Day: June 22, 2011
ShouldIChangeMyPassword.com has been created to help the average person check if their password(s) may have been compromised and need to be changed.
This site uses a number of databases that have been released by hackers to the public. No passwords are stored in the ShouldIChangeMyPassword.com database.
With all the data breaches in the news lately, it’s hard to know whether you’ve been affected.
You could just change all your passwords after every reported breach – just in case. You could insist on tokens for everything. (Of course, that might raise additional concerns.) You could stop using the internet entirely. Or you could do nothing.
Cybercrime happens to other people, right?
Another approach is to keep trawling the internet for exposed password databases, grabbing copies and checking to see if you’re on anyone’s “hit list”. Of course, it doesn’t tell you much if you’re not in one of LulzSec’s or Anonymous’s triumphantly-publicised leaks. But if youare, then you’re facing a clear and present danger.
After LulzSec’s recent spray of 62,000 passwords, Twitter came alive with LulzSec hangers-on announcing the malevolent uses to which they’d quickly put the leaked data – such as sending a large pack of condoms to a random woman using someone else’s money, or trying to break up relationships by posting fake information on Facebook. Very funny.
So a large part of the risk posed by these allegedly-amusing data leakage incidents comes not from traditional cybercrooks, but from a plethora of not-so-innocent bystanders.
Of course, continually chasing down hacked password lists and downloading them to see if you’re there is not only a hassle, but also creates a somewhat circular dependency on the hackers themselves.
The more downloads they achieve, the more notoriety; the more notoriety, the more incentive to continue; and the more positive uses which can be claimed for their stolen data, the easier their rationalisation for carrying on.
Fortunately, thoughtful Sydney infosec technologist Daniel Grzelak can help you keep track of the latest breaches, so you don’t have to.
(See how much nicer it is to hack to help, rather than to break?)
You can see if you’re in any of a number of recently-spilled leakages by simply searching for your email address at:
Daniel doesn’t store your email address after you’ve looked it up – so he can’t spam you even if he wanted to, which he doesn’t – and he’s not accumulating a list of email addresses which spammers might like to break in and steal. And he doesn’t keep any of the stolen databases on his server, so he’s not offering a handy-to-hack repository for unlawfully-acquired loot, either.
As I mentioned above, a green light from Daniel’s website isn’t a clean bill of health. It just means, “You may proceed to the next intersection.” But if you get a red light about a recent breach, you should fix your passwords as soon as you can.
(And remember that the data probably wasn’t stolen from you, but from someone you trusted to keep it safe. You might want to rethink that relationship at the same time.)
Imagine you’re giving a presentation to the board of directors at your company. You have your PowerPoint slides all ready, you’re projecting onto a 64 inch screen… what could possibly go wrong?
Well, what would you do if your carefully composed presentation was replaced on the big screen by images of a naked woman? My guess is that you wouldn’t know where to put your laser pointer..
52-year-old Walter Powell used to be an IT manager at Baltimore Substance Abuse System Inc, until he was fired in 2009. Clearly someone who believed that revenge should be served red hot, Powell used his computer knowledge to hack into his former employer’s systems from his home and install keylogging software to steal passwords.
On one occasion, Powell took remote control of his former CEO’s PowerPoint presentation to the board of directors, and projected pornographic images on the 64 inch TV.
According to media reports, Judge M. Brooke Murdock gave Powell a two year suspended sentence, and ordered him to 100 hours of community service and three years’ probation.
Cases like this underline the importance of having a proper process in place when staff leave your company. That means changing passwords, and removing access rights when an employee’s time at your firm comes to an end.
People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause trouble. But it only takes one disaffected former worker to wreak havoc – so make sure your defences are in place, and that only authorised users can access your sensitive systems.SRC
One billion people worldwide visited Google in May, the first time ever that a site has drawn that many visitors in one month, according to data from ComScore.
The number of unique visitors to Google’s sites rose by 8.4 percent from 931 million a year ago to just over a billion–1,009,699,000 to be more exact.
Across the world, market researcher ComScore said yesterday, Google saw its greatest numbers in India and South Africa, which accounted for 14.3 percent and 13.5 percent of its visitors, respectively. The lowest numbers were in South Korea and China, which accounted for 0.7 percent and 0.8 percent of total worldwide visitors, respectively.
Microsoft grabbed the No. 2 spot with 905 million visitors last month, up 15 percent from a year earlier, according to ComScore. Facebook took third place with 714 million visitors, up 30 percent since a year ago. Yahoo placed fourth with 689 million visitors, a 10.8 percent gain from a year earlier. Until last October, Yahoo had held the third spot, but since then Facebook has outpaced it each month with more visitors.
Though Google captured the most visitors last month, users collectively spent the most time at Facebook–250 billion minutes in May, compared with 200 billion minutes at Google and 204 billion at Microsoft.
ComScore’s numbers are based on its “global measurement panel” of 2 million Internet users, according to The Wall Street Journal, which the research firm then refines with “page view” data that it receives from 90 of the 100 publishers of Web content, though not from Google.
“Someone must take a stand against evil. Why should it not be me?” -deadbj
Photo Featured in :
There is no cyber warfare taking place between China and the United States, a senior Chinese official said on Wednesday, after weeks of friction over accusations that China may have launched a string of Internet hacking attacks.
The two countries might suffer from cyber attacks, but they were in no way directed by either government, Vice Foreign Minister Cui Tiankai told a small group of foreign reporters ahead of a meeting with U.S. officials in Hawaii this weekend.
