Five million Gmail users that had their passwords leaked?

Five million Gmail users that had their passwords leaked?

Gmail Hacked

What happened?

Google have admitted that up to five million Gmail passwords and address have been leaked online, but they are denying this was a direct attack on the company its self.

The leaked list of login details were leaked on a Russian forum, the Gmail address along with passwords were supposedly posted together. Google have said that most of the passwords were out-dated or incorrect and the list could have been made from an attack on another site were Gmail address were uses as logins. Google did reset the passwords for all affected accounts just to be on the safe side.

Google have said on their online Security Blog that “One of the unfortunate realities of the internet today is a phenomenon know in security circles as ‘credential dumps’ (the posting of usernames and passwords on the web).

“We are always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several list claiming to contain Google and other Internet providers credentials.”

“We found that less than 2% of the usernames and passwords combination would have worked, our automated anti-hijacking system would have blocked most of the login attempts.”

So how does this affect you?

If you were one of the unlucky ones that did have your Address and password on the list, Google have already rest your password, so there is no need to worry. If you used the same password for other sites you might want to change it, this is especially important for your email account: because if someone can access your email account they can use that to reset all other login details, so please always make sure you have a good strong password for your Gmail or any other emaill accounts you use.

Google have advised users to protect themselves and their password they should use their two-step verification

Google have advised users to protect themselves and their password they should use their two-step verification

Google have also advised that all useres should turn on the two-step authentication system, this will add an extra layer of security by sending a one time code to your mobile number when you access the account from a new device. Its worth setting up for the extra protection. If you want to check and see if your address was leacked please go to isleaked.

What do I think?

These sorts of incidents are a big reminder that cybercriminals are actively targeting all of us. Modern web services like Gmail do their best to try and protect us; all of us should use Google’s extra security and make it as hard as possible for the criminals.

I think it’s a good thing that Google has taken the time to explain the incident in great detail as this has helped to take some of the hysteria out off the incident, and helps to show “hacks” are not always as bad as they are claimed to be.

Share Button

Apple Getting Attacked Over iOS 8 Bugs and Phones Bending

Apple Getting Attacked Over iOS 8 Bugs and Phones Bending

iOS 8 Logo

Apple are suffering a barrage of criticism and bad press following a buggy launch to their newest mobile operating system iOS 8, it has also been reported that the new iPhone 6 Plus is prone to bending but apple have denied this.

When Apple launched iOS 8 back in mid September, they immediately received reports saying customers were experiencing shorter battery life, poor Wi-Fi connection, they also had to stop apps working with their HealthKit app as there was problems with apps shearing data between them selves and the HealthKit. People that downloaded Apple online storage iCloud Drive were also finding that they were locked out on some devices.

Apple quickly fixed these issues with the 8.0.1 updated but that came with its own set of problems, like some customers not being able to connect to their mobile networks or used the touch ID to log in. The update was immediately pulled and then replaced with iOS 8.0.2 in late September. This has how ever introduced a fresh set of problems, a Twiter user William Petty has said “Top iOS 8.0.2 features so far; alarms that keep going even after they have been turned off, spotlight will not return any apps in their results, crash on un-lock”

iPhone 6 Plus BendingThere has also been reports of the iPhone 6 Plus bending out of shape when in people pockets, Apple how ever have dismissed this saying only 9 customers have contacted them saying their phones have bent and there is not a design faulty in the 6 Plus, but 9 affected handsets is still to many

The ConsumerReports.org have run tests to see just how bendy the 6 plus is using a compression machine and it showed that the iPhone 6 plus withstood more force that the HTC One M8 and the smaller iPhone 6.

Is this just Apple getting some bad luck or are they pushing out there iOS with out really testing it?

Share Button

Will You Be Hacked Again Buying On eBay?

Will You Be Hacked Again Buying On eBay?

