Tag Archives: Hacker

272 million emails and passwords leaked from Gmail, Hotmail and more



It seems that not a day goes by without some security news, usually in the form of a breach. There have been some big ones too, from Target to Home Depot, as well as online ones, including the embarrassing Ashley Madison one.

Now we have the latest news, and it’s up there with the largest in history. 272 million emails and passwords from the likes of Gmail, Hotmail and others have been leaked.

Before you panic too much, realize that the data obtained consisted largely of data that had been seen before. Hold Security, which broke this news, claims that “Only 0.45 percent is new, meaning that only 1 out of 200 credentials are ones we have never seen before”.

The hacker was simply trying to unload the data and contacted the security firm asking only 50 rubles, which is less than $1 US. Not wanting to contribute anything to this cause the Hold Security company negotiated and received the information for free.

Hold claims “When we peel back the layers and dig deeper, we find that the hacker is holding something back from us. Within several days of communication and after a couple more strategically timed votes on his social media pages, he shared more useful information. At the end, this kid from a small town in Russia collected an incredible 1.17 Billion stolen credentials from numerous breaches that we are still working on identifying. 272 million of those credentials turned out to be unique, which in turn, translated to 42.5 million credentials — 15 percent of the total, that we have never seen before”.

Yes, this has the potential to be very bad, but right now we just don’t know. We also don’t know why the hacker was trying to unload it so quickly and then ended up giving it away. Stay tuned as this unfolds.


Two Million Passwords Stolen by Hackers



Trustwave logoOn November 24, 2013, researchers at Trustwave discovered that hackers have obtained up to 2 million passwords for websites like Facebook, Google, Yahoo!, Twitter (and others). Researchers learned this after digging into source code from Pony bonnet. It appears that information about this has only been made public very recently.

Here’s some quick stats about some of the domains from which the passwords were stolen:

* Facebook – 318,121 (or 57%)
* Yahoo! – 60,000
* Google Accounts – 54,437
* Twitter – 21,708
* Google.com – 16,095
* LinkedIn – 8,490
* ADP (a payroll provider) – 7,978

In total, Pony botnet stole credentials for: 1.58 million websites, 320,000 email accounts, 41,000 FTB accounts, 3,000 remote desktops, and 3,000 secure shell accounts.

According to Trustwave, around 16,000 accounts used the password “123456”, 2,221 used “password” and 1,991 used “admin”. Now is a good time to go change your passwords into something strong and secure.

Doing so won’t make it entirely impossible for hackers to crack it, but it could make it more difficult. Trustwave noted that only 5% of the 2 million passwords that were stolen had excellent passwords (meaning the passwords had all four character types and were longer than 8 characters).


Twitter banning Bit.ly, other URL Shortners on Direct Messages (DM)



Twitter logoToday I was trying to send a direct message to a friend. Included was a bit.ly link to a page I needed him to see. For some reason, Twitter kept saying there was an error and cannot send the DM. After checking his page to make sure he was still following me and sending a couple test DMs successfully, I realized the problem was the bit.ly link.

I did a search and found that indeed – Twitter was blocking DMs with bit.ly links. They found many different links could not be sent via DMs. CBS.com was one of those who were blocked by Twitter DMs.

Of course, this is because of Twitter allowing n0n-followers to DM people. You have to opt-in to the option, but with this you can get messages from many different people.

The Twitter error Message Needs to Be Fixed

So direct messaging with a link could come back saying the person might not be following you. That could be totally confusing – especially if you know they are. I almost chalked it up as a twitter database error but decided to check and see if there was any changes.

The only advantage of allowing non-followers to DM is if your Twitter account is a corporate one or you have over 10,000 followers and don’t want to follow them all back.

The Problem with Blocking Bit.ly – the Mask-Around

Spammers are smart and/or intuitive. Instead of using bit.ly, they’ll use another system that gets around the twitter issue. Twitter might then block that, but in the meantime, you don’t see a bit.ly link – you see a My.website link. Give a spammer/hacker 2-3 days with an $8 /year website domain and they could make enough to buy another $8 domain and start the process over again.

Of course this is a very common problem with url shorteners. Tiny URL added spam block and virus protect tools shortly after they started. Bit.ly also has some preventative measures (using companies like Sophos, Verisign, Websense and more). Still, they are not responsible for 3rd party content using their links.

Bottom Line – Don’t click on unknown links

Usually bad links start with “Hey, is this you” or “I got a way you can make money” which really translates to “I got a way for ME to make money using you”. If you choose to opt-in to letting anyone DM you, keep in mind you will get spam in your message box. If you don’t feel confident you can sniff out the good from bad, then simply don’t check the box.


SpyEye hacker extradited to the U.S.



bigstock-Computer-Hacker-in-suit-and-ti-31750772

The United States has had little luck with landing Kim Dotcom or Julian Assange, but it has managed to grab a hacker. Hamza Bendelladj, known online as Bx1 is an Algerian hacker who was captured and extradited from Thailand. He was arrested back in January while moving through the Bangkok airport on his way from Malaysia.

