Google: No compromise, likely massive phishing database

A large text file billed as a list of usernames and passwords for more than 4.9 million Google accounts is likely a collection of credentials from different sources, not from a breach of the company's systems, Google stated on Wednesday.

The file was leaked to the Bitcoin Security board on Tuesday by a user known as "tvskit" who claimed that more than 60 percent of the passwords were good, according to translated content on Russian news site RT. Yet, in its own analysis, Google found that only 2 percent of the credentials would have worked and an even smaller number been used successfully.

"Our automated anti-hijacking systems would have blocked many of those login attempts," the company's spam and abuse team said in the analysis. "We’ve protected the affected accounts and have required those users to reset their passwords."

Read 4 remaining paragraphs | Comments

iPwned: How easy is it to mine Apple services, devices for data?

Jailbreaking an iPhone to steal its secrets in the name of security research, we unleash Elcomsoft iOS Forensics Toolkit.
Sean Gallagher

Apple executives never mentioned the words "iCloud security" during the unveiling of the iPhone 6, iPhone 6+, and Apple Watch yesterday, choosing to focus on the sexier features of the upcoming iOS 8 and its connections to Apple's iCloud service. But digital safety is certainly on everyone's mind after the massive iCloud breach that resulted in many celebrity nude photos leaking across the Internet. While the company has promised fixes to both its mobile operating system and cloud storage service in the coming weeks, the perception of Apple's current security feels iffy at best.

In light of one high profile "hack," is it fair to primarily blame Apple's current setup? Is it really that easy to penetrate these defenses?

In the name of security, we did a little testing using family members as guinea pigs. To demonstrate just how much private information on an iPhone can be currently pulled from iCloud and other sources, we enlisted the help of a pair of software tools from Elcomsoft. These tools are essentially professional-level, forensic software used by law enforcement and other organizations to collect data. But to show that an attacker wouldn’t necessarily need that to gain access to phone data, we also used a pair of simpler “hacks,” attacking a family member’s account (again, with permission) by using only an iPhone and iTunes running on a Windows machine.

Read 30 remaining paragraphs | Comments

Lynis v1.6.0 Released For Download – Linux Security Auditing Tool

Lynis is an open source linux security auditing tool. The primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional! It’s a great tool for [...] The post Lynis...

Read the full post at darknet.org.uk