Month: September 2016

Probe of leaked U.S. NSA hacking tools examines operative’s ‘mistake’

Posted on by

Joseph Menn and John Walcott report: A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters. The tools, which […] Continue reading Probe of leaked U.S. NSA hacking tools examines operative’s ‘mistake’

Yahoo, The Largest Data Breach in History…so far

Posted on by
Yahoo have just disclosed over 500 million of its user accounts have been compromised, that’s a huge number, think about it for second, that’s half a billion people across the globe affected and at risk. This is largest known data breach in history to date. We know the Yahoo account data were stolen in late 2014, said the hack is said to have been orchestrated by state-sponsored actors, although there’s no evidence to back this claim up.
Yahoo has not disclosed how the data was hacked, or why it has taken almost two years to either discover the breach or disclosure the breach publically. A cynic might say Yahoo delayed informing its massive user base until after it’s recent £3.7 billion sale to Verizon was done and dusted. However in late July 2016 hackers were found offering 200 million Yahoo accounts for sale on the dark web (www.telegraph.co.uk/200-million-yahoo-account-details-for-sale-online), so it is likely the 2014 data theft was discovered on the back of investigating that.
The stolen Yahoo account data included names, email addresses, telephone numbers, dates of birth, and security questions and answers. Surprisingly a chunk of the security questions and answers were not encrypted by Yahoo. I always recommend companies treat the protection of account security questions and answers at the same degree as account passwords, given they can be typically used just like a password access an account via a password reset function, including accounts used with other websites. This is especially important on email accounts, as often that is where the password reset links are sent as part of the password reset process.
Advice 1: Reset Your Yahoo Password
Yahoo stated account passwords were stored as a hashed value using bcrypt. That’s good practice, especially in using bcrypt. However my advice is to play it safe and reset the password, it’s good practice to change your password regularly anyway. And if you use that same password on any other websites, change it there too. 
Advice 2: Change Your Security Questions and Answers
Yahoo users should change their security question and answers, click here to do this on the Yahoo website. If users use the same Yahoo security questions and answers on other accounts, they also need to be changed, especially where they can be used to reset passwords and/or gain access to the account. Sure this will be a difficult task to check and complete, but Yahoo users should assume their Yahoo ‘security questions and answers’ together with their name, email address and date of birth, are known by cyber criminals.

Advice 3: Be Extra Vigilant
Yahoo users should be extra vigilant for phishing scam emails, which may be crafted using the stolen Yahoo personal information to look highly authentic. Also check for any suspicious activity in the email account, especially any signs that someone else has been using it.

Continue reading Yahoo, The Largest Data Breach in History…so far

Yahoo, The Largest Data Breach in History…so far

Posted on by
Yahoo have just disclosed over 500 million of its user accounts have been compromised, that’s a huge number, think about it for second, that’s half a billion people across the globe affected and at risk. This is largest known data breach in history to date. We know the Yahoo account data were stolen in late 2014, said the hack is said to have been orchestrated by state-sponsored actors, although there’s no evidence to back this claim up.
Yahoo has not disclosed how the data was hacked, or why it has taken almost two years to either discover the breach or disclosure the breach publically. A cynic might say Yahoo delayed informing its massive user base until after it’s recent £3.7 billion sale to Verizon was done and dusted. However in late July 2016 hackers were found offering 200 million Yahoo accounts for sale on the dark web (www.telegraph.co.uk/200-million-yahoo-account-details-for-sale-online), so it is likely the 2014 data theft was discovered on the back of investigating that.
The stolen Yahoo account data included names, email addresses, telephone numbers, dates of birth, and security questions and answers. Surprisingly a chunk of the security questions and answers were not encrypted by Yahoo. I always recommend companies treat the protection of account security questions and answers at the same degree as account passwords, given they can be typically used just like a password access an account via a password reset function, including accounts used with other websites. This is especially important on email accounts, as often that is where the password reset links are sent as part of the password reset process.
Advice 1: Reset Your Yahoo Password
Yahoo stated account passwords were stored as a hashed value using bcrypt. That’s good practice, especially in using bcrypt. However my advice is to play it safe and reset the password, it’s good practice to change your password regularly anyway. And if you use that same password on any other websites, change it there too. 
Advice 2: Change Your Security Questions and Answers
Yahoo users should change their security question and answers, click here to do this on the Yahoo website. If users use the same Yahoo security questions and answers on other accounts, they also need to be changed, especially where they can be used to reset passwords and/or gain access to the account. Sure this will be a difficult task to check and complete, but Yahoo users should assume their Yahoo ‘security questions and answers’ together with their name, email address and date of birth, are known by cyber criminals.

Advice 3: Be Extra Vigilant
Yahoo users should be extra vigilant for phishing scam emails, which may be crafted using the stolen Yahoo personal information to look highly authentic. Also check for any suspicious activity in the email account, especially any signs that someone else has been using it.

Continue reading Yahoo, The Largest Data Breach in History…so far

Here are the 2016 Ig Nobel Prize ‘winners’

Posted on by
“Congratulations”
ignobels 2016 intro

Let’s say you’re a scientist, and you’ve worked your entire adult life at your discipline. You do a sort of offbeat study, for valid scientific reasons, and figure, hey, this’ll get a laugh in whatever journal is relevant to your field, and then somebody calls you from Cambridge, Mass., and tells you you’ve won science’s equivalent of a Razzie. These are this year’s Ig Nobel Prize winners. Enjoy.

To read this article in full or to leave a comment, please click here

Continue reading Here are the 2016 Ig Nobel Prize ‘winners’

Posted in Uncategorized

Scratch-Built EV From Hoverboards

Posted on by

Electric vehicles are everywhere now. Even though battery technology hasn’t had the breakthrough that we need to get everyone out driving an electric car, the price for batteries has dropped enough that almost anything else is possible. The hoverboard was proof of this: an inexpensive electric vehicle of sorts that anyone who was anyone in 2015 had. Taking his cue from there, [Harris] used off-the-shelf parts normally used for hoverboards to build his own battery-powered trike.

The trike is homemade from the ground up, too. The H-frame was bolted together using steel and lots and lots of bolts. Propulsion comes …read more

Continue reading Scratch-Built EV From Hoverboards