Syrian Electronic Army targets Reuters again—but ad network provided the leak

This was not a story published by Reuters, but it was what visitors to the site saw earlier today.

 The Syrian Electronic Army has made old hat of hacking major US media outlets throughout the past year, and Reuters was no exception. However, while visitors to the news outlet's site undoubtedly noticed the SEA's handiwork on display temporarily this afternoon, security researcher Frederic Jacobs is reporting this latest breach was not due to any wrongdoing from Reuters.

Users trying to read the story "Attack from Syria kills Israeli teen on Golan, Israel says" (restored as of Sunday evening) were redirected to the message above at times throughout the day. And on Medium, Jacobs wrote that SEA compromised the site by targeting the New York-based ad network Taboola. While the security researcher is unsure of how SEA managed to compromise Taboola (based on previous attacks, he hypothesizes a phishing campaign like what The Onion faced), Jacobs had a pretty good idea as to why. 

"By compromising Taboola, the value of the compromise is significantly higher than just compromising Reuters," Jacobs wrote. "Taboola has 350 million unique users and has partnerships with the world’s biggest news sites including Yahoo!, the BBC, FoxNews, the New York Times… Any of Taboola’s clients can be compromised anytime now."

Read 1 remaining paragraphs | Comments

“Free” Wi-Fi from Xfinity and AT&T also frees you to be hacked

Welcome to a way for hackers to fool you into connecting to malicious networks and give up your personal data: a spoofed Xfinity login page.
Xfinity

If you've traveled and tried to get on the Internet, you've probably seen some pretty suspicious looking Wi-Fi networks with names like "Free Wi-Fi" and "Totally Free Internet." Those are likely access points you'd best avoid. But there's a much bigger threat to your security than somebody randomly fishing for you to connect to them—the networks you've already connected to and trusted, like AT&T and Xfinity.

Mobile broadband providers are eager to get you to connect to their Wi-Fi-based networks while you’re away from home. AT&T has built a network of free hotspots for customers at thousands of places—including train stations, as well as Starbucks and McDonald's locations across the country. Comcast has spread its Xfinity wireless network far and wide as well, turning customers’ cable modems into public Wi-Fi hotspots accessible with an Xfinity account login.

These free Wi-Fi connections are popular, for good reason—they help reduce the amount of broadband cellular data you consume, and they often provide better network speeds than what you can manage over a 4G connection. But they also offer a really easy way for someone to surreptitiously tap into your Internet traffic and capture your account information for less-than-friendly purposes. Millions of AT&T and Xfinity customers could be leaving themselves exposed to surreptitious hacking of their Internet traffic, exposing their personal data as a result.

Read 9 remaining paragraphs | Comments