security – Page 141

Police Seize Two ‘Perfect Privacy’ VPN Servers

An anonymous reader writes from a report via TorrentFreak: VPN provider Perfect Privacy has informed its customers that two of its servers had been seized by the police in Rotterdam, Netherlands. Torrent Freak reports: “The authorities went directly to the hosting company I3D and the VPN provider itself wasn’t contacted by law enforcement. ‘Currently we have no further information since the responsible law enforcement agency did not get in touch with us directly, we were merely informed by our hoster, ‘ Perfect Privacy says. Despite losing control over two servers, Perfect Privacy assures its customers that no personally identifiable data is present on the seized hardware. Like many other VPNs, the company maintains a strict no-logging policy. ‘Since we are not logging any data there is currently no reason to believe that any user data was compromised, ‘ the VPN provider says. ‘When the Dutch police contact us with a subpoena, we work with them in a professional manner and ensure their request and our responses are in compliance with the Dutch law, ‘ I3D informs us. ‘We think with the affected customer as well, for example by making temporary capacity available so the customer does not suffer extended downtime during the investigation.'” Read more of this story at Slashdot.

Follow this link:
Police Seize Two ‘Perfect Privacy’ VPN Servers

Opera warns that its web sync service was hacked

Data breaches happen all too often , but it’s rare that they target your browser’s sync service… and unfortunately, Opera just became one of those exceptions. The company is warning users that it detected a hack in its sync system that may have given intruders access to login details. While your passwords are likely safe (all synced passwords are encrypted, for example), Opera isn’t risking anything. It’s resetting all sync account passwords, and it recommends that you change any linked third-party passwords to be on the safe side. Opera is quick to note that the majority of its 350 million users won’t be affected, since most don’t use sync. However, this still leaves about 1.7 million active users at risk, and there are likely more inactive users who are storing useful passwords. True, it’s doubtful that the breach will lead to serious damage, but this certainly isn’t the kind of news Opera would want following its sale to a Chinese security giant . [Thanks, Kristy] Source: Opera Security

View the original here:
Opera warns that its web sync service was hacked

Dropbox Will Make You Change Your Password If You Haven’t Since 2012

If you’ve been using Dropbox for over four years and you haven’t changed your password since then, then two things are true. One, you haven’t been reading Lifehacker very long . More importantly, two: Dropbox is about to make you change it. Read more…

Android 7.0 Nougat review—Do more on your gigantic smartphone

The unveiling of the Nougat statue. After a lengthy Developer Preview program starting in March, the final version of Android 7.0 (codenamed “Nougat”) is finally launching today. The OS update will slowly begin to rollout to devices over the next few weeks. This year, Google is adding even more form factors to the world’s most popular operating system. After tackling watches, phones, tablets, TVs, and cars, Nougat brings platform improvements aimed at virtual reality headsets and—with some help from Chrome OS—also targets laptops and desktops. For Android’s primary platform (still phones and tablets), there’s a myriad of improvements. Nougat brings a new multitasking split screen mode, a redesigned notification panel, an adjustable UI scale, and fresh emoji. Nougat also sports numerous under-the-hood improvements, like changes to the Android Runtime, updates to the battery saving “Doze” mode, and developer goodies like Vulkan and Java 8 support. As usual, we’ll be covering Google’s Android package as a whole without worrying about what technically counts as part of the “OS” versus an app in the Play Store. Android is a platform not just for third-parties, but for Google as well, so we’re diving into everything that typically ships on a new Android smartphone. Read 154 remaining paragraphs | Comments

Read this article:
Android 7.0 Nougat review—Do more on your gigantic smartphone

Linux Traffic Hijack Flaw Also Affects Most Android Phones, Tablets

Zack Whittaker, writing for ZDNet: As many as 80 percent of Android devices are vulnerable to a recently disclosed Linux kernel vulnerability. Security firm Lookout said in a blog post on Monday that the flaw affects all phones and tablets that are running Android 4.4 KitKat and later, which comes with the affected Linux kernel 3.6 or newer. According to recent statistics, the number of devices affected might run past 1.4 billion phones and tablets — including devices running the Android Nougat developer preview. Windows and Macs are not affected by the vulnerability. The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from “anywhere”. However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack.The exploitability isn’t easy, though. Read more of this story at Slashdot.

