86789659
submission
pdclarry writes:
While all of the recent news has been about hacking the Democratic party, apparently the Republicans have also been hacked, over many months (since March 2016). This was not about politics, however; it was to steal credit card numbers. Brian Krebs reports that; "a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the Web storefront of the National Republican Senatorial Committee (NRSC)." "If you purchased a “Never Hillary” poster or donated funds to the NRSC through its Web site between March 2016 and the first week of this month [October 2016], there’s an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground." Krebs says his information comes from Dutch researcher Willem De Groot, co-founder and head of security at Dutch e-commerce site byte.nl. The Republicans were not alone; theirs was just one of 5,900 e-commerce sites hacked by the same Russian actors.
86020705
submission
pdclarry writes:
Brian Krebs reports that the two youthful (18 YO) alleged proprietors of vDOS, the DDOS service that was reported in Slashdot September 9, have been arrested in Israel on a complaint from the FBI. They have been released on $10,000 bond each, their passports lifted, and they have been placed under house arrest, and banned from using the Internet for 30 days. They were probably identified through a massive hack of the vDOS database recently.
Krebs also reports that vDOS's DNS addresses were hijacked by the firm BankConnect Security to get out from under a sustained DDOS attack, and that his site, krebsonsecurity.com has been under a sustained DDOS attack since his last article was published, with the packets containing the string "godiefaggot". Those attacks continue, but, as he has been the target of many DDOS attacks in the past, he covered by a DDOS protection firm.
85977593
submission
pdclarry writes:
Brian Krebs (http://krebsonsecurity.com/) writes that he has obtained the hacked database of an Israeli company that is responsible for most of the large-scale DDOS attacks over the past (at least) 4 years. The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principle owners and masterminds of the attack service, with support services coming from several young hackers in the United States. Records before 2012 were not in the dump, but Krebs believes that the service has actually been operating for decades..
76727013
submission
pdclarry writes:
Apple's iOS 9 now supports ad blockers. The most popular of these, Peace, was withdrawn after only a couple of days because the developer thought "it just doesn't feel good." Crystal then quickly rose to the top of the heap. But the developer of Crystal has announced that it will allow "acceptable ads" — for a fee from the advertiser. Crystal is a paid app; so you can now pay for the privilege of seeing ads. (In addition to paying for the bandwidth used by those ads.) The Awl asks Does Your Adblocker Think You're a Moron?
75477305
submission
pdclarry writes:
Arstechnica reports that 10 GB of data stolen from AshleyMadison.com has been published online. The dump contains files with titles including "aminno_member_dump.gz," "aminno_member_email.dump.gz," "CreditCardTransactions7z," and "member_details.dump.gz," an indication that the download could contain highly personal details.
Assuming the download turns out to be authentic, people should remember that it was possible for anyone to create an account using the name and e-mail address of other individuals. That means an entry for a given individual doesn't automatically prove the person was behind it. Still, it would be harder for hoaxters to falsify credit card transactions and member profiles. As a result, the data could prove devastating if used by divorce attorneys, blackmailers, and others.
72815399
submission
pdclarry writes:
mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy's servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer's data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.
60213453
submission
pdclarry writes:
Glenn Greenwald's book No Place to Hide reveals that the NSA intercepts shipments of networking gear destined for overseas and adds spyware. Cisco has responded by asking the President to intervene and stop this practice, as it has severely hurt their non-US business, with shipments to other countries falling from 7% for emerging countries to over 25% for Brazil and Russia.
59496097
submission
pdclarry writes:
Anyone managing email servers or lists has suspected for several weeks a major hack of AOL's servers, based on a sudden spurt in spam ostensibly from AOL email addresses (but actually spoofed) and sent to the contact lists of those AOL accounts. Of course, there is a steady stream of such spam from hacked individual accounts on many services, but the magnitude and suddenness of the most recent spam attack argues against individual account invasions.
Well, AOL has finally come clean. Apparently individuals unknown accessed AOL's servers and took screen names, account information including mailing addresses, contact lists, encrypted passwords and encrypted answers to security questions. And possibly credit card information. AOL claims that it affects "only" 2% of their members, but recommends that everyone change their passwords and security questions.