Hackers have been exploiting an old vulnerability in eBay that allows them to steal your passwords if you click on their fake listing.

eBay Hacked

There has been yet another eBay hack exposed, just four months after criminals had stolen millions of passwords, which forced everyone that has an eBay account to change their passwords.

In the newest wave of attacks, criminals are creating fake listings that will show up in search results. Clicking on one of these fake listing will redirect you to a fake eBay sign in page that will then ask for your user ID and password. If you did enter your details, you would effectively be handing them over your account, they can then try to buy items using your PayPal account, or even log in to your email account (as its shown in your eBay account details), were they can then look for sensitive information.

Unlike other types of phishing scams, these fake listings will look authentic – they will not have any spelling mistakes or badly worded phrases, they are that good they can fool the most cautious shoppers, these bogus listing can be anywhere on eBay.

According to the BBC, the first fake listing, was reported to be selling a digital camera, this was then reported to eBay back in February. Early in September there was yet another fake listing but this time for an iPhone. The BBC said this particular fake listing was still on eBay’s site 12 hours after it was reported and was only taken off when the BBC contacted eBay themselves, but leaving the listing live for so long was a huge mistake by eBay.

The BBC has done an investigation that uncovered 64 fake listings over a 15-day period in September, the listings were over a wide range of goods and not just limited to electrical goods. Kaspersky’s senior security researcher David Emm, thinks this is just the tip of the iceberg. He went on to say “Its certainly possible that there may be more, Even if there aren’t, there is no way of knowing just how many eBay customers have clicked the links and been redirected”.

The worrying thing is the listings don’t simply contain a malicious link in the product description; this would be a relatively straightforward type of attack. Instead, the hackers have somehow managed to tweak eBay’s code so they can infiltrate the search results; this exposes a deep security flaw in the sites security.
eBay has yet to comment on the BBC’s claims of finding at least 64 malicious listings, A spokesmen for eBay did confirm the fake iPhone listing and said it was taken down as soon as they were aware of it.

So what can you do to say safe?

Most reputable antivirus programs will come with a good anti-phishing tool, which should help identify fake eBay pages, but you should check to see if your anti-virus has this.

Avast antivirus analyst Jirl Sejtko also warns users to be “suspicious if a site requests you to log in or wants you to provide any personal details when you would not normally do so”. In the eBay attacks, by clicking on the listing it would then take you to a fake sign-in page, eBay would never normally ask you to sign in at that point. Most shopping sites will only want you to login when you purchase something.

The message from the experts is always defend your self-using good security software and always look out for anything odd. eBay’s security should be more sophisticated which would prevent this kind of attack. If hackers do mange to sneak past eBay’s security they need to react a lot faster, doing this would help its damaged reputation to recover.

Video Showing Fake eBay Login Request

Share Button

Celebrity Photo Hack has Raise Security Fears for iCloud Users

Celebrity Photo Hack has Raise Security Fears for iCloud Users

Has the leak of high-profile celebrities private photos made you think twice about what you store online?

iCloud security risk

What happened?

100 celebrities got hacked, which lead to some of them having nude photos being leaked. Jennifer Lawrence, Winona Ryder and Kirstin Dunst were just some of the celebrates that had pictures stolen, and then posted on a message board on 4chan. Some of the photos were confirmed as real by the celebrities, but some clamed the pictures were faked.

At the time of writing, it’s not yet clear just how such a large number of celebrities got hacked in just one go. Initial reports have suggested Apples iCloud was the culprit, as iPhones will automatically sync images to the cloud as part of a back up, and some of the users might not of been aware of this. A security researcher has revealed a way of braking into iPhone accounts that uses a script to guess the password and will not trigger the automatic lockdown if the password is typed in wrong to many times.

In some of the naked selfies that were taken by celebrities, the phone used could be identified as Android and not an iPhone, this suggests the leak was not limited to just the iCloud. The developers behind the iPhone password hack only made the details of the process available the day before the photos got leaked, this left little time to hack so many people, Security experts Rik Ferguson and Trend Micro have suggested the celebrities were victims of a phishing attack instead.

