• Tag Archives computer news
  • Tails Website has been hacked! Operating System Tails Hacked

    tails os website hacked the hacker news

    Just a few hours ago, the Official website of the Tails Operating System has been hacked and it appears that a self-proclaimed 17-year old hacker breached and defaced it.

    Tails is a Linux-based highly secure Operating System, specially designed and optimized to preserve users’ anonymity and privacy. Hacker, who named himself “Sum guy”, managed to access the website as administrator and edited the homepage content with the following message:

     

    Defaced Link: https://tails.boum.org/index.en.html. However, all other pages on the Tails website are working just fine, but at this moment it is not clear whether the hacker has also modified the OS Image or not. So readers are advised to do not download the Tails OS from the website, at least for a few days.

    Tails, also known as ‘Amnesiac Incognito Live System‘, is free software based on Debian GNU/Linux and you install it on a DVD or USB drive, boot up the computer from the drive. This allows you to work on a sensitive file on any computer and prevent the data being recovered after the computer is turned off.

    Tails was reportedly used by the NSA Whistle-blower Edward Snowden in discussions with journalists because it includes a range of tools for protecting your data by means of strong encryption.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • How to jailbreak iphone 5 iOS 7.1 and iOS 7.1.1. cell phones – mobil

    jailbreak ios tools

    Quite Surprisingly, a team of Chinese hackers, Pangu have released an untethered jailbreak for iOS 7.1 and iOS 7.1.1.

    This untethered jailbreak is compatible with iPhone 5s, iPhone 5c, iPhone 4S, iPhone 4, iPad Air, iPad 4, iPad 3, iPad 2, iPad mini, Retina iPad mini and iPod touch 5G running iOS 7.1-iOS 7.1.1.

     

    The jailbreak tool is currently available for Windows but works on every iOS devices. Many iOS users have posted on Reddit that the tool works successfully.

    Jailbreaking is a process of removing limitations on iOS devices, Apple’s operating system, so you can install third party software not certified by Apple. Such devices include the iPhone, iPod touch, iPad, and second-generation Apple TV.

     

    One question rises in my mind that when Apple’s system root protections have been greatly enhanced in an effort to make jailbreaks more difficult, then what’s the whole story behind the unexpectedly release of this jailbreak tool?

     

    STEPS TO JAILBREAK iOS 7.1 & iOS 7.1.1
    The installation process of the isn’t as simple as the previous jailbreak, but you can follow this Reddit thread:

     

     

    1. Make sure you have iTunes installed.
    2. Edit your iPhone’s date to June 2, 2014
    3. Open the PanGu.exe file
    4. Click the black button to the right (also UNCHECK THE CHECKMARK where you see random characters and the “PP”)
    5. As soon as the “brush stroke” loading bar fills to 20%, the PanGu app will appear on your phone
    6. Tap it
    7. Select Continue
    8. It will fill the loading brush stroke until 80% and your iTunes will open (it will only open IF you have iTunesHelper.exe on your Windows Taskbar)
    9. Close iTunes
    10. Your device will reboot
    11. When it opens again, wait for the brush stroke to complete to 100%
    12. Your device will reboot once more
    13. The process will be finished 100%
    14. The PanGu app will be replaced with Cydia
    15. Do your usual stuff by opening Cydia and continue with what you want to install by then.
    16. For precautionary measures, install Complete PPSync Remover (on https://cydia.angelxwind.net repo) because even though you uncheck the “PP” on step 4, it installs it anyway (internally without the app showing)

     

    COMPATIBLE DEVICES

    This Untethered Jailbreak is compatible with following devices running iOS 7.1-iOS 7.1.1:

    • iPhone 5s
    • iPhone 5c
    • iPhone 4S
    • iPhone 4
    • iPad Air
    • iPad 4
    • iPad 3
    • iPad 2
    • iPad mini
    • Retina iPad mini
    • iPod touch 5G
    CONTROVERSY OF STOLEN JAILBREAK EXPLOIT
    It’s worth noting that the jailbreak is available from a new team and the said hack is the first from the team. The controversy behind the sudden release of the jailbreak apparently came from one of the exploits used by a security expert and known jailbreaker Stefan Esser, aka i0n1c, who show off the method to jailbreak the iOS 7.1.1 using iPhone 5C during his training session.

