Customize

What has been reported as hacked/ Tech Thread

Discussion in 'General Discussion' started by ravenanon, Jul 22, 2015.

  1. Supposedly the "on-off" switches have to be used by someone there physically. It's interesting how reassuring the announcement is, the packers are looking for vulnerabilities.
  2. * hackers", spell check. "Hackers"
  3. The Wrong Guy Member

  4. This is worrisome
    "A US Marshals spokesperson told Motherboard in an email, "my colleague in Las Vegas says this was an FBI arrest. Mr. Hutchins is not in U.S. Marshals custody."
  5. Disambiguation Global Moderator

    Cross post
    j4hxiUTUYjMr.jpg
    Highway sign near where Defcon met. They had to change hotels a few years ago because the elevators got hacked. The wireless mikes are hacked so they use the old fashioned kind. There must be a point system and this deserves an "A".
  6. Disambiguation Global Moderator

  7. Do not hack street signs. It's dangerous and childish.
  8. The Wrong Guy Member

    Lorenzo Franceschi-B‏ @lorenzoFB 6 hours ago
    The case against @MalwareTechBlog in Wisconsin is now on PACER. Case no: 2:2017-cr-00124. Docket only contains redacted indictment.
  9. Secret indictment..we've seen this before.
  10. http://thehackernews.com/2017/08/self-driving-car-hacking.html
    [IMG]
  11. The Wrong Guy Member

    Jake Davis‏ @DoubleJake 19 minutes ago
    Follow this list for full coverage of today's @MalwareTechBlog court hearing. It should be beginning very shortly.
    https://twitter.com/couragefound/lists/malwaretech-hearing

    AJ Dellinger‏ @ajdell 16 minutes ago
    Trial scheduled for October 23.

    Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware | Motherboard
    https://motherboard.vice.com/en_us/article/evvn8k/malwaretech-marcus-hutchins-not-guilty-plea
  12. The Wrong Guy Member

    Equifax asks consumers for personal info, even after massive data breach

    By Hamza Shaban and Hayley Tsukayama, The Washington Post

    Quote:

    Equifax said Thursday that it will offer free credit monitoring services to all U.S.consumers for one year, after announcing that roughly 143 million Americans' personal data could have been compromised when hackers gained access to its data earlier in the year.

    But before people can sign up and find out whether their personal information was compromised, consumers are prompted to enter their last name and the last six digits of their Social Security number.

    “This is very unusual — most security systems are hard-wired only to reveal the last four digits of an SSN for identification purposes,” said Satya Gupta, co-founder & chief technology officer at Virsec Systems, a cybersecurity firm. “This strongly implies that the typical four digits may have been compromised, and they need additional, previously ‘secret’ information to positively identify customers. This reinforces the conundrum of these breaches — with more information exposed, how do you now prove a person’s identity?”

    Continued at https://www.washingtonpost.com/news...urity-numbers-to-see-if-theyve-been-affected/

    We tested Equifax's data breach checker — and it's basically useless | ZDNet

    Several people have confirmed they have mixed or inaccurate results from the Equifax checker.

    http://www.zdnet.com/article/we-tested-equifax-data-breach-checker-it-is-basically-useless/

    By signing up on Equifax’s help site, you risk giving up your legal rights

    By Brian Fung, The Washington Post

    Quote:

    Worried you may be affected by Equifax's massive data breach? The credit bureau has set up a site, equifaxsecurity2017.com, that allows you to check whether your personal information was exposed. But regulators are becoming concerned that the site could pose risks to consumers. As a result, you may want to think twice about using it. Here's why.

    Sharp-eyed social media users have combed through the data breach site's fine print — and have found what they argue is a red flag. Buried in the terms of service is language that bars those who enroll in the Equifax checker program from participating in any class-action lawsuits that may arise from the incident. Here's the relevant passage of the terms of service:

    AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.

    This language is commonly known in the industry as an “arbitration clause.” In theory, arbitration clauses are meant to streamline the amount of work that's dumped onto the court system. But the Consumer Financial Protection Bureau concluded in the summer that arbitration clauses do more harm to consumers than good — and the agency put in place a rule to ban them.

    “In practice, companies use these clauses to bar groups of consumers from joining together to seek justice by vindicating their legal right,” Richard Cordray, the CFPB’s director, told reporters in July, according to my colleague Jonnelle Marte.

    For consumers affected by Equifax's breach, this is a live issue; there is already at least one class-action suit brewing against Equifax. Critics say that arbitration is problematic because it limits consumers' ability to find facts to support their case, a process otherwise known as discovery, to appeal decisions or to present their case before a jury.

