+ Reply to Thread
Page 4 of 34 FirstFirst ... 2 3 4 5 6 14 ... LastLast
Results 61 to 80 of 662
  1. #61

    Btw Iphones/devices in AUS got hacked via the remote disable feature. Not sure yet if it was something simple as reused passwords that let the hacker in the users iCloud accounts, but it's a lot of devices soooo probably not as simple as that.

    http://www.troyhunt.com/2014/05/the-...k-and-how.html

  2. #62
    She Shoots For The Stars
    Join Date
    Aug 2009
    Posts
    1,452
    BG Level
    6
    FFXIV Character
    Elizara Paksenarrion
    FFXIV Server
    Excalibur
    FFXI Server
    Quetzalcoatl

    Looks like AOL got hacked, causing some spoofing. If you use AIM, you might have to change your password as a precaution:

    http://o.aolcdn.com/os/memberservices/faq.html

    I got that message when I loaded up Trillian this morning. Well, like this:

    Quote Originally Posted by Aol system message
    We place a premium on your privacy, security and our ongoing relationship with you. We apologize for any inconvenience the recent email spoofing and unauthorized access of AOL's contact database has had on you and your contacts. If you have any unanswered questions, please visit our FAQs.

  3. #63

    https://www.youtube.com/watch?v=bMmp-mx_03Q

    http://www.orenh.com/2014/06/one-tok...l-tale-of.html

    Short Version
    I really think that you'll enjoy this blog, however, for those of you who can't take 5 minutes to read it, here is a one-liner:
    I bruteforced a token in a Gmail URL to extract all of the email addresses hosted on Google.

  4. #64
    Member since 2006 and still can't think of a title.
    Join Date
    Oct 2006
    Posts
    25,283
    BG Level
    10
    FFXIV Character
    Acanis Lindri
    FFXIV Server
    Midgardsormr
    FFXI Server
    Bismarck
    WoW Realm
    Kil'jaeden

    Saw on CNN but no other sites that PF Chang's thinks they may have had a breach compromising debit and credit card numbers. So glad I don't eat at that over priced over rated place.

  5. #65

    Quote Originally Posted by Melena View Post
    Saw on CNN but no other sites that PF Chang's thinks they may have had a breach compromising debit and credit card numbers. So glad I don't eat at that over priced over rated place.
    Yeah saw that the other day on my twitter feed, not sure if it's been confirmed yet or not. These fucking companies...I hope they at least hashed+salted the numbers (doubtful).

    Edit confirmed:

    http://krebsonsecurity.com/2014/06/p...t-card-breach/

    Nationwide restaurant chain P.F. Chang’s Chinese Bistro on Thursday confirmed news first reported on this blog: That customer credit and debit card data had been stolen in a cybercrime attack on its stores. The company had few additional details to share about the breach, other than to say that it would temporarily be switching to a manual credit card imprinting system for all P.F. Chang’s restaurants in the United States.
    At P.F. Chang’s, the safety and security of our guests’ payment information is a top priority.
    But not such a huge priority, we only realized we had been breached after being told by others.

  6. #66
    Member since 2006 and still can't think of a title.
    Join Date
    Oct 2006
    Posts
    25,283
    BG Level
    10
    FFXIV Character
    Acanis Lindri
    FFXIV Server
    Midgardsormr
    FFXI Server
    Bismarck
    WoW Realm
    Kil'jaeden

    Confirmed today and they said they are only going to do manual imprints of cards.

  7. #67
    Chram
    Join Date
    Jul 2005
    Posts
    2,582
    BG Level
    7
    FFXIV Character
    Deejay Zombie
    FFXIV Server
    Excalibur

    like those old school card swipe imprinters that print all the card info on carbon paper?

    cause thats totally more secure than securing your payment data properly, having slips of paper around with people's card numbers names and expiration dates.

  8. #68

    Don't worry dj, they will put them in an envelope marked "Don't steal these".

  9. #69
    Sic itur ad astra
    Join Date
    Dec 2006
    Posts
    593
    BG Level
    5
    FFXI Server
    Carbuncle

    Quote Originally Posted by djzombie View Post
    like those old school card swipe imprinters that print all the card info on carbon paper?

    cause thats totally more secure than securing your payment data properly, having slips of paper around with people's card numbers names and expiration dates.
    And it's against the merchant service agreement (and actual law now, I think) to show the full credit card number on a receipt.

  10. #70
    Campaign
    Join Date
    Feb 2010
    Posts
    6,995
    BG Level
    8
    FFXI Server
    Sylph

    http://www.sciencedaily.com/releases...cienceDaily%29

    WPA2 can be brute forced, difficulty scales for increasing length passwords.

    Keep in mind, from what I'm aware, WPA2-PSK utilizing TKIP is the single most common commercial encryption protocol used in the world. We use it at my work. And apparently it is no longer secure.

  11. #71

    This has been crackable for awhile:

    http://www.aircrack-ng.org/doku.php?...ireless_client

    Unless they discovered something new, but from reading it looked like it was just the 4 way handshake, which you can attempt to force onto wifi networks by de-authing all connections and waiting for one to have to re-auth back.

    WPA2-WPS is also terrible, and I think something like 80% of home routers have WPS enabled, along with a good majority of business routers. Some don't even let you turn it off easily.

    We use EAP/PEAP at work for sign in, best thing though is that the device you set up to connect will store those credentials (You're AD credentials....) in cleartext. I found my login info saved on my phone and on my desktop just by browsing or doing a dump through powershell.

    Wireless is terrible, don't use wireless if you want to do ANYTHING secure. Stop fucking doing your banking on your phone..stop fucking logging into facebook on your laptop when connected to free WiFi (spoiler it's probably me/soemone with a pineapple spoofing a SSID).

  12. #72
    Chram
    Join Date
    Jul 2005
    Posts
    2,582
    BG Level
    7
    FFXIV Character
    Deejay Zombie
    FFXIV Server
    Excalibur

    Wireless is terrible, don't use wireless if you want to do ANYTHING secure. Stop fucking doing your banking on your phone..stop fucking logging into facebook on your laptop when connected to free WiFi (spoiler it's probably me/soemone with a pineapple spoofing a SSID).
    Yea I have a little app on my phone that can browse users on unsecured wifi networks and hijack their sessions. It's absurdly easy to use and makes me paranoid as fuck. I don't use unsecured networks anymore.

  13. #73

    Quote Originally Posted by djzombie View Post
    Yea I have a little app on my phone that can browse users on unsecured wifi networks and hijack their sessions. It's absurdly easy to use and makes me paranoid as fuck. I don't use unsecured networks anymore.
    dsploit? should also look into Droidsheep, DriodSQLi and if you have the right model for bcmon to enable monitor mode you can use Reaver on Android. Still can't use monitor mode on my S4 ;_;

  14. #74
    Chram
    Join Date
    Jul 2005
    Posts
    2,582
    BG Level
    7
    FFXIV Character
    Deejay Zombie
    FFXIV Server
    Excalibur

    yea the one i have is dsploit

  15. #75

    Dominos was hacked, customer info stolen and then the hackers wanted to get a ransom.

    Dominos "We value our customers privacy 100%!"

    Hackers "The info was stored as UNSALTED md5 hashes"....


  16. #76
    Sandworm Swallows
    Join Date
    Dec 2006
    Posts
    7,329
    BG Level
    8

    Damn those UNSALTED thingamados!

    This is why I can't participate in this conversation. If they were out of call number order I could totally burn them though...

  17. #77
    BG Content
    Join Date
    Oct 2005
    Posts
    62,816
    BG Level
    10
    FFXIV Character
    Six Souls
    FFXIV Server
    Gilgamesh
    FFXI Server
    Quetzalcoatl
    WoW Realm
    Malorne
    Blog Entries
    9

    Missed a couple from this past week;

    Community Health Systems, 4.5 million customer's personal data taken
    A major US hospital group said it was the victim of a cyber-attack resulting in the theft of 4.5 million people's personal data.

    The attack, which Community Health Systems believed originated in China, happened in April and June this year.

    The data included patient names, addresses, birthdates, telephone numbers and social security numbers.

    The firm, which runs 206 hospitals in 29 states, is now in the process of notifying affected patients.

    One security expert warned that the data could be used to steal people's identity.

    The FBI confirmed to news agency Reuters that it was investigating the breach.

    Community Health Systems stressed that it believed no medical or credit card records were taken.

    News of the attack follows several warnings, from both law enforcement and security experts, that medical equipment is at risk from hack attacks due to poor security measures.

    Community Health Systems said security group Mandiant, part of FireEye, advised the company that the techniques used were similar to those used by a well-known Chinese hacking group.

    However, both Community Health Systems and Mandiant declined to elaborate on the identity of the group - nor would they say whether they believed the hackers were working on behalf of the Chinese government.
    http://www.bbc.com/news/technology-28838661

    Heartbleed to blame
    The theft of personal data belonging to about 4.5 million healthcare patients earlier this year was made possible because of the Heartbleed bug, according to a leading security expert.

    Community Health Systems - the US's second largest profit-making hospital chain - announced on Monday that its systems had been breached.

    The head of TrustedSec - a cybersecurity firm - now alleges that the encryption flaw was exploited.

    CHS has yet to respond to the claim.

    The Heartbleed bug made headlines in April when Google and Codenomicon - a Finnish security company - revealed a problem with OpenSSL, a cryptographic library used to digitally scramble sensitive data.

    OpenSSL is used by computer operating systems, email, instant messaging apps and other software products to protect sensitive data - users see a padlock icon in their web browser if it is active.

    A fix was made available at the time, and software-makers that used OpenSSL in their products were urged to employ it.

    If confirmed, this is the biggest identified breach relating to the bug.

    Until now attacks on the UK's parenting social network Mumsnet and the Canadian tax authority were the biggest known Heartbleed-related intrusions.

    Other examples may have gone undetected since hackers can exploit the problem without leaving a trace of their activity.

    Spoiler: show
    David Kennedy, chief executive of TrustSec, told the Bloomberg news agency that three people close to the CHS investigation had notified him that Heartbleed had been pinpointed as the vulnerability used to steal names, phone numbers, addresses, and social security numbers from the hospital group's systems.

    He explained the hackers took advantage of the fact that Franklin, Tennessee-based CHS, used products made by Juniper, a firm that makes hardware and software to manage computer networks.

    Like many of its competitors, it took Juniper several weeks to patch all its affected code after the Heartbleed alert was issued.

    "The time between zero-day (the day Heartbleed was released) and patch day (when Juniper issued its patch) is the most critical time for an organisation where monitoring and detection become essential elements of [an] IT security programme," wrote Mr Kennedy on his company's blog.

    "What we can learn here is that when something as large as Heartbleed occurs (rare) that we need to focus on addressing the security concerns immediately and without delay.

    "Fixing it as soon as possible or having compensating controls in place days before could have saved this entire breach from occurring in the first place."

    A spokeswoman for the CHS's security provider Mandiant was not available for comment.

    TrustedSec previously helped uncover a security breach at Yahoo, and last year Mr Kennedy was called to give evidence to Congress about suspected vulnerabilities in the US government's healthcare website.

    Another independent expert said the explanation given for the intrusion appeared incomplete but credible.

    "The blog post is not very detailed and is attributed to an anonymous source," said Dr Steven Murdoch from University College London's computer science department.

    "It's not conclusive evidence, but it's certainly plausible since the Juniper operating system was vulnerable to the Heartbleed attack, and the way that it's explained that the hackers got in is also plausible.

    "It is interesting that the first breach happened in April, which was the same month that the Heartbleed vulnerability was announced, so it seems that well-organised hackers were making use of the flaw immediately after it came out."

    CHS has indicated that the attacks originated from China and had resulted in the perpetrators obtaining log-in credentials belonging to its employees.

    These were then used to steal records, it believes, in April and June this year.

    The firm, which runs 206 hospitals in 29 states, is now in the process of notifying affected patients.

    CHS has stressed that it believes no medical records or financial information have been transferred as result of the intrusion.
    http://www.bbc.com/news/technology-28867113
    http://www.bloomberg.com/news/2014-0...l-hacking.html
    https://www.trustedsec.com/august-20...ve-trustedsec/

    UPS - Personal & Payment information taken
    The personal data of customers who have used local branches of the US parcel delivery company UPS has been stolen in a widespread security breach.

    The hack, which affected 51 franchises across 24 states, exposed clients' names, postal addresses, email addresses and payment card information.

    The company said the malware had been "eliminated" and that its services were now safe to use.

    On Monday, a large US hospital chain said its systems had been infiltrated.

    About 4.5 million healthcare patients involved with Community Health Systems facilities had their private information stolen.

    Last week, the US grocery chain SuperValu said it had also suffered a breach.

    UPS, which was founded as a messenger company in 1907 and has become a multibillion-dollar corporation, has more than 4,450 franchised locations in the US.

    Each franchise is individually owned and responsible for installing its own network.

    The breaches, which were only discovered by UPS because of a notification from the US government, took place between January and August.

    UPS said that while it had received no reports of the stolen data being used for fraudulent purposes, customers should carefully monitor their account activity for signs of intrusion.

    "We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports," said Tim Davis, president of The UPS Store.

    He added: "Our customers can be assured that we have identified and fully contained the incident."

    The company also said it had begun an internal review to investigate the breach.
    http://www.bbc.com/news/technology-28879689

  18. #78

    http://blog.fox-it.com/2014/08/27/ma...is-legitimate/


    You can get java malware from advertisements on sites..like java.com!


    Why are we still using java?....

  19. #79
    listen!
    Join Date
    Apr 2011
    Posts
    7,236
    BG Level
    8
    FFXI Server
    Sylph

    Quote Originally Posted by Meresgi View Post
    http://blog.fox-it.com/2014/08/27/ma...is-legitimate/


    You can get java malware from advertisements on sites..like java.com!


    Why are we still using java?....
    It's not just java. If you aren't using adblock you're an idiot.

  20. #80

    Adblock, NoScript, PrivacyBadger and Ghostery ftw. Also love getting rid of commercials on things like Pandora/Daily Show. Was bummed I had commercials on my phone until I loaded up Xposed+Pandora Patcher lol.

+ Reply to Thread
Page 4 of 34 FirstFirst ... 2 3 4 5 6 14 ... LastLast

Quick Reply Quick Reply

  • Decrease Size
    Increase Size
  • Remove Text Formatting
  • Insert Link Insert Image Insert Video
  • Wrap [QUOTE] tags around selected text
  • Insert NSFW Tag
  • Insert Spoiler Tag