Collaborate Disseminate
Sorry I haven’t written anything about WannaCry (also known as WCry or WCrypt or Wana Decryptor) yet.
WannaCry burst onto the scene spectacularly today after NHS hospitals across the UK ground to a standstill, as the ransomware encrypted files and cau… Continue reading WannaCry ransomware hits systems worldwide
Yahoo CISO Bob Lord writes:
We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network.
The rumours of a serious data breach at Yahoo have been spreading for some months, but this is a bigger hack than was previously feared.
My advice?
More as this news develops.
Continue reading Yahoo confirms: hackers stole 500 million account details in 2014 data breach
Krebs on Security writes:
vDOS – a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline … Continue reading Online DDoS service vDOS hacked, spills details of its customers and targets
Motherboard reports:
On Tuesday, porn site Pornhub said it would be ditching all Flash content from its site, opting instead for HTML5, the most recent version of the web language that offers more support for multimedia content. Since hackers have had a number of successes at compromising porn sites, it’s notable that one of the largest is taking this step, albeit when Flash is already on its last legs.
“It was just a matter of time until we switched, as HTML5 is becoming the standard across platforms. Now makes the most sense as Google and Firefox are slowly pushing Flash support out of their browsers. Plus HTML5 has improved security, better power consumption and it’s faster to load,” Corey Price, vice president of Pornhub, told Motherboard in an email.
“All adult sites should make the transition to HTML5. Flash is nearly dead,” he added.
Ahh, la petite mort…
It has been a long and lingering death, but when Adobe Flash is finally gone for good, please don’t send any flowers. We’re well rid of it.
If you’re bold enough to still be using the internet with Flash enabled please enable “Click to Play” at the very least.
But if you want to enter the brave new world of a Flash-less world, here is our guide on how to uninstall it from your computers.
Continue reading Porn sites are giving up on Adobe Flash – and who can blame them?
A couple of years ago, I said something to the press that became a minor meme.
My suggestion was that people should “stop calling it ‘the cloud'” and start referring to it as “somebody else’s computer” instead.
After all, as soon as you start using lan… Continue reading Stop calling it ‘the cloud’, start selling t-shirts…
Riseup.net, the non-profit collective which has been providing dissidents a way to encrypt their communications since 1999, without revealing your location or logging your IP address, is running out of money:
The news is not good
We hate to be bad news… Continue reading Riseup, providing encrypted comms for over 15 years, could run out of money next month
If you’re a user of Apple products you should know that critical updates have been pushed out for iOS and OS X in the last couple of weeks, addressing vulnerabilities that state-sponsored hackers have been using to spy upon people of interest.
Malware … Continue reading Podcast with Ahmed Mansoor, the world’s most spied-on man
OneLogin describes itself as the “identity and access management (IAM) solution without compromise.”
Which means it must be OneLogin’s very worst nightmare to discover that it has itself been compromised.
It appears that a hacker was able to view “Secu… Continue reading ‘Identity and access management solution without compromise’ is compromised
Veteran anti-virus researcher Vesselin Bontchev has discovered that there are hundreds of samples of malware available for download from the WikiLeaks website.
The malware found by Bontchev is found in a large tranche of emails leaked from AKP, a Turki… Continue reading Now WikiLeaks is distributing malware
Veteran anti-virus researcher Vesselin Bontchev has discovered that there are hundreds of samples of malware available for download from the WikiLeaks website.
The malware found by Bontchev is found in a large tranche of emails leaked from AKP, a Turki… Continue reading Now WikiLeaks is distributing malware