Tag Archives: passwords

[ISN] After Dodging the Bullet that Hit OPM, Interior ‘Owns’ Up to Cyber Problem

http://www.nextgov.com/cybersecurity/2015/07/after-dodging-bullet-hit-opm-interior-owns-cyber-problem/117904/ By Aliya Sternstein Nextgov.com July 15, 2015 Sometimes fear is the best motivator. At the Interior Department, this was the case when computer hackers stole millions of federal employee records from an Office of Personnel Management database stored inside one of Interior’s data centers. The assailants left Interior’s data unscathed. But point taken, Interior Chief Information Officer Sylvia Burns said Wednesday afternoon. The incident, part of a historic hack against the U.S. government, prompted the department to expedite a goal of eliminating wimpy passwords as the only safeguard when signing in to agency systems. The intruders, suspected Chinese spies, used a stolen password from an OPM contractor to copy OPM’s database, according to federal officials. From OPM’s network, the bad guys then scampered across the entire Interior facility’s IT environment, Burns said. All other data, however, was not compromised, she said. “When I, as a CIO for the department, learned of the intrusion, it was horrifying to me and since that time, my team and I have been on high alert working probably seven days a week, long hours to take our lessons learned and do a mitigation plan around it,” Burns said. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Attack on Lithuanian army’s website plotted for two weeks

http://en.delfi.lt/lithuania/defence/attack-on-lithuanian-armys-website-plotted-for-two-weeks.d?id=68228302 BNS June 12, 2015 The Wednesday’s cyber attack on the website of the Lithuanian Armed Forces Joint Staff was plotted for at least two weeks, with requests sent from Iran, among other countries, says Rimantas Černiauskas, director of the National Cyber Security Centre. “We see large amounts of interesting information. We see that there were continued various pings, for instance, there was an attempt from Iran to guess the password. We see that the server hosting the website was constantly checked by hackers, with attempts to enter it, most of the attempts were not successful,” said the expert. In his words, the final conclusions on the hacking should be submitted to the Armed Forces by the end of office hours on Friday – additional information has now been requested from the company managing the website content. Černiauskas confirmed that special robots had been checking the weak spots of the system on a daily basis, i.e., at least two or three times a day, attempting to guess the passwords and find system gaps, the attack was conducted by specific individuals. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Someone Hacked a Billboard in Atlanta to Display Goatse

http://motherboard.vice.com/read/someone-hacked-a-billboard-in-atlanta-to-display-goatse By Jason Koebler Staff Writer Motherboard.vice.com May 15, 2015 Atlanta’s affluent Buckhead neighborhood is a great place to shop, eat, and, last weekend, it was a great place to spot a man bent over stretching his asshole far beyond what could possibly be healthy. Hackers took over a video billboard in the neighborhood and replaced it the most infamous image from Goatse, one of the internet’s original shock sites (Image here, if you must see it). Specific details about how the hackers hijacked the billboard haven’t come out yet, but one security researcher says that he warned the company that owns and operates the billboard that many of its signs are vulnerable. Dan Tentler is a well-respected security researcher who works for Carbon Dynamics, a security firm. Thursday, he tweeted that he had been in contact with the company that owns the billboard and was told thanks but no thanks. “I wanted to let you guys know that your customers are deploying these signs and not changing the default passwords, which, if an actual bad guy found this out, could lead to some unwanted tinkering with the signs, possibly some defacement,” Tentler wrote in an email send in April to the company. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] More Uber Accounts Have Been Hacked, This Time in the United States

http://motherboard.vice.com/en_uk/read/more-uber-accounts-have-been-hacked-this-time-in-the-united-states By Joseph Cox Motherboard.Vice.com May 2, 2015 UPDATE: An Uber spokesperson responds, “We do not have any additional information to share beyond the statement we provided before: We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.” Back in March, Motherboard revealed that fully functioning Uber accounts were for sale on the dark web for as cheap as $1 each. At the time, it appeared that the victims of those hacks were based in the United Kingdom. Now, Uber customers from all over the United States have taken to Twitter to complain that their account has been charged for trips they never took, sometimes half way across the world. “It was crazy,” one apparent victim, Stephanie Crisco from North Carolina, told me over Twitter direct message. “I used Uber for the first time Thursday night. On Friday morning I received a notification on my phone that my driver was en route. I didn’t request a driver. I clicked on the notification and it said that the ride was cancelled but the pickup was in London.” Crisco also tweeted a picture of the trips she claims she didn’t make. While many of the trips in the screenshot were cancelled, one of them in London was indeed successful, and Crisco told me that three charges were made against her account in total. Crisco has since cancelled her bank card, and Uber have refunded her for the three charges, which range between $40 and $120 each. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 8th Grader Faces Felony Charges for Changing Teacher’s Computer Background

