Christmas Came Early For Hackers: 2 Million Social Media Accounts Hacked, Big U.S. Bank Data Stolen

Hackers Stole 2M Facebook, Google Passwords: How to Protect Your Accounts

Dec. 5, 2013

Any time you logged into Facebook, Google, Twitter, or a host of other popular web services the past month, there may have been a hacker peering over your digital shoulder, sneaking a peek at your password.

The information security company Trustwave has revealed that the passwords to 2 million different accounts have been compromised. The malware program Pony forwarded the vast majority of the passwords to a central server in the Netherlands.

John Miller, security research manager at Trustwave, said that the hack wasn’t due to a flaw in any of those company’s servers. “It was the individual users’ computers that had the malware installed on their machine,” he told ABC News. He adds that the unnamed hackers were most likely motivated by profit. “These passwords were never publicly posted. We can’t say for sure, but [the hackers] were probably going to sell them.”

http://abcnews.go.com/Technology/hacker-group-stole-million-stolen-facebook-google-passwords/story?id=21109910

 

JP Morgan Chase Hacked: 465,000 Card  Users’ Data Gone

JPMorgan Chase, one of the world’s biggest Banks has recently announced that it was the victim of a cyber attack and warned round 465,000 of its holders of prepaid cash cards on the possible exposure of their personal information.

In the Security Breach that took place on the bank’s website www.ucard.chase.com in July, around 465,000 accounts are compromised i.e. 2% of the overall 25 million UCard users. JPMorgan confirmed that there is no risk for holders of debit cards, credit cards or prepaid Liquid cards.
 
They informed the law enforcement in September, and till now no information on how attackers have conducted the attack has been disclosed.

http://thehackernews.com/2013/12/JPMorgan-Chase-bank-card-hacked_5.html 

Advertisements

DigiCert Announces Certificate Transparency Support

LEHI, UT–(Marketwired – September 24, 2013) – DigiCert, Inc., a leading global authentication and encryption provider, announced today that it is the first Certificate Authority (CA) to implement Certificate Transparency (CT). DigiCert has been working with Google to pilot CT for more than a year and will begin adding SSL Certificates to a public CT log by the end of October.

DigiCert welcomes CT as an important step toward enhancing online trust. For several months, DigiCert has been working with Google engineers to test Google’s code, provide feedback on proposed CT implementations, and build CT support into the company’s systems. This initiative aligns with DigiCert’s focus to improve online trust — including tight internal security controls, development and adoption of the CA/Browser Forum Baseline Requirements and Network Security Guidelines, and participation in various industry bodies that are focused on security and trust standards.

http://finance.yahoo.com/news/digicert-announces-certificate-transparency-support-180554567.html

Google’s Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections. These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities. If left unchecked, these flaws can facilitate a wide range of security attacks, such as website spoofing, server impersonation, and man-in-the-middle attacks.

Certificate Transparency helps eliminate these flaws by providing an open framework for monitoring and auditing SSL certificates in nearly real time. Specifically, Certificate Transparency makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority. It also makes it possible to identify certificate authorities that have gone rogue and are maliciously issuing certificates.

Because it is an open and public framework, anyone can build or access the basic components that drive Certificate Transparency. This is particularly beneficial to Internet security stakeholders, such as domain owners, certificate authorities, and browser manufacturers, who have a vested interest in maintaining the health and integrity of the SSL certificate system.

RT Use VPN! Former ‘Most Wanted Hacker’ Mitnick talks Snowden, NSA, and privacy

Once the most-wanted hacker in the US, Kevin Mitnick, the cracker extraordinaire and virtual ghost in the wires, spoke with RT about NSA snooping, Snowden’s status as a whistleblower or traitor and the virtues of VPNs in our surveillance saturated world.

RT: We’ve got hundreds of people writing you on Twitter, and the most popular question is, ‘how can citizens protect data and communications while still using popular corporate software and services.

