TweakTown
Tech content trusted by users in North America and around the world
6,141 Reviews & Articles | 39,479 News Posts
Weekly Giveaway: Win an Antec Case, PSU and Cooler (Global Entry!)

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 74

Adobe hit with cyber attack, up to 2.9 million accounts at risk

Adobe has been hit with a cyber attack, with the hackers taking information from up to 2.9 million Adobe customers. The hackers were able to access Adobe IDs and encrypted passwords, but customer names, encrypted debit and credit card numbers, expiration dates and order information was stolen.

 

TweakTown image news/3/3/33270_03_adobe_hit_with_cyber_attack_up_to_2_9_million_accounts_at_risk.png

 

As you can imagine, this is quite bad. Adobe says that the intruders most likely didn't access any decrypted information, which means your credit card details should be safe. The 2.9 million affected customers will see their passwords reset, with Adobe offering one year of free credit card monitoring to make sure that malicious purchases aren't made.

 

A separate, but possibly related attack also saw the source code to a number of Adobe's products taken, including Acrobat and ColdFusion. Adobe says there is no "specific increased risk to customers" due to its source code being stolen.

LinkedIn sued by users who claimed they were hacked by the company

There has been a complaint filed in a San Jose federal court, with a group of people alleging that LinkedIn hacked into their e-mail accounts and took their contact lists so that LinkedIn could send spam-like e-mails.

 

TweakTown image news/3/3/33054_03_linkedin_sued_by_users_who_claimed_they_were_hacked_by_the_company.png

 

The suit claims that "Linkedln is able to download these addresses without requesting the password for the external email accounts or obtaining users' consent." The complaint argues that this is hacking, since "the users' email accounts and downloading of all email addresses associated with that users' account is done without clearly notifying the user or obtaining his or her consent."

 

Once the e-mail account is hacked, endorsement e-mails follow. The document goes on to explain: "These endorsement emails contain the name and likeness of those existing users from whom Linkedln surreptitiously obtained the list of email addresses." We don't know how LinkedIn is hacking into these accounts, but the suit has claimed that LinkedIn "pretends" to be its users in order to download contact lists "if a LinkedIn user leaves an external email account open."

You can now remotely change your Google password on an Android device

Google has finally provided the ability for Android users to remotely change their passwords on any Android device. The Android Device Manager is what you'll require, which allows you to track and locate any Android device associated with your Google account.

 

TweakTown image news/3/2/32983_08_you_can_now_remotely_change_your_google_password_on_an_android_device.jpg

 

This is all done without the need of a third-party application, which is nice, but until now Google has held back the ability to remotely lock or change your password. The Mountain View-based giant is slowly rolling this new feature through its Google Play Services, but if you'd like to check now, you just have to go into the Device Administrators panel under the Security section in your settings.

Chinese websites go down as massive DDOS attack hits its .cn domain

Early Sunday morning, the Chinese government says that it faced what is described as the largest Direct Denial of Service (DDoS) attack that the country has ever seen. The attackers targeted China's Top Level Domain (TLD) .cn and effectively took down all Chinese websites using the .cn TLD.

 

TweakTown image news/3/2/32514_1_chinese_websites_go_down_as_massive_ddos_attack_its_cn_domain.jpg

 

China's Internet Network Information Center said that the attacks began around 2 AM early Sunday morning and lasted for about two hours with the DDoS attack falling off around 4 AM. The Wall Street Journal spoke with web host CloudFlare about the incident and how it affected Internet traffic. It said that there was a 32 percent drop in traffic across all the Chinese domains hosted on its network during the attack. "It is not necessarily correct to infer that the attacker in this case had a significant amount of technical sophistication or resources," CloudFlare CEO Matthew Prince wrote to the Journal. "It may have well have been a single individual."

 

At the moment, Chinese officials and industry analysts are not sure why the attacks occurred or if there was a specific target they were hoping to take down. With the attacks lasting only two hours, not much damage occurred, but we've seen this sort of thing in the past with short attack serving as a way to test the waters for a much larger future attack. In 2013, China has come under several major cyber attacks but has also led several cyber attack campaigns itself.

JustDelete.me will wipe you from the Internet, but not the NSA

With all of the NSA PRISM and GCHQ hoopla, so many people are worried about their privacy and so they should be. Well, a new site is here to calm your nerves: JustDelete.me.

 

TweakTown image news/3/2/32508_03_justdelete_me_will_wipe_you_from_the_internet_but_not_the_nsa.png

 

UK-based developer Robb Lewis is behind the site, which is a directory of URLs that highlight links to pages you can remove yourself from so that you don't have to go through the usual clicks and hassle that would be associated with disconnecting yourself from those sites. These sites include the big ones like Facebook, Foursquare, Dropbox and Feedly.

 

Some sites are hard to remove yourself from, and this is intentional and something called a "dark pattern" technique. But, JustDelete.me makes this easier by ranking each site's removal from 'easy' to 'impossible' so that you know what to expect.

US-based League of Legends servers hacked, password reset implemented

Something that just hit my inbox minutes ago is from Riot Games, announcing that they've had their US-based servers hacked. The attack didn't hit all of its servers, but just a 'portion' of its US servers.

 

TweakTown image news/3/2/32435_01_us_based_league_of_legends_servers_hacked_password_reset_implemented.jpg

 

The hackers were able to access usernames, e-mail addresses, salted password hashes, and some first and last names. Riot Games is also investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers has been accessed. The League of Legends developer is contacting these players to alert them.

