Twitter August 2016

Return to Index page.  Like this? Please click LIKE / SHARE etc —->

August 31, 2016  86+ Million credentials from a 2012 breach at DropBox have been confirmed valid on the DarkNet. More than half uses the now-deprecated SHA-1 protocol. If you use DropBox, change your password.   Story  Tweet

August 29, 2016  iPhone 6 and 6+ users beware. Touching the screen can loosen chips leading to fatal “Touch Disease”. How to spot it and how to get Apple to fix it.   Story  Tweet

August 29, 2016  Cyber-aware journalist refuses tempting bait leading forensic analysts to find not one, but three, previously unknown (or at least undisclosed) major security vulnerabilities in Apple’s operating sytem.   Story  Tweet

August 29, 2016  Biometric security spoofed again. Maybe it is good people still prefer passwords?   Story  Tweet

August 29, 2016 Update  Class action filed re iPhone 6 and 6+ “Touch Disease”.   This Update  Start of the Story  Tweet

August 29, 2016  Video Jacking is when your smart phone’s video is cloned and recorded via a hacked USB charger exposing everything you see and type. Three ways to protect yourself.   Story  Tweet

August 29, 2016  Suspected $170M cyber-thief arrested arrested by US Secret Service in Maldives. International considerations, father is Russian politician.   Story  Tweet

August 28, 2016  FCC to investigate SS7 protocol flaw that allows third party recording of cell calls. That was the one exposed in March 2016, more than four months ago.   Story  Tweet

August 28, 2016  Opera synchronization service hacked exposing 1.7 million sets of login details.   Story  Tweet

August 28, 2016  20,000 pages of French submarine design appears to have been compromised at the Indian shipbuilder and published in an Australian newspaper. So much for top secret strategic security.   Story  Tweet

August 27, 2016  Accounting and payroll services company hacked exposing people in over 23 countries.   Story  Tweet

August 27, 2016  When you have a universal backdoor to security systems it is a really good idea not to leak the master key. Better yet, remove the backdoor before unleashing the software on the public. Microsoft: Naughty! Apple: Best Practice!  Story  Tweet

August 23, 2016  Hackers plant “terrorism” files on journalist’s computer. 19 months in jail before forensic analysis clears him. Is your security up to date?   Story  Tweet

August 23, 2016  Google Adware hacked to serve malware with silent install. Keep those adblockers up!  Story  Tweet

August 23, 2016  New variant of Nemucod serves up advertising malware and ransomware. Double whammy and not a nice kind.   Story  Tweet

August 22, 2016  20 hotels hacked, some for more than a year before anybody noticed.   Story  Tweet

August 22, 2016  350+ Eddie Bauer stores hacked, some for more than six months before anybody noticed. (is this sounding familiar?)   Story  Tweet

August 22, 2016  Cisco PIX VPNs highly vulnerable. Story  Tweet

We took a two week break to concentrate on a patent examiner’s response. While we were away we find that Tim Cook was right to question the security of the government as the NSA appears to be hacked. 20 hotels were hacked, some for more than a year before anybody noticed. Eddie Bauer was hacked for more than six months before anybody noticed. There are over 800 items in our inboxes. Our fingers and eyeballs hurt already.

August 12, 2016  Spend $40 on a computer core, add a 9 volt battery, an antenna, some other parts and software and gain access to 100,000,000 vehicles in the Volkswagen family. How massive can a cyber security failure be?   Story  Tweet

August 11, 2016  Defense of the Ancients 2 developer forum hacked exposing 1.9M. Admins appeared clueless until data was delivered to LeakedSource who found salt and deprecated MD5 allowed 80%+ of the passwords to be rendered as plain text.   Story  Tweet

August 11, 2016  Is your personal pleasure device reporting usage statistics and parameters back to the manufacturer without your knowledge or consent? At least one is.   Story  Tweet

August 10, 2016  BlackHat security conference attacked by Karma creating over 1,000 fake wireless networks and connecting over 35,000 unique devices.   Story  Tweet

August 10, 2016  ”How to Hack a Government” a surprising presentation at DefCon showing some techniques involving hacking banks, not to steal, but to move money around so current government appears crooked. How to black out communications using a cable cutting drone and how to reverse engineer social media to raise buzz about things that never happened, and more.   Story  Tweet

August 10, 2016  Are you getting a scam call? How would you know? A presentation gave solid guidance on security the human, often the weakest link in the chain of security.   Story  Tweet

August 9, 2016  Ransomware for thermostats on the internet of things (IOT) are no longer theoretical. Remember: there are Inherent Dangers to the Internet of Things (IDIOT)   Story  Tweet

August 9, 2016  Some airport computer generated passcodes are checked only for content, not for authenticity. One traveler gained access to all the airline lounges with codes he created. Great way to save money, but what other “security” systems use this model of insecurity?   Story  Tweet

August 9, 2016   Vertical integration hacker style: first hack a point-of-sale (POS) device. Then hack the store, the chain that owns the stores, now hack the POS manufacturer. Does that get the hacker control of “support” to directly access over 300,000 POS devices?   Story  Tweet