     

    IOS jailbreak tool

     

    The people behind it reportedly took this training session given by Esser and allegedly exposed his exploit in the market. Esser expressed his disappointment over the adoption of his exploit via his twitter account, and later Esser even called the Pangu team members “thieves” and wished “everyone of my followers who installed Pangu much fun with malware from China.

    The jailbreak tool (download here) apparently installs the most popular third-party app installer Cydia, but also throws in a Chinese store with apps unsanctioned by Apple.

    However, world-renowned software developer and a very well-known iOS hacker, H8sn0w has confirmed via Twitter that the jailbreak tool does not contain any spyware or malicious software in it and is safe to use.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • TowelRoot – 1-Click Android Rooting tool released by Geohot

    one click android rooting software app

     

    Waiting for the root access for your AT&T or Verizon Android phone? Then there is really a Great News for you!

    Geohot (aka George Hotz) – a famed cracker who was responsible for hacking the PlayStation 3 and subsequently being sued by Sony – has built and released a root tool called Towelroot on Sunday night that will let most Android smartphones users to root their Android device with one click only, as long as it has an unpatched version of the Linux kernel.
    EXPLOITS LINUX KERNEL VULNERABILITY 

    Towelroot application exploits the same vulnerability (CVE-2014-3153) which was recently disclosed by the hacker Pinkie Pie in the Linux kernel version 3.14.5 and most versions of other Android devices, which could be leveraged by hackers to potentially acquire root access on affected devices.

     

    Having root access of your device simply means you make System-level changes to your device such as accessing and modifying any file or program using any mode (single- or multi-user). It is just like operating an administrator account on a computer.
    SUPPORTED DEVICES

    Towelroot supports handful of devices so far including some particularly tough phones. here’s the list:

    • AT&T Galaxy S5
    • Verizon Galaxy S5
    • Galaxy S4 Active
    • Nexus 5
    • AT&T Galaxy Note 3
    • Verizon Galaxy Note 3
    • Also some users have even reported its success with the all time favorite company of GeoHot, Sony Xperia SP C5303.

    Geohot became famous for being the first person to carrier unlock the original iPhone in 2007 and later for creating the limera1n jailbreak tool for future versions of the iPhone. He gained fame after subsequently hacking the software of the PlayStation 3 console, thereby opening up the ability to add homebrew and play pirated games, for which he was taken to court by Sony.
    HOW TO ROOT ANDROID DEVICE

    Step 1: Download Android Rooting application from towelroot.com and install it.

    Step 2: While Installation you might receive warning message saying that Towelroot “contains code that attempts to bypass Android’s security“. Just hit Install anyway after selecting the checkbox: “I understand and still want to install it“.

    Step 3: Once the Towelroot installation completes, launch the application and click the button reading “make it ra1n” and it will force your device to reboot.

    Step 4: After the device reboots to home screen your phone will be rooted with its bootloader unlocked. Cheers!

    Along with the Android users who were itching to get Android rooting technique for their devices and doing tons of things such as customizations, patching apps and installing third-party ROMs, the new tool will also allow cybercriminals as well to gain administrative access to a victim’s phone.

     

    Specifically, at the same time the cyber criminal with the administrative access could potentially run malicious code, retrieve files, bypass third-party or security applications including containers like Samsung’s secure Knox sub-operating system, and place backdoors for future access on users’ devices.

     

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Certain DevianArt advertising Campaigns lead to Malware, Spyware and Unwanted Applications on your computer

     

    DeviantArt Malwaretising

     

    Today, the estimated number of known computer threats like viruses, worms, backdoors, exploits, Trojans, spyware, password stealer, and other variants of potentially unwanted software range into millions. It has the capability to create several different forms of itself dynamically in order to thwart antimalware programs.

    Users of the biggest online artwork community, DevianART with Global Alexa Rank 148, are targeted by the potentially unwanted software programs — delivered by the advertisements on the website, Stop Malvertising reported on Sunday.

    A Potentially Unwanted Application (PUA) is a program that may not be intentionally malicious, but can negatively affect the performance and reliability of the system by distributing spyware or adware that can cause undesirable behavior on the computer. Some may simply display annoying advertisements, while others may run background processes that cause your computer to slow down. However, unlike malware, users themselves consent to install a PUA into their systems.

