NEWS - October 29, 2015

13 million plaintext passwords belonging to webhost users leaked online

A security researcher has discovered a trove of more than 13 million plaintext passwords that appear to belong to users of 000Webhost, a service that says it provides reliable and high-speed webhosting for free.

The leaked data, which also includes users' names and e-mail addresses, was obtained by Troy Hunt, an Australian researcher and the operator of Have I Been Pwned?, a service that helps people figure out if their personal data has been exposed in website breaches. Hunt received the data from someone who contacted him and said it was the result of a hack five months ago on 000Webhost.


Hackers put up for sale 13 million plaintext passwords stolen from 000webhost
Web Hosting Service 000webhost Hacked, Information of 13 Million Leaked
000webhost hacked, 13 million customers exposed
Discussion is locked
Reply to: NEWS - October 29, 2015
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - October 29, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Google to Symantec: Clean up your act or be branded unsafe

Google has laid down the law when it comes to Symantec and how the company handles certificates -- be transparent or face the consequences.

Google is evidentially not very pleased about security firm Symantec's recent performance when it comes to issuing secure Web certificates and has outlined a list of demands to prevent the same mistakes from happening again.

In September, Symantec fired a number of employees following glaring mistakes in issuing transport layer security (TLS) certificates. The company said "employee error" caused cryptographic certificates to be issued online without the consent of either Google or Symantec, allowing attackers to impersonate Google pages protected by HTTPS.


Related: Still fuming over HTTPS mishap, Google makes Symantec an offer it can’t refuse

- Collapse -
Police Stage European Raids Against Spyware

Authorities in five European countries said Thursday they had staged a coordinated swoop on suspected users of spy malware that gives remote access to other people's smartphones.

The illegal software in question, DroidJack, allows cybercriminals to hijack Android smartphones and snoop on data traffic, listen in on conversations, use the camera and send text messages without the owner knowing.

Prosecutors in the western city of Frankfurt confirmed Germany initiated the European crackdown, which also included raids on Tuesday in Britain, France, Belgium and Switzerland coordinated by Europol, the EU's law enforcement agency, and Eurojust, its judicial network.


Police raid homes across Europe over DroidJack malware
German police stage raids against DroidJack malware users

- Collapse -
Always good to read something like this.

Thanks for that.

- Collapse -
Sure is, Dafydd !

Unfortunately, there isn't enough of the same sort of news to be found. Sad


- Collapse -
LOL, C'mon , Really !

Folks who think Android / Linux and the noobs that believe Ubuntu Smartphones (?)
( Really Laughing Now ) are infallible to attacks should read your post and take heed .
I only wish that I were young enough and grew up with the tech to hack folks or nations like these kids do ,
I'd have a ball

Listen Folks, If you want to be safe, ...
Unplug and use mental telepathy

- Collapse -
where's Uri Gellar when you need him?


- Collapse -
This guy? Mind bender.
- Collapse -
Chief, we should use the Cone Of Silence.
- Collapse -
I hear ya man !
- Collapse -
Sorry, points at "Control Cards"
- Collapse -
No kilts in here, please

Bagpipes either.

- Collapse -
When I was in Vancouver, BC.

Both were found in great quantity certain times of the year. Must be a migration pattern.

- Collapse -
Car Hacking, Mobile Jailbreaking Among DCMA Exemptions ..
.. Granted

Car hackers and jailbreakers today apparently got a green light from the Librarian of Congress David Mao to tinker away.

The Library of Congress’ triennial exemptions to the anti-circumvention rules within the Digital Copyright Millennium Act (DCMA) were released today, and among the exemptions to section 1201 of the DCMA are allowances for “good-faith” testing of vehicular computer systems for the identification and correction of vulnerabilities.

“The proponents of these security exemptions observed as a general matter that computer programs are pervasive in modern machines and devices, including vehicles, home appliances and medical devices, and that independent security research is necessary to uncover flaws in those computer programs,” the rule reads.

Continued :

Related: US Library of Congress makes tinkering with your car software legal
- Collapse -
Avira starts lawsuit against adware distribution site

Avira has filed a lawsuit against the German download site for confusing users into installing unwanted programs that can compromise their privacy or weaken their computers’ security.

Avira has long been spearheading the detection of this kind of software as “Potentially Unwanted Applications” (PUA) and we are the first security vendor to take a software publisher to court over this unfair business practice. The case will be heard at the Hamburg regional court.

“It is time to take the fight against this next-generation adware directly to the source,” said Travis Witteveen, CEO of Avira GmbH. “ is engaged in unfair competition that violates consumers’ legal right to privacy and uses invalid contracts.”

Continued :

Avira turns tables to launch lawsuit against ‘crapware’ slinger
Avira Does Everyone a Favor and Sues Adware Distributor

- Collapse -
Copy-Pasting Google Search URLs Leaks Previous Searches

An MIT researcher has uncovered a privacy hole in Google's search engine, one that inadvertently leaks a user's previous search query if he copy-pastes his current search results URL and shares it with someone else.

The one that came across over this issue is Jeremy Rubin, founder of Tidbit, technical director at the MIT Bitcoin Project, and founder and senior technical advisor for the Digital Currency Initiative @ MIT Media Lab.

Mr. Rubin first noticed something wrong when he received a copy-pasted Google search URL from one of his friends. The URL in question had the following pattern:

Continued :

CNET Forums