Subscribe to:

Subscribe to :: TheGuruReview.net ::

Has The Playstation Network Suffered Another Breach

August 28, 2017 by  
Filed under Gaming

The hacker group known as OurMine has reportedly cracked into Sony and made off with a collection of PlayStation Network (PSN) logins.

Legitimately, OurMine offers to protect your online accounts and presence and keep it secure on a monthly paid for basis. It also busts its way into systems, picks them apart and exposes their weaknesses all while wearing a lovely white hat.

We have already seen it at work this month when it took on HBO and Game of Thrones and managed to come out of it with Twitter control and a couple of script treatments. 

The benevolent group is not planning on leaking any of the information that it took from PSN and got quite indignant at the suggestion in one of its own tweets, suggesting that Sony just needed to get in touch and avail itself of the OurMine services and this would all be over.

“No, we aren’t going to share it, we are a security group, if you works at PlayStation then please go to our website ourmine . org,” it said on Twitter.

Reports claim that the hack of Sony’s social media accounts was achieved using its Sprout Social management account, which also gave OurMine access to user registration information such as names and email addresses.

It is tough to imagine that Sony’s PlayStation people would welcome this third-party intervention. The firm has had to deal with hackers before in 2001 when it went after the cracker known as Geohot. Then, the firm was taken offline for almost three weeks and had tens of millions of PSN user details pinched.

Sony’s Facebook account also got taken over for a short while this weekend putting users off the service and sparing other people from cat pictures and happy couples. Unfortunately, though, this only had a brief impact.

Courtesy-TheInq

Bitcoin Keeps Soaring, Surpasses $4000 Threshold

August 15, 2017 by  
Filed under Around The Net

Bitcoin has passed another major milestone, easily reaching beyond the $4,000 threshold on Sunday. The cryptocurrency, which has only been in existence for seven years, reached a high of $4,224 (equivalent to £3,244 or AU$5,343) shortly after 9 a.m. UTC on Sunday.

It’s been a swift rise for bitcoin, which only passed the $3,000 marker for the first time at the start of the month. The rise also comes fresh off the heels of the so-called “hard fork” in bitcoin which saw a new virtual currency called Bitcoin Cash split off from bitcoin proper on August 1.

The split was designed to deal with the growing popularity of bitcoin, which was struggling to support an increasing number of transactions using existing blockchain technology, though the move left many wondering whether market values would fall.

But bitcoin seems to have defied expectations, pushing through the $4,000 barrier with ease, though there’s no certainty on where values are headed — particularly as we push closer toward the day when every bitcoin is mined.

Still, this is for sure: Purchasing 1 bitcoin for 8 cents back in 2010 would have netted you a 52,800-fold return today.

Only 3 Out Of The Top 500 Online Merchants Accept Bitcoins

July 14, 2017 by  
Filed under Around The Net

 

If you’ve somehow amassed cache of bitcoins and want to do some online shopping, the bad news is you probably won’t be buying much.

This year, the cryptocurrency is only accepted by three out of the top 500 online merchants, reports Bloomberg. That’s down from five from last year, making using Bitcoin to buy things from merchants a lot tougher.

The lack of merchants is puzzling, given the gains from bitcoins recently — one bitcoin is worth more than an ounce of gold — and may be a sign that the cryptocurrency is better off as an asset than currency.

The Bloomberg report also mentioned that transaction fees could be an issue why the crytocurrency is not widely accepted. With fees climbing, smaller transactions aren’t worth it compared to using other payment methods.

 

Darknet Market Places Feeling The Heat From Authorities Worldwide

November 3, 2016 by  
Filed under Around The Net

dark-web-150x150Law enforcement agencies worldwide staged a crackdown on so-called darknet web sites last week, targeting merchants and thousands of customers who were looking to obtain illegal drugs and goods.

From Oct. 22 to Oct. 28, the agencies took action against merchants and customers that used these sites for illicit items, U.S. Immigration and Customs Enforcement said in a statement on Monday.

Unlike other websites, these underground marketplaces reside within the darknet — a sort of parallel internet accessible to visitors via anonymizing software like Tor. While the software has legitimate uses, such as safeguarding communications in authoritarian countries, it has been adopted for more illicit means.

