Tag: password

Hack on JPMorgan website exposes data for 465,000 card holders

JPMorgan Chase has warned 465,000 holders of prepaid cash cards that their personal information may have been obtained by hackers who breached the bank’s network security in July, according to a report published Thursday. JPMorgan issued the cards on behalf of corporations and government agencies, which in turn used them to pay employees and issue tax refunds, unemployment compensation, and other benefits, Reuters reported . In September, bank officials discovered an attack on Web servers used by its www.ucard.chase.com site and reported it to law enforcement authorities. In the months since, bank officials have investigated exactly which accounts were involved and what pieces of information were exposed. Wednesday’s warning came after investigators were unable to rule out the possibility that some card holders’ personal data may have been accessed. The bank usually keeps customers’ personal information encrypted, but during the course of the breach, data belonging to notified customers temporarily appeared in plaintext in log files, Reuters said. The notified card holders account for about two percent of the roughly 25 million UCard users. Read 1 remaining paragraphs | Comments        

See the original post:
Hack on JPMorgan website exposes data for 465,000 card holders

Found: hacker server storing two million pilfered paswords

Spider Labs Researchers have unearthed a server storing more than two million pilfered login credentials for a variety of user accounts, including those on Facebook, Yahoo, Google, Twitter, and a handful of other websites. More than 1.5 million of the user names and passwords are for website accounts, including 318,121 for Facebook, 59,549 for Yahoo, 54,437 for Google, and 21,708 for Twitter, according to a blog post published Tuesday by researchers from security firm Trustwave’s Spider Labs. The cache also included credentials for e-mail addresses, FTP accounts, remote desktops, and secure shells. More than 1.8 million of the passwords, or 97 percent of the total, appeared to come from computers located in the Netherlands, followed by Thailand, Germany, Singapore, and Indonesia. US accounts comprised 0.1 percent, with 1,943 compromised passwords. In all, the data may have come from as many as 102 countries. Read 5 remaining paragraphs | Comments        

Link:
Found: hacker server storing two million pilfered paswords

Google compute cloud load balances 1 million requests per second for $10

We hold Google ransom for… one million Web requests. New Line Cinema Google Compute Engine, the company’s infrastructure-as-a-service cloud that competes against Amazon Web Services, is trying to take reliability and scale to the extreme. Yesterday, the company said it was able to serve “one million load balanced requests per second” with a single IP address receiving the traffic and distributing it across 200 Web servers. Each of the million requests was just “one byte in size not including the http headers,” Google Performance Engineering Manager Anthony F. Voellm wrote in a blog . It’s thus not representative of real-world traffic, but the simulation shows that Compute Engine should be able to let websites absorb big bursts in traffic without shutting down. According to Google, the test showed the load balancer was able to serve the aforementioned one million requests “within five seconds after the setup and without any pre-warming.” The test ran for more than seven minutes. “The 1M number is measuring a complete request and successful response,” Voellm wrote. Read 9 remaining paragraphs | Comments        

Read More:
Google compute cloud load balances 1 million requests per second for $10

Scientist-developed malware covertly jumps air gaps using inaudible sound

Topology of a covert mesh network that connects air-gapped computers to the Internet. Hanspach and Goetz Computer scientists have developed malware that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection. The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an “air gap” between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals. The researchers, from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics , recently disclosed their findings in a paper published in the Journal of Communications . It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps . The new research neither confirms nor disproves Dragos Ruiu’s claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today’s malware. Read 6 remaining paragraphs | Comments        

More:
Scientist-developed malware covertly jumps air gaps using inaudible sound

New Linux worm targets routers, cameras, “Internet of things” devices

Wesley Fryer Researchers have discovered a Linux worm capable of infecting a wide range of home routers, set-top boxes, security cameras, and other consumer devices that are increasingly equipped with an Internet connection. Linux.Darlloz , as the worm has been dubbed, is now classified as a low-level threat, partly because its current version targets only devices that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in a blog post published Wednesday . But with a minor modification, the malware could begin using variants that incorporate already available executable and linkable format (ELF) files that infect a much wider range of “Internet-of-things” devices, including those that run chips made by ARM and those that use the PPC, MIPS, and MIPSEL architectures. “Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability,” Hayashi explained. “If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.” Read 4 remaining paragraphs | Comments        

