Displaying items by tag: Breach
Apple's iCloud Easy to Crack with Existing Tools
Two days ago we reported on the iCloud controversy which involved an attack on Apple’s Cloud based Find My iPhone application. This attack (which appears to have been a dictionary attack) resulted in the release of nude images of a number of celebrities posted on the internet for all to see. Apple immediately jumped to the defensive and released a statement saying they were not “hacked” and it is not their fault. Now on the surface this is true as there was not a full breach of their security, but it is about as wrong as you can get.
Was a Flaw in Apple's Find my iPhone Responsible for the Recent Celebrity Nude Photo Leak?
Over the weekend a number of articles broke describing a “hack” that allowed nude photos of celebrities to be stolen and then reposted on the internet (4chan). Although the story held minimal interest at the time of its release we did not see it as big news since phone and cloud service hacks are far too common these days, just because it happened to be someone famous did not make it anymore news worthy. If anything it made it less as you should not be storing nude or explicit images of yourself on your phone or in any cloud service these days.
Are PCI Compliance Regulations Being Ignored and Allowing for More Data Theft?
It won’t happen to me is the battle cry of far too many companies these days when it comes to security. We have watches this mind set over the course of the last two years as businesses try to get out of the expense (time and money) needed to update or properly protect their companies and customers from data theft. One of the very recent and troubling ones is the Backoff malware that has hit an estimated 1,000 US businesses. Even Dairy Queen has been hit and consumer payment card data stolen.
Bitly user accounts compromised
Popular web service for shortening URLs, Bitly, sent an urgent warning about a possible compromise of user accounts on the service. Although it has not yet been discovered whether the attackers managed to seize the accounts of users, there is a possibility that their email addresses, encrypted passwords, API keys and OAuth tokens were compromised.
Current Security Methods are seriously Outdated... Time for a new Model.
Malware and breaches are inevitable. Anyone that has been in security knows that this is a simple fact. Every day there are hundreds of attempted (and successful) attacks executed against businesses, consumers, and the government. These attacks have been traditionally met with an incident-response thought process. IT departments monitor their networks for suspicious activity and respond when/if they find someone who is either attempting to or actually has broken in. Sadly, this is probably not the best way to handle security.
Adobe Breach Now Confirmed to Have Affected 38 Million Users
Recently Adobe had a security breach where they claimed that roughly 3 million user accounts were affected. At the time they said that some accounts even had encrypted credit/debit card information stolen. When the announcement came out Adobe sent out a mass e-mail informing the people affected that their accounts were compromised. The breach was a blow to Adobe’s Creative Cloud service which moves their software from a onetime purchase to a monthly subscription.
Did Adobe suffer a second breach?
On October 4th Adobe was forced to send out almost three million emails with the unfortunate news that their network had been attacked, breached and data stolen. The data from that theft included account IDs as well as encrypted passwords and credit/debit card information and even source code for Adobe products. The attack happened not all that long after Adobe pushed their users to a subscription based license for their products. Once a large number of people had joined the Creative Cloud service Adobe was an even more attractive target and due to their history or ignoring security the attackers were able to get in and grab what they wanted.
Club Nintendo hacked
Nintendo has announced that their Club Nintendo service where players can collect points for the hardware and the games they buy, and then to win a variety of prizes and gifts, got hacked or that unknown hackers broke into the database of members, and retrieve their data.
Cyber Attack on LivingSocial Ends up With 50 Million Users Exposed
Are you still sure that you want to sign up for that online service? Well you might want to think twice considering recent news. Last year we watched as Blizzard, LastFM, LinkedIn and others had their security breached and user information stolen. Now there is another online service that has had their security broken and their users’ information exposed to attackers. The online deals site LivingSocial fell victim to a cyber-attack that left over 50 Million (yes 50 Million) users’ data exposed.
Blue Toad Says The UDIDs Posted By AntiSec Is "our data", Who Is Telling the Truth?
Someone is claiming that the one million UDIDs posted by Anonymous actually were taken from them and not the FBI or Apple. The company Blue Toad from Orlando FL says that they checked the pastebin file and it was a 98% match for their database. This is an interesting twist in the events that have seen Apple, the FBI and even AT&T linked to surveillance of Apple phones through the use of the UDID (Unique Device IDentifier). Apple has already stated that the UDID will no longer be supported in the next version of their iOS software that is expected to be released to the world tomorrow.