Bendelladj stands accused of hijacking customer accounts at more than 200 financial institutions using the SpyEye program. Alleged totals of more than 100 million USD over the past five years have been indicated. SpyEye allowed the attacker to alter web pages displayed in a person’s web browser and trick them into entering personal data.

Variants of both SpyEye and Zeus have been used by criminals to automate the process of transferring money.  Bendelladj faces 23 charges from a 2011 indictment. He arrived in Atlanta on Thursday and was arraigned on Friday. He faces up to 30 years in prison and as much as a 14 million USD fine. Security researcher Brian Krebs has posted a PDF of the indictment on his site.

Image: Computer Hacker by BigStock


GNC-2011-10-24 #716 Back to Basics



Back to basics on this show and, I tighten up the timeline. Lots of tech as always and a huge number of comments have come in pre-show… Today I try pulling unique articles from Google+. Hope you like the new sources.

Support my Show Sponsor:
30% off on New GoDaddy Orders cjcgeek30
$.99 for a New or Transferred .com cjcgeek99 @ GoDaddy.com
$2.49 / mo Economy Hosting with a free domain. Promo Code: cjcgeek1h
$2.49 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgeek1w
Become a GNC Insider: Support this podcast

Subscribe Today: Audio | Video  | Mobile Video | iTunes | Zune
Download the Show File

Follow me on Google+
Follow @geeknews on Twitter
Geek News Central Facebook Page
Purchase GNC gear from the Ohana Store!
Show Hotline 24/7 1-619-342-7365 or e-mail geeknews@gmail.com

Listener Links:
Tele-Coils
Netflix -800k
Ive versus Jobs
Jobs top Seller Amazon 2011.
Tsunami Debris & Hawaii.
Hard Drive Shortage.
Really See Through Walls.

Links to articles covered in this Podcast on the GNC Show Notes Page [Click Here]

Credits:
Jack Ellis – Executive Producer
Mike Baine – Associate Producer


YouTube Hackers Invade Sesame Street, Replace with Porn



Sesame Street
Sesame Street Logo

Sunny Day, but the streets look different…

Visitors to the iconic children’s show “Sesame Street” on YouTube got a rude awakening on Sunday. All videos were deleted, and replaced with pornographic material. The header on the front page said “Sesame Street: It’s Where Porn Lives”. YouTube took instant action and brought down the site within the hour. At this moment, the page is still offline.

The blame has been running around as Reddit has a thread, blaming a person titled “MrEdxwx” . MrEdxwx has responded with a video stating his case that he did not hack Sesame Street.

Their Facebook Page has a public apology:

We apologize for any inconvenience our audience may have experienced today on ourSesame Street YouTube channel.  Our channel was compromised and we are presently working with YouTube/Google to restore our original content. We always strive to provide age-appropriate content for our viewers and hope to resolve this problem quickly.

This article was brought to you by the letters and numbers – H4cK0r.

 


GNC #700 Party Going on Here



I give lots of Prizes away and also a chance to win some very exclusive prints from a cool artist. Listen to win and join me for a trip down memory lane, we kick it off old school with some intros that we have used in bygone years. Nearly 7 years of podcasting excellence all made possible by all of the Ohana that subscribe and listen to this show.

Big Thanks to Our Executive Producer Jack Ellis for all his work on all of our shows!

Support my Show Sponsor:
30% off on New GoDaddy Orders cjcgeek30
$.99 for a New or Transferred .com cjcgeek99 @ GoDaddy.com
$2.49 / mo Economy Hosting with a free domain. Promo Code: cjcgeek1h
$2.49 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgeek1w
Become a GNC Insider: Support this podcast

Subscribe Today:  Audio Video (HD) |  Mobile Video iTunes Zune
Download the Show File

Follow me on Google+
Follow @geeknews on Twitter
Geek News Central Facebook Page
Purchase GNC gear from the Ohana Store!
Show Hotline 24/7 1-619-342-7365 or e-mail geeknews@gmail.com


 

 

 

 

 

 

Listener Links:
Facebook and 1 Trillion Page Views

Show Links:
Irenes Wrath on Cell Towers.
Traders made it to work.
SyncTweet.
Google+ Ranking Articles/Sites?
Glue Veins Together.
Gibson Guitar under Attack.
Rural British to get Internet.
Windows 8 UI Leak?
Cyberlockers the new P2P?
Pirate Bay to BayFiles ;)
Snoop and Get Hired.
Comet gets Wacked by Sun.
Abandon Ship?
iZon Net Connected Cam.
Google+ adds Ignore.
Alexa and Compete Worthless.
Gadget Ice Trays.
AirFloss.
Airplay gives Apple Boost!
iTunes TV Rentals RIP.
Cool DVD preview App.
4 Keyloggers for Mac’s.
iPhone Volume Tricks.
Apple Store Security.
Severe Weather Tips.
Magellan Roadmate Review.
ToughTech with AES Security.
Linksys RE1000 Review.
Mophie gets me Again.
Bluetrek Headset.
CardMunch for iPhone.
Engadget Contest Rules.
Crazy Chatbots.
iCloud getting closer.
Eric Schmidt + Brits + Google TV = Hmmmm
More Google TV Devices.
OnStar Remote Link.
Explorer Updated in Windows 8.
Don’t Mess with Texas?