Last week’s crackdown was global in scale. In addition to the U.S., Europol and law enforcement agencies from Australia, Canada, New Zealand and the U.K. participated in the operation.

In the U.S., the FBI said it made “contact” with 150 individuals suspected of buying illicit items from darknet marketplaces. “Some of these individuals confessed to ordering a range of illegal drugs and controlled substances online, including heroin, cocaine, morphine, and ketamine,” the FBI said.

It’s unclear how U.S. investigators found out about the suspects’ activities. But a video posted online shows agents searching for illegal goods by opening packages at a Los Angeles mail facility. Among the items seized were live turtles sent from Las Vegas, a counterfeit bong made in China, and fake Ray-Ban sunglasses.

In other countries such as Sweden, local police said they had identified more than 3,000 suspected buyers of drugs sold over the darknet. Police were able to identify the suspects because six of the largest Swedish merchants on the darknet had been arrested in the past year.

Police in Netherlands also said they took “some criminal justice actions” as part of last week’s operation. Authorities there have even published a website, naming which vendors are still active on the darknet, and which have already been arrested.

Hacker Offering 167 Million LinkedIn User Records For Sale

May 20, 2016 by  
Filed under Around The Net

A hacker is attempting to sell a database dump containing account records for 167 million LinkedIn users.

The announcement was posted on a dark market website called TheRealDeal by a user who wants 5 bitcoins, or around $2,200, for the data set that supposedly contains user IDs, email addresses and SHA1 password hashes for 167,370,940 users.

According to the sale ad, the dump does not cover LinkedIn’s complete database. Indeed, LinkedIn claims on its website to have more than 433 million registered members.

Troy Hunt, the creator of Have I been pwned?, a website that lets users check if they were affected by known data breaches, said it’s highly likely for the leak to be legitimate. He had access to around 1 million records from the data set.

“I’ve seen a subset of the data and verified that it’s legit,” Hunt said.

LinkedIn suffered a data breach back in 2012, which resulted in 6.5 million user records and password hashes being posted online. It’s highly possible that the 2012 breach was actually larger than previously thought and that the rest of the stolen data is surfacing now.

LinkedIn did not immediately respond to a request for comment.

Attempts to contact the seller failed, but the administrators of LeakedSource, a data leak indexing website, claim to also have a copy of the data set and they believe that the records originate from the 2012 LinkedIn breach.

When the 6.5 million LinkedIn password hashes were leaked in 2012, hackers managed to crack over 60 percent of them. The same thing is likely true for the new 117 million hashes, so they cannot be considered safe.

Worse still, it’s very likely that many LinkedIn users that were affected by this leak haven’t changed their passwords since 2012. Hunt was able to verify that for at least one HIBP subscriber whose email address and password hash was in the new data set that is now up for sale.

Many people affected by this breach are also likely to have reused their passwords in multiple places on the Web, Hunt said via email.

 

 

 

 

Sony Offering Discounts After PlayStation Outage

January 5, 2015 by  
Filed under Gaming

If you received a PlayStation 4 for Christmas but network outages hampered you from using it, Sony wants to make it up to you.

Sony Computer Entertainment America will offer 10% off PlayStation Store purchases including games, TV shows and movies as a gesture of thanks for users’ patience following an outage of several days caused by denial-of-service (DDoS) attacks.

In addition, PlayStation Plus members who had an active membership or free trial on Dec. 25 will receive a membership extension of five days, Eric Lempel of Sony Network Entertainment wrote in a blog post.

Judging from the comments to the post, many PlayStation Network (PSN) users were happy about the offer, but not all of them.

“What I would like, more than anything else, is an explanation from Sony about how and why this will never happen again,” wrote one user. “Use the money to strengthen and diversify the network infrastructure so these types of attacks become harder to make and easier to recover from.”

In another blog post, Sony had attributed the outages to an attack creating “artificially high levels of traffic designed to disrupt connectivity and online gameplay.”

The DDoS attacks, which also took down Microsoft’s Xbox Live game network, were apparently launched by hacker group Lizard Squad, which later took aim at anonymous network Tor.

