29 Matching Annotations
  1. Oct 2018
    1. As a recap, Chegg discovered on September 19th a data breach dating back to April that "an unauthorized party" accessed a data base with access to "a Chegg user’s name, email address, shipping address, Chegg username, and hashed Chegg password" but no financial information or social security numbers. The company has not disclosed, or is unsure of, how many of the 40 million users had their personal information stolen.

  2. Apr 2018
  3. Dec 2017
    1. Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional.

  4. Nov 2017
    1. For the last few years, Intel CPUs have Intel Management Engine, which runs its own OS, the Unix-like MINIX. You have no access to it. But it has complete access to your computer.

    1. EFF recommendations for Congress regarding data security and data breaches like the one at Equifax.

      https://www.ftc.gov/datasecurity<br> FTC guide to data security for businesses.

  5. Oct 2017
    1. DEFCON, the world’s largest hacker conference, will release its findings on Tuesday, months after hosting a July demonstration in which hackers quickly broke into 25 different types of voting machines.

      ...

      Though the report offers no proof of an attack last year, experts involved with it say they’re sure it is possible—and probable—and that the chances of a bigger attack in the future are high.

      “From a technological point of view, this is something that is clearly doable,” said Sherri Ramsay, the former director of the federal Central Security Service Threat Operations Center, which handles cyber threats for the military and the National Security Agency. “For us to turn a blind eye to this, I think that would be very irresponsible on our part.”

  6. May 2017
    1. Tools that might be able to decrypt files encrypted by the WannaCry ransomware. With a little luck, and if the victim hasn't rebooted, the keys can be found in memory.

    1. Certain HP laptops have flawed audio drivers that record all your keystrokes to: C:\Users\Public\MicTray.log

      If these files exist, delete them: C:\Windows\System32\MicTray64.exe C:\Windows\System32\MicTray.exe

  7. Apr 2017
    1. Phishing attack that uses Unicode characters to fake a domain name.

      The xn-- prefix is what is known as an ‘ASCII compatible encoding’ prefix. It lets the browser know that the domain uses ‘punycode’ encoding to represent Unicode characters. In non-techie speak, this means that if you have a domain name with Chinese or other international characters, you can register a domain name with normal A-Z characters that can allow a browser to represent that domain as international characters in the location bar.

      What we have done above is used ‘e’ ‘p’ ‘i’ and ‘c’ unicode characters that look identical to the real characters but are different unicode characters. In the current version of Chrome, as long as all characters are unicode, it will show the domain in its internationalized form.

  8. Mar 2017
    1. The Justice Department has announced charges against four people, including two Russian security officials, over cybercrimes linked to a massive hack of millions of Yahoo user accounts. [500M accounts, in 2014]

      Two of the defendants — Dmitry Dokuchaev and his superior Igor Sushchin — are officers of the Russian Federal Security Service, or FSB. According to court documents, they "protected, directed, facilitated and paid" two criminal hackers, Alexsey Belan and Karim Baratov, to access information that has intelligence value. Belan also allegedly used the information obtained for his personal financial gain.

  9. Feb 2017
    1. A company that sells internet-connected teddy bears that allow kids and their far-away parents to exchange heartfelt messages left more than 800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen.

  10. Jan 2017
    1. Thousands of poorly secured MongoDB databases have been deleted by attackers recently. The attackers offer to restore the data in exchange for a ransom -- but they may not actually have a copy.

  11. Dec 2016
  12. Aug 2016
    1. "We demonstrate that well-known compression-based attacks such as CRIME or BREACH (but also lesser-known ones) can be executed by merely running JavaScript code in the victim’s browser. This is possible because HEIST allows us to determine the length of a response, without having to observe traffic at the network level."

      HEIST attacks can be blocked by disabling 3rd-party cookies.

      https://twitter.com/vanhoefm<br> https://twitter.com/tomvangoethem

  13. Jul 2016
  14. Jun 2016
    1. These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible.

      ...

      Tuesday's advisory is only the latest to underscore game-over vulnerabilities found in widely available antivirus packages.

      https://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html

  15. Feb 2016
  16. Jan 2016
    1. Linode Cloud Service has been under DDoS attack for a few days. Now they've discovered some stolen passwords. It is not yet known whether the same attacker is responsible for both.

      A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point.<br> . . .<br> The entire Linode team has been working around the clock to address both this issue and the ongoing DDoS attacks. We've retained a well-known third-party security firm to aid in our investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues.

  17. Dec 2015
    1. A TOP-SECRET document dated February 2011 reveals that British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks, a leading provider of networking and Internet security gear.

      Matt Blaze, a cryptographic researcher and director of the Distributed Systems Lab at the University of Pennsylvania, said the document contains clues that indicate the 2011 capabilities against Juniper are not connected to the recently discovered vulnerabilities.

      So the NSA and GCHQ (and CIA and FBI, etc) are constantly working to find -- or create -- security flaws wherever they can. Civilians get jail time for things like that. Concern for national security should require them to report flaws they discover to the firms that make the hardware and software. But CISA isn't about security.

    1. Representatives of the White House seemed to listen attentively, but shared little about their thoughts. They maintained that President Obama’s position has not changed in the last few months. While they seemed well aware of our concerns about the technical infeasibility of inserting backdoors, they didn’t necessarily share them. That worried us a great deal.