IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here. The OTHER forum is HERE so please stop asking.
Quick Look your Right Eyes and Ears while using Public Wi-Fi Network
by Waqas on January 18, 2014 in Security & Vulnerability
Research has revealed that public Wi-Fi networks are more dangerous than one might realize. They can be like ripe fruit for hackers. Setting up a fake Wi-Fi network to steal personal information is an easy task for these hackers.
When a user tries to connect with public Wi-Fi, especially at an airport or coffee shop, he/she may not know whether the Wi-Fi network signal is authentic or fake. It is here that hackers could steal your data over such public connections. Such unsafe surfing is sure to open you up to a number of online threats. We’ll talk about some of these security risks involved in accessing public Wi-Fi.
What threats could be expected while using a public Wi-Fi?
Well, an unsafe surfing is likely to attract a number of online threats let us see some of them:
Evil Twin/Wi-Fi Phishing: Justifying its name, in Evil twin the access routes creates a cloned network with a same network name. Evil Twin works in the same way as the normal phishing threat does, when the user enters into the wrong access route, evil twin starts stealing system’s data or attacks in any other way.
New war drivers: War drivers are those who try to hack network illegally especially on open network like a public free Wi-Fi network. These war drivers could be anyone like hackers, professional criminals or even the employees or competitors of the particular business.
Viruses: One of the ancient types of the online threats is virus also influence wireless network. Viruses enter into the wireless network, send requests, and connect to the local area networks to make a way to the nearest wireless networks and corrupt the network system coming in its way.
Data eavesdropping: This is very common Internet threat. With lots of interceptable signals and data sharing techniques, eavesdropping also prevails in public Wi-Fi network.
How can you keep a safe distance from threats?
All you have to do is to stay alert and updated. Following steps will help you to stay protected while using a public Wi-Fi network:
1. Turn off Sharing
Many times, we use computers and Internet for sharing purposes such as files, images, audios, videos, graphics, and printers and so on. Being on a public network it is obvious that someone will try to access your data and files. To prevent this you need to turn off the sharing feature of your OS.
Windows:
For turning off sharing files on windows:
Go to the Control Panel from the Start menu and click on the Network and Sharing Center.
On the left corner, click on the Change advanced sharing settings and under the Home or Work tab Change the settings as given below:
Network Discovery: off
File and Printer Sharing: Off
Public Folder Sharing: Off
File Sharing Connections: Use 128-bit encryption.
Click on the Save Changes button.
Mac OS X:
Go to Apple menu and then click on the System Preferences.
From the System Preferences window click on the Sharing in the third row
Now a new window will open.
In that window, see the checkbox in the front of the File Sharing. If it is checked then uncheck it.
Close the window.
2. Turn on the Firewall
Although the firewall does not secure the network thoroughly, it is still necessary to keep unwanted traffic away from the network. Operating Systems like Windows and Mac OS X come along with the basic Firewall.
Windows:
To turn Firewall on in the windows, just go to the Start > Control Panel > System Security > Windows Firewall.
Mac OS X:
In Mac OS X, go to the System Preferences > Security and Firewall and turn it on.
3. Update your antivirus software
Installing the antivirus software is not enough; you also need to update it from to time-to-time. Antivirus software will alert you on finding any suspicious content.
4. If not in use then turn it off
If there is no need of internet connection then turn the Wi-Fi connection off. Keeping Wi-Fi during idle time may invite unwanted vulnerabilities, and can result into snooping or sniffing attack.
5. Implement VPN
Virtual Private Network is widely famous for keeping your entire stuffs private. VPN are available in both paid and free modes. This is the perfect alternative and an unbeatable solution for those who frequently need to connect with public Wi-Fi networks.
6. Check for SSL
An SSL secured website is always starts with HTTPS. SSL confirms the encryption process carried out by that website/server, and hence guarantees a secure online communication. Any site, which is not https, is not worth trusting.