 

 

Hackers Continue Attack On Tor

December 29, 2014 by  
Filed under Around The Net

Hackers who apparently attacked Sony’s PlayStation Network (PSN) and Microsoft’s Xbox Live on Christmas Day have turned their attention towards anonymous network Tor.

Lizard Squad, which claimed responsibility for the outage, on Friday tweeted, “To clarify, we are no longer attacking PSN or Xbox. We are testing our new Tor 0day.”

While at least one site that maps the Tor network showed numerous routers with the name “LizardNSA,” the extent of any attack was unclear.

Tor directs user traffic through thousands of relays to ensure anonymity. In a Dec. 19 blog post, Tor managers warned of a possible attack, saying, “There may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities.”

Sony engineers, meanwhile, continued to struggle to get PSN back online Friday following the suspected denial-of-service (DDoS) attacks on Thursday.

Sony’s Twitter account for PSN asked frustrated gamers to be patient as staff worked to get the service back up and running, saying it did not know when PSN would be back online.

“We are aware that some users are experiencing difficulty logging into the PSN,” Sony said on its PlayStation support page, where the network was listed as offline.

In a Twitter post showing a chat with the alleged hackers, MegaUpload founder Kim Dotcom suggested he had convinced Lizard Squad to stop the attacks in return for lifetime memberships on his file-transfer site Mega.

Lizard Squad had taken credit for an apparent attack against PSN earlier this month, as well as an attack in August. The incident came at the same time that a U.S. flight carrying Sony Online Entertainment President John Smedley was diverted for security reasons.

 

 

Apple’s OS X Appears To Be At Risk

December 24, 2014 by  
Filed under Computing

Apple has issued a fix for a “critical security issue” in OS X following the discovery of a vulnerability in the Network Time Protocol which affects the Yosemite, Mavericks and Mountain Lion operating systems.

The bug, revealed earlier this month, could allow hackers to execute arbitrary code on systems not updated with the fix, and trigger buffer overflows while using OS X Network Time Protocol daemon (NTPD) privileges.

The exploit, named CVE-2014-9295, was uncovered by Stephen Roettger of the Google Security Team earlier this month, but Apple didn’t issue a fix straight away because the firm likes to be sure that the flaw is authentic.

“For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available,” said Apple on its support page.

The update is available now for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1.

Users can find the update via Software Update. It will have already downloaded if the ‘Install system data files and security updates’ option is checked in the App Store menu of System Preferences.

Those who want to verify their NTPD version can do so by opening Terminal and typing what /usr/sbin/ntpd. If the the update is already installed, users should see the following versions:

Mountain Lion: ntp-77.1.1
Mavericks: ntp-88.1.1
Yosemite: ntp-92.5.1

Apple hasn’t had the best luck with security in recent months, which is unusual as the firm is renowned for its tough defenses against the vulnerabilities that affect operating systems like Windows.

The company beefed up its iCloud security in October, adding per-application passwords for third-party apps that don’t support two-factor authentication following the high-profile celebrity iCloud hack in September.

The most recent addition is app-specific passwords to guard against exposure of a user’s iCloud details.

Courtesy-TheInq

Facebook Debuts ‘Rooms’ App For Chats

October 24, 2014 by  
Filed under Around The Net

Facebook is going old school, with a stand-alone app for discussion boards geared towards allowin users to talk about shared interests without having to use their real names.

The company released Rooms on Thursday, its answer to the craze around posting and sharing anonymously. People can use any name they want and don’t need a Facebook account. The app contains rooms geared around various topics, all of which require an invite link to enter. Providing an email address is optional, for the purposes of having accessed rooms restored if the user deletes the app.

The app is only available on iOS. Plans for other platforms like Android or Windows Phone were not disclosed.

The app is not just about anonymity. With it, Facebook hopes to provide a discussion board-type platform where users can chat about shared interests outside of their usual social circles. It’s a concept that has been super popular since, oh, the web’s been around.

“One of the magical things about the early days of the web was connecting to people who you would never encounter otherwise in your daily life,” Facebook said in a statement Thursday.