KM: Well it’s pretty scary, because now, with the revelations from Snowden, that allegedly the NSA has approached and partnered with a lot of companies to develop security software, to develop VPN [virtual private network] technology, they might have intentionally weakened this technology so they can intercept communications. But an average citizen, if they are not a terrorist, they are really not concerned about an intelligence agency intercepting communications, but more a criminal organization. So the first thing I’d recommend to the average person on the street is, whenever you’re out in the public, or you’re in a hotel like I’m in a hotel in Moscow, or using public wi-fi, is use a VPN service. Because what that immediately does is, it takes your data and it kind of puts it in an encrypted envelope so that people can’t really intercept and spy on that. So as a consumer I would think about using a VPN service, and they’re pretty cheap.

RT: But anything can basically be hacked.

KM: Everything can be hacked if your adversary has enough time, money and resources. And of course intelligence agencies have unlimited budgets.

RT: Is there any way to stop hackers, like making strict laws or a governmental department that will follow them? Is that possible?

KM: I don’t think so. Hacking has been going on since the 1960s and it hasn’t stopped yet. I mean I started hacking in the early 90s and it’s only gotten worse; it hasn’t gotten better.

RT: Another popular question on Twitter: Is it okay to bank online?

KM: Well, I look at it this way, like using my credit card over the Internet, I do it all of the time and at least I don’t really care if somebody steals my credit card number. Do you know why? Because at least in America, if there is any fraud on the account, I simply call up the bank and they take the charge off. I have to basically sign a letter, an affidavit that it wasn’t me, and the problem goes away. Now in some countries that might be different, where the consumer has the burden of proof, then I’d be a little bit concerned, but it’s really where does the liability lie? Does it lie with the consumer, does it lie with the merchant, does it lie with the bank?

RT: Could a boycott of tech gadgetry, like iPods, firms like Verizon and Google, who are giving our info to the NSA, deter them?

KM: No. I don’t think so. This is like the form of hacktivism where you have a group of individuals, whether its LulzSec or Anonymous, and they break into stuff and they try to get the media to cover the message they want to send, but at the end of the day it doesn’t really change the behavior of a government agency or a company. Basically, they go out and try to prosecute the guys. The thing that I have seen change, and I wouldn’t call Snowden an activist, I would call him a whistleblower, is because of his exposures of what the government has really been doing, now that has created change and debate and stuff like that. That’s the only time I have really seen it.

http://rt.com/op-edge/kevin-mitnick-vpn-network-775/

RT: Google’s Schmidt Won’t ‘pass judgement’ on NSA surveillance

It’s not the danger to privacy that worries Eric Schmidt, executive chairman of internet leviathan Google, about the National Security Agency’s vast data collection programs, but the fracturing of the global web that may result, he said on Friday.

Speaking in New York at an event hosted by the New America Foundation, Schmidt said a balkanization of the internet is his real concern, not violations of privacy from surveillance, something that’s long been occurring and that he won’t “pass judgement on.”

“The real danger [from] the publicity about all of this is that other countries will begin to put very serious encryption – we use the term ‘balkanization’ in general – to essentially split the internet and that the internet’s going to be much more country specific,” Schmidt said, according to the Guardian. “That would be a very bad thing, it would really break the way the internet works, and I think that’s what I worry about. There’s been spying for years, there’s been surveillance for years, and so forth, I’m not going to pass judgment on that, it’s the nature of our society.”

http://rt.com/usa/google-schmidt-nsa-surveillance-841/

RT: Verizon exec blasts ‘consumer-centric’ Google, Yahoo, Microsoft over NSA lawsuit

Tech firms seeking court orders to make public details of their dealings with the NSA are ‘consumer-centric’ grandstanders disregarding US national security, according to public remarks from an irritated Verizon president, John Stratton.

The stinging critique Stratton launched at a media event in Tokyo targeted Google, Yahoo and Microsoft, who are preparing a lawsuit seeking the overturn of a government order, which forbids them to make public their relations with intelligence agencies.

The companies have been giving the government access to customer data, according to leaks from former NSA contractor, Edward Snowden. They are barred from openly discussing the issue, but say they want to do so to mitigate the damage to their image over the apparent privacy violations.

“I appreciate that the consumer-centric IT firms… that it’s important to grandstand a bit, and wave their arms and protest loudly so as not to offend the sensibility of their customers,” Stratton said as cited by ZDnet. “This is a more important issue than that which is generated in a press release. This is a matter of national security.”

http://rt.com/news/verizon-president-customer-centric-015/