Hackers Dump Ashley Madison User Database… Where Most People Won’t Find It
Hackers Dump Ashley Madison User Database… Where Most People Won’t Find It
The attackers who compromised Ashley Madison — an online hook-up site for people looking for extra-marital affairs — have made good on their threats to unmask the site’s users if the site was not taken down. However, unlike the attackers who doxed Sony and Hacking Team, who uploaded all the stolen data to Pastebin, the Ashley Madison hackers dropped the 9.7 G data dump where most users will not go looking: the “dark web,” only accessible through the Tor network.
The data includes email addresses, credit card transaction data, and profile information on the 37 million customers of Avid Life Media, which includes Ashley Madison and its sister sites, Cougar Life and Established Men.
The attackers, who call themselves Impact Team, said “We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data. … Find yourself in here? It is ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends.”
Read more here.
Cracked Uber accounts tumble to 40 cents on the dark web
A posting from naked security titled ” Cracked Uber accounts tumble to 40 cents on the dark web” by Lisa Vaas
emember those cracked Uber accounts that were selling for as little as $1 on the dark web a few months ago?
Well, welcome to the Midsummer Madness Sale: prices have been slashed, and now, they’re going for the low, low price of only 40 cents!
I know what you’re thinking: With these prices, the dark-web markets selling other people’s accounts must be CRAZY!
(Actually, so are you if you actually buy these things. It’s illegal, and your purchase could buy you a world of trouble.)
Motherboard, which first picked up on the Uber account sale in March, now reports that the accounts are not only still being sold; now, valid email/password logins for Uber are selling for less than half of what they had been.
To read more click here:
Using ambient sound as a two-factor authentication system
A posting from naked security titled ” Using ambient sound as a two-factor authentication system” by
We know that many of us are no good at choosing our own passwords. That’s why companies are increasingly looking to bolster their own website security through additional authentication methods.
To that end, we’ve seen many different forms of two-factor authentication (2FA) employed – John Shier wrote an excellently detailed article on the topic last year in which he noted that each of the common 2FA optionshave their disadvantages.
His conclusion was that “true” 2FA, using a separate token, was probably the best way forward – but that such a system would likely not be free and would leave people with an annoyingly large amount of tokens to manage.
While it’s better for your security to take advantage of 2FA everywhere it is available, some people see it as an inconvenience nonetheless – either because they need to lug tokens around or because of the few seconds it takes to generate a code or type in a password received by SMS.
To read more click here:
Why AT&T’s ‘Willingness’ To Help NSA Is Alarming
A posting from Dark reading titled ” Why AT&T’s ‘Willingness’ To Help NSA Is Alarming” by Eric Zeman
The NSA would have had a much more difficult time spying on Americans were it not for the comfortable, chummy partnership the government forged with AT&T, say new documents released by Edward Snowden.
AT&T worked closely with the government and ensured the agency had access to emails and call records for a period spanning decades.
Snowden’s bombshell revelations exploded two years ago. The shock and awe campaign is over. Since then, a trickle of information continues to flow like lava — slowly, but still searingly hot — with new and unsettling revelations. The latest comes from the New York Times, which was privy to more documents shared by Snowden.
This time, Snowden detailed the nature of the relationship between the NSA and one of its top partners: AT&T.
To read more click here:
Richard Bejtlich Talks Business Security Strategy, US Security Policy
A video posting form Dark reading titled “Richard Bejtlich Talks Business Security Strategy, US Security Policy” by Richard Bejtlich
Chief security strategist of FireEye talks at the Dark Reading News Desk at Black Hat about what should really be driving your security department’s strategy. Plus he discusses law enforcement agencies’ efforts to put backdoors in encryption solutions and how the government is responding to technology’s improved abilities to provide attribution for cybercrime.
to see the video click here:
My Security Thoughts: Anonymity and Privacy, There is None Nor Should We Expect It
My Security Thoughts: Anonymity and Privacy, There is None Nor Should We Expect It
We all know that Al Gore invented the Internet in his spare time as an environmentalist (just joking). The Internet as we know it is the successor to the Department of Defense’s ARPANET. Thus in 1969 the first host computer was connected.
The initial purpose of the ARPANET was to communicate with and share computer resources among mainly scientific users at the connected institutions.[1] The key words here are communicate and share. This is the heart of the Internet. It is sharing information and communicating with others.
The definition of anonymity from TheFreeDictionary.com (http://www.thefreedictionary.com/anonymity) is:
- The quality or state of being unknown or unacknowledged.
- One that is unknown or unacknowledged.
The definition of privacy from TheFreeDictionary.com (http://www.thefreedictionary.com/privacy) is:
- the condition of being private or withdrawn; seclusion
- the condition of being secret; secrecy
You have more rights to privacy using snail mail than you do using email. When using email, it traverses the Internet in plain text (i.e., not encrypted). Your Internet Service Provider (ISP) can view your email at any time. There are strict rules on how and when the government can intercept and read your mail when going through the U.S. Postal System.
Google’s Gmail, Yahoo’s mail service, and Microsoft’s free offering provides a web-based email service but your email is not private. They do scan your email to provide targeted advertising. This could be done for other reasons as well.
Let me be clear—I want anonymity and privacy when I transverse the web. That is, for the most part, I want it but I don’t want criminals or terrorists to have the same. It could be said that I want my cake and to eat it as well.
Getting back on track, if something is built with a set of goals then you cannot expect that thing to operate in a manner that is at odds with the initial set of goals. You need to start from scratch. Build an Internet with anonymity and privacy as the prime goals.
The problem is that building a new Internet from scratch is practically impossible. There is no incentive for anyone to fund a project of this magnitude. I cannot fathom any government wanting to have a network that allows anonymity. The FBI has been saying that their greatest fear is an Internet that is dark.
The prospect of encryption in every device that is unbreakable is feasible. The likelihood is low due to the current level of user sophistication that would be required.
Additionally, the companies that provide all of the free services to users would balk at an Internet that offered true privacy and anonymity. Tracking algorithms would become useless.
Another aspect is do we truly want an Internet that allows true anonymity. Cyber stalkers, terrorists, criminals, pedophiles, etc. could troll along the Internet behind cover identities that could not be ascertained. Try as we might, most people are conflicted when it comes to privacy and anonymity. They want it for themselves but not the bad guy. The problem is that you can’t have it both ways.
Some may say that the constitution guarantees us a right to privacy. That is true but we need to look again at the Internet and that it was never envisioned to be used as it is being used. I do not believe that those designers would have thought that Twitter would be in existence among other things that exist on the web.
Even if we say that the Internet needs to insure privacy, then the question becomes privacy for whom. Once again, do we want the bad guys to have privacy?
Thoughts?
Twitter: @mhbjr
LinkedIn: Melvin Barnes, Jr.
Google+: Melvin Barnes, Jr.
[1] http://searchnetworking.techtarget.com/definition/ARPANET
