An anonymous reader shares a ZDNet report: User accounts for iMesh, a now-defunct file sharing service, are for sale on the dark web. The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the “dotcom” boom. LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database. The group’s analysis of the database shows it contains a little over 51 million accounts. The database, of which a portion was shared with ZDNet for verification, contains user information that dates back to late-2005 when the site launched, including email addresses, passwords (which were hashed and salted with MD5, an algorithm that nowadays is easy to crack), usernames, a user’s location and IP address, registration date, and other information — such as if the account is disabled, or if the account has inbox messages. Read more of this story at Slashdot.
View the original here:
Hacker Puts 51 Million iMesh Accounts For Sale On Dark Web
Two days after Fiverr, a marketplace for digital services, removed user listings from its website that advertised DDoS-for-hire services, the company’s website suffered a six-hour long DDOS attack. Softpedia reports: The incident took place on the morning of May 27 (European timezones), and the service admitted its problems on its Twitter account. At the time of writing, Fiverr has been back up and functioning normally for more than two hours. Fiverr’s problems stem from an Incapsula probe that found DDoS-for-hire ads on its marketplace, available for $5. Incapsula reported the suspicious listings to Fiverr, who investigated the issue and removed the ads. Fiverr first removed all listings advertising blatantly illegal DDoS services, but later also removed the ads offering to “test” a website for DDoS “protection” measures. Read more of this story at Slashdot.
Reader wiredmikey writes: Security researchers at Cisco have come across a piece of software that installed backdoors on 12 million computers around the world. Researchers determined that the application, installed with administrator rights, was capable not only of downloading and installing other tools, such as a known scareware called System Healer, but also of harvesting personal information. The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The “features” have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.” Tuto4PC said its network consisted of nearly 12 million PCs in 2014, which could explain why Cisco’s systems detected the backdoor on 12 million devices. An analysis of a sample set revealed infections in the United States, Australia, Japan, Spain, the UK, France and New Zealand.Tuto4PC has received flak from many over the years, including French regulators. Read more of this story at Slashdot.