background preloader

Online Security

Facebook Twitter

Big Brother

Cyber Warfare & Espionage. Saving the Internet. Android Malware. Understanding Anonymous. Safe and Savvy Blog by F-Secure. Facebook admits it was hacked last month in a 'sophisticated attack' after employees visited compromised site. Official statement claims no user data was compromised, as far as they knowAnnounced just weeks after Twitter experienced similar attacksBoth companies said the events were not isolated, Java software vulnerability likely to blame By Joshua Gardner Published: 04:07 GMT, 16 February 2013 | Updated: 04:09 GMT, 16 February 2013 Social media giant Facebook has announced that several company computers were victims of a cyber attack that occurred sometime last month.

Facebook admits it was hacked last month in a 'sophisticated attack' after employees visited compromised site

‘Our systems had been targeted in a sophisticated attack,’ read the statement dated February 15. Warning signs: Often accused of being loose with user data, Facebook recently announced it recently came under a 'sophisticated attack' The company says the infiltration occurred when ‘a handful of employees’ visited a website that, in turn, infected their laptops with security compromising malware.

This, the statement says, despite the laptops being ‘fully-patched and running up-to-date anti-virus software.’ Heartbleed will haunt the Internet for years. From the instant news of the Heartbleed bug hit the Internet earlier this month, system administrators scrambled to fix a hole in their security that could have allowed hackers to access their encrypted information for years.

Heartbleed will haunt the Internet for years

While most major websites patched their systems almost immediately, there’s a good chance many smaller sites may never take similar measures. In other words, the vulnerabilities created by Heartbleed may plague the Internet for years to come. Maybe forever. Independently identified by researchers at Google and online security firm Codenomicon only a few days apart, Heartbleed is a bug contained in approximately ten lines of poorly written code in the open-source encryption tool OpenSLL. The bug, which was introduced in a 2012 update to OpenSLL, allows attackers to grab encrypted information as it passes between a website and its users. Additionally, Sudbury notes, the speed at which scripted attacks occur after a bug is first revealed has increased in recent years.

The Heartbleed Hit List: The Passwords You Need to Change Right Now. An encryption flaw called the Heartbleed bug is already being dubbed one of the biggest security threats the Internet has ever seen.

The Heartbleed Hit List: The Passwords You Need to Change Right Now

The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years. But it hasn't always been clear which sites have been affected. Mashable reached out to some of the most popular social, email, banking and commerce sites on the web. Will changing your password really protect you from Heartbleed? Tech companies are facing increased pressure to do more to reassure their users about the Heartbleed bug.

Will changing your password really protect you from Heartbleed?

Affected sites, including Google and Facebook, have fixed the problem, but its users are complaining they're still being left in the dark as to what it means for their personal data. Meanwhile, there are still thousands of websites who are yet to fix the problem, or officially announce the fix - leaving their users in limbo. Websites fall into one of three groups - affected and at risk, affected and fixed and not affected.

Affected and at risk: This applies to sites that use the OpenSSL software but have not patched the flaw. Open SSL developer confesses to causing Heartbleed bug. Despite speculation that the Heartbleed flaw was deliberately created by government agencies to spy on us, a developer has now come forward and confessed to causing the problem.

Open SSL developer confesses to causing Heartbleed bug

German programmer Dr Robin Seggelmann told the Sydney Morning Herald he wrote the code, which was then reviewed by other members and eventually added to the OpenSSL software. What is Social Engineering? Examples and Prevention Tips. Social engineering is the art of manipulating people so they give up confidential information.

What is Social Engineering? Examples and Prevention Tips

The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer. Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.

For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak). Security is all about knowing who and what to trust. Common social engineering attacks Email from a friend. Computer Crime. Cookies on the New Scientist website close.

Computer Crime

Password Management for Business & Personal. Computer Security · News · Opinion · Advice · Research. Details Emerge About Syrian Electronic Army's Recent Exploits. The OnionThe Onion released a screenshot of the phishing e-mail used to hack into the company’s Twitter account.