“From unique obsessions and unconventional hobbies, to personal finance and health-related issues — you can celebrate the sides of yourself that you don’t always show to your friends,” the company said.

But the app’s ability to succeed likely depends on the number and diversity of rooms created by its users, and whether the app’s focus on visuals and photos appeals to them. There’s also no desktop version.

The app was developed as part of Facebook’s Creative Labs project, which has also released stand-alone apps like Slingshot and Paper.

Facebook stresses that Rooms will let users create a unique identity separate from their Facebook account. Your name can be “Wonder Woman” in the app, Facebook said.

I tried out the app, and was even able to use “Mark Zuckerberg” as my name. (A short “hello” post of mine then immediately generated several “high fives.”)

Facebook, however, may share information about Room users within the companies and services operated by Facebook, which would include Facebook itself and other apps like Instagram and WhatsApp, according to the Rooms terms of service.

 

 

Are Anti-Spy Smartphones Coming Of Age?

August 7, 2014 by  
Filed under Mobile

Since Edward Snowden revealed that the US government is spying on everyone, there has been a boom in the sales of expensive “difficult to hack” phones. Two products new products in the last five weeks show how the market place for off the grid communications is growing.

First one there was the Blackphone, a handset which started shipping on June 30 for $629, and last week there was an app called Signal which appeared last week. Blackphone and Signal use encryption developed by world-class cryptographers and developers who hate the US government.

Signal maker Open Whisper Systems wrote on its blog that in an environment of increasingly pervasive surveillance, it wanted to make it as easy as possible for anyone to be able to organize and communicate securely. Blackphone uses Silent Circle, that allows users to send encrypted voice calls and texts to one another. Silent Circle’s software is already available for iPhone and Android phones, but the company says Blackphone uses a sexed up version of Android that makes it harder for hackers to take control of the phone and listen in.

Signal maker reports that the software had 70,000 downloads on the first day, probably because the service is free.

Courtesy-Fud

Silent Circle Secured ‘Blackphones’ Coming Soon

June 12, 2014 by  
Filed under Mobile

The Blackphone security-focused smartphone will deubt in three weeks and “a few thousand” have already been sold through pre-orders, executives from the device’s makers say.

Encrypted communications provider Silent Circle and manufacturer Geeksphone introduced the Blackphone earlier this year to give users a way around data collection by governments and private companies. The US$629 device, made by a Swiss joint venture called SGP Technologies SA, runs a custom Android-based OS and was designed from the ground up to prevent hacking. It will offer secure and private voice and video calls, text messaging and file exchanges, as well as anonymous Internet use, the companies say.

Through partnerships with service providers in Europe and in North, Central and South America, the companies have commitments to deliver millions of phones, Silent Circle President and co-founder Phil Zimmerman said on Tuesday at MIT Technology Review’s Digital Summit in San Francisco. KPN, which has already said it will sell the Blackphone in Germany, Belgium and the Netherlands, is committing to hundreds of thousands of phones, he said.

The device, along with Silent Circle’s service, offers end-to-end encrypted communications from one Blackphone to another. Even if one person doesn’t have a Blackphone, communication will be encrypted from the phone to Silent Circle’s servers.

Silent Circle doesn’t hold the encryption keys itself, so it can’t give governments access to users’ communications even if asked, Zimmerman said. The phone also keeps carriers and app providers from collecting user information, he said.

“If you get a free service like Facebook, there’s a catch. … If you’re not paying for the product, then you are the product,” Zimmerman said. “What we’re doing here is, we’re making you pay for the product.” Growing awareness and concern about data-collection practices should help to expand demand for the phone, he said.

The Blackphone is designed to protect users from “driftnet fishing” for user information by organized crime and government entities such as the National Security Agency, but it can’t defend against targeted attacks, according to Zimmerman. “If NSA really, really wants to get into just your phone … they’re going to get into your phone,” he said.

The companies will update the phones to protect against any vulnerabilities that may be discovered in the future, Geeksphone co-founder Javier Aguera said.

 

Facebook Debuts Anonymous App Log-ins

May 2, 2014 by  
Filed under Around The Net

Ever looked at an app and decided against trying it because you didn’t want to share your data? Facebook is attempting to remove that stumbling block with a new service called anonymous log-ins that was announced Wednesday.

