Spyware, Viruses, & Security forum

Alert

NEWS - November 21, 2013

by Carol~ Moderator / November 21, 2013 12:54 AM PST
Cupid Media Hack Exposed 42M Passwords

An intrusion at online dating service Cupid Media earlier this year exposed more than 42 million consumer records, including names, email addresses, unencrypted passwords and birthdays, according to information obtained by KrebsOnSecurity.

The data stolen from Southport, Australia-based niche dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from Adobe, PR Newswire and the National White Collar Crime Center (NW3C), among others.

The purloined database contains more than 42 million entries in the format shown in the redacted image below. I reached out to Cupid Media on Nov. 8. Six days later, I heard back from Andrew Bolton, the company's managing director. Bolton said the information appears to be related to a breach that occurred in January 2013.

Continued: http://krebsonsecurity.com/2013/11/cupid-media-hack-exposed-42m-passwords/

Related:
Hack of Cupid Media dating website exposes 42 million plaintext passwords
Hack of online dating site Cupid Media exposes 42 million plaintext passwords
42 million passwords exposed following massive dating website hack
Discussion is locked
You are posting a reply to: NEWS - November 21, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 21, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
GitHub Resets Users' Passwords Following Brute Force Attack
by Carol~ Moderator / November 21, 2013 1:33 AM PST

The web hosting development site GitHub reset a number of users' passwords and revoked a slew of user security authorizations this week following a wave of brute-force attacks.

According to a blog entry by GitHub's Security Manager Shawn Davenport yesterday, the incident involved login attempts from almost 40,000 distinct IP addresses and was a slow, concerted effort to break into user accounts using multiple passwords.

It's not known exactly how many accounts were compromised but users with weak passwords and even in some cases those with stronger passwords had their passwords reset and all of their tokens, OAuth authorizations and SSH keys revoked. Affected users were sent an email yesterday requesting they create a stronger password, examine their account for "suspicious activity" and urging them to set up two-factor authentication.

Continued : http://threatpost.com/github-resets-users-passwords-following-brute-force-attack/102983

Related:
GitHub users with weak passwords - you have been warned!
GitHub accounts hacked in ongoing brute force attack

Collapse -
CryptoLocker: Please Kindly Find Our New PO
by Carol~ Moderator / November 21, 2013 1:33 AM PST

F-Secure Antivirus Research Weblog:

Yesterday's CryptoLocker post mentioned that it's spreading via spam. It's actually a spam campaign that installs an intermediary, and then CryptoLocker is installed. But in any case, the first link in the chain that results in a CryptoLocker infection is spam.

And here's a fresh example of the message being used: "Please kindly find our new PO per attachment. Could you provide your PI for confirmation. Our Order file is password protected and can be opened/accessed with password: TRADING" [Screenshot]

The company from which the message claims to be from (blurred in the example above) is of course an innocent bystander whose good name is being abused as part of this scheme.

Note that the attachments are password protected. This allows the threat to bypass gateway security measures. If you're an information security manager, don't take it for granted that the people in your organization know not to open attachments.

http://www.f-secure.com/weblog/archives/00002641.html

Collapse -
Don't Like Spam? Complain About It.
by Carol~ Moderator / November 21, 2013 1:33 AM PST

Cynical security experts often dismiss anti-spam activists as grumpy idealists with a singular, Sisyphean obsession. The cynics question if it's really worth all that time and effort to complain to ISPs and hosting providers about customers that are sending junk email? Well, according to at least one underground service designed for spammers seeking to avoid anti-spam activists, the answer is a resounding "yes!"

Until recently, this reporter was injected into one of the most active and private underground spam forums (the forum no longer exists; for better or worse, the administrator shuttered it in response to this story). Members of this spam forum sold and traded many types of services catering to the junk email industry, including comment spam tools, spam bots, malware, and "installs" — the practice of paying for the privilege of uploading your malware to machines that someone else has already infected.

