Tech Today w/ Ken May

Archive for May 19th, 2017

Enlarge (credit: Adrien Guinet ) Owners of some Windows XP computers infected by the WCry ransomware may be able to decrypt their data without making the $300 to $600 payment demand, a researcher said Thursday. Adrien Guinet, a researcher with France-based Quarkslab, has released software that he said allowed him to recover the secret decryption key required to restore an infected XP computer in his lab. The software has not yet been tested to see if it works reliably on a large variety of XP computers, and even when it does work, there are limitations. The recovery technique is also of limited value because Windows XP computers weren’t affected by last week’s major outbreak of WCry. Still, it may be helpful to XP users hit in other campaigns. “This software has only been tested and known to work under Windows XP,” he wrote in a readme note accompanying his app , which he calls Wannakey. “In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!” Read 7 remaining paragraphs | Comments

Categories: reader

If you use Zomato to look up restaurants, you may want to check your account: someone has infiltrated its system and got away with 17 million users’ IDs, usernames, names, email addresses and hashed passwords. The service says no payment information was stolen, since credit card details are stored separately. It also doesn’t have access to your Facebook or Google account, so you don’t have to worry about anything if you simply linked your account instead of making a standalone one for Zomato. But if you did make a standalone one for Zomato, it’s best to change your password ASAP. This is totally separate incident from the WannaCry attacks , and the hacker who infiltrated the company’s system didn’t ask for ransom. He tried to sell his loot on the dark web instead but ended up pulling it down when the company agreed to his terms. They include acknowledging the security vulnerabilities in its system, to work with the ethical hacker community to patch them up and to launch a bug bounty program. Zomato says it will amp up its website’s security measures, especially since it found out that 6.6 million of the stolen hashed passwords can “theoretically [be] decrypted using brute force algorithms.” It also promises to reveal how exactly the hacker got in, which the infiltrator himself revealed to the company, once it’s done fixing the vulnerabilities that made it possible. Via: VentureBeat Source: Zomato

Categories: reader