Blog Archives
Like LinkedIn, eHarmony is hacked; 1.5 million passwords stolen
EHarmony, the popular online dating site, was the target of a password hacking attack that resulted in 1.5 million stolen passwords, most of which have been cracked.
The attack is believed to be by the same hacker who stole 6.5 million passwords from LinkedIn, the career-oriented social network.
The hacker posted two lists containing the 8 million passwords on the website insidepro.com, on which the user goes by the name of “dwdm.”
The larger list contained some passwords LinkedIn has now confirmed as belonging to its social network. and a significant number of the passwords on the smaller list contained the words “eHarmony” or “harmony,” according to Ars Technica.
EHarmony has confirmed that some of its passwords were stolen. The company announced the news in a blog, but did not say how many passwords were stolen. The dating site reset passwords for compromised accounts and emailed those users with instructions on how to reset their passwords.
The user posted the list of hashed passwords online and asked peers for help cracking them. The passwords were not salted — which is an extra form of security that can be added on top of hashing passwords — allowing dwdm’s peers to help crack the vast majority of the passwords. Ars Technica reports that only about 98,000 passwords are still secure.
Ars Technica reports that the lists only contains passwords and not actual logins, which makes the passwords useless even if cracked, but in all likelihood, the hacker also has the logins. Read More
Massive ‘Flame’ Malware Stealing Data Across Middle East
Researchers at Kaspersky Lab have uncovered a massive cyber threat, dubbed Flame, that is targeting “sensitive” information across the Middle East.
The malware, Kaspersky said, “might be the most sophisticated cyber weapon yet unleashed.”
Once deployed, Flame can sniff network traffic, take screenshots, record audio conversations, intercept a keyboard, and more, Kaspersky said. All of this data is then available via Flame’s command-and-control servers.
Iran has thus far been hardest hit by Flame, with at least 189 infections. Israel/Palestine came in second with 98, followed by Sudan (32), Syria (30), Lebanon (18), Saudi Arabia (10), and Egypt (5).
Kaspersky has not identified any specific organization that Flame is targeting. “From the initial analysis, it looks like the creators of Flame are simply looking for any kind of intelligence – emails, documents, messages, discussions inside sensitive locations, pretty much everything,” Kaspersky’s Alexander Gostev wrote in a blog post. “We have not seen any specific signs indicating a particular target such as the energy industry – making us believe it’s a complete attack toolkit designed for general cyber-espionage purposes.” Read More
How New Internet Spying Laws Will Actually ENABLE Stalkers, Spammers, Phishers And, Yes, Pedophiles & Terrorists
There’s proposed legislation in the US (sponsored by Lamar Smith) and in Canada (sponsored by Vic Toews) and in the UK that uses various flimsy justifications for the mass collection of data on telecommunications users. The data covered by these proposals varies, but includes things like URLs, phone calls, text/instant/email messages, and other forms of communication. Some of this proposed legislation deals with communication metadata, e.g., sender, recipient, time, etc.; some of it deals with communication content, e.g., the full text of messages.
I’m going to gloss over the specifics for two reasons: first, they’ve been covered exhaustively elsewhere, and second, I think it’s an absolute certainty that whatever these proposals contain, the next ones will contain more.
The putative reasons given for these proposals are the usual Four Horseman of the Infocalypse: terrorists, pedophiles, drug dealers, and money launderers. One would think, given the hysteria being whipped up by the proponents of these bills, that one could hardly walk down the street without being offered raw heroin by a grenade-throwing child pornographer carrying currency from 19 different countries.
Of course, everyone who’s actually studied terrorists, pedophiles, drug dealers and money launderers in the context of telecommunications knows full well that nothing in these bills will actually help deal with them. The very bad people who are seriously into these pursuits are not stupid, and they’re not naive: they use firewalls, encryption, and tunneling. They use strong operating systems and robust application software. They use rigorous procedures guided by a strong sense of self-preservation and appropriate paranoia. They’re not very likely to be caught by any of the measures in these bills because they’ll (a) read the text and (b) evade the enumerated measures. Read More