Group claims to hack NSA-tied hackers, posts exploits as proof

(credit: Shadow Brokers ) In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency. In a recently published blog post, the group calling itself Shadow Brokers claims the leaked set of exploits were obtained after members hacked Equation Group (the post has since been removed from Tumblr). Last year, Kaspersky Lab researchers described Equation Group as one of the world’s most advanced hacking groups , with ties to both the Stuxnet and Flame espionage malware platforms. The compressed data accompanying the Shadow Broker post is slightly bigger than 256 megabytes and purports to contain a series of hacking tools dating back to 2010. While it wasn’t immediately possible for outsiders to prove the posted data—mostly batch scripts and poorly coded python scripts—belonged to Equation Group, there was little doubt the data have origins with some advanced hacking group. Not fully fake “These files are not fully fake for sure,” Bencsáth Boldizsár, a researcher with Hungary-based CrySyS who is widely credited with discovering Flame, told Ars in an e-mail. “Most likely they are part of the NSA toolset, judging just by the volume and peeps into the samples. At first glance it is sound that these are important attack related files, and yes, the first guess would be Equation Group.” Read 6 remaining paragraphs | Comments

20 hotels suffer hack costing tens of thousands their credit card information

(credit: HEI Hotels & Resorts) The chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels—HEI Hotels & Resorts— said this weekend that the payment systems for 20 of its locations had been infected with malware that may have been able to steal tens of thousands of credit card numbers and corresponding customer names, expiration dates, and verification codes. HEI claims that it did not lose control of any customer PINs, as they are not collected by the company’s systems. Still, HEI noted on its website that it doesn’t store credit card details either. “We believe that the malware may have accessed payment card information in real-time as it was being inputted into our systems,” the company said. The breach appears to have hit 20 HEI Hotels, and in most cases, the malware appears to have been active from December 2, 2015 to June 21, 2016. In a few cases, hotels may have been affected as early as March 1, 2015. According to a statement on HEI’s website, the malware affected point-of-sale (POS) terminals at the affected properties, but online booking and other online transactions were not affected. Read 4 remaining paragraphs | Comments

Almost Every Volkswagen Built Since 1995 Is Vulnerable To Wireless Unlocking Hacks

Even more bad news for Volkswagen: security researchers have discovered a huge security hole that affects potentially up to 100 million cars. It’s possible, using hardware as cheap as a $40 setup with an Arduino and an add-on radio transceiver board, to intercept signals from a Volkswagen Group key fob, and then by combining it with a small number of cryptographic keys shared by every VW car, one could essentially clone the car’s key fob. Read more…

Popular Sex Toy Caught Sending Intimate Data To Manufacturer

In a world where thermostats, and smart locks can be hacked, and companies covertly record information, why should sex toys remain unaffected. Fusion is reporting that the We-Vibe 4 Plus, a popular vibrator sends a range of intimate data to its manufacturer. The sex toy uses a smartphone app, which lets a use control the vibration among other things. From the report: When the device is in use, the We-Vibe 4 Plus uses its internet connectivity to regularly send information back to its manufacturer, Standard Innovations Corporation. It sends the device’s temperature every minute, and lets the manufacturer know each time a user changes the device’s vibration level. The company could easily figure out some seriously intimate personal information like when you get off, how long it takes, and with what combinations of vibes. This was revealed on Friday at hacker conference Defcon in Las Vegas by two security researchers, who wish to be called only by their handles @gOldfisk and @rancidbacon. The two examined the app’s code and the information being sent by the device over Bluetooth. In a statement sent by email, Standard Innovation Corporation’s president Frank Ferrari confirmed that the company collects this information. Read more of this story at Slashdot.

View the original here:
Popular Sex Toy Caught Sending Intimate Data To Manufacturer

900M Android Devices Vulnerable To New ‘Quadrooter’ Security Flaw

An anonymous Slashdot reader quotes a report from CNET: Four newly-discovered vulnerabilities found in Android phones and tablets that ship with a Qualcomm chip could allow an attacker to take complete control of an affected device. The set of vulnerabilities, dubbed “Quadrooter, ” affects over 900 million phone and tablets, according to Check Point researchers who discovered the flaws. An attacker would have to trick a user into installing a malicious app, which wouldn’t require any special permissions. If successfully exploited, an attacker can gain root access, which gives the attacker full access to an affected Android device, its data, and its hardware — including its camera and microphone. The flaw even affects several of Google’s own Nexus devices, as well as the Samsung Galaxy S7 and S7 Edge, according to the article, as well as the Blackberry DTEK50, which the company describes as the “most secure Android smartphone.” CNET adds that “A patch that will fix one of the flaws will not be widely released until September, a Google spokesperson confirmed.” Read more of this story at Slashdot.

View article:
900M Android Devices Vulnerable To New ‘Quadrooter’ Security Flaw

Ken May

Tag: security