58621593
submission
pdclarry writes:
On April 8 Yahoo implemented a new DMARC policy that essentially bars any Yahoo user from accessing mailing lists hosted anywhere except on Yahoo and Google. While Yahoo is the initiator, it also affects Comcast, ATT, Rogers, SBGlobal and several other ISPs. Internet Engineering Council expert John R. Levine, specialing in email infrastructure and spam filtering claimed in a post “Yahoo breaks every mailing list in the world including the IETF's.” on the Internet Engineering Task Force (IETF) list.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a two year old proposed standard previously discussed on Slashdot that is intended to curb email abuse, including spoofing an phishing. Unfortunately, as implemented by Yahoo, it claims most mailing list users as collateral damage. Messages posted to mailing lists (including listserv, mailman, majordomo, etc) by Yahoo subscribers are blocked when the list forwards them to other Yahoo (and other participating ISP's) subscribers. List members not using Yahoo or its partners are not affected and will receive posts from Yahoo users. And posts from non-Yahoo users are delivered to Yahoo members. So essentially those suffering the most are Yahoo's (comcast's, att's, etc) own customers. Hacker News has details about why DMARC has this affect on mailing lists. Their best proposed solution is to ban Yahoo email users from mailing lists and encourage them to switch to other ISPs. Unfortunately, it isn't just Yahoo, although they are getting the most attention.
46924819
submission
pdclarry writes:
Liberty Reserve, apparently the Internet bank of choice for criminals, as reported by NY Times and other sources including Wired and Business Week, has been shut down. Liberty Reserve, incorporated in Costa Rica in 2006, “facilitated global criminal conduct” and was created and structured “as a criminal business venture, one designed to help criminals conduct illegal transactions and launder the proceeds of their crimes,” Manhattan U.S. Attorney Preet Bharara said in an indictment unsealed today. The Liberty Reserve site has been seized by the US government. Chatter on criminal web sites show a rising sense of panic as fortunes have disappeared in an instant.
34481181
submission
pdclarry writes:
An Iranian-American teenager was told by an Apple store employee that they could not sell her an iPad because it would violate US trade restrictions.
She returned to the store with a camera crew from a local TV station and was again turned down.
Apparently an Apple employee heard her speaking Farsi. As he was also of Iranian extraction he recognized the language and used this as a basis for refusal.
7175626
submission
pdclarry writes:
A recent study by scientists at the American Museum of Natural History and Columbia University found that a piece of tuna sushi may not be tuna at all; "A piece of tuna sushi has the potential to be an endangered species, a fraud or a health hazard,” wrote the authors. “All three of these cases were uncovered in this study.”
The study published in PLOSONE examined 68 samples of tuna sushi purchased from 31 restaurants in Manhattan (New York City) and Denver, Colorado. Some of these were from endangered species, others were not as labeled, and some one not tuna at all. Of these last 5 samples labeled as "white tuna" were from a toxic fish, Escolar, which is a gempylid species banned for sale in Italy and Japan due to health concerns. "It can cause gastrointestinal symptoms range from mild and rapid passage of oily yellow or orange droplets, to severe diarrhea with nausea and vomiting. The milder symptoms have been referred to as keriorrhea [i.e. flow of wax in Greek]."
Fraud in sushi is not new; Slashdot also reported study on mislabeling in 2008.. This new study shows that some sushi can actually make you sick. The study was also reported in Wired.
6879408
submission
pdclarry writes:
Storm8, a maker of some top iPhone games, stole user's mobile phone numbers according to a suit filed on November 4. The story was reported in this story in The Register. The complaint claims best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. This is not new; there have been other reports of applications copying personally identifiable customer information.
445068
submission
pdclarry writes:
Users of the iPhone have noticed that it is showing December 31, 2007 even where it is already the new year. There have been a number of reports confirming the problem: Bug in Clock, Problem with New Year: My Clock — shows wrong year, Worldclock went wrong for "tomorrow" items
