Join the God Side, Jesus is Coming…….

Archive for the ‘Data Breach’ Category

Hackers Shift From Vandalism to Massive Data Theft

Cyber-attacks have dominated headlines this summer as government agencies, large organizations and small businesses have been hit by malware, distributed-denial-of-service attacks and network intrusions. On the personal front, individuals’ email and social networking accounts have been hijacked.

Most cyber-attackers are motivated by money, whether it’s by looting bank accounts or selling stolen information to other criminals, said Josh Shaul, CTO of Application Security. However, there’s been a surge in politically motivated attacks in the past few months as a number of groups—including the notorious hacker collective Anonymous—turned to cyber-attacks as a form of protest.

PandaLabs researchers predicted this past December that the cyber-protests that have added the word “hacktivism” to the English language will continue to grow in frequency because it’s been so effective in getting attention.

In the past few months, even hacktivism has been transformed as tactics and motivations have evolved. In the past, cyber-protesters generally defaced Websites or launched DDoS attacks to express their discontent.

In these DDoS attacks, Websites were overwhelmed with large volumes of server and database requests and became inaccessible to legitimate site visitors. For the most part, the majority of hacktivists relied on low-tech techniques for its activities, Shaul said.

Source: Eweek

Advertisements

Data thieves target hotels and resorts

If you’re a business traveler who books hotel rooms via the Internet, you may be at higher risk of being victimized by computer hackers and identity thieves.

Insurance claims for data theft worldwide jumped 56% last year, with a bigger number of those attacks targeting the hospitality industry, according to a new report by “Willis Group Holdings”, a British insurance firm.

The report said the largest share of cyber attacks — 38% — were aimed at hotels, resorts and tour companies.

That could spell trouble for business travelers who submit credit card numbers and other personal information to hotel websites, said Laurie Fraser, global markets leisure practice leader for Willis.

Fraser said large hotel chains are most vulnerable because hotel management companies may not be able to monitor how data is collected and stored at dozens or even hundreds of properties throughout the world. Independent contractors who work for individual hotels can also open the door to hackers and computer viruses, he said.

“There are various ways hackers can get into a hotel system,” Fraser said.

Sherry Telford, a spokeswoman for “InterContinental Hotels Group”, one of the world’s largest hotel companies, said InterContinental continually reviews its security measures.

Source: LATimes

The science of password selection

A little while back I took a look at some recently breached accounts and wrote A brief Sony password analysis. The results were alarming; passwords were relatively short (usually 6 to 10 characters), simple (less than 1% had a non-alphanumeric character) and predictable (more than a third were in a common password dictionary). What was even worse though was uniqueness; 92% of common accounts in the Sony systems reused passwords and even when I looked at a totally unrelated system – Gawker – reuse was still very high with over two thirds of common email addresses sharing the same password.

But there was one important question I left unanswered and that was how people choose their passwords. We now know that structurally, passwords almost always adhere to what we would consider “bad practices” but how are these passwords derived in the first place? What’s the personal significance which causes someone to choose a particular password?

Read more…

Hacker Exposes Florida’s Voting Database — Again

Election fraud and accusations of rigged voting might be as old as US election systems themselves, but some may wonder, if a hacker can gain access to the election voting system, how secure are elections anyway?

The AntiSec movement is definitely rolling along, but Anonymous is pointing to a recent hack that could raise some serious questions over the integrity of voting in Florida. It seems that a hacker who uses Twitter obtained parts of the Florida voting database which has been subsequently posted to Paste2. It appears that the hacker in question wanted to show that voting fraud can easily happen today and dumped parts of the Florida database to prove it.

Source: Zeropaid

Do you use the same password for every website?

This is an old post but it keeps happening along the years.

Despite high-profile security breaches such as Jack Straw’s Hotmail account being compromised, and cybercriminals gaining access to celebrity Twitter accounts after cracking an administrator password, a third of computer users are still using the same password for every website they access according to newly revealed stats* from Sophos.

Password chart

Very few computer users seem to have woken up to the risks of using weak passwords and the same ones for every site they visit. With social networking and other internet accounts now even more popular, there’s plenty on offer for hackers and by using the same password to access Facebook, Amazon and your online bank account, you’re making it much easier for them.

Recent news:  26,000 sex website passwords exposed by LulzSec

Source: nakedSecurity

Citi Defends Delay in Disclosing Hacking

Citigroup Inc. waited as long as three weeks to notify credit-card customers of a hacking attack because it was conducting an investigation and producing replacement cards, according to a person familiar with the situation.

The internal investigation took 10 to 12 days and began within 24 hours of the discovery by Citigroup officials in early May that the New York bank’s systems had been breached, this person said. In some cases, Citigroup took action to protect accounts considered vulnerable to fraud.

Citigroup publicly disclosed the security attack last Thursday, saying it affected about 200,000 customers, or 1% of the company’s card users in North America. The company said it had referred the matter to law-enforcement authorities and planned to send replacement cards to a majority of the affected customers. Some critics have accused Citigroup officials of dragging their feet in notifying customers that some of their data has been compromised. The Senate banking committee is planning hearings on data security. The breach follows other attacks that are fueling concerns among financial regulators and security experts that banks and other companies aren’t doing enough to protect themselves and their customers.

Source: Wall Street Journal

Could 99.7% of Android devices be leaking personal data?

Source:tech.uk

Android phones could be offering up usernames and passwords to hackers, allowing sensitive data to be siphoned off.

Researchers from the Institute of Media Informatics at Ulm University have discovered that Android devices could offer up user’s Google Calendar, Contacts and Picasa information.

The research found that devices using Android 2.3.3 and older using ClientLogin (which is used to authenticate apps from a remote destination) could potentially be hacked if using a non-secure connection, such as open Wi-Fi hotspot.

This means up to 99.7% of devices could be open to the exploit, which works by sending a request for an authentication token (authToken) from the Google service with a user name and password over a secure connection, and the received item is then valid for 14 days.

Tag Cloud