Continued: http://krebsonsecurity.com/2013/11/dont-like-spam-complain-about-it/

Collapse -
Feds Charge Cybercriminals as 21st Century Racketeers
by Carol~ Moderator / November 21, 2013 1:34 AM PST

With his angular face and hooded eyes, Andrew Duncan is a federal prosecutor right out of Central Casting. But his message on the opening day of the trial of an alleged cybercriminal yesterday was anything but old fashioned.

"Television and the movies have always portrayed organized criminal enterprises in a certain way," he says — mafia hoodlums plotting in a smoky backroom, "Vinnie the Bull" guarding the door.

Things have changed. "Flash forward to the 21st century," he says, raising his voice and shouting out the domain name of a website, www.Carder.su. He pauses between each of the W's so they ring like gunshots through the courtroom.

Until it closed two years ago, Carder.su was an online cybercrime forum used by some 7,900 fraudsters around the world. It was essentially a criminal eBay. Carefully screened "vendors" sold a wealth of products: counterfeiting gear, stolen identify information, skimmed or stolen credit card magstripe data, hacker tools, botnets for rent, and online banking credentials. Forum administrations and moderators kept the system purring, and ordinary members could post reviews of the products they'd bought.

Continued: http://www.wired.com/threatlevel/2013/11/open-market-trial-begins/

Collapse -
How your LG Smart TV can spy on you
by Carol~ Moderator / November 21, 2013 2:18 AM PST

There's a fascinating blog post by "DoctorBeet", which anyone who owns an LG Smart TV should probably read.

It turns out that your LG Smart TV might be silently logging what channels you watch, and when you switch channel - sending the data back to the South Korean company so it can target you with advertisements.

And, surprise surprise, the data is sent in an unencrypted format.

DoctorBeet, a UK computer enthusiast, stumbled across the "feature" while fiddling with the settings on his LG Smart TV.

Astonishingly, DoctorBeet subsequently discovered by examining network traffic that his TV was reporting information about his viewing habits back to LG *regardless* of whether he had the system option "Collection of watching info" enabled or not. [Screenshot]

Here is the reply that DoctorBeet got back from LG's helpdesk when he asked them to comment on the enforced data collection and profiling of customers:

Continued : http://grahamcluley.com/2013/11/lg-smart-tv-can-spy/

Related: Smart TV from LG phones home with user's viewing habits, USB file names

Collapse -
LG smart TV snooping extends to home networks, 2nd blogger
by Carol~ Moderator / November 21, 2013 2:28 AM PST
.. says

A second blogger has published evidence that his LG-manufactured smart television is sharing sensitive user data with the Korea-based company in a post that offers support for the theory that the snooping isn't isolated behavior that affects a small number of sets.

In addition to transmitting a list of shows being watched and the names of files contained on USB drives, the Internet-connected TV also sent the names of files shared on home or office networks, the blogger reported. He made the discovery after plugging the Wireshark packet-sniffing program into his home network and noticing that an LG TV—model number 42ls570, purchased in April—was transmitting file names that sounded vaguely familiar even though there was no USB drive plugged in.

"It turns out it was pulling filenames from my shared folders over the network and broadcasting those instead," he wrote in a blog post published Thursday. "I moved all the media out of the folder and put a few duds in named 'GiantPorn,' turned the TV off and on and it was still broadcasting the old filenames. The TV couldn't see those files whilst browsing manually so I'd hazard a guess it's caching some of these locally."

Continued : http://arstechnica.com/security/2013/11/lg-smart-tv-snooping-extends-to-home-networks-second-blogger-says/
Collapse -
Cryptolocker infects cop PC: Mass plod fork out Bitcoin ..
by Carol~ Moderator / November 21, 2013 2:46 AM PST
.. ransom

"Police learn about crypto-currency and AES256 crypto the hard way"

Massachusetts cops have admitted paying a ransom to get their data back on an official police computer infected with the devilish Cryptolocker ransomware.