    The malicious advertisements are delivered via newly registered (3rd March 2014) domains – Redux Media (www.reduxmedia.com) and avadslite.com. “Over the past months, this domain has been seen to resolve to the following IP addresses: 107.20.210.36 (2014-05-01), 54.243.89.71 (2014-05-01) and 184.170.128.86 (2014-05-25). According to VirusTotal, malware has communicated with the last two IP addresses.” Kimberly from Stop Malvertising said.

    Once the user click on the Ad served by the DevianArt website, they are redirected to the Optimum Installer, a source of Potentially Unwanted Applications (PUA’s) that downloads legitimate software applications as well as bundled third-party software including toolbar.

     

    malware ad

    As shown, a pop-under warning will urge users to “update Media Player“, immediately followed by a second advertisement to “update Windows 7 Drivers” to avoid vulnerabilities, reduce crashes and ensure an optimal browsing experience. This is just a scam nothing more or less.

    Obviously, these are well known social engineering techniques to trick the computer user into installing malicious or ad-support software. Such infection are designed specifically to make money, generate web traffic, and will display advertisements and sponsored links within your web browser.

     

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Zeus Trojan (or Zbot Trojan) steals confidential information from the infected computer.

    Pandemiya hacking trojan

    A new and relatively rare Zeus Trojan program was found which is totally different from other banking Trojans and has capability to secretly steal data from forms, login credentials and files from the victim as well as can create fake web pages and take screenshots of victim’s computer.

    Researchers at RSA Security’s FraudAction team have discovered this new and critical threat, dubbed as ‘Pandemiya’, which is being offered to the cyber criminals in underground forums as an alternative to the infamous Zeus Trojan and its many variants, that is widely used by most of the cyber-criminals for years to steal banking information from consumers and companies.

     

    The source code of the Zeus banking Trojan is available on the underground forums from past few years, which lead malware developers to design more sophisticated variants of Zeus Trojan such as Citadel, Ice IX and Gameover Zeus.

     

    But, Pandemiya is something by far the most isolated and dangerous piece of malware as the author spent a year in writing the code for Pandemiya, which includes 25,000 lines of original code written in C.
    Like other commercial Trojan, Pandemiya infect the machines through exploit kits and via drive-by download attacks to boost infection rate that exploit flaws in the vulnerable software such as Java, Silverlight and Flash within few seconds victim lands on the web page.

    Pandemiya’s coding quality is quite interesting, and contrary to recent trends in malware development, it is not based on Zeus source code at all, unlike Citadel/Ice IX, etc.,” researchers from RSA, the security division of EMC, said Tuesday in a blog post. “Through our research, we found out that the author of Pandemiya spent close to a year of coding the application, and that it consists of more than 25,000 lines of original code in C.

    Pandemiya Trojan using Windows CreateProcess API to inject itself into every new process that is initiated, including Explorer.exe and re-injects itself when needed. Pandemiya is being sold for as much as $2,000 USD and provides all the nasty features including encrypted communication with command and control servers in an effort to evade detection.The Trojan has been designed with modular architecture to load more external plug-ins, which allows hackers to add extra features simply by writing new DLL (dynamic link library). The extra plug-ins easily add capabilities to the Trojan’s core functionality, that’s why the developer charge an extra of $500 USD to get the core application as well as its plugins, which allows cybercriminals to open reverse proxies on infected computers, to steal FTP credentials and to infect executable files in order to inject the malware at start up.

     

    The advent of a freshly coded new trojan malware application is not too common in the underground,” Marcus writes, adding that the modular approach in Pandemiya could make it “more pervasive in the near future.

    The malware developers are also working on other new features to add reverse Remote Desktop Protocol connections and a Facebook attack module in order to spread the Trojan through hijacked Facebook accounts.

    HOW TO REMOVE PANDEMIYA TROJAN

    The Trojan can be easily removed with a little modification in the registry and command line action, as explained below:

      1. Locate the registry key HKEY_LOCAL_USER\Software\Microsoft\Windows\CurrentVersion\Run and identify the *.EXE filename in your user’s ‘Application Data’ folder. Note the name, and delete the registry value.
      2. Locate the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls. Find the value with the same name as the *.EXE file in the previous step. Note the file name, and remove the value from the registry.
      3. Reboot the system. At this stage Pandemiya is installed but no longer running. Delete both files noted earlier. This will remove the last traces of the Trojan. Your system is now clean.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • First Android Phone Ransomware that Encrypts your SD card Files

    We have seen cybercriminals targeting PCs with Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it.
    To deliver the Ransomware malwares to the mobile devices, cyber criminals have already started creating malicious software programs for android devices. Last month, we reported about a new Police Ransomware malware that locks up the devices until the victims pay a ransom to get the keys to unlock the phone. But, the malware just lock the mobile screen and a loophole in the its implementation allowed users to recover their device and data stored on SDcard.

    Now, in an effort to overcome this, threat actors have adopted encryption in the development of mobile Ransomware malwares. Recently, the security firm ESET has discovered a new Android ransomware, dubbed as Android/Simplocker.A, that has ability to encrypt the files on the device SD card and then demand a ransom from the victim in order to decrypt those files.

    Once installed, the malware scans the SD card for certain file types such as image, document or video with extensions – jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypts them using AES in a separate thread in the background. After encrypting the files, the malware displays the following ransom message, written in Russian, which clearly means that this threat is targeting Russian Android users.

    WARNING your phone is locked!
    The device is locked for viewing and distributing child pornography , zoophilia and other perversions.
    To unlock you need to pay 260 UAH.
    1.) Locate the nearest payment kiosk.
    2.) Select MoneXy
    3.) Enter {REDACTED}.
    4.) Make deposit of 260 Hryvnia, and then press pay. Do not forget to take a receipt!
    After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!

    The Ransomware malware directs victim to pay the ransom amount i.e. 260 UAH, which is roughly equal to $21 US, through the MoneXy service, as this payment service is not easily traceable as the regular credit card.

    mobile virus

    To maintain anonymity the malware author is using the Command-and-Control server hosted on TOR .onion domain and the malware sends the information of the infected device such as IMEI number to its server. The researchers at ESET are still analysing the malware:

    Our analysis of the Android/Simplock.A sample revealed that we are most likely dealing with a proof-of-concept or a work in progress – for example, the implementation of the encryption doesn’t come close to “the infamous Cryptolocker” on Windows.

    The researchers have found that the malware is capable to encrypt the victim’s files, which could be lost if the decryption key is not retrieved from the malware author by paying the ransom amount, but on the other hand the researchers strongly advise users against paying fine, as their is no guarantee that the hacker will provide you decryption keys even after paying the amount.
    Unfortunately, mobile antivirus products are only capable to detect such known/detected threats only and can’t detect similar the new threats. So, it is important for you to always keep the back-up of all your files either manually on the computer system or use cloud backup services like dropbox, google drive etc, in order to protect it from the emerging threats.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

     


  • Android security loophole lets apps take and upload pics without you knowing

    Google is always keen to downplay the problem of malware on Android, for obvious reasons, but that doesn’t make the underlying threats any less troubling. New threats are being discovered all the time, and as the platform grows – with over 1.5 million Android devices being activated every day – the potential to infect ever more devices grows too.

    It must be said that Google does a pretty decent job when it comes to eliminating malware from its own Play Store – less than 0.1% of apps there contain malicious code, according to F-Secure (pdf) – and efforts such ason-device monitoring have also helped to limit the impact of rogue software. But third-party Android stores fare considerably worse than this; according to Forbes, in one third-party store, a staggering 33% of apps were found to be infected.

    One such threat was documented by security researcher Szymon Sidor this week, who found that by creating an app that exploited a simple loophole in the OS, he was able to get a device to capture photos using its camera, and then upload them to a remote server, without the user having so much as a hint that anything untoward had happened.

    [​IMG]
    Your phone could be taking photos of you looking like this, without you knowing!

    Sidor said that he had observed numerous apps on Google Play that were capable of taking photos covertly, but each of them required a visible indication of the app’s activity on screen and, critically, for the screen to be switched on. As he wrote on his Snacks For Your Mind blog, he set about trying to see if there was a way to perform the same task, but without that visible indication.

    He succeeded, and he was able to do so by exploiting a simple loophole in Android’s security features. Android requires that, when a photo is being taken, a preview of the image viewfinder must be shown on the screen; it’s a measure to ensure that users know that the camera is engaged and not taking photos or videos of them without their knowledge.

    But Sidor adjusted the code in his testbed app to continue displaying that preview, but only on a single pixel. That makes it completely impossible for a user to be able to see the preview, and therefore none the wiser if an app were to covertly be capturing snaps of them and uploading them elsewhere. The app was also able to capture other details from the device, such as battery level (crucial in helping to avoid detection of the app via its battery drain), and even the current location of the device. Check out the video below:

    Perhaps the most disturbing finding is revealed in this little snippet (emphasis is ours):

    The result was amazing and scary at the same time – the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)! Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.