Certificate authority issues SSL certificate that is used to secure domains, websites, web applications, software, source code, documents, as well as mobile applications.
So always, make sure that you check for the “https” in the websites before dealing out with any website.
7. Two-step authentication-a safer method to avoid threats
All the reputed businesses or websites have implemented two- step authentication process, which is also called two-factor authentication. In this process, one has to provide two different credentials to log on to one’s account.
Therefore, even if any hacker reaches up to your password, he/she will not be able to access your account without authentication code.
8. Being available all the time is not good for your health
Staying online all the time is also one of the reasons of hijacking of your email accounts or bank accounts or account of social networking sites. After finishing your work, you should log out from all of your accounts. In addition, one should disable the setting in laptop and mobile phone of automatically connect to the Wi-Fi hotspots. Below is the process of disabling Auto- connecting to public Wi-Fi networks in windows.
Go to the Start menu
Open the Control Panel
Either you will be having “Network Connections” or “Network and Internet Connections” > “Network Connections” or you will be having “Network and Sharing Center”, click on that.
For Windows 7 and higher versions click on the “Wireless Network Connection”, then on the “Wireless Properties” tab. For earlier versions of window OS, right click on the “Wireless Network Connection”, and then click on the “Properties” option.
For versions lower than that of Windows 7, click on the “Wireless Networks” tab then click on the “Advanced Button”.
Un-check the option “Automatically connect to non-preferred networks”.
In Windows 7 and higher versions, un-check the “Connect to a more preferred network if available”.
Certain facts like not connecting to unknown networks, providing minimum information if asked for on the network, being demanding in asking for encrypted networks and so on should also be taken into consideration before connecting to a public Wi-Fi network.
Working on Internet is not as safe as it should be, one should be aware of the prevailing threats and their prevention.
How Facebook leaked thousands of private messages all because of a typo
by Lisa Vaas on February 7, 2014
Katya appears to be a teen girl living in Mexico.
Some of the things her friends have shared on Facebook include the massacre of baby cows in Farmville.
One of the private messages sent to Katya on Facebook might contain a biblical reference, or perhaps it's a reference to a number significant to the Illuminati. At any rate, it reads: Love and miss you. I want to give you this hug :33.
How do I know any of this, particularly given that Katya's privacy settings prevent people from sending her a private message or writing on her wall unless they're her friends?
I know because Forbes' Kashmir Hill knows.
Kashmir Hill knows because a woman named Kristal McKenzie knows, and Kristal McKenzie knows because she received Katya's private Facebook messages - they numbered 14,000 before the mess got cleaned up - updates from Katya's friends, updates when Katya got poked, and friend requests.
The problem started, Hill writes, after McKenzie had given up on Facebook.
She had a baby on the way, wanted to focus on what she called "the people in [her] real life", and was tired of Facebook's near-constant privacy changes.
In spite of having closed her account, last summer, she got a message from Facebook welcoming her back.
It was in Spanish, and it was addressed to Katya.
Obviously, somebody signed up for an account and mistyped their email address, after which the personal life of Katya's private Facebook persona began to spill into McKenzie's world.
It should have been pretty straightforward to fix. There's an option in the welcome email that a recipient can click to indicate that it's not his or her email.
McKenzie did that, and, she told Hill, Facebook's website accordingly told her that she would be disassociated from Katya's account.
Only she wasn't. Or rather, she sort of was, in that she couldn't log onto the account so as to unsubscribe, since she was disassociated, but the messages didn't stop coming.
She tried creating a new Facebook account with her email address, but the upshot was just that she got notifications on both accounts.
Her email messages to Facebook's abuse and PR departments went into a black hole, as such messages from normal people - i.e., people who aren't the media - tend to do.
She got in touch with the US Federal Communications Commission (FCC) and a privacy organization for young people that works with Facebook.
The privacy group said they'd pass along the message to Facebook. Again, that got McKenzie nowhere.