http://time.com/3817582/boy-arrested-computer-background/ By Laura Stampler @LauraStampler Time.com April 10, 2015 Pranksters be warned Eight-grader Domanik Green was arrested on felony charges in Holiday, Fla. Wednesday after breaking into his teacher’s computer to change the background picture to two men kissing. Green, 14, who was released the day of his arrest, said that he broke into the computer of teacher he didn’t like after realizing that faculty members’ passwords were simply their last names, the Tampa Bay Times reports. Green, who previously faced a three-day suspension for a similar prank, said that many students got in trouble for breaking into teachers’ computers. “Even though some might say this is just a teenage prank, who knows what this teenager might have done,” Sheriff Chris Nocco told the Tampa Bay Times Thursday. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacked French TV network admits “blunder” that exposed YouTube password

http://arstechnica.com/security/2015/04/hacked-french-tv-network-admits-blunder-that-exposed-youtube-password/ By Dan Goodin Ars Technica April 12, 2015 The head of the French TV network that suspended broadcasting following last week’s hack attack has confirmed the service exposed its own passwords during a TV interview, but said the gaffe came only after the breach. “We don’t hide the fact that this is a blunder,” the channel’s director general Yves Bigot, told the AFP news service. The exposure came during an interview a rival TV service broadcast on the TV5Monde attack. During the questioning, a TV5Monde journalist sat in front of several scraps of paper hanging on a window. One of them showed the password of for the network’s YouTube account. As Ars reported last week, the pass code was “lemotdepassedeyoutube,” which translates in English to “the password of YouTube.” Bigot stressed that the passwords were broadcast only after the hack attack, which occurred overnight Wednesday when hackers compromised TV5Monde servers and social networking accounts. A TV5Monde manager told AFP that the gaffe came in the immediate aftermath of the hack attack, when network managers were scrambling to quickly hand out new temporary online access codes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Stealing Data From Computers Using Heat

http://www.wired.com/2015/03/stealing-data-computers-using-heat/ By Kim Zetter Security Wired.com 03.23.15 AIR-GAPPED SYSTEMS, WHICH are isolated from the Internet and are not connected to other systems that are connected to the Internet, are used in situations that demand high security because they make siphoning data from them difficult. Air-gapped systems are used in classified military networks, the payment networks that process credit and debit card transactions for retailers, and in industrial control systems that operate critical infrastructure. Even journalists use them to prevent intruders from remotely accessing sensitive data. To siphon data from an air-gapped system generally requires physical access to the machine, using removable media like a USB flash drive or a firewire cable to connect the air-gapped system directly to another computer. But security researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors. The method would allow attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system that’s in close proximity and that the attackers control. They could also use the internet-connected system to send malicious commands to the air-gapped system using the same heat and sensor technique. In a video demonstration produced by the researchers, they show how they were able to send a command from one computer to an adjacent air-gapped machine to re-position a missile-launch toy the air-gapped system controlled. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [CFP] BSides Las Vegas August 2015

Forwarded from: BSidesLV CFP: https://bsideslv.org/cfp/ First Round CFP closes April 15th. Round two opens May 25th and closes June 8th. BSidesLV 2015 will consist of seven main speaking tracks and one workshop track.It will also include Passwords, however they have a separate CFP. Look for that at https://passwordscon.org/ Proving Ground – First-time speaker* mentor-ship and scholarship program. Get matched with a great mentor who will assist you in crafting your talk and slides and we’ll cover up to $500 in costs for your trip to Las Vegas. *Regional BSides and local group meetings (OWASP/ISSA/ISACA etc.) do not fall into this category More info: http://www.bsideslv.org/speakers/cfp/proving-ground-call-for-papers/ Breaking Ground – Ground Breaking Information Security research and conversations on the “Next Big Thing”. Interactively discussing your research with our participants and getting feedback, input and opinion. No preaching from the podium at a passive audience. Common Ground – Other topics of interest to the security community. e.g., Lock-picking, hardware hacking, mental health/burnout, Law, Privacy, Regulations, Risk, Activism, etc. Again, interactive discussions with your peers and fellow researchers. Not passive lectures “at” an audience. Underground – OTR talks on subjects best discussed AFK. No press, no recording, no streaming, no names. Just you and your peers, behind closed doors. Think about it. Ground Truth – This  track is focused on innovative computer science and mathematics applied to security. Topics of interest include machine learning, natural language processing, Big Data technologies, cryptography, compression, data structures, zero knowledge proofs or just about anything academically publishable that usually baffles review committees for other conferences. Above The Ground Plane – The team that brings you the Wireless Village at DEFCON and the Wireless Capture the Flag contests at multiple conferences throughout the year is organizing a new speaking track for BSidesLV. The Above The Ground Plane track will consist of any and all forms of exciting hacks and unusual uses of wireless technology. Think you have something new and exciting, spread your spectrum and come share it. Trust us, you ohm it to yourself. Training Ground – Workshops and classes to give our participants hands-on experience and in-depth knowledge. We accept proposals for 1/2 day, full-day and 2-day workshops. We don’t charge for workshops, nor do we pay for them, although we may cover circuit boards. Conference information: https://bsideslv.org More CFP information: https://www.bsideslv.org/speakers/cfp/ CFP: https://bsideslv.org/cfp/ Security BSides Las Vegas, Inc. A 501(c)(3) Non-Profit Educational Corporation http://bsideslv.org info@bsideslv.org https://twitter.com/bsideslv


Facebooktwittergoogle_plusredditpinterestlinkedinmail