Messages

106

Technology News / Imgur confirms 1.7 million users hit by data breach

« on: November 28, 2017, 09:35:15 AM »

Image-sharing website Imgur has confirmed that the emails and passwords of 1.7 million users were compromised in 2014.

The data breach has only recently come to light after being discovered by security researcher Troy Hunt.

Mr Hunt said he was impressed with the company's swift response.

Imgur said in a statement that no other personal data had been taken as it did not collect information such as real names and phone numbers.

"We apologise that this breach occurred and the inconvenience it has caused you," wrote Roy Sehgal, Imgur's chief operating officer, in a blog post.

Mr Sehgal said Imgur was "still investigating" but its former encryption method - a hashing algorithm - may have been "cracked with brute force".
That algorithm had been replaced in 2016, he added.

"We recommend that you use a different combination of email and password for every site and application," he wrote.

"Please always use strong passwords and update them frequently."

Troy Hunt tweeted that Imgur had released a statement 25 hours after he had contacted the company.

"This is really where we're at now: people recognise that data breaches are the new normal and they're judging organisations not on the fact that they've had one but on how they've handled it when it's happened," he wrote.

This month it was revealed that ride-hailing app Uber had concealed a 2016 data breach affecting 57 million users and drivers.

It also admitted to paying the hackers $100,000 (£75,000) to delete the stolen data.

"None of this should have happened," said chief executive Dara Khosrowshahi.
source:bbc news

107

Technology News / Oxford and Cambridge club members face hard disk theft

« on: November 28, 2017, 09:34:05 AM »

Members of an exclusive club restricted to selected graduates of Oxford and Cambridge universities are being warned that computer data containing their personal details is feared stolen.

The Sunday Telegraph reported that the club believed a "back-up" hard drive had been taken from a locked room inside its London headquarters.

The information stored on it is said to include names, home addresses, phone numbers and some bank details.

The 5,000 members include Stephen Fry.

A spokeswoman from the club told the BBC that the "article in the Sunday Telegraph accurately reports what has happened".

She added: "An investigation is continuing, but I can't add anything else at this time."

The newspaper said the suspected theft had been discovered on 16 November.

It said both the police and the members had been notified, and that private investigators had been hired.

A spokesman for the Metropolitan Police was unable to provide any other information.

Although the Duke of Edinburgh and Prince of Wales are honorary members of the club, data about them has not been exposed, according to the Telegraph.

However, it added that Lord Rees - one of the country's leading astrophysicists - is among those thought to be affected.

The UK's Information Commissioner's Office states that organisations must take "appropriate" security measures to protect personal data and consider notifying the individuals concerned if there is a breach.

"We have been made aware of an incident involving the Oxford and Cambridge Club and are making enquiries," the watchdog told the BBC.

Among the advice it gives is to use encryption as well as to ensure quality doors and locks are used.

The club has not disclosed what measures it had taken.
source:bbc news

108

Software Engineering / Re: YouTube fixes bug that caused iPhone batteries to drain really fast

« on: November 28, 2017, 09:31:25 AM »

Yes I also read this article today.

109

Software Engineering / Re: How Can Humans Stay Ahead of AI in the Workplace of the Future?

« on: November 28, 2017, 09:30:34 AM »

This is really a helpful post.

110

Control Cyber security Risks / YouTube investigates 'disturbing' autofill results

« on: November 28, 2017, 08:59:18 AM »

YouTube has changed the way its autofill feature works after reports that some word combinations brought up paedophilic phrases.

Over the weekend many people reported that typing "how to have" would be completed with several variations on "s*x with your kids".

Other searches produced responses that also used the asterisked "s*x" word.

Some speculated that an attempt to troll YouTube results was responsible for making the phrases appear.
Predatory comments

"Earlier today our teams were alerted to this profoundly disturbing autocomplete result and we worked to quickly remove it as soon as we were made aware," said a YouTube spokeswoman.

"We are investigating this matter to determine what was behind the appearance of this autocompletion," she added.

YouTube has not yet given an explanation of why the phrase "how to have s*x with your kids" was suddenly being so widely suggested.

Tony Stower, a policy and public affairs manager from the NSPCC, said YouTube should have done better.