Both McKenzie and Hill tried to reach Katya through one of her friends, but that didn't work. Katya actually went on to create Skype and AskFm accounts using McKenzie's email address, but McKenzie managed to get those shut down.
Only when Hill, a reporter for a widely read magazine, got in touch with Facebook did the gaping privacy hole close.
The problem was, Facebook told Hill, a quirky little bug: in "extremely rare circumstances", a spokesperson told her, the link at the bottom of emails that people use to report incorrectly addressed messages wasn't working properly.
The spokesperson said that this perfect privacy storm was triggered by a combination of mistyping an email address, not confirming it, but then successfully confirming a contact phone number.
Facebook is now fixing it "to ensure it can't happen again", the spokesperson told Hill.
Facebook reportAs Hill said, it sounds like a rare fluke, but what turns a molehill into a privacy mountain is the fact that the whole thing could have been, if not avoided completely, a lot less severe were Facebook to have responded to McKenzie's messages about the situation in the first place.
McKenzie said that the episode belies Facebook's claims to care about our privacy:
The tech companies assure us they're concerned about privacy yet there was no way for me to notify Facebook about this. She's a teenager. I didn't want to be privy to what's going on in her life.
Facebook, seriously, neither do I - answer the door when users like McKenzie ring your bell.
Snowden used simple technology to mine NSA computer networks
• Press report says whistleblower used ‘webcrawler’ software
• Revelation raises new doubts about failure to detect activities
Rory Carroll in Los Angeles
The Guardian, Sunday 9 February 2014 18.54 GMT
Edward Snowden, in a still from a Wikileaks video, speaks in Moscow last October after his leak of secret NSA files. Photograph: Uncredited/AP
The National Security Agency whistleblower Edward Snowden used inexpensive and widely available software to plunder the agency’s networks, it has been reported, raising further questions about why he was not detected.
Intelligence officials investigating the former contractor, who leaked thousands of documents to media outlets including the Guardian last year, determined that he used web crawler software designed to search, index and back up websites to “scrape” highly classified files, the New York Times reported on Sunday.
The unusual activity triggered a brief challenge from agency officials but Snowden persuaded them it was legitimate and continued mining data.
“We do not believe this was an individual sitting at a machine and downloading this much material in sequence,” an unnamed official told the Times. The process, the official said, was “quite automated”.
Web crawlers, also known as spiders, move from website to website, following links embedded in each document, and can copy everything they encounter. Snowden is believed to have accessed about 1.7 million documents.
The NSA has a mandate to deter and rebuff cyber attacks against US computer systems but Snowden’s “insider attack” was relatively unsophisticated and should have been detected, investigators said, especially since it came three years after Chelsea Manning used a similar technique to access State Department and military data which was then passed to Wikileaks.
Snowden was a technology contractor working at an agency outpost in Hawaii that had yet to be equipped with modern monitors which might have sounded the alarm. The NSA’s headquarters in Ford Meade, Maryland, had such monitors, raising the question whether Snowden was “either very lucky or very strategic”, said one intelligence official.
According to The Snowden Files, a new book by Guardian journalist Luke Harding, Snowden moved to a job in Honolulu with security company Booz Allen Hamilton because it afforded even greater privileges.
Some members of Congress have accused Snowden of being a spy for Russia, where he has been granted asylum. He has denied the allegation.
Michael McFaul, the US ambassador to Moscow, declined to be drawn on the subject in an NBC interview on Sunday.
“What I can say,” he said, “is we want Mr Snowden to just come home, face the charges against him, and have a court of law decide what he has and has not done.”
A Flaw In Snapchat Lets Hackers Crash Your Phone Remotely
Alex Hern, The Guardian
Feb. 10, 2014, 10:30 AM
Snapchat CEO Evan Spiegel in Los Angeles.
A vulnerability in the Snapchat app allows attackers to flood the device with information, freezing and crashing the users iPhone, according to security researcher Jaime Sanchez.