“I want to clear something up: there are no contradictions between China and the United States” on the issue of hacking, Cui said.
“Though hackers attack the U.S. Internet and China’s Internet, I believe they do not represent any country,” he added.
Both countries were in fact already discussing the problem of hacking during their regular strategic consultations, Cui said.
“The international community ought to come up with some rules to prevent this misuse of advanced technology,” he added.
The accusations against China have centred on an intrusion into the security networks of Lockheed Martin Corp and other U.S. military contractors, as well as efforts to gain access to the Google e-mail accounts of U.S. officials and Chinese human rights advocates.
China has vociferously denied having anything to do with hacking attacks, saying it too is a major victim.
“Internet security is an issue for all countries, and it is a most pressing matter,” Cui said.
“Of course, every country has different abilities when it comes to this problem,” he added.
“The United States is the most advanced country in the world when it comes to this technology, and we hope they can step up communication and co-operation on this with other countries. We also hope this advanced technology is not used for destructive purposes.”
The Internet has become a major bone of contention between Washington and Beijing.
This month, U.S. Defense Secretary Robert Gates said Washington was seriously concerned about cyber-attacks and was prepared to use force against those it considered an act of war.
The latest friction over hacking could bring Internet policy back to the foreground of U.S.-China relations, reprising tension from last year when the Obama administration took up Google’s complaints about hacking and censorship from China.
Google partly pulled out of China after that dispute. Since then, it has lost more share to rival Baidu Inc. in China’s Internet market.
China, with more than 450 million Internet users, exercises tight control and censorship over the Web at home, and has strengthened its grip in recent months.
In February, overseas Chinese websites, inspired by anti-authoritarian uprisings across the Arab world, called for protests across China, raising Beijing’s alarm about dissent and prompting tightened restrictions over the Internet.
China already blocks major foreign social websites such as Facebook and Twitter.
U.S. Commerce Secretary Gary Locke said last week that the United States was looking into ways to craft trade countermeasures that treat curbs on Internet commerce as non-tariff barriers to trade.
The new functionality is based on WebRTC, a communications technology Google acquired in 2010 when it purchased Global IP Solutions. Google had already announced that WebRTC would become an open source project supported by Google, Mozilla and Opera. Google hopes to see WebRTC adopted as a Web standard, potentially making it a universal platform for Web-based real-time communications.
Henrik Andreasson, a Google software engineer based in Sweden, first mentioned Chrome’s new capabilities in a brief post on the company’s Chromium developer forum. “Our goal is to enable Chrome with Real-Time Communications (RTC) capabilities,” Andreasson said. “When we are done, any Web developer shall be able to create RTC applications … without using any plugins but only WebRTC components.” Chromium is the open source version of Chrome and the project Google uses to develop new features for its browser.
While Chrome may be the first browser to implement the new feature, Mozilla and Opera may also include the functionality into competing browsers such as Mozilla’s Firefox. However, Opera has not announced any plans and WebRTC is not mentioned in Firefox’s public roadmap.
Google has yet to say whether it would adopt the new technology for Gmail’s Google Talk client, but that is a distinct possibility. The search giant currently relies on a downloadable plugin that users must install in their browsers before initiating video or voice chat in Gmail.
It’s unclear at this point how well the Web-based technology performs compared to desktop-bound services such as Skype (recently acquired by Microsoft for $8.5 billion), and Apple’s FaceTime. But the possibility of native voice and video chat in the browser would be interesting, especially if the feature shows up on browsers for mobile devices such as Android smartphones.
The hacker group LulzSec denies it has stolen a large amount of personal data of U.K. residents from that country’s 2011 census. The denial comes after someone claiming to be from the hacker group posted a notice online that said the hackers obtained the entire database of the U.K.’s 2011 Census. If true, it would have meant LulzSec had the basic vital information of a large number of British citizens including names, addresses, dates of birth, levels of education, and marital and employment statuses.
In recent weeks, LulzSec has been responsible for taking down the websites of the Central Intelligence Agency, an organization affiliated with the Federal Bureau of Investigation, the U.S. Senate, and, most recently, a police site in the U.K. LulzSec also recently announced a new campaign named #AntiSec, calling on hackers all over the world to “steal and leak any classified government information.” Given the group’s recent campaign and past actions, it was not improbable for the group to turn up with data stolen from British government servers.
The claim set off a flurry of reports about the supposed heist, and British census officials issued a statement saying it was investigating the matter, but had no evidence to suggest its network had been infiltrated.
While the purported online notice from LulzSec about the 2011 U.K. Census data was troubling, there were a few inconsistencies that suggested it was a hoax. As usual, the online notice was posted anonymously to Pastebin, a popular site among programmers to post pieces of code for short periods of time. But LulzSec typically links to any of its Pastebin notices through its website and Twitter feed, and this time it had done neither.
“Just saw the pastebin of the UK census hack. That wasn’t us – don’t believe fake LulzSec releases unless we put out a tweet first,” the group later said on Twitter shortly after PCWorld and other media outlets contacted the group for a statement.
The phony U.K. Census claim may not be the only bogus LulzSec story to come out on Tuesday. Police in the U.K. on Tuesday said they had arrested a 19-year-old man in relation to the LulzSec hacks. The hacker group, however, said on Twitter shortly after reports of the arrest that none of its members were in police custody.