Hacking, Security & Privacy News - Page 90

All the latest Hacking, Security & Privacy news with plenty of coverage on new data breaches and leaks, new hacks, ways to protect yourself online & plenty more - Page 90.

Follow TweakTown on Google News

Snapchat user database hacked, 4.6M users compromised

Charles Gantt | Jan 1, 2014 9:30 PM CST

Snapchat is one of the most popular image sharing services in the mobile ecosystem, and today more than 4.6 million users are learning that their contact information has been hacked by unknown persons. A website called SnapchatDB.info has popped up that list out usernames and phone numbers of each account that was compromised.

Originally thought of as a hoax, SnapchatDB.info has been confirmed as real and its creators say that they stole the information and created the website to raise awareness around the security issues surrounding Snapchat. SnapchatDB.info did censor the last two digits of each phone number to reduce spam, and unwanted messages to users, but with only 10 numbers per spot, it would only take a few minutes to figure out which is correct. The full statement from SnapchatDB.info has been pasted below.

Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.

Continue reading: Snapchat user database hacked, 4.6M users compromised (full post)

DROPOUTJEEP - the NSA program that backdoors every iPhone

Anthony Garreffa | Dec 30, 2013 9:14 PM CST

According to security researcher Jason Appelbaum, and German news magazine Der Spiegel, the NSA has the ability to spy on virtually every iPhone, and users' digital communication sent from said iPhone.

The NSA reportedly has a program called DROPOUTJEEP, which allows the US spy agency to intercept most things - including SMS messages, contact lists, the physical location of the iPhone (and its user) through cell phone data, and even the ability to access the iPhone's microphone, and camera. Leaked documents have helped put the picture together, with the NSA claiming a 100% success rate when it comes to getting spyware into iOS-based devices.

Then comes the scary part: that the NSA requires physical access to the device, which the US spy agency reportedly reroutes shipments of iPhone's purchased online, but it is also working on a remote version, which is even worse. Appelbaum says: "Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves."

Continue reading: DROPOUTJEEP - the NSA program that backdoors every iPhone (full post)

Users more worried about identity theft than privacy

Michael Hatamoto | Dec 27, 2013 11:35 PM CST

Despite fallout from former IT specialist Edward Snowden, it appears more U.S. voters are interested in security over privacy-related issues. Seventy-five percent of users are worried about personal information theft over 54 percent of those users worried about browsing history being tracked.

"By wide margins this survey clearly shows that ID theft has touched the majority of consumers in some way, and that hacking is more worrisome to consumers than tracking, and that voters want the government to more aggressively go after cyber criminals," said Ed Black, CCIA President and CEO, in a statement. "Safeguarding users online must become a higher priority for companies and also for the regulators and policymakers charged with protecting consumers."

Even though security is more thought about by U.S. citizens, privacy concerns have caused a major backlash against the National Security Agency (NSA), other US federal branches, and a handful of major corporations.

Continue reading: Users more worried about identity theft than privacy (full post)

Security researchers warn of cross-platform DDoS botnet

Michael Hatamoto | Dec 27, 2013 7:10 PM CST

A new DDoS Botnet has the ability to infect both Microsoft Windows along with Linux-based systems, according to the Poland Computer Emergency Response Team (CERT). Unlike many cyber-based attacks, this botnet is only interested in launching DDoS attacks to knock certain servers and websites offline.

The Linux-based botnet reportedly handles dropping servers, while the Windows-based botnet easily hijacked consumer PCs. "Most servers that are injected with these various scripts are then used for a variety of tasks, including DDoS, vulnerability scanning, and exploiting," according to security expert Andre Dimino, in a blog post. "The mining of virtual currency is now often seen running in the background during the attacker's 'downtime.'"

Seeing DDoS attacks to turn zombie PCs into an effective botnet isn't Earth-shattering news, but this cross-platform attack is relatively unique. As bitcoin mining and launching attacks to impact certain companies is easily done when using unsuspecting machines.

Continue reading: Security researchers warn of cross-platform DDoS botnet (full post)

Researchers indicate MacBook webcams can be compromised

Michael Hatamoto | Dec 19, 2013 12:30 PM CST

Researchers from Johns Hopkins University confirmed it's possible to turn on a laptop's web camera without turning on a light that informs users the camera is on. Just a few years ago, it didn't seem possible to hack a webcam like this, but it's something consumers need to be somewhat vigilant about.

The team focused on Apple MacBook and iMac models available before 2008, but said the exploit can be used on a variety of different models. Although Apple initially opened up communication with Johns Hopkins University to discuss the problem, there reportedly haven't been any further updates.

Using a Remote Administration Tool (RAT), for example, works around the computer's security and remotely controls the computer webcam.

Continue reading: Researchers indicate MacBook webcams can be compromised (full post)

Researchers use NSA tricks to see just how much data it collects

Anthony Garreffa | Dec 1, 2013 12:21 AM CST

We know that the NSA's PRISM system scoops up unimaginable amounts of data, so a couple of researchers created an Android app to see just how much metadata is collected from a smartphone, which was compared to basic information on Facebook.

The two Stanford researchers, Jonathan Mayer and Patrick Mutchler, created MetaPhone, using it to see how revealing the metadata was. Mayer told MIT Technology Review: "Some defenders of the NSA's bulk collection programs have taken the position that metadata is not revealing. We want to provide empirical evidence on the issue.... Our hypothesis is that phone metadata is packed with meaning."