Using a flaw in how the app authenticates users, Sanchez discovered that sending a huge number of messages to one user will cause their iPhone to crash. Even once it powers back up, the app itself still hangs until the attack is over.
Sanchez, who works for O2’s parent company Telefonica, disclosed the vulnerability on Saturday, and found that the company had banned his two testing accounts and blocked the IP he used to demonstrate the attack – but had not immediately fixed the actual problem.
The flaw is based on the way Snapchat authenticates users: rather than sending passwords with each picture, it sends an authentication token based on the password and the time. In theory, this lets the site’s servers reject individual requests.
In practice, however, instead of demanding a new access token for every action, the app’s servers will accept re-used tokens. While the actual Snapchat app still generates new tokens each time, an attacker can generate one legitimate token, and then use it to automatically send messages.
That means that the only limit to how many times a message can be sent is the speed with which the attacker’s computer can send requests to Snapchat’s servers, allowing Sanchez to use several computers at once to send a thousand messages to one phone in five seconds, causing it to crash.
This is the second security breach at Snapchat in 2014. In August 2013, another group of researchers disclosed a vulnerability that let users find the Snapchat username associated with any phone number. Four months later, the vulnerability still hadn’t been fixed, and on January 1, 4.6m mobile numbers were leaked by hackers. The company delayed fixing the issue – and apologizing for the leak – for a further eight days.
Snapchat did not immediately reply to a request for comment.
Blockchain’s chief security officer Andreas Antonopoulos revealed a major denial of service attack on Bitcoin was underway at around 2am Hong Kong time.
A denial of service attack exploited the ‘transaction malleability’ weakness in the Bitcoin network, he said. As Antonopoulos told me last night, before a genuine transaction is confirmed in the Blockchain [public ledger system], the unique hash code that is generated can be manipulated in an attempt to send double the amount of Bitcoin.
The impact brought several major exchanges to suspend Bitcoin withdrawals, too, including the largest Bitstamp and BTC-e trading platforms.
SCMP will have full coverage of the attack later today.
JP Morgan pours scorn on Bitcoin
John Normand, the head of foreign exchange strategy at the investment bank, said in a research note, the digital currency is not a sound investment. Despite the “transformative effects of evolving technologies – Bitcoin looks like an innovation worth limiting exposure to,” he said, reports Wall Street Journal’s MoneyBeat.
Here are some of his other thoughts:
Compared to ‘fiat currencies’
“As a medium of exchange, unit of account and store of value, it is vastly inferior to fiat currencies. Since governments are quite unlikely to accord it the status of legal tender, Bitcoin or other virtual currencies would not reach the scale and scope to render them worthwhile for widespread commerce, payments or investment.”
Tackling the issue of yo-yo price volatility
“Even by dot-com standards, however, these moves are brutal. The Nasdaq only quintupled in value in three years (1997-2000), while Bitcoin’s price has risen 50-fold in the past year.”
Wall Street hedge fund raises US$5m
Since New York-based NYSO Hedge said on February 7 it would accept Bitcoin for trading, in three days it has raised US$5.4 million (HK$42 million).
When asked why the hedge fund accepts Bitcoin, on its website, it explained: “Why do we accept Bitcoin? Other than Wire Transfer, Bitcoin is the most secure way to make a deposit.”
Bitcoin award winner
A development in the glimmer of good news I was referring to yesterday. In fact, a full party is in order. Bitcoin has won ‘Best Technology Achievement’ at TechCrunch’s 7th Annual Crunchies Awards.
According to Coindesk, the judges explained: “Since no one person made Bitcoin (or did they?) the award goes to the idea and the hard-working men and women around the world who are maintaining, mining, and improving the BTC protocol. It’s also an exciting time for economists who have suddenly become useful again as they try to explain the vagaries of currency pricing.”
Since Satoshi Nakamoto, the mystery figure behind Bitcoin, didn’t turn up, so Peter Vessenes, chairman of the Bitcoin Foundation, accepted the prize in his place.
35 million Brits know Bitcoin: survey
A survey of 2,000 online shoppers has found that 57 per cent of Brits have heard about the digital currency, Coindesk reports. However, the survey by communications agency Clarity will be a blow for enthusiasts – one in five expressed an interest in using cryptocurrencies. Just five per cent of respondents said they had used Bitcoin. In the breakdown of the sexes, 69 per cent of men versus 45 per cent of women have heard of Bitcoin.
Contrast that with 1,000 people quizzed by professional services multinational PricewaterhouseCoopers for its first ‘Digital Disruptor’ report released on January 27, the firm revealed only four per cent of people “very interested” in using Bitcoin. More encouragingly, 42 per cent understood the technical concept of how the digital currency worked. Half of respondents said they were “not very” or “not at all” interest, while a quarter of those particular respondents cited security concerns as a reason to stay away.
Latest Bitcoin price: US$662.50 at 09.17 on Tuesday based on prices from BTC-e and Bitstamp
Bitcoin exchanges have been crippled by hackers exploiting a weakness in the digital currency's core network.
Bitcoin exchanges have been crippled by hackers exploiting a weakness in the digital currency's core network.
The biggest breach affected the ability of several major digital currency companies to process withdrawals, halting or suspending the process.
No individual or group has claimed responsibility for the distributed denial-of-service (DDoS) attack, which overwhelms websites with requests for data.
"This went from an isolated exercise that was happening to a single exchange to a relatively broad-based attack," said Andreas Antonopoulos, chief security officer of digital wallet provider Blockchain.
Antonopoulos, who first made the discovery, was not sure how many were involved in the attack or where it originated.
Top exchanges Bitstamp and BTC-e, which control more than half of bitcoin transactions, suspended or delayed withdrawals as trading platforms stepped up checks and inspections on order books.
Bitcoin prices at both companies fell, resulting in the virtual currency's value dropping by more than US$100, to its lowest for the year. The benchmark Coindesk price index slumped to US$652.93 at 10pm last night.
A smaller hacking of the Japan-based Mt Gox exchange last April saw the price fall US$20 to US$120.
London-based exchange Bitstamp said a denial-of-service attack had left it unable to check account balances.
"As such, Bitcoin withdrawal and deposit processing will be suspended temporarily until a software fix is issued," the company said.
On Monday, Mt Gox revealed it had been hit with "unusual activity" related to transaction malleability - a characteristic of the bitcoin protocol that allows transaction IDs to change - which affected all exchanges.
"You can't change where the money has come from," Antonopoulos said, trying to explain how the hackers penetrated bitcoin exchanges. "What you can do is make it appear like it's a different transaction and when a network sees that, it tries to ignore one and only process the other, and that causes confusion."
He said customer funds and exchanges were not at risk.
Lo Ken-bon, chief executive and co-founder of Hong Kong-based exchange Asia Nexgen, which has not been affected, said discussions were being held among exchanges to address the situation.
"Everybody needs to fix their networks," Lo said. "Hackers are attacking the infrastructure but you have to find a way to prevent or re-route around the problem."
Jeff Garzik, a bitcoin software developer, told Bloomberg some websites, as well as users of bitcoin wallet software, would have to update their programs to prevent attacks.
Popular wallet service Coinbase - which raised US$30 million from investors last year - said customers faced delays to "legitimate" transactions.
Garrick Hileman, an economic historian at the London School of Economics, said: "The current co-ordinated DDoS attack on exchanges appears to be more potent than past ones, and certainly the timing of this attack, which exploits the transaction malleability problem Mt Gox cited yesterday, is peculiar."
Syrian Electronic Army Leaks Details of over 1 Million Forbes Readers
Forbes confirms that the Syrian Electronic Army has breached its publishing platform. In addition to gaining access to the company’s WordPress admin console and hijacking some Twitter accounts, the Syrian hacktivists have also gained access to readers’ information.
