Five million Gmail users that had their passwords leaked?

Five million Gmail users that had their passwords leaked?

Gmail Hacked

What happened?

Google have admitted that up to five million Gmail passwords and address have been leaked online, but they are denying this was a direct attack on the company its self.

The leaked list of login details were leaked on a Russian forum, the Gmail address along with passwords were supposedly posted together. Google have said that most of the passwords were out-dated or incorrect and the list could have been made from an attack on another site were Gmail address were uses as logins. Google did reset the passwords for all affected accounts just to be on the safe side.

Google have said on their online Security Blog that “One of the unfortunate realities of the internet today is a phenomenon know in security circles as ‘credential dumps’ (the posting of usernames and passwords on the web).

“We are always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several list claiming to contain Google and other Internet providers credentials.”

“We found that less than 2% of the usernames and passwords combination would have worked, our automated anti-hijacking system would have blocked most of the login attempts.”

So how does this affect you?

If you were one of the unlucky ones that did have your Address and password on the list, Google have already rest your password, so there is no need to worry. If you used the same password for other sites you might want to change it, this is especially important for your email account: because if someone can access your email account they can use that to reset all other login details, so please always make sure you have a good strong password for your Gmail or any other emaill accounts you use.

Google have advised users to protect themselves and their password they should use their two-step verification

Google have advised users to protect themselves and their password they should use their two-step verification

Google have also advised that all useres should turn on the two-step authentication system, this will add an extra layer of security by sending a one time code to your mobile number when you access the account from a new device. Its worth setting up for the extra protection. If you want to check and see if your address was leacked please go to isleaked.

What do I think?

These sorts of incidents are a big reminder that cybercriminals are actively targeting all of us. Modern web services like Gmail do their best to try and protect us; all of us should use Google’s extra security and make it as hard as possible for the criminals.

I think it’s a good thing that Google has taken the time to explain the incident in great detail as this has helped to take some of the hysteria out off the incident, and helps to show “hacks” are not always as bad as they are claimed to be.

Share Button

Will You Be Hacked Again Buying On eBay?

Will You Be Hacked Again Buying On eBay?

Hackers have been exploiting an old vulnerability in eBay that allows them to steal your passwords if you click on their fake listing.

eBay Hacked

There has been yet another eBay hack exposed, just four months after criminals had stolen millions of passwords, which forced everyone that has an eBay account to change their passwords.

In the newest wave of attacks, criminals are creating fake listings that will show up in search results. Clicking on one of these fake listing will redirect you to a fake eBay sign in page that will then ask for your user ID and password. If you did enter your details, you would effectively be handing them over your account, they can then try to buy items using your PayPal account, or even log in to your email account (as its shown in your eBay account details), were they can then look for sensitive information.

Unlike other types of phishing scams, these fake listings will look authentic – they will not have any spelling mistakes or badly worded phrases, they are that good they can fool the most cautious shoppers, these bogus listing can be anywhere on eBay.

According to the BBC, the first fake listing, was reported to be selling a digital camera, this was then reported to eBay back in February. Early in September there was yet another fake listing but this time for an iPhone. The BBC said this particular fake listing was still on eBay’s site 12 hours after it was reported and was only taken off when the BBC contacted eBay themselves, but leaving the listing live for so long was a huge mistake by eBay.

The BBC has done an investigation that uncovered 64 fake listings over a 15-day period in September, the listings were over a wide range of goods and not just limited to electrical goods. Kaspersky’s senior security researcher David Emm, thinks this is just the tip of the iceberg. He went on to say “Its certainly possible that there may be more, Even if there aren’t, there is no way of knowing just how many eBay customers have clicked the links and been redirected”.

The worrying thing is the listings don’t simply contain a malicious link in the product description; this would be a relatively straightforward type of attack. Instead, the hackers have somehow managed to tweak eBay’s code so they can infiltrate the search results; this exposes a deep security flaw in the sites security.
eBay has yet to comment on the BBC’s claims of finding at least 64 malicious listings, A spokesmen for eBay did confirm the fake iPhone listing and said it was taken down as soon as they were aware of it.

So what can you do to say safe?

Most reputable antivirus programs will come with a good anti-phishing tool, which should help identify fake eBay pages, but you should check to see if your anti-virus has this.

Avast antivirus analyst Jirl Sejtko also warns users to be “suspicious if a site requests you to log in or wants you to provide any personal details when you would not normally do so”. In the eBay attacks, by clicking on the listing it would then take you to a fake sign-in page, eBay would never normally ask you to sign in at that point. Most shopping sites will only want you to login when you purchase something.

The message from the experts is always defend your self-using good security software and always look out for anything odd. eBay’s security should be more sophisticated which would prevent this kind of attack. If hackers do mange to sneak past eBay’s security they need to react a lot faster, doing this would help its damaged reputation to recover.

Video Showing Fake eBay Login Request

Share Button

Java Security Issues

Java Security Issues

JavaWhat happened?

Security researchers across the world have said web users are still at risk from flaws in Oracle’s Java, a software platform used across websites, despite the company issuing a patch to fix it.

The patch is meant to reduce vulnerabilities that were leaving people at risk of identity theft and credit card fraud. Adam Gowdiak, a researcher with Poland’s security exploration who has discovered several bugs in Java over the past 12 months said: “We don’t dear tell users that it’s safe to enable Java again”

Java is so widely used that the software has become a prime target for hackers. Last year, Java surpassed Adobe’s Reader software as the most frequently attacked piece of software, according to security software maker Kaspersky. A week before Oracle issued the patch, the US Department of Homeland Security advised people to disable Java. Bitdefender also advised people not to use it.

How will it affect you?

If you are committed to using Java, make sure you have updated it to the new-patched version. Being on the latest version won’t eliminate every risk, but it will ensure you are covered for existing threats, and it reduceds the chance of being hit by others.

Turning off Java is easy. In Chrome, type chrome://plugins in the address bar. Scroll down to the Java section and click ‘Disable’ you can easily turn it back on again following the same process.

In Firefox, go to Tools, Add-ons, and Plugins and click disable. Turning Java off in IE is more difficult, but you can easily remove it in Windows by going to the Control Panel and removing the software entirely.
Once you have done this, your browser will tell you when a site requires Java, giving you the option of turning it on if you trust the site.

What do I think?

All companies are hit by security holes – it’s impossible to keep bugs out of software as there are as many, if not more hackers looking for new ways to attack than there are security researchers looking to keep us safe.

We can’t blindly depend on web firms to keep us safe. We need to learn how to take defensive measures on our own. In this case, it’s relatively easy, and a good lesson. By turning off features and plug-ins you don’t use, you’ll leave fewer holes for attackers to sneak through and jeopardise your security.

However, it’s high time that the worst offenders – Oracle with Java and Adobe with PDF software and Microsoft with Windows, Office and IE – Improved their game and do more to protect us. When security is such an issue that government agencies are advising users to ditch software, it time to admit there is a problem.

Security experts say Oracle is as much as two years behind patching serious holes in its software. The company need to invest in improving its software or it could risk losing users.

Don’t wait for Oracle to catch up: disable Java now, you will cope without it.

Share Button