 

In order to hopefully escape more issues, Riot Games will require players in the US to change their passwords within the next 24 hours. Once this time hits, you'll be automatically prompted to change your password anyway.

Continue reading 'US-based League of Legends servers hacked, password reset implemented' (full post)

TOR advises users to steer clear of Windows and switch to another OS

Today, TOR began advising its users to avoid using Microsoft Windows at all cost. The advisory comes after NSA spying was discovered that used malware injected by using the Firefox zero-day vulnerability to gather users' machine names and Mac addresses, which were then being sent back to US government servers.

 

TweakTown image news/3/2/32196_1_tor_advises_users_to_steer_clear_of_windows_and_switch_to_another_os.jpg

 

The security advisory posted by the TOR Project states that the only sure-fire workaround to this exploit is to switch away from Windows. They advise this because the JavaScript that was used to inject the malware was specifically written to target Windows machines running the Firefox 17 ESR browser that was packaged with the TOR Browser Bundle. This allowed the attackers to unmask TOR users without actually installing any backdoors into their host machine.

 

Mozilla has since patched this vulnerability, but the TOR Project says that there are still many out there who use the affected version of the browser. "Disabling JavaScript will reduce your vulnerability to other attacks like this one, but disabling JavaScript will make some websites not work like you expect," TOR wrote. "A future version of Tor Browser Bundle will have an easier interface for letting you configure your JavaScript settings."

Vulnerability found in Tor Browser Bundle, beams info back to the NSA

In the ongoing saga of NSA spying, it appears that not even the darknet is safe. Today, reports came in that an exploit has been discovered in the Tor version of Firefox 17 that comes packaged with the Tor browser bundle. An exploit in the browser's code allowed malware to be injected into the system which then beamed the machine's hostname and MAC address back to a remote server in Reston, Virginia.

 

TweakTown image news/3/2/32144_1_vulnerability_found_in_tor_browser_bundle_beams_info_back_to_the_nsa.jpg

 

The exploit was based on a vulnerability that arises when websites on the darknet attempted to run JavaScript. After a little digging, sources found that the remote server located just outside of Washington DC then sent those hostnames and MAC addresses to NSA servers located all over the country. The exploits as well as the NSA spying were discovered by Baneki Privacy Labs, a collective of Internet security researchers, and VPN provider Cryptocloud.

 

The vulnerability is only present in the Windows version of the Firefox Extended Support Release 17 browser that was bundled with the Tor Browser Bundle before June of this year. Because automatic updating is turned off in this version, anyone who downloaded the Tor Browser Bundle before June is susceptible to the spying. Tor recommends that users download the new version of the Browser Bundle to stay secure.

Samsung Smart TVs could let hackers watch you via built-in webcam

With all the recent revelations and allegations about the NSA and other foreign agencies been able to spy on you through backdoors in your computers and through the microphones on your smartphones, tablets, and other mobile devices, it should come as no surprise that your Smart TV may be spying on you as well.

 

TweakTown image news/3/2/32102_1_samsung_smart_tvs_could_let_hackers_watch_you_via_built_in_webcam.jpg

 

It's not pleasant all the stories are popping up at the same time, as this week the world's largest security conference known as Black Hat took place in Las Vegas, Nevada. Yesterday, two researchers named Aaron Grattafiori and Josh Yavor demonstrated several vulnerabilities found in the 2012 models of Samsung's Smart TV line. The demonstration took place as Black Hat was wrapping up and it showed how hackers could turn on the built-in camera, take control of social media apps, and access files that were stored on the television.

 

"Because the TV only has a single user," Grattafiori explained in an interview with Mashable, "any type of compromise into an application or into Smart Hub, which is the operating system--the smarts of the TV--has the same permission as every user, which is, you can do everything and anything."

 

The two researchers discovered these issues back in December 2012 while working for security firm iSEC. They said that they alerted Samsung back in January and the company has since patched these holes via three software updates and on future generation devices, however, TVs that have not downloaded the update still remain vulnerable.

WSJ: FBI can remotely activate Android and laptop microphones

If you still thought you had privacy after all of the news you've been reading about the NSA PRISM system, or the GCHQ, then you'd be wrong. Very wrong. The Wall Street Journal is now reporting that the FBI has the power to remotely activate microphones in Android smartphones and laptops to record conversations.

 

TweakTown image news/3/2/32088_04_wsj_fbi_can_remotely_activate_android_and_laptop_microphones.jpg

 

This is all coming from a single anonymous former US official, who says that remotely forcing a cellular microphone to listen in on a conversation isn't something new. The FBI used something they called "roving bugs" to spy on alleged mobsters back in 2004, and further back in 2002 they used the roving bugs to keep tabs on supposed criminals using the microphone in a vehicle's emergency call system.

 

The anonymous US official said that there is a dedicated FBI group that regularly hacks into computers, where they use a mix of custom and off-the-shelf surveillance software which they purchase from private companies. One of the Journal's sources said that the "Remote Operations Unit" will sometimes install software by physically plugging in a USB device, but they can also do it through the Internet by "using a document or link that loads software when the person clicks or views it."

Continue reading 'WSJ: FBI can remotely activate Android and laptop microphones' (full post)

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases