Post Tagged with: "e-mail"

Facebook Joins In Tech Industry Demands For Surveillance Reform

February 12, 2014 11:26Comments Off
Facebook Joins In Tech Industry Demands For Surveillance Reform

Facebook on Tuesday reiterated calls for reform of laws pertaining to government surveillance practices in the U.S. and elsewhere. The company, in a blog post, urged governments to stop bulk collection of data and enact reforms to limit governments’ authority to collect users information to pertain to “individual users” for “lawful purposes.” The company also called for more oversight of national intelligence agencies such as the US National Security Agency, and more transparency about government requests for data. The blog post was authored by Facebook general counsel Colin Stretch. Facebook reiterated its calls for surveillance reform in recognition of “The Day We Fight Back,” a grass roots effort to use Tuesday, February 11th as a day to rally support for more civil liberties protections.   [Read more Security Ledger coverage of Facebook here.] The date is the one year anniversary of the suicide of Internet activist Aaron Swartz. Leading online […]

Read more ›

Target: Hack Exposed Data On 70 Million

January 10, 2014 12:38Comments Off
Target: Hack Exposed Data On 70 Million

Target provided some guidance on its fourth quarter earnings on Friday and, not incidentally, dropped another bombshell in the long-running story about the November data breach that exposed credit card information on some 40 million customers. It turns out that the credit card numbers were just the tip of a much larger iceberg. The box store retailer now claims that its investigation of that incident revealed that data on around 70 million customers was exposed, including e-mail addresses, phone numbers, mailing addresses and more. In a statement, Target said that much of the stolen data was “partial in nature,” but that it will reach out to customers whose e-mail addresses were stolen to warn them about potential fraud, including “phishing” e-mails that purport to come from Target. “I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are […]

Read more ›

NSA Toolbox Included Hacks For Juniper, Cisco, Dell

December 31, 2013 17:12Comments Off
NSA Toolbox Included Hacks For Juniper, Cisco, Dell

The German magazine Der Spiegel made headlines this week with its story detailing the US National Security Agency’s (NSAs) offensive hacking capabilities. The story is based on classified NSA documents absconded with by former contractor Edward Snowden and lays bare a Webster’s Dictionary full of classified hacking tools and programs.   Among the highlights of the story: + The NSA developed and deployed a wide range of hacking tools that could compromise hardware from leading IT and networking equipment makers including Cisco Systems, Juniper Networks and the Chinese vendor Huawei and Dell Inc.   + The NSA tools were designed to provide persistent access that allowed the NSA to monitor activity on the compromised endpoint, avoid detection by third party security software and survive software and firmware updates. One such tool, DEITYBOUNCE, provided persistent access to Dell’s PowerEdge servers by “exploiting the system BIOS” and using “System Management Mode to […]

Read more ›

Two Million Passwords Stolen From Facebook, Twitter, ADP

December 4, 2013 11:481 comment
Passwords belonging to users of Facebook, Google, Yahoo and Twitter were stolen by the Pony botnet.

The passwords to access more than two million online accounts have been recovered from a server that is part of the command and control network for the Pony botnet, a large and active network of infected computers, according to a blog post from the security firm Trustwave. The company said that it found a cache of approximately two million compromised accounts, most from popular online services such as Facebook, Yahoo, Google and Twitter. More concerning: the cache also contained tens of thousands of credentials for FTP (File Transfer Protocol) servers, remote desktop and secure shell (SSH) accounts, and a site belonging to ADP, the payments processing firm. Facebook accounts made up the lion’s share of the haul, with 318,121 user credentials discovered – 57% of the total. Yahoo was the next biggest victim, with 59,549, almost 11% of the total. Leading Russian social networking sites vk.com and odnoklassniki.ru were also in […]

Read more ›

Report: Adobe Data Breach Ten Times Bigger Than First Reported

October 30, 2013 11:18Comments Off
Report: Adobe Data Breach Ten Times Bigger Than First Reported

The huge security breach at software maker Adobe is even bigger than first reported, with more than 150 million credentials stolen, including records on up to 38 million active customers, according to a report by Brian Krebs at the web site Krebsonsecurity.com. Krebs said in a story posted Tuesday that Adobe’s initial estimates that user names and passwords for around three million customers was well short of the actual number taken by hackers who breached the company’s network. Citing a file posted by the website Anonnews.org, Krebs said the actual number of affected Adobe accounts stolen is much larger: 150 million username and hashed password pairs including credentials for 38 million “active” accounts, according to Adobe spokesperson Heather Edell. Edell told Krebs that Adobe has just completed a campaign to contact active users whose user IDs and encrypted passwords were stolen (including this author). Those customers are being encouraged to change […]

Read more ›

Losing The Future: Schneier On How The Internet Could Kill Democracy

October 2, 2013 12:02Comments Off
Schneier warns that, without changes, the growth of the Internet will strengthen the hand of central authorities at the expense of individual liberties and democracy. (Photo courtesy of Schneier.com.)

