Information Security Blog | Cyber Security Blog

Sreejith C

Information Security Blog | Cyber Security Blog
Read More

272 Million passwords at just a cost of $1

Tuesday, 05 July 2016 05:30

A single hacker from a small town in Russia compiled a whopping 272 million unique stolen email addresses and passwords, researchers say.

A strange recent transaction with a young Russian hacker left the security research firm Hold Security and the Russian with an enormous trove of compromised email addresses and passwords, the firm says.

It started when Tanya Tabakar, an analyst at cybersecurity firm Hold Security, found a post on a Russian-language dark net forum—the type where stolen data and credentials, often sometimes old and repackaged, are often bought and sold. The hacker insisted on being paid for the account information—even though he only charged 50 rubles ($0.75). “I am just getting rid of it but I won’t do it for free,” he said, as Tabakar wrote. After she told him ethically couldn’t pay, he eventually agreed to trade the information for a like on his page on the popular Russian social media site VK.

“Honestly, it’s the first time I personally saw such a big amount of data,” Tabakar told Vocativ. Estimates vary on just how much personal data is traded on such forums, though it’s undeniably huge. Previous studies estimate about half of Americans are hacked in some form each year. Email accounts that don’t enable two-factor authentication—registering a phone number, for example, which must be verified before a user can change their password—are at far greater risk.

Tabakar was able to glean precious little about the hacker, and how he was able to acquire that information. A resident of a small town in rural Russia, he didn’t fit the mold of a criminal mastermind. “He’s a real young person and he was very friendly,” Tabakar said. The fact that he possessed such data doesn’t mean he was the first to acquire or even to compile it—it’s just noteworthy that such a person was in possession of it, and could share it for next to nothing.

“He has a lot of friends all over the world [on VK],” she said. “Hackers like him play a lot of online games and that’s how they meet people and talk to people.”

The actual number of accounts the hacker sent her was nearly a billion addresses—917 million—but some of those were duplicates, and far more weren’t original, and existed in previous known data dumps from other hackers. Still, that left 272 million unique ones. More half of those came from popular email services like Yahoo, Gmail and AOL. Russian mail site was the hardest hit, with more than 56 million accounts compromised.

Read More

China seems to be a favourable market

Tuesday, 05 July 2016 05:30

We’ve heard a lot about sales and projections for smartphones in China – such as 199 percent smartphone growth in the past year – but how about active mobiles in the hands of Chinese users? The cross-promotion and ads platform Umeng has released its newest report accompanied by an infographic. It shows that, at the end of 2012, China has 160 million active Android users, with 85 million engaged in using iOS.

Newly activated Android devices really started to rocket in numbers last summer, the report notes. Across both platforms, smartphones are now so ingrained in the lives of Chinese mobile user that mobile app sessions rose 16-fold in 2012, with a 12-fold increase in the time spent within the apps that Umeng observed.

As well as lots of interesting demographics and app trends in the infographic, it also points out that iOS jailbreaking is on the decline in the long-run – down from 42.4 percent of Apple iOS gadgets in September 2012 to just 32.3 percent a few weeks ago.

Read More

Apple really doesn't want you to record videos where it's forbidden.

The company is working on a technology that can disable phones' photo and video recording capabilities using an infrared signal, a newly approved patent filing has shown.

The technology could stop people from making illegal recordings at concert venues, in cinemas or theaters.

The patent described how an infrared signal could be fired in places where video recording is prohibited. The phone would detect the signal and either alter what's shown on the screen or shut down its video features completely.

The patent approval was first reported by Patently Apple.

The patent filing suggests video capabilities would only be disabled if the phone is pointed in a certain direction. So users would be still able to take photos of their friends in the crowd, but their camera would switch off if they point it at the stage.

Apple also suggested the infrared signal could be used to alter what the user sees on their screen and provide extra information. For example, if pointed at a piece of art in a museum, the phone could display details about the artwork.

Read More

Privacy posts on Facebook is just a HOAX

Tuesday, 05 July 2016 05:30

Facebook users are falling for a chain status update hoax that claims to protect their personal information under copyright laws.

The message has a few variations with date modifications to continually trick new users into reposting the scam. A nearly identical hoax which attempted to entice victims to sites filled with malware and viruses merged back in 2011, reports CBS. The first variation claims that Facebook will begin to charge a subscription fee to maintain private accounts:

“Now it’s official! It has been published in the media. Facebook has just released the entry price: $5.99 to keep the subscription of your status to be set to “private”. If you paste this message on your page, it will be offered free (paste not share) if not tomorrow, all your posts can become public. Even the messages that have been deleted or the photos not allowed. After all, it does not cost anything for a simple copy and paste.”

The second alludes to irrelevant treaties that will supposedly protect a user’s Facebook information from copyright infringement. This misleading post, which has been around since 2012, reads:

“As of September 28 2015 1146 am Eastern standard time, I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, or posts, both past and future. By this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents.

The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308- 1 1 308-103 and the Rome Statute). NOTE: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version. If you do not publish a statement at least once it will be tactically allowing the use of your photos, as well as the information contained in the profile status updates. DO NOT SHARE. You MUST copy and paste.”

Facebook does not own users’ media as Facebook spokesman Andrew Noyes announced in a statement reported by USA Today:

“We have noticed some statements that suggest otherwise and we wanted to take a moment to remind you of the facts–when you post things like photos to Facebook, we do not own them. Under our terms, you grant Facebook permission to use, distribute, and share things you post, subject to the terms and applicable privacy settings.”