Nov 30 2015

Hacked toymaker leaked gigabytes worth of kids’ headshots and chat logs

(credit: Motherboard)

VTech, the hacked maker of electronic toys and apps that leaked the data of 4.8 million customers, including hundreds of thousands of children, exposed gigabytes worth of pictures and chat histories on the same compromised servers, according to an article published on Motherboard, the website that first broke news of the breach.

The news website said a hacker who asked to remain anonymous was able to download almost 200 gigabytes worth of photos of both parents and children who had registered with the site. The hacker also obtained logs of chats conducted between parents and their kids and in some cases recordings of conversations. VTech encouraged parents to take the headshots and use them with apps that allow them to interact with children. The hacker, who said he didn't intend to publish or sell the data, provided Motherboard with 3,832 image files and at least one audio recording for verification purposes.

It's not clear why VTech stored the data on its servers in the first place. The article reported:

Read 1 remaining paragraphs | Comments

Nov 30 2015

BlackBerry says no to Pakistani backdoor gambit

In response to a demand for backdoor access to its enterprise messaging products, BlackBerry is completely pulling out of the Pakistan market. The announcement comes as a ban on providing BlackBerry Enterprise Services over mobile networks in Pakistan was due to take effect today.

The Pakistan Telecommunications Authority's ban on BlackBerry Enterprise Services (BES) was issued this summer, and it was planned to become effective on November 30, as Ars reported in July. "Security reasons" were cited as the cause of the ban. But just before the restriction was announced, Privacy International issued a report that warned of the Pakistani Inter-Services Intelligence (ISI) agency's efforts to gain network surveillance capabilities within the country that rival those of the National Security Agency.

While the government has pushed back the effective date of that order to December 30, BlackBerry CEO Marty Beard announced today that the company would exit the Pakistani market completely rather than meet government demands for unfettered access to the service's message traffic.

Read 2 remaining paragraphs | Comments

Nov 30 2015

Hey Reader’s Digest: Your site has been attacking visitors for days

Enlarge (credit: Malwarebytes)

An active hacking campaign is forcing Reader's Digest and many other websites to host malicious code that can surreptitiously infect visitors with malware and linger for days or weeks before being cleaned up.

Reader's Digest has been infected since last week with code originating with Angler, an off-the-shelf hack-by-numbers exploit kit that saves professional criminals the hassle of developing their own attack scripts, researchers from antivirus provider Malwarebytes told Ars. People who visit the site with outdated versions of Adobe Flash, Internet Explorer, and other browsing software are silently infected with malware that gains control over their computers. Malwarebytes researchers said they sent Reader's Digest operators e-mails and social media alerts last week warning the site was infected but never got a response. The researchers estimate that thousands of other sites have been similarly attacked in recent weeks and that the number continues to grow.

"This campaign is still ongoing and we see dozens of new websites every day being leveraged to distribute malware via the Angler exploit kit," Malwarebytes Senior Security Researcher Jérôme Segura wrote in an e-mail. "This attack may have been going on for some time but we noticed a dramatic increase in infections via WordPress sites in the past couple of weeks."

Read 3 remaining paragraphs | Comments

Nov 30 2015

LSAT – Linux Security Auditing Tool

Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions. It (for now) [...] The post LSAT –...

Read the full post at darknet.org.uk