More:
New Linux worm targets routers, cameras, “Internet of things” devices

Alleged Windows support scammer forfeits money earned by “fixing” PCs

Well, maybe this guy wasn’t quite as smart as Heisenberg. AMC A man accused of tricking PC users into thinking they had viruses and then offering to “fix” their perfectly fine computers has agreed to pay back every penny he allegedly received in the scam. Navin Pasari is a defendant in one of six complaints that the Federal Trade Commission filed in September 2012 against people and entities accused of leading Windows tech support scams.”According to the complaint against Pasari and his co-defendants, the defendants placed ads with Google, which appeared when consumers searched for their computer company’s tech support telephone number,” the FTC noted in an announcement today . “After getting consumers on the phone, the defendants’ telemarketers allegedly claimed they were affiliated with legitimate companies, including Dell, Microsoft, McAfee, and Norton, and told consumers they had detected malware that posed an imminent threat to their computers. The scammers then offered to rid the computer of the non-existent malware for fees ranging from $139 to $360.” Pasari did not admit wrongdoing but agreed to a proposed  final judgment and order  in which he will forfeit $14,369, “which is the amount of money Mr. Pasari received from the other Defendants,” the document states. The money is being held in escrow and will be transferred to the FTC, assuming the order is approved by a US District Court judge. Read 11 remaining paragraphs | Comments        

Visit link:
Alleged Windows support scammer forfeits money earned by “fixing” PCs

Hack of Cupid Media dating website exposes 42 million plaintext passwords

A hack on niche online dating service Cupid Media earlier this year has exposed names, e-mail addresses and—most notably—plain-text passwords for 42 million accounts, according to a published report. The cache of personal information was found on the same servers that housed tens of millions of records stolen in separate hacks on sites including Adobe , PR Newswire , and the National White Collar Crime Center, KrebsonSecurity journalist Brian Krebs reported Tuesday night . An official with Southport, Australia-based Cupid Media told Krebs that user credentials appeared to be connected to “suspicious activity” that was detected in January. Officials believed they had notified all affected users, but they are in the process of double-checking that all affected accounts have had their passwords reset in light of Krebs’s discovery. The compromise of 42 million passwords makes the episode one of the biggest passcode breaches on record. Adding to the magnitude is the revelation the data was in plain-text, instead of a cryptographically hashed format that requires an investment of time, skill, and computing power to crack. As Krebs noted: Read 3 remaining paragraphs | Comments        

Continue Reading:
Hack of Cupid Media dating website exposes 42 million plaintext passwords

Qualcomm’s Toq wants to be your platform-agnostic color smartwatch

Qualcomm Qualcomm became a surprise entrant in the wearable computing race when it announced its Toq smartwatch. Designed as a showcase for some of Qualcomm’s latest technology, the $349.99 Toq will go on sale on December 2nd through its own portal. From a function perspective, Toq follows somewhat worn paths with notifications sent from your phone, music playback controls, and additional data pushed from an on-phone app. Where Toq differs is less in interactions than hardware features. The display Qualcomm chose is its own Mirasol MEMS-based display. In effect, Mirasol is like a mash-up of E Ink and LCD displays, providing a low-power, static color image where appropriate, with video and animation capabilities that exceed those of traditional E Ink displays. Charging your Toq occurs through Qualcomm’s own WiPower LE wireless charging protocol, and the included charger serves as a case as well. Most smartwatches connect primarily through Bluetooth LE; Qualcomm’s Toq also includes access to its open source AllJoyn protocol, which offers a platform-agnostic approach to device-to-device communications. AllJoyn-enabled devices and software can interact with your Toq over WiFi-Direct or Bluetooth. Read 1 remaining paragraphs | Comments        

View original post here:
Qualcomm’s Toq wants to be your platform-agnostic color smartwatch

Password hack of vBulletin.com fuels fears of in-the-wild 0-day attacks

János Pálinkás Forums software maker vBulletin has been breached by hackers who got access to customer password data and other personal information, in a compromise that has heightened speculation there may be a critical vulnerability in the widely used program that threatens websites that use it. “Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password,” vBulletin Technical Support Lead Wayne Luke wrote in a post published Friday evening . “Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password.” The warning came three days after user forums for MacRumors—itself a user of vBulletin—suffered a security breach that exposed cryptographically hashed passwords for more than 860,000 users . When describing the attack, MacRumors Editorial Director Arnold Kim said the compromise in many ways resembled the July hack of the Ubuntu user forums , which also ran on vBulletin. Read 9 remaining paragraphs | Comments        

Read the original:
Password hack of vBulletin.com fuels fears of in-the-wild 0-day attacks

In 6 months, US law enforcement asked Google for data on 21,000 users

Google Google and other tech companies have been actively fighting at the Foreign Intelligence Surveillance Court in an attempt to tell the public more about the types of US law enforcement orders that they must comply with. While that case continues, Google announced on Thursday that US government (local, state, federal) requests for data has reached 21,683 users between January through June 2013. By comparison, the company’s previous reporting period (July through December 2012) saw 8,438 user data requests from US authorities—a jump of about 32 percent. Again, the United States remains at the top of this list by a wide margin. India, Germany, France and the United Kingdom round out the next four positions, respectively. Read 5 remaining paragraphs | Comments        

Visit link:
In 6 months, US law enforcement asked Google for data on 21,000 users