

    The world’s worst passwords of 2016 

    The world's worst passwords of 2016

    The worst passwords of 2016 have been released and once again there are no surprises. Keeper Security studied the passwords of 10 million online accounts that were hacked and released the 25 most commonly used passwords in these hacked accounts.

    123456 remains as the most commonly used password while the top ten is littered with a few variations on that such as 1234567890 along with variations of ‘qwerty’. However it appears that some progress is being made among people who use bad passwords as the word ‘password’ has fallen to 8th on the list. In past years it was either first or second on the list.

    Some of you may be even using these passwords and are thinking to yourself that you’ve never been hacked. It’s probably only a matter of time before you will. Considering 10 million of these accounts with these bad passwords were hacked, there are probably even millions more that haven’t even been reported.

    Seriously, with all our lives being so entrenched in the digital world these days, it’s worth not only your time but your sanity to start using some more secure passwords. You can check this previous post to see how you can do that.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel