Hackers have amassed a vast collection of stolen data, including 1.2 billion unique username/password pairs, by compromising over 420,000 websites using SQL injection techniques. This data haul may yet turn out to be a ‘Heartbleed’ moment for website owners who assume their sites are too small to be of interest to hackers.
Tag Archives: Data loss
HP finds that “Internet of Things” gadgets are sitting ducks
TVs, webcams, thermostats, remote power outlets, sprinkler controllers, door locks, home alarms, scales and garage door openers: they’re all flunking Security 101, with issues as bad as “Sure, go ahead, we consider ‘1234’ to be a perfectly acceptable password.”
Apple faces class action suit for tracking users without consent
A Californian plaintiff says that nobody at Apple ever told her about tracking her whereabouts, nor did anybody ever ask for her permission. She says she only found out about it by watching a recent Chinese state TV report about iPhone being a security risk to the state. 
Mozilla database leaks 76,000 email addresses, 4,000 passwords
Email addresses and encrypted passwords of thousands of Mozilla developers were accidentally exposed for a month – and there are no guarantees that they were not snaffled up by those with ill intent.
Bad passwords on PoS terminals leads to card stealing Backoff malware
More point of sale malware has been making the news, designed to steal credit card information as usual. This time the crooks are distributing the malware through remote control applications like Microsoft’s RDP. No exploits, no social engineering, just good old fashioned password guessing.
Security must come first! 60 Sec Security [VIDEO]
Here’s this week’s 60 Second Security. News you can learn from, in just one minute…
Tor attack may have unmasked anonymous users
Two Carnegie-Mellon researchers had planned a highly anticipated talk at next week’s Black Hat security conference – a talk that was cancelled when the university’s lawyers freaked out – about how easy it is to break Tor anonymity. They’re innocent until proved guilty, but The Tor Project says it was likely the two researchers are behind the attack. 
SSCC 158 – What do you mean, “Don’t knit your own remote authentication?” [PODCAST]
Here’s this week’s Chet Chat security podcast for your listening pleasure. Chester Wisniewski and Paul Ducklin of Sophos dissect the week’s security news to see what we can learn from other people’s mistakes…
1,000,000 lost credit cards = £150,000 fine
A UK travel company has been fined £150,000 for putting an “internal only” parking database system on the internet without securing it first. The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.
Hacker claims breach of Wall Street Journal and Vice
W0rm’s been quite busy and has already pulled this on CNET, and likewise is again offering to sell user data and server credentials for one Bitcoin. 