"Social networks used by millions of children should never suggest dangerous or illegal content," he said. "It is not good enough for problems like this to go unaddressed until media coverage brings it to the attention of sites like YouTube."

Mr Stower said an amendment to a forthcoming UK bill covering data protection could mean all social networks have to put in place systems that try to keep people safe.

He said the NSPCC was urging politicians to back the bill when it comes up for a vote.

Charlie Warzel, writing on Buzzfeed, suggested that the use of the asterisk replacing the "e" in the word "sex" across lots of different searches suggested deliberate action was behind it.

"The results are very specific and could be the result of a co-ordinated campaign to game the algorithm," he said.

This could have been an attempt to populate YouTube with search results that embarrass the site, he said.

None of the videos that the "how to have" results linked to showed abuse of children.

The disturbing results came after a week in which YouTube was widely criticised for not doing enough to stop sexual predators targeting young users of the site.

Big brands including Mars, Lidl and Adidas pulled adverts from YouTube after investigations by the BBC and The Times found tens of thousands of predatory accounts being used to leave explicit comments on children's videos.
Source:bbc news

111

History & Latest Cyber crime / ackers hired by NHS

« on: November 28, 2017, 08:56:16 AM »

The NHS is to spend £20 million on a central cybersecurity unit that will use “ethical hackers” to probe for weakness in health service defences.

Health chiefs say they will monitor the internet for emerging threats with a beefed-up data security team to help hospitals in danger of being hacked, rather than wait for services to be hit.

The unit will be part of efforts to avoid a repeat of the Wannacry attack that disrupted a third of England’s hospitals in May and led to criticism of a disjointed NHS respose
Source:IT SEcurity

112

Software Engineering / Tech Tent: Tencent and electric bikes

« on: November 27, 2017, 11:56:46 AM »

China's social media superpower

Anyone who has been paying attention over recent years will have noticed Facebook becoming one of the world's most powerful and valuable companies, with an extraordinary and sometimes malign impact on the way we live.

But in the West at least far fewer people will have noticed the rise of Tencent. Yet this week, for a while, the Chinese tech giant surpassed the valuation of Facebook as investors reacted to another sparkling set of results.

I first came across the company five years ago when it set up a major operation in London to cover the 2012 Olympics for its vast social media audience. It was already clear that this was a company doing more innovative things with its platforms than the American social media platforms could manage.

Since then it has continued to expand into new territories and markets - just this week it brought its WeChat Pay service to both Malaysia and the UK.

Kitty Fok, managing director of research firm IDC China, tells us that social media isn't even Tencent's most lucrative business now. It comes in second after its gaming division which owns League of Legends maker Riot Games and most of Supercell, the firm behind Clash of Clans.

"Compared to Facebook which has the majority of its income coming from ads, Tencent provides a lot more variety of services to the market," she says. "And we're expecting it to diversify even more."
Image caption The WeChat service is now on show in London's V&A museum

Source:bbc news

113

Internet Risk / Warnings over net-connected Christmas gadgets

« on: November 27, 2017, 11:53:52 AM »

Net-connected toys and gadgets bought as Christmas gifts could put the privacy and safety of children at risk, warns the UK's data regulator.

Many toys have poor security, easy to guess passwords and cannot be updated to fix bugs, said deputy information commissioner Steve Wood.

Some are so poorly protected that they could be used by hackers as a route into a home network, he said.

He urged parents to take care when buying the smart devices.
Buying power

"You wouldn't knowingly give a child a dangerous toy, so why risk buying them something that could be easily hacked into by strangers?" said Mr Wood.

Anyone thinking about buying a connected toy or device should research it carefully, he said, to find out if it has a good or bad reputation when it comes to protecting the data it will handle.

Parents should ideally try out any gadget and familiarise themselves with privacy settings before wrapping it for Christmas Day, he added.

The pre-gift check should give parents a chance to change default usernames and passwords to stronger alternatives. It could also be a chance to turn off any remote viewing options on those devices and toys that sport a camera.

Parents should also vote with their wallet and avoid connected devices or wearables that have earned a reputation for leaking or losing data.