With his deep background in both cryptography and Internet security, Bruce Schneier is of the most thoughtful commentators on all matters cyber. So revered is he, that he even inspired a list of humorous Chuck Norris-style “Bruce Schneier” facts . In recent months, Bruce has been an invaluable sounding board amid the drip-drip-drip of details of ubiquitous government surveillance stemming from Edward Snowden’s leak of classified intelligence on NSA spying and cyber operations. In this video, from a recent speech Bruce did at the TEDxCambridge event up here in the Boston area, he goes a bit deeper: drawing out the current trend lines like hacktivism, Facebook- and Twitter-fueled popular revolutions, civil war and mass surveillance, and trying to discern what the future might look like. /div> Bruce’s theory: although nimble groups of activists, dissidents and hackers have been more adept at using the Internet and innovative technologies and platforms built on […]

Read more ›

Sharing Threat Intelligence To Sort Out Targeted Attacks

September 14, 2013 14:23Comments Off
Sharing Threat Intelligence To Sort Out Targeted Attacks

Headlines about “advanced persistent threats” and targeted attacks have organizations of all sizes concerned. Barely a week goes by without news of a new, stealthy campaign targeting executives, government leaders or platforms used by prominent organizations. But while APT-style and targeted attacks may have the attention of the boardroom, organizations still face a Herculean task determining when an attack they’ve detected is targeted, and when it is merely indiscriminate. To help answer that question, I “hung out” with two experts in detecting and analyzing malicious threats to enterprises. Anup Ghosh is the CEO and co-founder of Invincea, which makes malware detection tools that isolate threats on endpoints. Matt Hartley is the Senior Director, Intelligence Lab Services at iSIGHT Partners, a cyber threat intelligence firm. Both told me that, while targeted attacks are on the rise, awareness about them is also at an all time high. That can, sometimes, result in organizations […]

Read more ›

Report: Cell Phone Data, Blackberry Mail Swept Up In NSA’s Net

September 8, 2013 09:53Comments Off
Report: Cell Phone Data, Blackberry Mail Swept Up In NSA’s Net

Sensitive data from every major brand of cell phone can be captured and analyzed by the U.S. National Security Agency, (NSA) according to a report in the German magazine Der Spiegel on Saturday.   Citing “top-secret, internal NSA documents viewed by SPIEGEL reporters, the magazine said that NSA security researchers have developed tools to sap contact lists, SMS traffic, notes and location information from popular devices such as Apple’s iPhone, Google’s Android and Blackberry phones, including Blackberry e-mail, a supposedly secure system that is one of the phone’s most trumpeted features. The documents describe a large-scale and well-organized program within the NSA to obtain data from mobile devices, with discrete teams of security analysts working on a specific platform, developing malware that infiltrates the computers the phones “synch” with, and then loads scripts onto the phones that provide access to a range of other features. See Also: Secure e-mail firms […]

Read more ›

Why The Mailpile Misstep Is No Joke To PayPal

September 7, 2013 08:05Comments Off
Why The Mailpile Misstep Is No Joke To PayPal

 PayPal and Mailpile, the scrappy secure mail startup ended the week on a high note: hugging it out (via Twitter) after the online payments behemoth froze more than $40,000 in payments to the crowd-funded startup then donated $1,000 to the project, to boot. But making it right with the tiny secure email firm is just the beginning of the story at PayPal, which is making the whole mix-up as something of an object lesson in how it needs to change to address a fluid and fast-moving online payments market. First, some background: Mailpile, of Reykjavík, Iceland, has raised more than $145,000 in a month-long campaign on the crowd funding web site Indiegogo.com to build a “fast, web-mail client with user-friendly encryption and privacy features.” Beginning on Saturday, PayPal froze more than $40,000 of those donations, suspecting fraud. The company’s spokespeople told company executive Brennan Novak that it wanted to see […]

Read more ›

Is Jump In ToR Use Blowback From PRISM?

August 29, 2013 16:06Comments Off
Is Jump In ToR Use Blowback From PRISM?

It’s ironic that government surveillance might push the public to embrace technology pioneered by the Department of Defense. But so it is: new metrics from The Tor Project show that use of the online anonymity service has exploded since early June: up more than 100 percent, from just over 500,000 global users to more than 1.2 million. Why the sudden surge in privacy conscious Internet users? It would be easy to connect the dots between revelations about the U.S. government’s omnibus data gathering program PRISM and the sudden desire of Internet users to sacrifice some speed and performance for the privilege of having their online doings passed through The Onion Router. Still, it’s not clear that this is the case. To be sure: growth is being seen across the board, not just in active users, but in the number of ToR clients running, the data suggests. There are steep increases […]

Read more ›

Security Ledger Uses: