Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - April 07, 2014

Apr 7, 2014 2:24AM PDT
18 million email addresses and passwords stolen in Germany

Last week, authorities in the German city of Verden reportedly discovered one of the country's largest cases of identity theft, where up to 18 million email addresses and their associated passwords may have been stolen.

The city's public prosecutor has asked the country's Federal Office for Information Security (known by its German abbreviation BSI) for its help in notifying the affected users of the breach, according to a statement by the BSI. On Friday, the federal office said that it was working under "high pressure, so that affected internet users can be immediately informed".

The stolen identities were discovered in the context of an investigation into a botnet which is being used to send spam emails from stolen email addresses, according to the BSI. "The botnet is still in operation," according to a statement issued on Monday by the BSI, and "the stolen identities are being actively exploited."

Continued : http://www.zdnet.com/18-million-email-addresses-and-passwords-stolen-in-germany-7000028082/

Related: German police finds 18M stolen and misused account logins

Discussion is locked

- Collapse -
Fact-Checking Experian's Talking Points
Apr 7, 2014 2:29AM PDT

In the wake of long-overdue media attention to revelations that a business unit of credit bureau Experian sold consumer personal data directly to an online service that catered to identity thieves, Experian is rightfully trying to explain its side of the story by releasing a series of talking points. This blog post is an attempt to add more context and fact-checking to those talking points.

Experian has posted several articles on its Web properties that lament the existence of "inaccurate information about Experian circulating in news outlets and other Web sites."

"It's no surprise that cybercrime and data breaches are hot topics for media and bloggers these days," wrote Gerry Tschopp[, senior vice president of public affairs at Experian. "Unfortunately, because of all the attention paid to these topics, we've seen some inaccurate information about Experian circulating in news outlets and other Web sites. I want to take a moment to clarify the facts and events."

Continued: https://krebsonsecurity.com/2014/04/fact-checking-experians-talking-points/

Related:
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
Experian in hot seat after exposing millions of social security numbers [Updated]

- Collapse -
Fake Voting Campaign Steals Facebook Users' Identities
Apr 7, 2014 2:30AM PDT

Symantec Security Response Blog:

Phishers continuously come up with various plans to enhance their chances of harvesting users' sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.

The phishing page, hosted on a free Web hosting site, targets Facebook users and contains a fake voting campaign, "WHO IS GREAT BOYS OR GIRLS?" along with the "VOTE" button to register votes. The page is also embedded with pair of bar charts representing voting ratio and displays the total votes gained for the last four years. These give a more legitimate feel to the fake application. [Screenshot]

The first phishing page contains a button to initiate the voting process. After the button is clicked, a pop-up window appears, asking for a user's login ID and password, as shown below:

Continued: http://www.symantec.com/connect/blogs/fake-voting-campaign-steals-facebook-users-identity

- Collapse -
Mazda updates car software to fix *real-life* bug problem
Apr 7, 2014 2:30AM PDT

Modern cars are becoming ever more sophisticated, and reliant on computer systems and software.

In fact, it is beginning to feel just as common to take your car to the local dealer to have its software updated as it is to have a mechanic fiddle around under your bonnet.

And software, as we all know far too well, is written by humans who invariably make mistakes.

Just last week, security researchers revealed how it was possible to unlock an expensive Tesla car just by having a freely-available iPhone app and hacking a single six-character password, and earlier this year Toyota was forced to recall 1.9 million Prius Hybrid cars because of a software flaw.

Well, here's something rather different.

Continued : http://grahamcluley.com/2014/04/mazda-car-software-bug/

- Collapse -
Chrome Adds Ability to Force Ephemeral Mode
Apr 7, 2014 2:30AM PDT

Google has made a subtle change to the admin console in its Chrome browser, which is used in enterprise environments to help set policies for employee use, which will allow administrators to force users to browse in ephemeral mode.

The change won't have any effect on typical individual users who run Chrome in an unmanaged environment, such as a home machine or enterprise that doesn't use the admin console. But for administrators in environments where they're managing a lot of users running Chrome, the ability to force ephemeral mode is a helpful tool in the fight against data loss and other security problems.

"If Google Chrome Sync is enabled, any changes that the user makes to the browser's settings or to their Chrome data (such as bookmarks, history, apps etc.) during an ephemeral session will be saved for future sessions. The settings are saved in the user's Google account in the cloud. If Google Chrome Sync is not enabled, any changes are lost when the user exits the browser," Google's documentation on the feature says.

Continued: http://threatpost.com/chrome-adds-ability-to-force-ephemeral-mode/105273

- Collapse -
Dutch gov't pays millions for extended Windows XP support
Apr 7, 2014 4:12AM PDT

Microsoft will end support for the ancient, still popular Windows XP on April 8, but that doesn't mean that every private and public XP user is ready to move on to another operating system. The Dutch government has agreed to pay Microsoft millions of euros in exchange for continued support for its Windows XP PCs, according to ZDNet.

The deal will grant extended Windows XP support for 34,000 to 40,000 Dutch civil servants who work for the national government, which will keep them running until a new operating system is installed by January 2015. At this point, t's unclear what OS the gov't will upgrade to.

This support extension comes after the UK government made a similar agreement with Microsoft, forking over more than 5.6 million British pounds for an extra year of XP support. UK government PCs running Office 2003 and Exchange 2003 will also receive security updates during the one year deal.

Continued : http://www.digitaltrends.com/computing/dutch-government-extends-windows-xp-support/

- Collapse -
'Privacy Dinosaur' urges Facebook users to check privacy..
Apr 7, 2014 4:12AM PDT
.. settings

Facebook has introduced a blue cartoon Zuckersaurus-Rex, or some other type of dinosaur, to warn users when they are about to post something publicly.

Facebook has always had an interesting relationship with its users and their privacy.

Now, users who haven't adjusted their privacy settings will see the dino-message whenever they attempt to share a status update, link or photo that would otherwise be visible to everyone.

Continued: http://nakedsecurity.sophos.com/2014/04/07/the-privacy-dinosaur-urges-facebook-users-to-check-their-privacy-settings/