Details Emerge About Syrian Electronic Army's Recent Exploits

At The Onion it’s all fun and games, except when the company’s Twitter account gets hacked. This week, after the parody site became the latest publication to have its Twitter account hacked by the Syrian Electronic Army, The Onion took a more serious note, explaining in a detailed blog post how the company’s account was hacked, and warning others how to avoid the exploit. In the blog post, Onion engineers explained that the company’s Twitter account was hacked using a basic phishing exploit, where a false e-mail redirected people to a fake Web site which then asked for Google Apps credentials.

“At least one Onion employee fell for this phase of the phishing attack,” the company said. Exposing details about an attack is not the normal approach companies take after they are hacked. Security researchers tracking the hackers also confirmed the group was responsible. Apple admits Facebook hackers attacked its machines as well (but say nothing was stolen) Apple claims no data was stolen during the sophisticated attacks, which downloaded malware onto employee machinesFirm set to issue security updates for its computers to protect customers from similar attacksComes days after Facebook revealed similar attack - with the same group believed to be behind both cybercrimes By Mark Prigg Published: 18:52 GMT, 19 February 2013 | Updated: 13:27 GMT, 20 February 2013 Apple has admitted its computers were attacked by the same hackers who targeted Facebook.

Apple admits Facebook hackers attacked its machines as well (but say nothing was stolen)

The iPhone maker says no data has been stolen in an unprecedented admission of a widespread cyber-security breach. Fraudsters use Facebook and Twitter to steal identities. By Adam Uren Published: 10:02 GMT, 15 November 2012 | Updated: 10:02 GMT, 15 November 2012 Social media users are inadvertently giving fraudsters all the information they need to steal their identities and take credit out in their names.

Fraudsters use Facebook and Twitter to steal identities

Victims who fail to guard their private information online are leaving themselves vulnerable to con artists reproducing a person’s identity using details spread across several popular websites. Using personal details left sometimes unguarded on websites like Facebook, LinkedIn and Twitter – coupled with publicly-accessible information on websites like 192 – criminals are able to make false credit card, loan or overdraft applications and leave their victims saddled with the debt. Think you can live off-line without being tracked - here's what it takes. Nico Sell, the cofounder of a secure communication app called Wickr, has appeared on television twice.

Both times, she wore sunglasses to prevent viewers from getting a full picture of what she looks like. Sell, also an organizer of the hacker conference Def Con, places herself in the top 1% of the “super paranoid.” She doesn’t have a Facebook account. How CIA Director David Petraeus's Affair Was Traced Through Email (and How to Keep It From Happening to You) How to Commit Internet Suicide and Disappear from the Web Forever.

Blizzard Battle.net hack attack hits millions. 10 August 2012Last updated at 10:16 GMT The attack exposed the email addresses millions use to get at Blizzard games such as World of Warcraft Account details for millions of players have been stolen in a hack attack on Blizzard, the maker of World of Warcraft, StarCraft and Diablo. Blizzard revealed details of the breach in a message posted to its Battle.net account management service.

Players in North America should change their login details for the account management service, said Blizzard. So far, it said, there was no evidence that credit card numbers and other personal details had been taken. Apple and Amazon security lapses exposed after writer has 'entire digital life' destroyed by hackers in minutes. The PC which is truly personal: 'Computer' on a memory stick offers COMPLETE privacy for browsing and documents. Virus removal tools: FixMeStick USB key plugs into your computer and deletes malware. By Eddie Wrenn Published: 13:02 GMT, 18 June 2012 | Updated: 17:11 GMT, 18 June 2012 Getting a virus cleaned off your computer can be a burden at the best of times. 'SpyEye' and 'Zeus' viruses can siphon of up to £10,500 from your bank account while you sleep.

'SpyEye' and 'Zeus' can transfer money automatically without supervisionSecurity firm says a dozen European banks have been hit - and America is nextSoftware trades on hacking website for as little as $300.