August 9, 2016  A Qualcomm chipset in many Android phones has four vulnerabilities that comes with the new-in-the-box device. There are three patches, but not everyone will get them right away. The fourth patch is expected in September.   Story  Tweet

August 9, 2016  A non-internet connected safe with a Underwriter’s Lab (UL) Type-1 High Security lock was found vulnerable to a novel side channel attack that never touches the lock itself.   Story  Tweet

August 7, 2016  20160807-monitorThe computer computes it and the monitor displays it, right? Not any more. Welcome to a whole new attack plane, direct monitor manipulation. What you see may not be what the computer intended to display. Bad, very bad.  Story  Tweet

August 7, 2016 Update  Whether your bitcoin account was hacked or not BitFinEx will take 36% of your holdings and give you a token they might redeem later. Maybe.   This Update  Start of the Story  Tweet

August 7, 2016  Next generation business email spoofers (BES) accidentally infect themselves with their own malware. Keyloggers uploaded all the information to study how they work.   Story  Tweet

August 7, 2016  Samsung Pay tokens protect the card information, but are themselves vulnerable to being snagged, replicated and installed in another phone just fine and ready to use.   Story  Tweet

August 6, 2016  Apple ups bug bounty big time. Hackers, pick up that white hat!  Story  Tweet

August 6, 2016  Major vulnerability in Windows 95 continued for 20 years and was just patched in June 2016. Are you surprised?   Story  Tweet

August 5, 2016  20160805-bannerBanner Health announces breach exposing 3.7 million six weeks after the hack started and a month after they knew about it. Financial and personal information exposed.   Story  Tweet

August 5, 2016  Which has more security your car or your phone? The answer may disappoint you and wonder what is going to happen to those insurance premiums when the insurance companies figure it out.   Story  Tweet

August 5, 2016 Update  20160805-btcBitFinEx robber to give away 1,000 bitcoins. Has already proven possession. Not sure they stole from the rich, nor giving to the poor, but it certainly adds some panache to typical cyber skullduggery.   This Update  Start of the Story  Tweet

August 5, 2016  20160805-emvChip-and-PIN, stronger security than Chip-and-Signature, has been hacked with a $30 Raspberry Pi computer. Merchants have spent billions to get improved security and consumers are waiting, waiting, waiting in longer lines. Was this about consumer security or transferring risk from providers?   Story  Tweet

August 5, 2016  ATM that require a chipped card and a personal identification number (PIN) are secure, right? Ah, not so much. See one spew cash on stage.   Story  Tweet

August 4, 2016  20160804-car&truckNew hacks on cars (steering and parking brakes) and trucks (changing instrument panel, break some brakes). So “self-driving” won’t be hackable?  Story  Tweet

August 4, 2016  There are increasingly public incidents of cyber-espionage targeted at national elements, utility infrastructure, military, and more. Unlike WWII where the enemy wore uniforms and had insignia the cyberwar fingerprints are far less clear.   Story  Tweet

August 4, 2016  NY Governor tells NY AG: Crime? What crime? We just made a law and now we get a split of the take from Fantasy Sports gaming. Conflict of interest? Nonsense! Betting on insider information? That will stop now because its illegal.   This Update  Start of Knowledge is Power / Insider Trading  Start of Knowledge is Power / Fantasy Sports Insider Trading  Tweet

August 4, 2016  Voting machines more secure than ever! (NOT!) Still less secure than the average grocery register. Who benefits from this massive cybersecurity failure?   Story  Tweet

August 4, 2016  Hack of urology practice leads to leak of huge amounts of data for central Ohio patients.   Story  Tweet

August 4, 2016  Another bitcoin exchange robbed of just under 120,000 BTC, $72 million USD before the exchange drop. Are depositors wiped out? Will the exchange declare bankruptcy? Where did the value go? One thing is certain, FDIC and US-taxpayers are unlikely to be on the hook.   Story  Tweet

August 4, 2016  Who gets a debit card and is not allowed to decline the card agreement that carries huge fees? Prisoners released from the Federal Bureau of Prisons since 2008 whose cards were issued via a no-bid contract that extracted as much as 40 cents of each dollar on the card. Predatory? Unjustifiable? The court thought so.   Story  Tweet

August 4, 2016  Great News! Major Nigerian-themed scammer busted!   Story  Tweet

August 2, 2016  Social Security Administration just announced a requirement to access the web site. You have to have a cell phone to receive a text message with a numeric token before you can log in. This is two-factor identification (2FA) over simple messaging (SMS). No cell phone? Don’t do text messaging? Have wired internet, but live in a cell dead zone? Assisting a senior managing their benefits? More including that NIST just deprecated 2FA/SMS. Ooops.   Story  Tweet

August 1, 2016  20160801-disney2Part of the “House of the Mouse” was hacked. Good news: they noticed it only three days after it first happened. Bad news: About 391,000 users compromised.   Story  Tweet
August 1, 2016  20160801-microsoftNew August, same problems for Microsoft plus a new one: They have problems with their hookers and that vulnerability may have existed for seven years.   Story  Tweet

[ Some tweets tweaked for clarity
or revised URLs -ed ]
Return to Twitter Index page