Daily Archives: December 29, 2015

Feds widen probe into lottery IT boss who rooted game for profit

Posted on by
Reply

37 US states could have been scammed by rogue security guy

In July, Eddie Tipton, 52, was found guilty of installing a rootkit in the MSLA’s random-number generating computer that allowed him to predict the digits for future winning tickets. He also tampered with security cameras to cover up his time at the keyboard, the court heard.

Tipton was sentenced to ten years in prison after CCTV caught him buying a $16.5m winning ticket in the Iowa state lottery. He is free on bail while appealing his conviction.

Meanwhile, investigators claim that three other state lotteries in Colorado, Wisconsin, and Oklahoma also report paying out prizes worth $8m to people associated with Tipton.

Source: Feds widen probe into lottery IT boss who rooted game for profit

Database of 191 million U.S. voters exposed on Internet

Posted on by
Reply

An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the open Internet due to an incorrectly configured database, he said on Monday.

The database includes names, addresses, birth dates, party affiliations, phone numbers and emails of voters in all 50 U.S. states and Washington, researcher Chris Vickery said in a phone interview.

Source: Database of 191 million U.S. voters exposed on Internet: researcher

AVG: “Web TuneUP” extension multiple critical vulnerabilities: exposes browsing history and other personal data

Posted on by
Reply

When a user installs AVG AntiVirus, a Chrome extension called “AVG Web TuneUp” with extension id chfdnecihphmhljaaejmgoiahnihplgn is force-installed. I can see from the webstore statistics it has nearly 9 million active Chrome users.

the attached exploit steals cookies from avg.com. It also exposes browsing history and other personal data to the internet, I wouldn’t be surprised if it’s possible to turn this into arbitrary code execution.

Source: Issue 675 – google-security-research – AVG: “Web TuneUP” extension multiple critical vulnerabilities – Google Security Research – Google Project Hosting

Windows 10 uploads your Encryption Key to Microsoft with no opt-out.

Posted on by
Reply

One of the excellent features of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key – which can be used to unlock your encrypted disk – to Microsoft’s servers, probably without your knowledge and without an option to opt-out.
[…]
As Green puts it, “Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.”

Source: Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key