"If consumers reject products that won't protect them, then developers and retailers should soon get the message," he said.
Spying devices

Nick Viney, from security firm McAfee, said: "People must realise the value of their data to cybercriminals and not ignore the risks of being connected until it's too late.

"After families rip open their presents next month, they must take a moment to consider whether they're adequately protected."

Mr Wood's warning comes soon after a German regulator banned some smartwatches aimed at children.

The country's Federal Network Agency branded watches that can be used to track children as spying devices. The Agency said the watches broke strict surveillance laws.

Also, in mid-November, consumer advisers Which? issued a warning about the security risks of several net-connected toys. It wrote to retailers to ask them to stop stocking the toys and said many could be used as spying devices.

Source:BBC news

114

Security / Iranian Military Hacker Indicted for HBO Hack

« on: November 25, 2017, 10:57:40 AM »

The US DoJ has identified and indicted Iranian national, Behzad Mesri, in relation to this years HBO hack.

Source: IT security GURU

115

Security / MuddyWater Hackers Target Middle East

« on: November 25, 2017, 10:56:40 AM »

Saudi Arabia recently reportedly confirmed that the nation had been targeted with cybertattacks since February.
An unknown hacker group has been targeting Middle Eastern countries as well as others such as India, Pakistan, US and Georgia as part of what appears to be a massive cyber-espionage campaign. On Monday (20 November), the Saudi Arabian government's national cyber security center reportedly confirmed that the kingdom had been targeted by hackers since February.

The hacker group, dubbed MuddyWater, used fake documents, purporting to be from the NSA, Russian cybersecurity firm Kasperksy and the Iraqi government, among others, to trick victims into clicking on malicious documents. Security experts at Palo Alto Networks, who uncovered the campaign, said that the hackers are making use of a PowerShell-based first-stage backdoor called "POWERSTATS".
"The malicious documents were adjusted according to the target regions, often using the logos of branches of local government, prompting the users to bypass security controls and enable macros," Palo Alto Networks' Unit 42 security researchers said in a report.

The researchers said that the MuddyWater hacker group has been active throughout the year and apart from Saudi Arabia, has also targeted the UAE, Iraq, Israel and Turkey. The researchers noted that in some cases they found that the hackers had managed to have gained control of compromised accounts at third-party organisations. The hackers then used these compromised accounts to steal a legitimate document and create a malicious mimic to send it to a target.
For more details please visit:  http://www.ibtimes.co.uk/muddywater-hackers-target-middle-eastern-nations-using-fake-nsa-kaspersky-documents-1648228

116

Teaching & Research Forum / Re: In Improving Outcomes, Institutional Researchers Can Be an Untapped Resource

« on: November 25, 2017, 10:54:28 AM »

Thanks for sharing this post.

117

Teaching & Research Forum / Russian Fancy Bear hackers' UK link revealed

« on: November 25, 2017, 10:52:31 AM »

When Russia's most notorious hackers hired servers from a UK-registered company, they left a trove of clues behind, the BBC has discovered.

The hackers used the computers to attack the German parliament, hijack traffic meant for a Nigerian government website and target Apple devices.

The company, Crookservers, had claimed to be based in Oldham for a time.

It says it acted swiftly to eject the hacking team - dubbed Fancy Bear - as soon as it learned of the problem.

Technical and financial records from Crookservers seen by the BBC suggest Fancy Bear had access to significant funds and made use of online financial services, some of which were later closed in anti-money laundering operations.

Fancy Bear - also known as APT28, Sofacy, Iron Twilight and Pawn Storm - has been linked to Russian intelligence.
For more detail please visit bbc.

118

Teaching & Research Forum / Re: METHODOLOGICAL MISCONCEPTIONS AND GUIDELINES for Structural Equation Modelling

« on: November 22, 2017, 01:01:00 PM »

Thanks sir. It will help us in research purpose.

119

History & Latest Cyber crime / Re: The First Computer Worm

« on: November 22, 2017, 12:30:12 PM »

Thanks for sharing sir.

120

History & Latest Cyber crime / Re: সিম ক্লোন

« on: November 22, 2017, 12:28:50 PM »

We have to careful about it.