    Equifax didn't immediately respond to questions about the arbitration clause.

    If the government is moving to bar arbitration clauses, then why is one in there?

    Despite the CFPB's move to ban arbitration clauses, the rule has not yet gone into effect, according to the agency. That won't happen until Sept. 18, the CFPB said. What's more, the rule doesn't work retroactively, meaning that the Equifax legalese would not be covered anyway. The ban only affects contracts made after March 19, 2018, six months after the rule takes effect.

    The CFPB said Friday that Equifax's arbitration clause was "troubling" and that the agency is investigating the data breach and Equifax's response.

    "Equifax could remove this clause so that consumers can receive this service without condition," the CFPB said in a statement.

    The future of the ban is itself in doubt; just after the CFPB approved the rule, House lawmakers voted to repeal it. The motion to repeal must still be voted on by the Senate and signed by President Trump to become official, but if it does, then the CFPB's regulation could be nixed.

    On Friday, New York Attorney General Eric Schneiderman took aim at Equifax's arbitration clause, tweeting that his staff has contacted the company urging it to remove that part of the fine print.

    "This language is unacceptable and unenforceable," the state's top lawyer said in his tweet. Minutes later, Schneiderman's office announced a formal probe into the Equifax breach. In a release, the state attorney general's office said Schneiderman had sent a letter to Equifax asking for more information. Among the questions were whether any consumer information has found its way to the "black market," according to a person familiar with the investigation.

    A spokesperson for Schneiderman declined to comment on whether officials were investigating the sale of company stock by Equifax executives prior to the discovery of the hack.

    Continued at https://www.washingtonpost.com/news...efore-you-check-equifaxs-data-breach-website/

    Equifax updates user agreement at prodding of New York Attorney General | TheHill

    Excerpt:

    New York Attorney General Eric Schneiderman (D) lambasted the arbitration language in Equifax’s terms of service on Friday, calling it “unacceptable and unenforceable.” Schneiderman tweeted that his office had contacted Equifax’s office demanding the clause be removed.

    Democratic lawmakers quickly blasted the clause as well.

    Ohio Sen. Sherrod Brown (D) called it “shameful,” and Sen. Elizabeth Warren (D-Mass.) hammered Equifax’s terms of service in a series of tweets, while praising a new rule by the Consumer Financial Protection Bureau that would ban such clauses.

    The bureau in July released the controversial rule that will prevent banks and financial services companies from blocking class-action lawsuits with arbitration clauses in future contracts. The rule will also force companies to report data from arbitration agreements reached with customers.

    Later in the day, Schneiderman tweeted that Equifax had complied and added language noting that its arbitration clause does not apply to "the cybersecurity incident."

    The New York and Illinois attorneys general both announced formal investigations into the Equifax breach on Friday.

    More at http://thehill.com/policy/technolog...ey-were-affected-by-the-equifax-hack-might-be

    Equifax Faces Multibillion-Dollar Lawsuit Over Hack

    Class action seeking to represent 143 million consumers alleges company didn’t spend enough on protecting data.

    By Polly Mosendz, Bloomberg

    Quote:

    A proposed class-action lawsuit was filed against Equifax Inc. late Thursday evening, shortly after the company reported that an unprecedented hack had compromised the private information of about 143 million people.

    In the complaint filed in Portland, Ore., federal court, users alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack. Data revealed included Social Security numbers, addresses, driver’s license data, and birth dates. Some credit card information was also put at risk.

    Equifax first discovered the vulnerability in late July, though it chose not to announce it publicly until more than a month later. The company was widely criticized for its customer service approach in the aftermath of the hack, as users struggled to understand whether their information had been affected. Others expressed frustration that three senior executives sold about $1.8 million in stock in the days following the discovery of the hack. A spokeswoman for Equifax said the men “had no knowledge that an intrusion had occurred at the time.”

    The plaintiffs in the lawsuit are Mary McHill and Brook Reinhard. Both reside in Oregon and had their personal information stored by Equifax.

    “In an attempt to increase profits, Equifax negligently failed to maintain adequate technological safeguards to protect Ms. McHill and Mr. Reinhard’s information from unauthorized access by hackers,” the complaint stated. “Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach. Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to.”

    The case was filed by the firm Olsen Daines PC along with Geragos & Geragos, a celebrity law firm known for blockbuster class actions. Ben Meiselas, an attorney for Geragos, said the class will seek as much as $70 billion in damages nationally.

