Tag : hacked

Lets agree to not use Yahoo anymore

Yahoo Breach

A hacker responsible for breaches of both LinkedIn and MySpace, has reportedly stolen 200 million login credentials for Yahoo accounts.  The hacker goes by the name peace_of_mind and claims to have also stolen credentials for Tumblr as well.  He is selling the Yahoo information on the darknet in a marketplace called TheRealDeal, where for 3 bitcoins, or US $1,824 anyone can buy them. Motherboard reported that a Yahoo spokesperson told them that the company was aware of the credentials being stolen online, but did not confirm whether Yahoo itself had been hacked in order to obtain the login credentials.

In a statement to Motherboard Yahoo states,

“We are committed to protecting the security of our users’ information and we take any such claim very seriously,” a Yahoo spokesperson said. “Our security team is working to determine the facts.”

The biggest oddity of the news appears to be the credibility of the login credentials. Many of the accounts appear to be disabled or otherwise inactive when Motherboard attempted to test 100 of the posted email addresses, most came back “undeliverable”. When Motherboard contacted peace_of_mind  posting on TheRealDeal, he explained most of the stolen credentials were from 2012. Peace_of_mind has posted a sample of the stolen Yahoo database, including passwords and email addresses that have been hacked using the MD5 algorithm.

As many may remember, this is not the first time Yahoo has been put in a bad spot due to a security breach. In 2012 a breach exposed 453,000 passwords while in 2014 a breach involved what the company called a “coordinated effort” to gain access to Yahoo email accounts. In May of this year the United States House of Representative  blocked Yahoo access on it’s network due to concern that the company was a target for hackers. Rightfully so apparently.

The company told PCmag in a statement,

“[Yahoo] works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”

Regardless of whether or not Yahoo confirms the breach, users should most certainly change there credentials, and in my own opinion, jump ship to Gmail.

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com  www.pcworld.com

Ransomware Attacked My Mom’s Computer

04CYBERWALL-facebookJumbo
How My Mom Got Hacked, a real life story about Brooklyn artist who receives a panicked phone call from her mom one day complaining her personal computer has been taken over by some sort of strange encryption. The story unravels the journey Alina Simone and her mom Inna endure in order to restore the files back from the hackers. After the initial shock of the situation sets in the two research their options and realize, as many do, that there is little to no answer as to how to get the files back without paying the hefty $500 ransom fee.

“I thought it was a typical mom rant about hr hardware crashing and having to pay the repair people $500 because her computer crashed.” Like many of us do when our parents call us after a long days work, Alina didnt take her mom seriously. Seeing as it was Thanksgiving weekend, a major snowstorm had just hit, and the ransom deadline was already decreasing to less than a 24 hour bracket, Alina and her mother were frantic. Her mother didn’t make the deadline, and according the the hackers the ransom would double due to this. Inna pleaded with the hackers and they let her off with $500 ransom and all her files. Luckily.

Others, such as the case of the Hollywood Presbyterian Medical Center that was hacked in early February and had to pay a whooping 40 bitcoin, $17,000 ransom, in order to get their system back on track.

“The value of my personal files and pictures caps off somewhere. But [if] I encrypt the back-end of your corporate system and prevent you from processing payments, that has a tremendous value. And if the hacker can recognize the value of what he has, the ransom can be more dynamically set based on the content of the data.”explains Grayson Milbourne, Security Intelligence Director for Internet security firm Webroot.

From personal to corporate, ransomware is most certainly an eye opening experience to security vulnerabilities.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: The Growing Threat of Ransomware

iPad and iPhone Can Be a Security Risk

BVA has found that these types of mobile devises if not provisioned correctly can seriously be a security risk to your network environment.  Security policies need to be set forth to ensure security at all levels of access.  Apple iPad tablet device as well as the iPhone is slowly becoming a legitimate business tool, your employees will soon have them in hand and invade your business. The reality is that the iPhone changes the playing field for security and really surprised IT consulting companies and their administrators when it got released.   The users needs versus wants changed completely where being able to have a Smartphone that just sync’s calendars, contacts, and emails changes drastically. The iPhone hit the scene and next thing we were getting requests for it to be integrated into a businesses mail environment immediately. These requests were coming from owners and directors, decision makers were being demanding about making it work, totally side-stepping the security protocols set forth by years of experience and best practice.  The bottom line is that the line between corporate tool and consumer gadget has not just been blurred; it has been completely erased.  There have been several studies that have shown that when asked, the iPad and iPhones present the greatest smartphone security risk for IT.  It’s a scary thought that you have locked down your environment but since a new gadget gets releases to the market and owners want it, it diminishes the integrity of the system.

There was recently a few contents by security outfits where they had people hack the iPhone in less than 2 minutes and won a cash price.  This is a scary thought and quite frankly shows how easy it can be for the non-hacker.  Obviously it might take a little longer from a less talented hacker but it can clearly be done.  Apple has little intention to make their OS more secure because it’s not the market that they are targeting.  Again they are targeting the consumer, not the business enterprise.  I am sure there will be a point in time when that day comes but it is not in the near future.  If Apple at the very minimum addressed just the enterprise security, supportability requirements, and new hardware level encryption.  I want to be very clear that the OS on the iPhone is the same as the iPad as well as its security. Apple targeted the iPad primarily as a media consumption gadget for the residential consumer, not the business community but again we have seen this shift.  I am not saying that you should ban the iPhone or iPad but develop policies and procedures that address the rules of engagement for integrating the iPad with your network environment.

As you develop the policies, keep in mind that the iPad is unique and could fall into a few different areas for policies.  Here are some key points to keep in mind:

•    delivers notebook-like functionality
•    smartphone OS platform
•    normally placed in the policy bucket for computer usage and security policies, not recommended
•    a good policy bucket to consider – smartphone usage and security policies (recommended)
•    same smartphone OS was hacked in less than 2 minutes

Make sure that whatever policy selected addresses the most important factor here which is allowing or denying the storage of confidential or sensitive information on the iPad, or how e-mail, instant messaging and other communications conducted through the iPad fit within archiving and compliance requirements.