The victims of the hack and people following the story may never get the full answer to how it happened, but the FBI and Apple have both said they will investigate it. Since the hack Apple have added some new security features to their iCloud services called two-step verification to try and stop this in the future. Twitter has suspended several accounts that were posting the stolen nude images, however this did not stop the images from spreading across the web.

How will it affect you?

Don’t try and find or share theses photos as Lawrence has said she will take legal action against anyone that posts the images online, other celebrities may also follow suite.

You might want to consider if your own photos (naked or otherwise) are stored being securely, you should make sure your phone is protected, with a password or PIN. While typing a PIN in every time you want to use your phone might be annoying but if you lose it or it gets stolen you will be glad you took the time to make it secure. When using websites or online services you should always have a complicated password, it might be hard to remember it but you can get password managers like 1Password or LastPass to help you.

If the hack was through iCloud many of the victims might not even realise their photos have been stolen, as they might not know Apple uploads them to its online storage service automatically. You should turn off automated back ups if you have sensitive photos you don’t want leaked.

On iOS:

  • Go to iCloud
  • Settings and then disable Photo Stream

On Android:

  • Open the Photos app
  • Tap Settings
  • Auto-Backup and un-tick ‘Back up local folders

What do I think?

We are all smart with the benefit of hindsight, but I bet most of the celebrities that got hacked will be kicking themselves for being stupid enough to take photos they would not want anyone else to see and then not protect them properly. I bet most of us don’t always take the necessary precautions when it comes to online services, how many of us can say they have a strong and unique password for every site or services we use? Hackers may not be hell-bent on finding naked photos of us (we don’t all have Lawrences figure), but we are all targets, whether it’s for our email logins, eBay account or bank details. We should not blame the victims, instead we should reprimand the hackers and criticise the poor or bad security systems. When iCloud or any other big online services gets hacked they are rarely held responsible, instead we blame the victims for using weak passwords.

I think tech companies could do a lot more to protect their users. Hopefully, this invasive and upsetting hack will be enough to make people think twice about what password they use and how important it is to have secure communications and storage, hopefully tech company’s will understand they need to take better care of their customers, we can all hope right?

Share Button

Microsoft has advised Windows users to uninstall some of their latest updates for Widows 7 and 8.1

Microsoft has advised Windows users to uninstall some of their latest updates for Widows 7 and 8.1

Blue Screen Of Death

Microsoft has advised Windows users to uninstall some of their latest updates for Widows 7 and 8.1; this was following hundreds of their customers complaining that their systems were repeatedly crashing after doing the updates.

The updates that went live on 12 of August were causing some PCs to show the following message ‘0x50 Stop’, or as it is commonly know ‘ The Blue Screen of Death’. There have also been some problems with fonts not being shown properly or being saved in the wrong location.

Most of the problems are caused by the update MS14-045, which was meant to be a routine security fix. Microsoft has now removed the update from their website and advised customers to uninstall the update as a precaution even if they have not had any problems yet.

Microsoft have removed a further three updates off there website. Microsoft have posted instructions for uninstalling the problem updates on their Support website, but they are not the easiest set of instructions to follow.

Microsoft has been criticised for not doing enough to highlight the problems when they were discovered. Instead of making an announcement, they just updated the FAQ section of their Security Bulletin and recommended uninstalling MS14-045.

Graham Cluley a security analyst praised Microsoft for offering advice, but said that users would have been happier if the bug “had been intercepted during the Microsoft testing process rather than being discovered once it was rolled out to users”

This is not the first time Microsoft have advised their users to uninstall misbehaving updates. In April 2013 Microsoft told windows 7 users to uninstall an update that crashed some PCs. While in October 2013 the company had to remove a Windows 8.1 RT update that crashed tablets.

Share Button