You can grab MetaPhone yourself, a free app from the Google Play Store, with the app capable of collecting call and text logs, and asks for basic information from Facebook. Early research points to the fact that the metadata definitely includes some juicy data on you, with early results showing that phone metadata can predict whether someone is in a relationship with around 60% accuracy.

Continue reading: Researchers use NSA tricks to see just how much data it collects (full post)

Google Nexus devices are at risk of DDoS attacks through SMS messages

Anthony Garreffa | Nov 30, 2013 12:36 AM CST

Bogdan Alecu, a system administrator at Dutch IT services company, Levi9, has discovered an issue that leaves Google Nexus devices open to DDoS attacks that would reboot the smartphone, or fail to connect to mobile Internet services.

Alecu discovered the issue in all Android 4.x firmware versions of Google's Nexus, Nexus 4 and Nexus 5 smartphones. If a Nexus smartphone was to receive the message, it would display itself on top of every other active window, and is surrounded by a semi-transparent black overlay that has a dimming effect on the screen. If this message isn't saved, or dismissed, a second message is received, which is placed on top of the first message, and the dimming effect continues.

These messages will hit the Nexus phones without a notification, so if they're being sent when you're asleep, or the phone is in your pocket, you'll be none the wiser. Most of the time, Alecu says the phone will reboot, and if a PIN is required to unlock the SIM card, the phone won't connect back to the network for hours. During this time, the phone is useless, as it is unable to receive messages, phone calls, or any other notifications.

Continue reading: Google Nexus devices are at risk of DDoS attacks through SMS messages (full post)

New Snowden leaks show the NSA captures Google data center traffic

Anthony Garreffa | Oct 31, 2013 1:31 AM CDT

According to some documents supplied to the Washington Post by Edward Snowden, Google and Yahoo data centers across the world are intercepted directly by the NSA and GCHQ. The program is known as "Muscular" and can tap into the main communications link that connect Google and Yahoo data centers.

A documented dating back to January 9, 2013 says that the NSA captured millions of records from the search giants each and every day, sending them to NSA data warehouses. Within a 30-day period, over 180 million records were collected, all of which included metadata, text communications, audio and video, too.

The Washington Post did say that the NSA doesn't keep everything, which should help you sleep at night (so much sarcasm intended). Both search giants maintain multiple data centers around the world for redundancy reasons, with data shared between the data centers all the time. Google has said that it was not aware of the NSA activity, with a Yahoo spokesperson saying that it has strict controls in place to protect the security of their data centers, and that it has not given the NSA or anyone else access to their data centers.

Continue reading: New Snowden leaks show the NSA captures Google data center traffic (full post)

Anonymous: US gov't is using Apple's TouchID to collect fingerprints

Anthony Garreffa | Oct 2, 2013 10:29 PM CDT

Most are impressed with the NSA's Apple's TouchID fingerprint scanner, being the only real change on the iPhone 5S, but hacking collective Anonymous has come out with quite the claim: the US government is using the TouchID database to collect citizens' fingerprints.

Anonymous has released a video, above, with several documents supporting its claim. Anonymous claims to have uncovered evidence of a "corrupt alliance" between the US government and a bunch of its contractors. AuthenTec, the company who made Apple's TouchID technology, reportedly has strong ties to "the most powerful and corrupt Defense Department and Intelligence Community contractors and figures." This is an interesting quote from the piece:

In brief, the claims the group make concerning Touch ID seem to focus on Authentec director, Robert E Grady, who appears to have been a prominent figure within the George Bush administration and (Anonymous claim) was connected with The Carlyle Group, which Anonymous also claim is a majority shareholder in Booz Allen Hamilton, the NSA contractor with which whistleblower Edward Snowden worked.

Continue reading: Anonymous: US gov't is using Apple's TouchID to collect fingerprints (full post)

Ex-Microsoft privacy adviser doesn't trust MS after NSA PRISM leaks

Anthony Garreffa | Sep 30, 2013 11:37 PM CDT

Caspar Bowden worked for Microsoft between 2002 and 2011 as its Chief Privacy Adviser, but now says he doesn't trust Microsoft's security after he read the stories about the NSA PRISM system after NSA whistleblower Edward Snowden stepped up with the leaks.

Bowden was in control of the privacy policy for 40 countries that Microsoft operated in, but strangely he didn't have anything to do with the United States side of Microsoft's privacy. Bowden says he was simply unaware of the PRISM data-sharing network when he was with the software giant. He said "I don't trust Microsoft now," where he added that he now uses open source software that allows him to peer into the underlying code.

The former privacy adviser to Microsoft said that the NSA PRISM system was undermining democracy by sharing citizens' private information with the UK's GCHQ and intelligence agencies in Australia, New Zealand and Canada. He added: "The public now has to think about the fact that anybody in public life, or person in a position of influence in government, business or bureaucracy, now is thinking about what the NSA knows about them. So how can we trust that the decisions that they make are objective and that they aren't changing the decisions that they make to protect their career? That strikes at any system of representative government."

Continue reading: Ex-Microsoft privacy adviser doesn't trust MS after NSA PRISM leaks (full post)