Dating site Zoosk resets some user accounts following password dump (Updated)

A screenshot from Jeremi Gosney showing passwords cracked by the ocl-Hashcat-plus program.

Zoosk.com, an online dating service with about 15 million unique visitors each month, is requiring some users to reset their passwords. The move comes after someone published a list cryptographically protected passcodes that may have been used by subscribers to the website.

In the past, the San Francisco-based company has said it has more than 50 million users. With this dump, a small but statistically significant percentage of the 29-million-strong password list contained the word "zoosk," an indication that at least some of the credentials may have originated with the dating site. Jeremi Gosney, a password expert at Stricture Consulting Group, said he cracked more than 90 percent of the passwords and found almost 3,000 had links to Zoosk. The cracked passcodes included phrases such as "logmein2zoosk," "zoosk password," "myzooskpass," "@zoosk," "zoosk4me," "ilovezoosk," "flirtzoosk," "zooskmail."

Other passwords contained strings such as "flirt," "lookingforlove," "lookingforguys," and "lookingforsex," another indication that they were used to access accounts at one or more dating websites. Many users choose passwords containing names, phrases, or topics related to the specific website or generic type of service they're used to access. In December, Ars profiled a 25-GPU cluster system Gosney built that's capable of trying every possible Windows passcode in the typical enterprise in less than six hours..

Read 6 remaining paragraphs | Comments

Mac malware that infected Facebook bypassed OS X Gatekeeper protection

Researchers have identified the Mac malware that infected employees of Apple, Facebook, and Twitter, and say it may have been used to compromise machines in other US organizations, including auto manufacturers, government agencies, and a leading candy maker, according to a published report.

Pintsized.A is a new family of Mac malware that uses an exploit to bypass Gatekeeper, an OS X protection that allows end users to tightly control which sources are permitted to install apps, according to an article published Monday by The Security Ledger. Mac antivirus provider Intego says the trojan masquerades on infected machines as Linux printing software known as cupsd, although it runs from a different location than the legitimate title. It's unclear exactly how the malware gets around Gatekeeper.

Once installed, Pintsized establishes a reverse shell to a command and control server controlled by the attackers. It uses a modified version of the OpenSSH utility to encrypt traffic, a measure that can help it remain undetected on infected networks. One of the domain names that hosted such a server was corp-aapl.com. It caught the attention of members of Facebook's security team, tipping them off that there was an infected machine inside their network. When they later took control of the domain, they discovered multiple other companies were also compromised by the same attackers. Around the same time, Apple, Twitter, and Microsoft were also hit with attacks that meet the same pattern.

Read 1 remaining paragraphs | Comments