Cryptolocker is a rather unpleasant strain of malware, first spotted in August, that encrypts documents on the infiltrated Windows PC and will throw away the decryption key unless a ransom is paid before a time limit. The sophisticated software, which uses virtually unbreakable 256-bit AES and 2048-bit RSA encryption, even offers a payment plan for victims who have trouble forking out the two Bitcoins (right now $1,200) required to recover the obfuscated data.

On November 6, a police computer in the town of Swansea, Massachusetts, was infected by the malware, and the cops called in the FBI to investigate. However, in order to get access to the system the baffled coppers decided that it would be easier to pay the ransom of 2 BTC, then worth around $750, and received the private key to unlock the computer's data on November 10.

"It was an education for [those who] had to deal with it," Swansea police lieutenant Gregory Ryan told the Herald News. "The virus is so complicated and successful that you have to buy these Bitcoins, which we had never heard of."

Continued: http://www.theregister.co.uk/2013/11/21/police_pay_cryptolocker_crooks_to_get_their_computers_back/
Collapse -
Bitcoin Boom Leads to Malware Badness
by Carol~ Moderator / November 21, 2013 3:16 AM PST

ThreatTrack Security Blog:

If you're not already sitting on top of a mountain of cash thanks to the Bitcoin boom, you may be tempted to mine some Bitcoins via the art of downloading random files from the internet (you may also be tempted to do this. Don't do this, it won't end well).

The are certainly more than enough options to choose from; Youtube videos, promo sites, Pastebin posts - you name it, they're all out there and they're all clamouring for your attention.

Just keep in mind that you never really know what you're signing up to when playing the random download game, and big winnings on Bitcoin are a tasty proposition for anybody wanting to make a little money.

Scammers are promoting "no survey Bitcoin generators", which come with surveys attached regardless. [Screenshot]

Continued: http://www.threattracksecurity.com/it-blog/bitcoin-boom-leads-malware-badness/

Related: Bogus "free Bitcoin generator" offer leads to malware

Collapse -
Most iOS Apps Are Vulnerable to Hackers, Study Shows
by Carol~ Moderator / November 21, 2013 4:55 AM PST

Some 90 percent of iOS mobile applications have at least one security vulnerability, according to HP research quoted by ZDNet. The company's enterprise security team, HP Fortify, tested 2,107 mobile apps from the Forbes Global 2000, published by more than 600 developers.

The research showed that 86 percent of iOS apps that accessed private data, such as address books or Bluetooth connections, had insufficient security measures in place to prevent hacking.

Most applications tested lacked binary hardening protection that should prevent problems such as buffer overflows, path disclosure and jailbreak detection.

Mike Armistead, HP Fortify vice president and general manager for Enterprise Security Products, told ZDNet that 71 percent of the vulnerabilities found were actually problems on the server end of the app, usually common vulnerabilities such as SQL injection and cross-site scripting bugs.

Continued: http://www.hotforsecurity.com/blog/most-ios-apps-are-vulnerable-to-hackers-study-shows-7374.html

Collapse -
Moving From Do Not Track to Can Not Track
by Carol~ Moderator / November 21, 2013 4:55 AM PST

The movement in the security and privacy communities to push the Do Not Track standard as an answer to the problem of pervasive online tracking by ad companies and other entities has resulted in the major browser vendors including DNT as an option for users, giving them a method for telling advertisers and Web sites their preferences on tracking. But DNT may well have outlived its usefulness and needs to be replaced by something that's more effective and efficient, security experts say.

DNT was conceived as a way for users to communicate their preferences on Web and ad tracking to the sites that they visit. The major browsers, including Internet Explorer, Firefox and Chrome, all have an option that allows users to enable DNT, which essentially sends an HTTP header to sites the users visit telling them whether the users consent to tracking. Advertisers and Web site owners rely on tracking to help them determine user preferences and behaviors and see where users are coming from and going to after leaving their sites. The Federal Trade Commission has pushed DNT as a privacy protecting technology and something that helps consumers defend against unwanted tracking of their online activities.

Continued: http://threatpost.com/moving-from-do-not-track-to-can-not-track/102989

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.