    Continued at https://www.bloomberg.com/news/arti...r-massive-hack-in-multibillion-dollar-lawsuit
  13. The Internet Member

    So who did Equifax. North Korea? If so we probably should freeze our credit for 90 days or whatever.
  14. The Wrong Guy Member

    Russia, Banned From The Winter Olympics, Apparently Is Hacking Olympic Emails | BuzzFeed News

    Quote:

    Just over a month after Russia was banned from participating in the 2018 Winter Olympics, and 30 days before those games start, hackers associated with the Russian government have released a handful of emails that appear to have been stolen from the International Olympic Committee.

    Calling themselves “Fancy Bears” — a trolling reference to the games' mascots and the cybersecurity firm ThreatConnect saying a related, earlier hack was the work of Russian military intelligence hackers known in the industry as Fancy Bear — the hackers published the emails Wednesday. They used the same website and the same format used to publish documents in 2016 that had been hacked from the World Anti-Doping Agency (WADA) in response to that agency's finding that hundreds of Russian athletes had taken banned substances.

    In December, citing evidence that the Russian government had created a vast, state-sponsored doping scheme, the IOC took the unprecedented step of banning the country from participating in the Winter Olympic Games in Pyeongchang, South Korea, in February.

    Continued at https://www.buzzfeed.com/kevincollier/russia-banned-from-the-winter-olympics-apparently-is
    • Like Like x 1
  15. Disambiguation Global Moderator

    This isn't a hack
    . I can't post images. Google chrome doesn't work for image sharing. I get a long link that doesn't end in .jpg or .png of anything recognizable. Even terms of use "free to share" doesn't work. There isn't a "open in new tab"option


  16. [IMG]
  17. The Wrong Guy Member

    Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data

    Quote:

    Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers.

    According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their usernames, email addresses, occupation, date of birth, profile photos, and gender-related information.

    Since Google+ servers do not keep API logs for more than two weeks, the company cannot confirm the number of users impacted by the vulnerability.

    However, Google assured its users that the company found no evidence that any developer was aware of this bug, or that the profile data was misused by any of the 438 developers that could have had access.

    Continued at https://thehackernews.com/2018/10/google-plus-shutdown.html
    • Like Like x 1
  18. The Wrong Guy Member

    Hackers accessed personal information of 30 million Facebook users | CNN

    Quote:

    Almost 30 million Facebook users' phone numbers and email addresses were accessed by hackers in the biggest security breach in the company's history, Facebook said Friday. The attackers accessed even more details on 14 million of those users, including the area where they live, their relationship status, their religion, and part of their search history.

    The FBI is "actively investigating" the breach, Guy Rosen, a Facebook vice-president, told reporters on a call Friday. He said the FBI has asked the company"not to discuss who may be behind this attack" or to share other details that could compromise its investigation.

    The company said that it may still not know the full extent of the attack and wasn't ruling out the possibility of other "smaller-scale attacks" linked to the breach. The company said it will continue to investigate "other ways the people behind this attack used Facebook."

    The new details come two weeks after Facebook first announced that attackers had access to 50 million users' accounts -- meaning they could have logged in as those users. Facebook said on Friday that, "We now know that fewer people were impacted than we originally thought," and said that 30 million people had been impacted.

    For the 14 million worst hit by the breach, the attackers were able to access the following information, Facebook said: "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches."

    Facebook said it will send a message to the 30 million users affected in the coming days and will be posting information to its help center.

    Facebook is regulated by Irish authorities in Europe as its European headquarters is located there. A spokesperson for the Irish data regulator said of Friday's announcement, "The update from Facebook today is significant now that Facebook has confirmed that the personal data of millions of users was taken by the perpetrators of the attack."

    The attack prompted Facebook to take the unprecedented step of logging out the 50 million users whose accounts were exposed and logged out another 40 million users as a precautionary measure.

    The attackers exploited a series of bugs on Facebook's platform. The vulnerability, Facebook said, had existed since July 2017. It wasn't patched until last month, after the company's engineers noticed some unusual activity that turned out to be the attack.

    Despite Friday's announcement, there are still many details about the hack that have not been made public, including who was behind it and if the attackers were targeting particular users or countries.

    Source: https://www.cnn.com/2018/10/12/tech/facebook-hack-personal-information-accessed/
  19. Disambiguation Global Moderator

    https://gizmodo.com/report-tech-loving-saudi-prince-suspected-in-jamal-kha-1829888547

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins