BBC: Hacking group Anonymous has aided a global search for a cyber-vandal who defaced a charity website. Members of Anonymous helped track the attacker down to Madrid following a plea from the owner of the RedSky video production company. New Zealand-based RedSky asked for help after an attacker penetrated its website, erased data and left graffiti. The attack was reportedly carried out in a bid to impress Anonymous and join its ranks as a member. ...
h-online: At the Black Hat hacker conference in Las Vegas, encryption expert Moxie Marlinspike promised that his CloudCracker web service was able to crack any VPN or WiFi connection secured using MS-CHAPv2 within 24 hours. The cost? Around $200. MS-CHAPv2 is based on the eminently crackable encryption algorithm DES. The problem was first documented in 1999 by Bruce Schneier working with two other researchers. A large number of processor cores are still required to crack the encryption within a reasonable time – the number of possible keys makes trying to perform a brute force attack on a normal PC a hopeless task. ...
h-online: A data leak at the meetOne dating site allowed anyone to access private data including the plaintext passwords, email addresses and real names of the site’s approximately 900,000 members. To obtain the data, an attacker simply needed to increment a URL parameter. After they were informed by The H‘s associates at heise Security, the operators soon closed the hole. When news of a data leak in one of the dating portal’s custom APIs was disclosed to heise Security, the editors managed to reproduce the problem and access the data of a specially created test profile. The API disclosed information including the email address and password of the test user, which allowed access to the user’s profile. ...
iol scitech: London – A British computer hacker accused by the United States of breaking into top secret military and space agency networks will learn the result of his six-year fight against extradition within three months, a court heard on Tuesday. Gary McKinnon faces up to 60 years in jail if convicted in American courts for what one US prosecutor has described as the “biggest military computer hack of all time”. ...
FoxNews: International hacking group Anonymous took at least 10 Australian government websites offline briefly Tuesday in a series of escalating attacks over proposed changes to privacy laws. The Australian arm of the group has warned it will continue the attacks on “.gov.au” sites until plans to force ISPs to store user data and make it further available to security services are shelved. The attacks started after Prime Minister Julia Gillard answered policy questions via webcam in an online Google+ Hangout session on Saturday but the sites targeted so far are all run by the Queensland State Government. ...
h-Online: A file with 11 million password hashes belonging to users of the online games platform Gamigo has been circulated on the internet. According to an analysis by ZDNet, 8.2 million different email addresses are also part of the 478MB file. Around 3 million of these belong to users from the US, 2.4 million are German addresses and 1.3 million are supposed to originate in France. The list also includes corporate email addresses from companies such as IBM, Siemens, Deutsche Bank and the German insurance company Allianz. ...
The Smoking Gun: Christina Aguilera contends that the recent hacking of her e-mail account had stripped her of a “feeling of security” that now “can never be given back,” according to a victim’s impact statement submitted to a U.S. District Court judge in Los Angeles. The singer’s statement was prepared in advance of the sentencing of Christopher Chaney, the Florida felon/online stalker who has pleaded guilty to illegally accessing the e-mail accounts of more than 50 victims (many of them Hollywood figures). ...
Late last week, NVIDIA confirmed that the database for its forums web site had been broken into by unauthorized third parties, with data from more than 400,000 registered users affected. A hacker group calling itself “Team Apollo” has now claimed responsibility for the breach which caused NVIDIA to take the site down. As proof, they have published email addresses and password hashes for approximately 800 users from the database on Pastebin, with more, apparently, to follow. If the data proves to be genuine, NVIDIA’s statement that the password hashes were salted would be contradicted: the database excerpt includes the hash b018f55f348b0959333be092ba0b1f41 three times in the list, the result of md5('nvidia123'). ...
ZDNet: Phandroid’s AndroidForums.com has been hacked. The database that powers the site was compromised and more than 1 million user account details were stolen. If you use the forum, make sure to change your password asap. Read the whole story at ZDNet: http://www.zdnet.com/android-forums-hacked-1-million-user-credentials-stolen-7000000817/
Übergizmo wrote: If you use Yahoo! Voice a lot – Yahoo’s VoIP service via its Yahoo! Messenger instant messaging application, then you will definitely need to hear this report. Earlier today, more than 453,000 user accounts from an unidentified service owned by Yahoo were posted on a hacker site. The hackers reportedly said that they infiltrated the subdomain by using a union-based SQL injection. But the group responsible for the security breach added that the data breach was intended to be a wake-up call for Yahoo. ...