Security

Latest Stories

Catch Of The Day reveals user data was stolen – three years after it occured

By on

The massively popular (and occasionally crashing) deals website, Catch Of The Day, has told its customers yesterday that they should change their passwords right now, after confirming they suffered a massive data breach. And while they confirmed that user information, encrypted passwords and a small number of credit card numbers were stolen – that is not the big issue at the moment. No, the big issue is that Catch Of The [...]

Tweetdeck vulnerability allowed attackers to execute code in 140 characters

By on

If you happen to be using Tweetdeck, then you would be wondering why you were getting random pop-up messages containing messages such as “Yo!“, “XSS in tweetdeck” and “PENIS“. That’s because users discovered a XSS vulnerability that would attackers to remotely execute JavaScript code - all through a simple tweet. XSS (or “cross-site scripting”) vulnerabilities allow attackers to execute JavaScript code after injecting the script onto another web page viewed by others. For example, [...]

Google wants to make it easier to encrypt emails with new plugin

By on

Google has today announced that it plans to support end-to-end encryption with Gmail via a Chrome extension, making it harder for others (such as intelligence agencies) to snoop on your emails. End-to-end encryption sees the sender encrypting data (in this case, an email) before it is sent to its intended recipient. It stays encrypted until the receiving party decrypts it, meaning that no third party can intercept and read or [...]

No, Commonwealth Bank is not running OpenSSL

By on

Everyone is freaking out about Heartbleed – that massive security bug that may have comprised people’s passwords, usernames and other encrypted information. And rightly so. Many people are now asking companies if they used OpenSSL and if they used the versions that contained the bug. But when the Commonwealth Bank tried to explain whether or not they were running OpenSSL, it made things even worse. That was largely because a blog post [...]

Tumblr turns on SSL encryption – but it’s not by default

By on

Like Facebook and Twitter, Tumblr has announced that it now supports SSL encryption – meaning that you will have an extra layer of security whenever you visit the website. However, there is a catch: it is not turned on by default. You will need to go to your account settings and turn the option on. So, why should you turn this feature on? It makes it harder for hackers to extract [...]

Canadian ISP Bell suffers huge data breach – and they’re still quiet

By on

Thousands of customers of Bell Canada – the country’s largest ISP – have had their personal information leaked online by a hacking collective known as NullCrew. The leaked data mainly consists of customer’s email addresses and passwords, but also includes modem passwords and partial credit card numbers of 127 Bell customers. “Go fuckin figure, people who are suppose to provide secure connection to the internet?” NullCrew says in the dump. [...]

Yahoo resets passwords after hackers attacked email service

By on

Yahoo has said that it will be resetting passwords of several users after it identified a “coordinated effort to gain unauthorised access” to those users Yahoo Mail accounts. The company did not share much detail about the attack, like how many accounts were affected. It did say, however, that the attackers used information from a third-party whose database was compromised; and that there was no evidence that the information came [...]

Yep, Snapchat still sucks at security – new anti-spam measure cracked in less than 30 minutes

By on

Image: Screenshot from TechCrunch It’s been a bad few weeks for Snapchat after many people called into questioned how secure users were on the service – especially given how dismissive they were to an exploit which lead to 4.6 million usernames and phone numbers leaked, and a sudden increase in spam. However, the company has said they are now working on fixing its security problems. In the last 24 hours, the company [...]

NOT AGAIN: Syrian Electronic Army strikes at another Microsoft website

By on

You would have thought that after a series of embarrassing hacks by the pro-Assad Syrian Electronic Army that Microsoft would have increased the level of security. Well, if they did, then it obviously didn’t work. The Syrian Electronic Army have managed to take over the Office Blogs website. In a series of tweets to confirm the attack, the group have posted onto Twitter two screenshots: Screenshot of the old administration panel [...]

What would happen if Google suddenly forgot to check your password?

By on

We’re all familiar with how a login page works. We type in a username and password, and possibly a code sent to our phones, to a form. We click the submit button, and all of that data is sent to a server. That data is checked to a database, and if it matches, it will let you in. But imagine this scenario: what would happen if suddenly, Google didn’t check your [...]

More Microsoft accounts hijacked by Syrian Electronic Army

By on

It appears more Microsoft accounts have been hijacked by the Syrian Electronic Army, the hacking group that are supporters of the Syrian President Bashar al-Assad. The group were able to successfully take over the Microsoft News Twitter account and the Official Microsoft Blog. @Official_SEA16 This post took 154 Retweets :) pic.twitter.com/0PJ4RnlrGL — ♥Dove Syrienne♥ (@DoveSyrienne) January 11, 2014 The Official Microsoft Blog: Syrian Electronic Army Was Here #SEA pic.twitter.com/CzYH5jMrY8 — [...]

Syrian Electronic Army takes over Xbox social media accounts

By on

A group purporting to be the Syrian Electronic Army – a hacking collective that supports Syrian President Bashar al-Assad – has said taken over the social media profiles belonging to Xbox. This comes after another Microsoft-owned property, Skype, also had their social media profiles hijacked by the group. Images posted by the Syrian Electronic Army on Twitter show that they have, or had, control of the main Twitter and Instagram accounts. [...]

Dropbox “partial leak” from Anonymous-linked group is a fake, designed to troll tech press

By on

The Anonymous-linked hacking group 1775 Sec has now confirmed that their attack on Dropbox is a fake. While the group claims that the DDOS attack was real, the data breach claim was designed to troll the tech press. “That was some serious Lulz. We DDoS attack DropBox! After it’s down we say data base compromise! And the media is all over it! #Lulz #fail,” the group said in a tweet. [...]

Schoolkid finds a security flaw on govt website, and now he might be charged

By on

Public Transport Victoria is now seeking to have a schoolkid charged for cybercrime, despite said schoolkid alerted them to a security vulnerability that would allow someone to access the personal information of nearly 600,000 public transport users. The database was for the old Metcard store – which was shut down as part of the transition from Metlink to Public Transport Victoria – and contained, according to The Age, full names, addresses, phone [...]

Edward Snowden delivers ‘Alternative Christmas Message’ in UK

By on

Edward Snowden – the former NSA contractor who leaked documents of mass surveillance by intelligence agencies – has been chosen to present this year’s ‘Alternative Christmas Message’ on Channel 4 in the UK. “A child born today will grow up with no conception of privacy at all” Snowden uses the Alternative Christmas Message – which is now available online (you will need to login to watch it) - to talk about the erosion [...]