“Users' email addresses may have been exposed. The passwords were encrypted, but as a precaution, we strongly encourage Forbes readers and contributors to change their passwords on our system, and encourage them to change them on other websites if they use the same password elsewhere,” Forbes wrote in a statement posted on Facebook.
“We have notified law enforcement. We take this matter very seriously and apologize to the members of our community for this breach.”
Initially, the Syrian Electronic Army offered to sell user email addresses and passwords taken from Forbes. However, one hour later, they announced that the data would be published for free.
Two hours ago, the hackers uploaded a file containing the details of more than 1 million users, including usernames, email addresses and encrypted passwords. The information has been uploaded to what the SEA calls a “secure host.”
This probably means it will more difficult for Forbes to remove it. The IP address of the server to which the data has been uploaded is 91.227.222.39. The server, located in the United Kingdom, was previously used by the Syrian hackers when they defaced marines.com.
Even if the passwords are encrypted, the large number of email addresses published online could still be useful to cybercriminals.
The Syrian Electronic Army has told Softpedia that they’ve attacked Forbes because of the publication’s reports about the hacker group and Syria.
The hacktivists have suggested that Forbes Social Media Editor and staff writer Alex Knapp is the one they’ve tricked into providing them with the information needed to compromise the company’s systems.
The Syrian Electronic Army has attacked numerous media organizations over the past years. However, they rarely leak user data.
Updated to clarify that there are over 1 million leaked accounts, not just 16,000. Also, the server that hosts the data is in the UK, not the UAE.
Someone hacked Paypal president David Marcus’ credit card
Special Reports February 12, 2014
David Marcus who is the President of Paypal, got his credit card hacked on Monday, The Leader of the online Payments’ company announced about his Hack through his twitter account.
The Tweet reads:
My card (with EMV chip) got skimmed while in the UK. Ton of fraudulent txns. Wouldn’t have happened if merchant accepted PayPal…
The magnetic strip is the main root of a credit card, which is mainly used in the US is the cause of this hack, according to the Marcus, he says ‘thieves probably skimmed the info from the magnetic stripe on his card,’ even though his card had an EMV chip, the technology which is in Europe and more secure than the ones commonly used in U.S.
My card (with EMV chip) got skimmed while in the UK. Ton of fraudulent txns. Wouldn’t have happened if merchant accepted PayPal…
Facebook Hacking, Special Reports February 15, 2014
Just now, we catched a report on a hackers news website hackersnews that they got a mail from a hacker named ’Dr.FarFar‘, who is actually claiming the hack of Facebook’s CEO Mark Zuckerberg Facebook account.
The thing is, Facebook cover of the Mark’s timeline cover photo is missing and hacker claimed to do that, well that is hard thing to believe this normal thing as a hack, but it could be.
We also checked the Mark Zuckerberg’s timeline and found the timeline cover missing, you can see an image at the top.
After some minutes hacker updated thehackernews, how he was able to remove the Mark’s timeline cover, he wrote:
I don’t like this photo of me‘ and then “I used Fiddler2 Debugger Program to edit the request.”
Last year in August-Researcher from Palestine hacked Zuckerberg’s timeline to report a bug, right now there is not any confirmation from Facebook about this hack.
Companies are facing a rising number of cyber attacks
Online crowdfunding website Kickstarter has said that hackers obtained some of its customers' data.
The site was hacked earlier last week, but the breach has been repaired, chief executive Yancey Strickler said.
The hackers got some passwords, phone numbers and email addresses, but "no credit card data of any kind was accessed," he said.
Kickstarter is one the leading online fundraising sites that lets people raise money from donors for projects.
"We're incredibly sorry that this happened," Mr Strickler wrote in a blogpost. "We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways.
"As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password."
He added that the company is "working closely with law enforcement".
People with Kickstarter accounts are being urged to change their passwords.
Kickstarter was founded five years ago and has collected $982m (£586m) for more than 56,000 projects, according to its website. It says it has collected pledges from more than 5.6 million people.