Tag Archives: site

[ISN] Russian Gang Amasses Over a Billion Internet Passwords


http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html By NICOLE PERLROTH and DAVID GELLES The New York Times AUG. 5, 2014 A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say. The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems. Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information. “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.” [...]

Tags: , , , , , , , , , , , , , , ,

[ISN] Hilton Turns Smartphones Into Room Keys

http://www.informationweek.com/mobile/mobile-business/hilton-turns-smartphones-into-room-keys/d/d-id/1297618 By Thomas Claburn InformationWeek.com 7/29/2014 Hilton Worldwide plans to allow guests to check-in and choose their rooms using mobile devices, and even to unlock their hotel rooms. By the end of the year, Hilton says it will offer digital check-in and room selection at 11 of its brands, across more 4,000 properties. The service will be available to Hilton HHonors members in more than 80 countries, the company said. “We analyzed data and feedback from more than 40 million HHonors members, as well as guest surveys, social media posts, and review sites, and it’s clear that guests want greater choice and control,” said Geraldine Calpin, SVP and global head of digital at Hilton Worldwide, in a statement. Calpin cited a company-commissioned study conducted by Edelman Berland that indicates some 84% of business travelers want the ability to choose their own room. Calpin said Hilton is enabling guests to select rooms, room types, and room numbers, subject to availability, using mobile devices. [...]

Tags: , , , , , , , , , ,

[ISN] Israel to intensify cyber security as end of Ramadan approaches

http://www.jpost.com/Defense/Israel-to-intensify-cyber-security-as-end-of-Ramadan-approaches-368891 By JPOST.COM STAFF 07/25/2014 The Shin Bet (Israel Security Agency) and the IDF were prepared to operate in the face of intensified threats of cyber warfare in the coming days ahead of commemorative days in the Muslim world that fall on the last days of the month of Ramadan. Along with Israel’s general cyber security activities, the IDF’s Cyber Defense Unit was preparing to deal with the activities of hackers from around the Muslim world as well as ground in the Gaza Strip, the Shin Bet said in a statement released Thursday. Measures taken into consideration included the option to block the sending of fraudulent SMS messages to the Israeli public along with desisting the operation of certain Israeli websites. The precautions were being taken especially in light of Iran’s anti-Israel Quds Days on Friday and Laylat al-Qadr, beginning on Thursday night and marking the coming end to the month of Ramadan. [...]

Tags: , , , , , , , , ,

[ISN] Seven Arrested For Fleecing StubHub For $1.6 Million In Tickets

http://www.forbes.com/sites/katevinton/2014/07/23/seven-arrested-for-fleecing-stubhub-for-1-6-million-in-tickets/ By Kate Vinton Forbes Staff 7/23/2014 Seven alleged cyber criminals have been arrested as part of an international cybercrime ring that hacked StubHub and laundered upwards of $1.6 million dollars, the New York D.A.’s Office announced Tuesday. Two of the alleged criminals were arraigned in New York today, with bail set at $2 million and $500,000. Six of the arrests were made on Tuesday across three countries—three in London, one in Toronto, and two in New York—highlighting the international scope of cybercrime. A seventh criminal was arrested in Spain earlier this month. One American is expected to turn himself in this week, and two cybercriminals are still beyond reach in Russia, according to Manhattan D.A. Cyrus R. Vance at a press conference on Tuesday. This case originally began over a year ago in March 2013, when StubHub discovered a cyber breach and reported it to authorities, Vance said. This led to a case being opened with the New York City District Attorney’s Office, according to a StubHub statement. The investigation uncovered that cybercriminals had gained access to StubHub accounts and used customers pre-existing card information to purchase tickets for resale, in what is known as an “Account Take-Over Fraud.” StubHub, the subsidiary of eBay EBAY +1.17% (which had its own cyber breach) that allows people to buy and sell tickets online to games, concerts, and theater shows, notified affected customers after the breach and refunded them for the tickets in addition to increasing security, according to a statement. [...]

Tags: , , , , , , , , , , ,

[ISN] Why ’123456′ is a great password

http://www.csoonline.com/article/2455088/identity-access/why-123456-is-a-great-password.html By Antone Gonsalves CSO Online July 17, 2014 New research shows that “123456″ is a good password after all. In fact, such useless credentials from a security standpoint have an important role in an overall password management strategy, researchers at Microsoft and Carleton University, Ottawa, Canada, have found. Rather than hurt security, proper use of easy-to-remember, weak credentials encourages people to use much stronger passwords on the few critical sites and online services they visit regularly. “Many sites ask for passwords, but they require no security at all,” Paul C. Van Oorschot, a Carleton professor and a co-author of the research, said. “They basically want to get the email address to contact you, but there’s nothing to protect.” Strong passwords would be more likely adopted if people learned to use them only on critical accounts, such as employer websites, online banking and e-commerce sites that store the user’s credit card number. To be effective, this group should be small. [...]

Tags: , , , , , , , ,

[ISN] Even Script Kids Have a Right to Be Forgotten

http://krebsonsecurity.com/2014/07/even-script-kids-have-a-right-to-be-forgotten/ By Brian Krebs Krebs on Security July 18, 2014 Indexeus, a new search engine that indexes user account information acquired from more than 100 recent data breaches, has caught many in the hacker underground off-guard. That’s because the breached databases crawled by this search engine are mostly sites frequented by young ne’er-do-wells who are just getting their feet wet in the cybercrime business. Indexeus boasts that is has a searchable database of “over 200 million entries available to our customers.” The site allows anyone to query millions of records from some of the larger data breaches of late — including the recent break-ins at Adobe and Yahoo! – listing things like email addresses, usernames, passwords, Internet address, physical addresses, birthdays and other information that may be associated with those accounts. Who are Indexeus’s target customers? Denizens of hackforums[dot]net, a huge forum that is overrun by novice teenage hackers (a.k.a “script kiddies”) from around the world who are selling and buying a broad variety of services designed to help attack, track or otherwise harass people online. Few services are as full of irony and schadenfreude as Indexeus. You see, the majority of the 100+ databases crawled by this search engine are either from hacker forums that have been hacked, or from sites dedicated to offering so-called “booter” services — essentially powerful servers that can be rented to launch denial-of-service attacks aimed at knocking Web sites and Web users offline. [...]

Tags: , , , , , , , , , , , , , , , , ,

[ISN] Meet ‘Project Zero, ‘ Googles Secret Team of Bug-Hunting Hackers

http://www.wired.com/2014/07/google-project-zero/ By Andy Greenberg Threat Level Wired.com 07.15.14 When 17-year-old George Hotz became the world’s first hacker to crack AT&T’s lock on the iPhone in 2007, the companies officially ignored him while scrambling to fix the bugs his work exposed. When he later reverse engineered the Playstation 3, Sony sued him and settled only after he agreed to never hack another Sony product. When Hotz dismantled the defenses of Google’s Chrome operating system earlier this year, by contrast, the company paid him a $150,000 reward for helping fix the flaws he’d uncovered. Two months later Chris Evans, a Google security engineer, followed up by email with an offer: How would Hotz like to join an elite team of full-time hackers paid to hunt security vulnerabilities in every popular piece of software that touches the internet? Today Google plans to publicly reveal that team, known as Project Zero, a group of top Google security researchers with the sole mission of tracking down and neutering the most insidious security flaws in the world’s software. Those secret hackable bugs, known in the security industry as “zero-day” vulnerabilities, are exploited by criminals, state-sponsored hackers and intelligence agencies in their spying operations. By tasking its researchers to drag them into the light, Google hopes to get those spy-friendly flaws fixed. And Project Zero’s hackers won’t be exposing bugs only in Google’s products. They’ll be given free rein to attack any software whose zero-days can be dug up and demonstrated with the aim of pressuring other companies to better protect Google’s users. “People deserve to use the internet without fear that vulnerabilities out there can ruin their privacy with a single website visit,” says Evans, a British-born researcher who formerly led Google’s Chrome security team and will now helm Project Zero. (His business cards read “Troublemaker.”) “We’re going to try to focus on the supply of these high value vulnerabilities and eliminate them.” [...]

Tags: , , , , , , , , , , , , , , , , , , ,

[ISN] US firm helps Hamas, Netanyahu keep hackers at bay

http://www.timesofisrael.com/us-firm-helps-hamas-netanyahu-keep-hackers-at-bay/ By David Shamah The Times of Israel July 14, 2014 There isn’t much Prime Minister Benjamin Netanyahu and Hamas have in common — but one thing they do agree on is how to keep their websites safe from hackers. Both rely on a web service called CloudFlare, which helps customers avoid hacking and denial of service attacks. CloudFlare enables users to mask their location and Internet connection service providers. As a result, would-be hackers don’t which server to attack, so they can’t try to pull a site down by hacking into it or attempting a denial of service attack. Critics complain that CloudFlare provides protection equally to nations, legitimate concerns, criminals, and terrorists. As Hamas fires hundreds of rockets at Israel, and the Israeli air force hits back at Gaza, hackers sympathetic to Hamas have over the past several days hacked into numerous Israeli websites, as is common during periods of increased tension. Several days ago, for example, anti-Israel hackers defaced one of the most popular Israeli Facebook pages, StatusHunter, replacing the content with a slideshow purporting to show how the IDF was making Gazans suffer. [...]

Tags: , , , , , , , , , , , ,