Information Security News
Itâs been reported that around five million Gmail email addresses were released on to a forum early on in the week. In the file, next to each email address, was a password. These email addresses and passwords appear to have been collected over a few years from multiple web site sources, not from a compromise of Gmail/Google.Â The Google security team have done their analysis on the credential dump and alerted the two percent of those in that list they determine were at risk .Â
A fair number of researchers, academics and the curious will analyze, collate and build a number of models showing the most common and most amusing passwords and itâs probably something most of us have seen before. So what else can we gain from these types of credential dumps and can we make it worth out time reviewing them?
Here are a few suggestions to make use of these types of dumps in a more positive manner.
1) Showing non-security staff (i.e. the rest of the world) the top fifty most common passwords, with the number of people that use that same password, to provide a bit of user education on why not to use common passwords on their accounts, personal or work, or how reusingÂ the same passwords across multiple sites can cause problems .
2) Providing you can get access to the full list, checking your email address isnât there, and it would be nice to also check that people you know arenât in the dump either.
3) A more business-focused approach, as long as you have permission, would be to compare all those email addresses against any Gmail registered user accounts, as an example any customers registered for your newsletters, logins to web sites or applications using Gmail accounts. If you do find any accounts that are linked to a listed Gmail email address from the dump, some possible options are:
4) Another step after that would be to check your logs to see if there is any automated login attempts using the Gmail accounts against any of your systems, as this is well documented behaviour by various adversaries that fellow Handlers have reported upon previously .Â
If the information is out there, our adversaries are going to be using, so we should strive to ensure we have our incident response plans have how to deal with these external events quickly and with the minimum effort.Â
Chris Mohan --- Internet Storm Center Handler on Duty(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
InfoSec Book Club: What's On Your Fall Reading List?
Dark Reading community members share the books that inform and inspire their decisions and interactions as security professionals. Previous. 1 of 11. Next. I don't know about you but when I see the yellow school buses rolling and the days start getting ...
Tech support scams are nothing new—we first went in-depth almost two years ago on "scareware scammers" who cold-call unsuspecting victims and try to talk them into compromising their computers by installing remote control applications and handing the keys over to the scammers.
We even managed to engage with one for a protracted length of time, with deputy editor Nate Anderson playing the role of a computer neophyte and recording the entire mess. But one developer has taken things a step further, producing a tool that will enable you to fight back if targeted—if you don’t mind a bit of bad acting yourself.
Matt Weeks is one of the developers who contributes code to the open source Metasploit Project, a sprawling and continually updated security framework that functions as a repository for software vulnerabilities and is frequently used as a Swiss Army Knife for penetration testing. Weeks has published a long report on his site detailing how he was able to reverse-engineer the encrypted communications protocol used by Ammyy Admin, one of the most popular remote control apps used by tech support scammers, and then use that knowledge to ferret out a vulnerability in the Ammyy Admin application.
Messages demanding payment in order to out details about mysterious Bitcoin creator "Satoshi Nakamoto" have proliferated in the few days since an unknown person took control of the e-mail address historically used by the reclusive cryptographer.
By Friday, at least seven messages on Pastebin threatened to release information, or "dox," taken from Satoshi Nakamoto's e-mail account on gmx.com, the address used in Nakamoto's original Bitcoin paper. The messages used at least five different Bitcoin addresses and demanded varying amounts of Bitcoin in order to reveal Nakamoto's true identity.
"Satoshis [sic] dox, passwords and IP addresses will be published when this address has reached 25 BTC," stated one demand.
Tool developed that hacks those evil Windows support phone scammers
Here's a tip to anyone out there that's thinking about running a Windows tech support phone scam. Don't target an InfoSec pro's family, because he's liable to dream up a very geeky way to get back at you. Matthew Weeks is the director of emerging ...
Swiss Infosec feiert
Der Surseer Security-Spezialist Swiss Infosec feiert dieses Jahr sein 25-jähriges Bestehen. Das Unternehmen wurde 1989 von Reto Zbinden gegründet und fokussiert auf Informationssicherheit, IT-Sicherheit und Datenschutz. Aktuell arbeiten 30 Spezialisten ...
Happy Birthday Swiss Infosec AG! (VIDEO)
UK.gov's flagship infosec program ISN'T DELIVERING - but all's still well, say ...
The UK's National Cyber Security Programme is not yet delivering on its much-vaunted economic benefits but is still a worthwhile exercise, according to a report by government auditors. An update by the National Audit Office for Parliament's Public ...
Posted by InfoSec News on Sep 12http://www.nextgov.com/cybersecurity/2014/09/heres-why-you-dont-want-your-3-d-printer-get-hacked/93923/
Posted by InfoSec News on Sep 12http://www.zdnet.com/dropbox-received-268-govt-requests-this-year-none-for-business-users-7000033590/
Posted by InfoSec News on Sep 12http://www.darkreading.com/vulnerabilities---threats/advanced-threats/franchising-the-chinese-apt/d/d-id/1315660
Posted by InfoSec News on Sep 12http://news.techworld.com/security/3571694/vulnerability-in-popular-joomla-e-commerce-extension-puts-online-shops-at-risk/
Posted by InfoSec News on Sep 12http://www.computerworld.com/article/2606965/senators-ask-apple-home-depot-for-information-on-breaches.html
Posted by InfoSec News on Sep 12http://www.koreatimes.co.kr/www/news/nation/2014/09/116_164369.html
Posted by InfoSec News on Sep 12Forwarded from: jackie (at) sdiwc.info