Data loss

(get it in RSS or Atom)

Tor attack may have unmasked anonymous users

Freedom Hosting arrest and takedown linked to Tor privacy compromise

Two Carnegie-Mellon researchers had planned a highly anticipated talk at next week's Black Hat security conference - a talk that was cancelled when the university's lawyers freaked out - about how easy it is to break Tor anonymity. They're innocent until proved guilty, but The Tor Project says it was likely the two researchers are behind the attack.

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

1,000,000 lost credit cards = £150,000 fine

p-pii-250

A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first.

The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.

Hacker claims breach of Wall Street Journal and Vice

Malicious hacker claims breach of Wall Street Journal, Vice

W0rm's been quite busy and has already pulled this on CNET, and likewise is again offering to sell user data and server credentials for one Bitcoin.

eBay's StubHub ransacked for over $1 million, international crime ring arrested

StubHub logo

US police have indicted six people across four countries on charges of defrauding eBay's StubHub for over $1 million in pilfered tickets for things like Jay-Z and Justin Timberlake concerts. eBay says its servers weren't broken into; rather, password reuse and account holders' PCs being riddled with malware are to blame.

SSCC 157 - Routers, Browsers, Zombies and Sysadmins [PODCAST]

chet-chat-logo-featured-250

Here it is...this week's Chet Chat security podcast.

In this episode: fixing routers, trusting browsers, killing zombies and showing TLC to sysadmins.

Your Gmail account is fair game for cops or feds, says US judge

US judge: your Gmail account is fair game for cops or feds

A New York court on Thursday opened up our entire Gmail accounts to feds or cops with warrants, in spite of two recent decisions that went against similar requests.

New search engine Indexeus unmasks malicious hackers

New search engine Indexeus unmasks malicious hackers

Indexeus is a database of stolen names and passwords, many doxed from the hackers who've themselves doxed others' data. Is it poetic justice, exploitation of a lucrative market, a prototype of an educational tool, or all of the above?

Shopping site reports 3-year-old data breach

Australian shopping site reports 3-year-old data breach

Australian shopping website CatchOfTheDay has warned customers of a data breach dating back to 7 May 2011, urging anyone who has kept the same password at the site since that date to change it.

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

'Hidden from Google' site remembers the pages Google's forced to forget

'Hidden from Google" site remembers the pages Google's forced to forget

The newly launched site is archiving the pages Google was forced to de-index in the name of opening up to the internet as a whole the discussion regarding what should or should not be "forgotten."

SSCC 156 - Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]

chet-chat-logo-featured-250

Sophos experts Chester Wisniewski and Paul Ducklin are back with this week's security podcast, turning plain old news into advice you can use.

Germany considers replacing email with typewriters to evade spying

Germany to replace email with typewriters to duck US spying?

The country's pondering manual typewriters, however, unlike Russia's reported embrace of electric typewriters last year. Russia should be well aware that you can plug a keylogger into those e-typewriters, given that it pulled that stunt on IBM Selectrics back in the 70s!

CNET website and 1 million passwords compromised by Russian hacker group

CNET hacked

CNET, the popular tech news and reviews website, was compromised over the weekend by Russian hackers called "W0rm," CNET's parent company confirmed yesterday.

Arrests made after keyloggers found on public PCs at US hotels

Keyloggers found on public PCs at US hotel business centres

Proof of the lack of hygiene in publicly accessible PCs came up yet again when the US Secret Service last week warned that cybercrooks are installing keyloggers on the PCs in hotel business centers to steal personal and business information from travelers.

iPhones are a security threat to the state, China claims

iPhone's a security threat to the state, China claims

China has cited Apple iPhone's ability to track and time-stamp users' whereabouts as reason to declare the mobile phone hazardous to state security.

UK to rush through "emergency" phone and internet data retention law

UK to rush through "emergency" phone and internet data retention law

The UK is rushing through Parliament what it calls an emergency law that will ensure it retains access to people's phone and internet records, in spite of the European Court of Justice having said in April that data retention violates human rights. It's not a rehash of the Snooper's Charter, politicians claim, but there's not a lot of time to eyeball it to make sure that's true.

Google Drive security hole leaks users' files

Google Drive security hole leaks users' files

The flaw, which Google recently patched, was giving out original documents to unauthorized users via embedded links. It's yet another example of how storing documents "in the cloud" means "heaven knows with whom".

US arrests Russian MP's son for PoS hacking; Russia calls it kidnapping

US arrests Russian MP's son for PoS hacking; Russia calls it kidnapping

The Russian man's father conjectures that, for all he knows, this may be a ploy for the US to get bait to exchange for Snowden.