Posted by Kevin on September 11, 2014.
The ITsecurity daily security briefing: Thursday, September 11, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.
Leaked gMail accounts probably due to phishing
A credential dump of nearly 5 million gmail accounts was claimed (by the hacker ‘tvskit’) to be 60% valid. But Google says:
“We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.
It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources.”
1.4 million Americans have said ‘no’ to FCC’s war on net neutrality
Tom Wheeler was installed at the FCC, like a virus, to further the interests of his former paymasters — the cable companies. Just about his first act has been an attempt to destroy net neutrality by allowing providers to charge more for a fast lane broadband. But the American people are rebelling: 1.4 million have complained. If anyone hasn’t yet made their views known, we urge them to do so. You have until Monday next week.
Google finally speaks clearly on net neutrality
With less than a week to go to voice concerns about the FCC’s war against net neutrality, Google has finally spoken. Until now it has been silent, causing many to suspect that it really sided with Wheeler and the cable companies (after all, back in 2010 it sided with Verizon – the catalyst for all of this – against pure neutrality). But now it says, “no Internet access provider should block or degrade Internet traffic, nor should they sell ‘fast lanes’ that prioritize particular Internet services over others. These rules should apply regardless of whether you’re accessing the Internet using a cable connection, a wireless service, or any other technology.”
Google – Take Action:
Libraries can digitize books for use within the library
The Court of Justice for the European Union (CJEU) has ruled that libraries can digitize books to be read at a terminal within the library, but that they may not print hard copies nor store the digitized work on a device (such as a USB stick) that can be removed from the library. The issues and the ruling are discussed in IPKat’s blog.
Taneli Kaivola, Patrik Nisén and Antti Nuopponen of NIXU of posted a blog explaining how TorrentLocker encrypted files can be recovered from the ransomware. “In practice this means that if you have both the original and the encrypted version of a single file that is over 2MB in size the entire keystream can be recovered, which makes it possible to recover all your files encrypted by TorrentLocker.”
SANS Digital Forensics nd Incident Response Blog:
Probable Cache Poisoning of Mail Handling Domains
“The disconcerting aspect of this work is not how many domains we see being poisoned, as there are relatively few, but which domains they are. We observe changes in A records so that a domain resolves to a different IP address. But the domains being targeted are often listed as name servers or mail exchanges for other domains. The biggest free webmail providers have been repeatedly victimized on some unknown (but likely smaller) subsection of the Internet sometime during the last year.”
Fingerprint Cards says CEO suspected of insider crime
“Biometrics technology firm Fingerprint Cards said on Thursday its top chief and a company shareholder were under investigation for insider crime, and it had replaced its CEO until further notice.
Trade in Fingerprint Cards’ shares were suspended on the Stockholm stock exchange on Wednesday.”
Microsoft continues its assault on Google
Microsoft highlights three very welcome changes to its webmail terms:
we won’t use the content in your emails to target you with ads.
we’ve made our terms and policies more transparent.
we tailor our privacy statements for each of our products.
Each one is a clear swipe at Google, Google practices, and Google’s problems in Europe.
European and Global Challenges of Personal Data Protection
“Data protection controllers, data protection officers, compliance services, security managers and lawyers must prepare for this wide ranging reform and the changes ahead especially considering that the draft regulation provides for heavy administrative sanctions in cases of violation. The stakes are high…”
European Court of Justice: Friday, Sep 19 & Saturday Sep20, 2014
Submitted in: News |