The idea is to let users log into apps and try them out without having to worry about who they’re their sharing data with, and about whether the app will spam their friends with posts about their app use.

It’s one of the ways Facebook is trying to overcome people’s fear of pushing “the big blue button,” as CEO Mark Zuckerberg put it at the Facebook’s F8 developer conference in San Francisco.

That’s the button that lots of developers use to let you log into their app using Facebook, and it’s been holding some people back. “By giving people more control, they’ll trust the app more,” Zuckerberg said.

Facebook will still create an “anonymous identifier” that allows the app to recognize people across different devices, he said. And the hope is that people will sign in with their real identity later if they want to.

The change is a recognition that people are still uneasy about the data they share with Facebook and with mobile apps. The company needs to overcome those fears if it’s to keep expanding the use of its services.

In the same vein, when people do decide to log into an app with their real identity, they’ll get more granular control over what they share. They’ll have to share their public Facebook profile, but they’ll be able to choose not to share other information like their friends list, email, birthday, and their likes.

F8 is a conference for developers and we’re not expected to hear about any big new Facebook features. Instead, the company is talking about new features in Parse, a service it bought last year that lets developers build mobile apps.

 

 

 

Does Apache Need To Be Patched?

April 30, 2014 by  
Filed under Computing

Apache Software Foundation released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts did not fully patch the bug. Apparently, the patch for the patch is in development and will be released likely within the next 72 hours.

Rene Gielen of the Apache Struts team said that once the release is available, all Struts 2 users are strongly recommended to update their installations. ASF provided a temporary mitigation that users are urged to apply. On March 2, a patch was made available for a ClassLoader vulnerability in Struts up to version 2.3.16.1. All it took was an attacker to manipulate the ClassLoader via request parameters. However Apache admitted that its fix was insufficient to repair the vulnerability. An attacker exploiting the vulnerability could also cause a denial-of-service condition on a server running Struts 2.

“The default upload mechanism in Apache Struts 2 is based on Commons FileUpload version 1.3 which is vulnerable and allows DoS attacks. Additional ParametersInterceptor allows access to ‘class’ parameter which is directly mapped to getClass() method and allows ClassLoader manipulation.”

It will be the third time that Struts has been updated this year. In February, the Apache Struts team urged developers to upgrade Struts 2-based projects to use a patched version of the Commons FileUpload library to prevent denial-of-service attacks.

Courtesy-Fud

 

Is The Government Ignoring Hackers?

January 20, 2014 by  
Filed under Computing

Security experts have warned that the US government has failed to implement fixes to protect the HealthCare.gov website from hackers.

Three months ago experts first pointed out 20 key flaws in the site, but it appears that none of them have been fixed. David Kennedy, head of computer security consulting firm said that the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after HealthCare.gov went live on October 1.

At the moment hackers could steal personal information, modify data or attack the personal computers of the website’s users, he said. They could also damage the infrastructure of the site, according to Kennedy. He added that the holes are alarming and is surprised that no one seems to be fixing any of them. I appears to be a case of “if you like your security holes, you can keep them.”

Courtesy-Fud

Did A Top Hacker Overdose?

January 7, 2014 by  
Filed under Computing

Top hacker Barnaby Jack died from mixing too many drugs in one session, a coroner’s report shows. Kiwi-born Jack was supposed to give a talk at a security conference when he was found dead in his bed.

Conspiracy nuts raised an eyebrow or two when it was revealed that Jack’s death occurred shortly before he was due to demonstrate how heart implants could be hacked at the Black Hat security conference in Las Vegas. He did not have a mark on him and showed no signs of trauma. However, now a coroner’s report has shown that Jack had a mix of heroin, cocaine and prescription drugs in his system. And he died of “acute mixed drug intoxication.”

Jack rose to fame after a 2010 demonstration, in which he hacked a cash machine, making it give out money. Jack’s girlfriend had found him lying in bed unresponsive, with “multiple bottles of beer and champagne” in the rubbish bin, so it must have been a hell of a night.

Courtesy-Fud

Next Page »