Spyware, Viruses, & Security forum


NEWS - March 04, 2013

by Carol~ Forum moderator / March 3, 2013 11:12 PM PST
Evernote Forces Password Reset for 50M Users

Online note-syncing service Evernote is forcing all of its 50 million users to reset their passwords after detecting suspicious activity on its network.

In an email message sent to users today and posted on its blog, Evernote said digital intruders gained accessed to customer usernames, email addresses and encrypted passwords. The company says it has found no evidence that any of the content that users store in Evernote was accessed, changed or lost, and that there is no indication payment information for Evernote Premium or Business customers was accessed.

"Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted)," the company advised. "While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com."

Continued : http://krebsonsecurity.com/2013/03/evernote-forces-password-reset-for-50m-users/

Evernote users, you're gonna want to change your password
Evernote resets all passwords after user information is stolen in security breach
Evernote resets user passwords after being hit by "coordinated" hack
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 04, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 04, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Samsung flaw allows attackers to bypass Android lock screen
by Carol~ Forum moderator / March 4, 2013 4:48 AM PST
In reply to: NEWS - March 04, 2013

Attackers are able to bypass the lock screen on the Samsung Galaxy Note II smartphone, a device that the Korean electronics giant is pitching to enterprise customers.

First discovered by self-confessed mobile enthusiast Terence Eden, he outlines the flaw that allows an attacker to bypass the device's pattern lock, PIN code, longer alphanumeric password, and even the face unlock security feature.

It's not clear if the flaw lies within Samsung's devices or the Android platform, or both. However, this flaw may not be limited to Samsung's Note II or Android 4.1.2, and users and IT managers alike should test their devices immediately.

From the lock screen, an attacker can hit the emergency contacts button. Then, by holding down the home button, the unlocked home screen is momentarily displayed. That alone is enough to see what's on the home screen. Getting the timing right, users can direct dial and launch apps—though the attacker can only see what's briefly displayed rather than directly use the apps.

Continued: http://www.zdnet.com/samsung-flaw-allows-attackers-to-bypass-android-lock-screen-7000012087/

Lock Screen Bypass Flaw Found in Samsung Androids
Flaw in Samsung Phones Running Android 4.1.2 Allows Hackers to Bypass Lock Screen - Video

Collapse -
Prompted by Oracle Rejection, Researcher Finds 5 New Java
by Carol~ Forum moderator / March 4, 2013 4:48 AM PST
In reply to: NEWS - March 04, 2013
... Sandbox Vulnerabilities

Giving a prolific bug hunter an excuse to go poking deeper into a potential security issue generally doesn't end well or the vendor in question—in this case Oracle. Polish security firm Security Explorations, noteworthy for its Java security research, said today it reported five new vulnerabilities in Java SE 7 to Oracle. If combined, researcher Adam Gowdiak said, they can be used to gain a complete bypass of the Java sandbox.

The deeper look stemmed from a recent submission the company made to Oracle on Feb. 25 of two vulnerabilities that when used in conjunction could also bypass the sandbox. Gowdiak said Oracle dismissed one of the issues he reported, which he labels Issue 54, and called it "allowed behavior," rather than a vulnerability. It confirmed the other.

"We confirmed that company's initial judgment of Issue 54 as the 'allowed behavior' contradicts both Java SE documentation as well as existing security checks in code," he said. "It looks Oracle needs to either start treating Issue 54 as a vulnerability or change the docs and relax some of the existing security checks."

Continued : https://threatpost.com/en_us/blogs/prompted-oracle-rejection-researcher-finds-five-new-java-sandbox-vulnerabilities-030413
Collapse -
Jailed British hacker hacks own prison's mainframe
by Carol~ Forum moderator / March 4, 2013 4:48 AM PST
In reply to: NEWS - March 04, 2013

A UK cyber criminal jailed in a maximum security prison has managed to hack into the institution's mainframe after having been allowed to participate in IT lessons, the Daily Mail reports.

The inmate in question is 21-year-old Nicholas Webber, the infamous founder of the GhostMarket online forum on which budding cyber crooks were able to trade stolen card details, tools to commit computer offenses, and knowledge.

Arrested two years ago along with a few accomplices and sentenced to spend the next five years in prison, the youngster has somehow managed to be included in the group that took IT lessons provided by the prison in order to teach inmates skills that would help them once they got out.

Continued : http://www.net-security.org/secworld.php?id=14538

Jailed cybercriminal hacked into his own prison's computer system after being put in IT class
Cybercriminal teen hacked prison mainframe while taking IT course
Banged-up Brit hacker hacks into his OWN PRISON'S MAINFRAME

Collapse -
US ISPs launch pirate wrist-slapping campaign
by Carol~ Forum moderator / March 4, 2013 4:48 AM PST
In reply to: NEWS - March 04, 2013

Last week saw the US debut of the "six strikes" pirate wrist-slapping system, officially known as the Copyright Alert System (CAS).

With the new "six strikes" piracy alert system, Comcast plans to hijack offenders' browsers, Cablevision will suspend subscribers for 24 hours after a fifth offense, and other ISPs are looking at throttling infringers' connections down to a crawl.

CAS was birthed by the Center for Copyright Information (CCI), made up of five of the US's biggest Internet Service Providers (ISPs): AT&T, Cablevision, Comcast, Time Warner Cable and Verizon, as well as the Recording Industry Association of America (RIAA) and Motion Picture Association of America (MPAA).

Two CCI ISPs, Verizon and Comcast, activated the service on Wednesday.

Here's how the alert system will work, according to a post from CCI Executive Director Jill Lesser that went up on Monday:

Continued : http://nakedsecurity.sophos.com/2013/03/04/us-isps-pirate-campaign/

Related to:
ISP's to Implement Pirate Notification System
Comcast Punishes BitTorrent Pirates With Browser Hijack

Collapse -
Warning from "Mark Zurckerberg" leads to account hijacking
by Carol~ Forum moderator / March 4, 2013 4:49 AM PST
In reply to: NEWS - March 04, 2013

If you get an email sent by "Mark Zurckerberg", saying your Facebook account might be permanently suspended because of violations of the social network's Terms of Service, fight the urge to follow the offered link for "account verification."

The message is bogus, and the link will take you to a fake Facebook login web page set up for harvesting login credentials.

"After users enter the Facebook username and password on the bogus site, they will be automatically redirected to the 'Help' section of the real Facebook website and may not realize until it is too late that they have been on a scam site," points out Hoax-Slayer.

The collected information is then used by the scammers to hijack the users' Facebook accounts and spread other scam through it.

Continued : http://www.net-security.org/secworld.php?id=14539

Collapse -
CloudFlare goes down for an hour, taking its 785K customers
by Carol~ Forum moderator / March 4, 2013 7:48 AM PST
In reply to: NEWS - March 04, 2013

March 3, 2013 9:11 AM

In an ironic twist this morning, CloudFlare, a company that speeds up and protects websites, suffered an outage that also took down the 785,000 sites using its service, including Wikileaks and 4Chan.

A change pushed out to the company's routers ended up crashing them, TechCrunch reports. Chief executive Matthew Prince (above) told the site, "If you sent a packet to one of our IP addresses, you would get back a response that there was no router." The outage lasted for almost an hour.

CloudFlare serves as a line of defense between its customers and web visitors, which allows it to cache sites for better page loading performance, and also makes it difficult to take down sites with distributed denial of service (DDoS) attacks. But that also means if CloudFlare goes down, so does its customers.

The company runs 23 data centers globally, all of which were affected by the outage. "These data centers are connected to the rest of the Internet using routers," Prince explained in a blog post this morning. "These routers announce the path that, from any point on the Internet, packets should use to reach our network. When a router goes down, the routes to the network that sits behind the router are withdrawn from the rest of the Internet."

Continued : http://venturebeat.com/2013/03/03/cloudflare-goes-down-for-an-hour-taking-its-785k-customers-with-it/

Also : CloudFlare Goes Out for an Hour, Takes 785,000 Sites Offline

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.