This is default featured slide 1 title
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
This is default featured slide 2 title
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
This is default featured slide 3 title
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
This is default featured slide 4 title
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
This is default featured slide 5 title
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Saturday 1 February 2014
Social engineering attack on GoDaddy and PayPal to blame in Twitter hijacking
"We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer’s information by contacting PayPal... Our customer service agents are well trained to prevent, social hacking attempts like the ones detailed in this blog post.We are personally reaching out to the customer to see if we can assist him in any way."
"It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that GoDaddy accepted it as verification."
Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy. The hacker then socially engineered an employee to provide the remaining information needed to access the customer account.The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers. We are making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques.
This would be a good opportunity to remind people to review their various accounts, passwords, and whether they allow any entities to store credit card or personal information. The attacker did his homework and came at the guy through multiple channels. The guy in the article suggested using a Gmail password as opposed to the domain password in case of compromise and extending your TTL - but it is a safer bet to do some things like:Call your hosting / payment / card companies and have notes put on your account about information needed to give out your details;Do not reuse passwords and make them stronger that you think you need;Finally, review the companies you use to host and control things. It is a lot of work to switch companies especially if you host a lot of domains, so do your due diligence and chose one that will server your needs.Companies that hold our information are obviously not going to any extent to protect our information, so it’s up to the individual user. I am amazed at how easy it was for the attacker to trick PayPal. It is something that we just can't imagine as many of us with PayPal accounts have had problems trying to do legit business with them. So this just blows me away personally. But it also points to the increasing number of MULTI-STAGED [Social Engineering] attacks. This is not new, but in the last few years we are seeing much more of these popping up.
Wikipedia and many other wiki sites contained critical vulnerability
Happy privacy news even paranoids could love
Perk up, buttercup -- the Blackphone and MIT researchers offer glimmers of hope amid our NSA- and hack-filled landscape
Nuts -- I'd have to find happy privacy on my own. After downing a slug of cough syrup from Pammy's medicine cabinet, I got to work. To stay positive, I stuck a knitting needle into my thigh. The obvious place to start was the Blackphone that I pooh-poohed yesterday, but to which I'm now clinging with the desperation of Charlie White trying to make ice dancing look straight for the Sochi Olympics. If you dropped your iPhone in the toilet and are looking longingly at the gun safe, take some Blackphone heart.
Then, at last, I found a truly heartening story. This one detailed a new encryption algorithm being developed at MIT that not only protects your data, but also delivers fake data to hackers to lead them to a dead end. I love this. According to the article, the glorious crypto-geeks at MIT aren't alone. Another scheme is being built by an ex-RSA employee and a professor from the University of Wisconsin to detect hack attempts and respond by dumping enough gobbledygook on the offending digi-hunchback to make them burst into tears and crawl back to Internet porn.
Office 365 turns one, but success is tough to tally
Beware of misleading numbers, says one analyst; look at Office Web Apps' progress, argues another
Miller also argued that while the revamped Office 365 is now a year old, it may still have its best days ahead of it, as larger organizations have yet to discard their on-premises back-end servers for Exchange, SharePoint, Lync and other services tied to Office.
Twitter buys 900 IBM patents, dodging a potential infringement suit