eBay Accounts Hacked, Users Encouraged To Change Passwords Right NOW!

ebay Hacked!Internet auction site eBay has left users of its services, including PayPal, with reason to be concerned after posting a message up on the community page urging users to change their passwords. Since the original message popped up a short while ago, the company has stepped out and clarified the situation, noting that a hacker may have “compromised a database containing encrypted passwords,” although was also keen to stipulate that only “non-financial data” had been affected.

It’s always concerning when a major company with hundreds of millions of accounts – particularly one with links to finances – reveals that it may have been hacked, and the way eBay dealt with a potential breach today leaves much to be desired. Instead of being clear from the onset, an empty message popped up on its community page insisting that users should change passwords, although the actual body of the post was non-existent.

Panic naturally ensued, with users worried that their PayPal accounts could have been cleaned out, but in actual fact, it does appear that the issue is relatively low-key. Nevertheless, there has been a breach, and so if you’re an eBay user, it’s definitely worth changing your password if only for peace of mind.

Thankfully, large-scale security issues seem to be getting fewer and farther between as companies look to beef up on security, but even with the robust measures in place, human-made software will always inherently be imperfect. But while eBay and its own PayPal service can probably sweep this one under the rug, let’s hope that any future outbreaks or security lapses are dealt with in a more efficient manner than we’ve seen today.

After all, having users panicking about their personal info and financial data is something that, you hope, a company like eBay would want to avoid at all costs, and even though we’re very much relieved that accounts haven’t been hacked en masse, the company will probably want to have a quiet word with its PR team.

So, to sum up, if you’re an eBay or PayPal user, go ahead and change your password as soon as you can. The likelihood of you being hacked seems mightily slim anyway, but just to be on the safe side, don’t make it easy for a chancing hacker.

Source: Redmond Pie

It is illegal to ride on another’s WiFi connection: MCMC

wifi-security

PETALING JAYA: It is illegal to hack to hitch a ride on another person’s WiFi connection, said the Malaysian Communications and Multimedia Commission.

Both the person using a WiFi hacking device and the supplier of such a device are liable under Sections 236 and 239 of the Malaysian Communication and Multimedia Commission Act 1998.

Section 236 states that a person who commits “fraud and related activity in connection with access devices” can upon conviction be liable to a fine not exceeding RM500,000 or to imprisonment for a term not exceeding five years or to both.

It also states that a person who produces, assembles, uses, imports, sells, supplies or lets for hire any hardware or software used to obtain unauthorised access to any network service, applications services or content applications service is committing an offence.

Source: The Star

More Than 1,000 Malicious Android Apps Were Published On Play Store In August: Symantec

The month of August is often the time when families come together to go on a relaxing summer holiday. The kids are off school. The students are usually on an extended break from college or university making it the perfect time for relaxation and vacation. However, it seems that not everyone favors this relaxing mentality, with Internet security company Symantec stating that in August alone more than 1,000 fraudulent and potentially malicious apps were uploaded into the Android ecosystem via the Google Play Store.

android-logoGoogle’s policy of operating an open app marketplace for Android device owners is one that has been largely praised, but also one that offers significant repercussions for users who don’t exercise extreme caution with the apps that they download and use. The recent Symantec report states that more than 1,000 fraudulent apps were uploaded to the Play Store during the month of August, the majority of which were distributed by one single Japanese development company. As you might expect, the apps are nothing more than redirects to adult content and malicious websites.

There has been a growing trend recently on Android of apps of this nature that are nothing more than shells containing advertisements or links to external sites. It’s been estimated that the total downloads of these specific apps in August exceeded more than 10,000, and although Google was quick to act on the situation and delete the offending apps from their servers, the reality is that the developers would have made significant financial gain from the whole process.
android-chart
The detailed investigation of the one-click scammer apps also goes on to suggest that developers are using evolving tactics in an attempt to get their malicious apps onto the store for as long as possible. This latest attempt hasn’t proved overly successful in terms of longevity, but one of the more interesting points is that an estimated 97% of the apps in question were actually developed and uploaded by the same person / company.

The Play Store model of being entirely open is one that has come in for as much praise as it has criticism in the past, but it remains something that is unlikely to be changed. The advice to users is to only download and execute apps that they know and trust in order to have as few problems as possible.

Sim Card vulnerability exposes millions of phones worldwide

(Credit: Amanda Kooser/CNET)

A vulnerability on SIM cards used in some mobile phones could allow malware infection and surveillance, a security researcher warns.

Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card’s digital key, the 56-digit sequence that allows modification of the card. The flaw, which may affect as many as 750 million mobile phones, could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset’s owner, Nohl warned.

“We can remotely install software on a handset that operates completely independently from your phone,” warned Nohl, who said he managed the entire operation in less than two minutes using a standard PC. “We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”

The vulnerability was found in the Digital Encryption Standard, a cryptographic method developed by IBM in the 1970s that is used on about 3 billion cell phones every day. While the encryption method has been beefed up in the past decade, many handsets still use the older standard.

Tests showed that 1,000 cards in Europe and North America exhibited signs of the flaw. Nohl, who plans to detail the flaw at the Black Hat security conference in Las Vegas next month, said he has already shared the results of his two-year study with GSM Association, a trade group representing the cell phone industry.

GSM Association spokeswoman Claire Cranton told the Times that her organization had already passed the results on members of its group that still rely on the older standard.

“We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted,” Cranton said in a statement.

Nohl, who has a doctorate in computer engineering from the University of Virginia, made headlines in 2008 by publicizing weaknesses in wireless smart card chips used in transit systems around the globe. A year later, he cracked the algorithm used on GSM (Global System for Mobile Communications) cell phones, which is designed to prevent attackers from eavesdropping on calls.

Via CNET

Apple Developer Center Hacked

Apple has announced that its developer center was hacked. Although sensitive personal information was encrypted, some developer info may have been accessed.

Apple has released the following statement…

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

 

You’re a victim of a data breach. Now what?

DON’T PANIC: If your personal info has been stolen, here are a few tips to limit the potential for damage. — ©AFP/Relaxnews 2013

What should you do if your personal information has been compromised in a data breach?

Having your information stolen by a data breach can be a very frightening experience. Fortunately, even if your information has been compromised, there is no guarantee that it will be used maliciously.

Luckily PCWorld offers a few tips to limit the potential for damage:

1. Change your passwords

Changing your passwords should be the first thing you should do after hearing of a breach, especially if the account that was compromised shares a similar login information on other sites, especially if you use it for banking.

Strong passwords should be at least eight characters long and should contain numbers and special characters (i.e. #&*)) as well as letters for your protection.

2. Watch for phishing attempts, malicious e-mail messages

If your e-mail address is exposed during a data breach, the hackers who have stolen it may try and send you targeted malicious e-mail messages.

In addition to seeing suspicious messages you may see a rise is spam as well. Don’t open any attachments that you weren’t expecting to receive, even if it is from someone you trust.

To be safe don’t click on links in e-mail messages, especially if it looks like it may be coming from your bank. It is safer to type the site address into the address bar yourself to avoid being brought to a malicious site.

3. The same goes for snail mail

If your physical address was compromised in a hack, cybercriminals may try and send you malicious mail via the postal service. Be wary of any mail that asks you to send money or your personal information.

4. Keep an eye on your financial statements

If you believe your financial information may have been compromised it is important to watch your bank and credit card statements to make sure that there haven’t been any unauthorised withdraws or purchases made to your accounts.

If you find any, report them to your financial institution immediately and request a new card. — McClatchy-Tribune Information Services

Source: The Star Online