    Sidor’s post on his findings is well worth a read – and he also includes a few handy tips on how to protect yourself from the threat of malicious apps on your Android device. He acknowledges that he was not, in fact, the first to discover this flaw, but also adds that he has contacted Google with the details of his own research, in the hope that they will close the loophole with a future security patch.

     

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

     


  • eBay Hacked – Change your account password now

    eBay customers are now potentially vulnerable to phishing attacks i.e. spoofed e-mails. Hackers or spammers could craft very convincing phishing emails which may appear legitimate at first glance, but could trick you into revealing further personal information.

    To change your eBay password, log into your account, select Account Settings, then click “Personal Information”, then “edit” next to your password. If you are using same login details for other websites, you should also update them as soon as possible.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

     


  • FBI Bust Computer Hackers Spying and Stealing your information while online

    Computer hacker forums lit up last week as Federal Bureau of Investigation agents and police in 17 countries began knocking on doors, seizing computers and making arrests.

    On the popular websites where cyber criminals buy and sell software kits and help each other solve problems, hackers issued warnings about police visits to their homes.

    The hackers quickly guessed that a major crackdown was underway on users of the malicious software known as Blackshades.

    The FBI and prosecutors in the Manhattan U.S. attorney’s office announced the results of that probe on Monday: More than 90 arrests worldwide.

    The malware sells for as little as $40. It can be used to hijack computers remotely and turn on computer webcams, access hard drives and capture keystrokes to steal passwords — without victims ever knowing it.

    Related: Beware, your computer may be watching you

    Criminals have used Blackshades to commit everything from extortion to bank fraud, the FBI said.

    Last week, watching it all play out were about two dozen FBI cybercrime investigators holed up in the New York FBI’s special operations center, high above lower Manhattan.

    Rows of computer screens flickered with updates from police in Germany, Denmark, Canada, the Netherlands and elsewhere. Investigators followed along in real time as hundreds of search warrants were executed and suspects were interviewed.

    The sweep, capping a two-year operation, is one of the largest global cybercrime crackdowns ever. It was coordinated so suspects didn’t have time to destroy evidence. Among those arrested, in Moldova, was a Swedish hacker who was a co-creator of Blackshades.

    “The charges unsealed today should put cyber criminals around the world on notice,” said Leo Taddeo, chief of the FBI’s cybercrime investigations in New York. “If you think you can hide behind your computer screen — think again. ”

    hackersOfficials say Blackshades was used to illegally access the computers of 700,000 victims around the world, as shown in this FBI heatmap.

    700,000 victims around the world: Inside the FBI special operations center, six large computer monitors displayed key parts of the probe. Agents kept an eye on one screen showing a popular website where Blackshades was sold. The site was taken down by the FBI.

    Another monitor showed a heatmap of the world displaying the locations of the 700,000 estimated victims, whose computers have been hijacked by criminals using the Blackshades software. Splotches of green on the map indicated concentrations of infected computers in highly populated parts of the U.S., Europe, Asia and Australia.

    The FBI said that in just a few years Blackshades has become one of the world’s most popular remote-administration tools, or RATs, used for cybercrime.

    Taddeo said the unprecedented coordination with so many police agencies came about because of concern about the fast growth of cybercrime businesses.

    “These cyber criminals have paid employees, they have feedback from customers — other cyber criminals — to continually update and improve their product,” Taddeo said recently. While he spoke, agents took calls from counterparts working the case in more than 40 U.S. cities.

    Blackshades had grown rapidly because it was marketed as off-the-shelf, easy to use software, much like legitimate consumer tax-preparation software.

    “It’s very sophisticated software in that it is not very easy to detect,” Taddeo said. “It can be installed by somebody with very little skills.”

     

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

     


  • Internet Explorer Security Update Released today around 5:00pm

    Microsoft announced today that have issued an out-of-band security update to fix the Internet Explorer vulnerability discussed in Microsoft Security Advisory 2963983. This vulnerability is actively being used in targeted attacks and allows remote code execution on the affected computers. Today’s KB2964358 update will patch this vulnerability so that users of Internet Explorer are no longer affected. In a surprise move and a testament to the danger posed by this vulnerability, Microsoft released a patch for Windows XP users even though it is no longer officially supported.

    This KB2964358 security update is currently available via Windows Update and all users, whether you use Internet Explorer or not, are encouraged to install it. To install the update, please open Windows Update and click on the Check for Updates option. Once Windows Update has finished checking, you should see a new update titled Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2964358). Please select that update and install it immediately.
    If you do not see the update installed, check to see if it is installed by clicking on the View Update History option.

    Microsoft has also announced that malware is being distributed via email that is claiming to be this update. If you receive an email that is supposedly from Microsoft and that contains an executable please do not run it. Microsoft will never distribute security updates via email.

    Please Visit our computer services page if feel you become  infected


  • 4chan Hacked, Attacker Mainly Targeted Moderator Accounts

    Complete Computer Repair Latest News and Virus Threats Fort Lauderdale
    Complete Computer Repair News

     

    A few hours ago, Christopher Poole, aka “moot,” the founder of 4chan, revealed that the popular image-based bulletin board was hacked.

    The attack took place last week. The hacker leveraged a software vulnerability to gain access to administrative functions and data from a 4chan database. The attacker apparently wanted to expose the posting habits of a specific user he didn’t like.

    “After careful review, we believe the intrusion was limited to imageboard moderation panels, our reports queue, and some tables in our backend database,” moot noted.

    “Due to the way the intruder extracted information from the database, we have detailed logs of what was accessed. The logs indicate that primarily moderator account names and credentials were targeted.”

    The hacker accessed the Pass credentials of three 4chan Pass users. The impacted individuals have been notified and offered refunds and lifetime Passes.

    moot highlights the fact that 4chan doesn’t process any payment information, so the attacker couldn’t have gained access to financial data. Payment information is processed by Stripe.

    As far as the vulnerability leveraged by the hacker is concerned, it has been patched shortly after 4chan became aware of it. Software and systems are being reviewed to prevent future breaches.

    In a 4chan post published last week (removed since), a user revealed that the attacker was an Australian individual who wanted to expose “multiple abuses of power and violations of proper mod stewardship.” The attacker allegedly gained access to the details of over 12,000 sold Passes. He’s said to have had access to 4chan’s systems for a week.

    This isn’t the first time 4chan is targeted by hackers. Back in June 2012, hackers of UGNazi redirected the site’s visitors to their Twitter account.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

     


  • AOL hit by massive data breach, Urges users to change their passwords

    Complete Computer Repair Latest Computer News Fort Lauderdale

    AOL hit by massive data breach

    The personal details of AOL’s millions of customers has been leaked in an attack on the company’s systems, resulting in thousands of accounts being hijacked to send spam.
    Internet pioneer AOL has warned of a major breach that has affected a significant number of users, leaking email and postal addresses, contact information and password details to attackers unknown.

    AOL launched in 1983 as the Control Video Corporation and produced a short-lived modem-based gaming download service for the Atari 2600 dubbed GameLine. The precursor to Valve’s Steam and similar digital distribution systems, GameLine was not a financial success; the company had better luck with the Link series of online portals for the Commodore 64, Apple II and Macintosh, and IBM compatibles. In 1989, America Online was born as a walled-garden internet service which included chat, email and several games – including the first-ever web-based interactive fiction series and the first automated play-by-email game.

    While internet-savvy consumers soon dropped AOL’s walled-garden system for more open services from generic internet service providers, the company still boasts a considerable client base. Despite an ongoing slide in customers, the company boasts a near three-million user count in the US alone – and it’s these customers who have been exposed in a serious security breach.

    ‘We have determined that there was unauthorised access to information regarding a significant number of user accounts,’ the company admitted late last night, following an investigation into spam messages sent from registered AOL accounts. ‘This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly two per cent of our email accounts.’

    The company has not confirmed the nature of the ‘encryption’ used to store the passwords – which should, by industry best practice, be a salted one-way hash function, rather than reversible encryption – but does claim that it has ‘no indication’ that said encryption was broken; this despite the attackers gaining full access to the accounts from which spam is issuing, an indication that they have indeed been able to retrieve at least some passwords from the corpus.

    Users affected by the breach – and, at this point, it looks to cover anyone with an AOL email address, active or otherwise – is advised to reset their password and change their security questions; if the same password is used anywhere else, that should be changed too.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere