Daily Archives: December 16, 2016

Yahoo Suffers World’s Biggest Hack Affecting 1 Billion Users ub 2013

Posted on by
Reply

Yahoo has discovered a 3-year-old security breach that enabled a hacker to compromise more than 1 billion user accounts, breaking the company’s own humiliating record for the biggest security breach in history.

The digital heist disclosed Wednesday occurred in August 2013, more than a year before a separate hack that Yahoo announced nearly three months ago . That breach affected at least 500 million users, which had been the most far-reaching hack until the latest revelation.
[…]
In both attacks, the stolen information included names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.

But hackers also apparently stole passwords in both attacks. Technically, those passwords should be secure; Yahoo said they were scrambled twice — once by encryption and once by another technique called hashing. But hackers have become adept at cracking secured passwords by assembling huge dictionaries of similarly scrambled phrases and matching them against stolen password databases.

That could mean trouble for any users who reused their Yahoo password for other online accounts. Yahoo is requiring users to change their passwords and invalidating security questions so they can’t be used to hack into accounts. (You may get a reprieve if you’ve changed your password and questions since September.)

Source: Yahoo Suffers World’s Biggest Hack Affecting 1 Billion Users

The New and Improved Privacy Badger 2.0 Is Here | Electronic Frontier Foundation

Posted on by
Reply

Privacy Badger is a browser extension that automatically blocks hidden third-party trackers that would otherwise follow you around the web and spy on your browsing habits. Privacy Badger now has approximately 900,000 daily users and counting.

Third-party tracking—that is, when advertisers and websites track your browsing activity across the web without your knowledge, control, or consent—is an alarmingly widespread practice in online advertising. Privacy Badger spots and then blocks third-party domains that seem to be tracking your browsing habits (e.g. by setting cookies that could be used for tracking, or by fingerprinting your browser). If the same third-party domain appears to be tracking you on three or more different websites, Privacy Badger will conclude that the third party domain is a tracker and block future connections to it.

Privacy Badger always tells how many third-party domains it has detected and whether or not they seem to be trackers. Further, users have control over how Privacy Badger treats these domains, with options to block a domain entirely, block just cookies, or allow a domain.

Source: The New and Improved Privacy Badger 2.0 Is Here | Electronic Frontier Foundation

Orbital ATK air launches Pegasus XL CYGNSS

Posted on by
Reply

Our Pegasus rocket successfully launched NASA’s Cyclone Global Navigation Satellite System (CYGNSS) from our L-1011 Stargazer aircraft this morning at 8:37 a.m. EST, and completed payload deployment at 8:52 a.m. To learn more about the CYGNSS mission, visit NASA’s blog here.
About the Mission

The three-stage Pegasus XL will be used to deploy eight small satellites for NASA’s Cyclone Global Navigation Satellite System (CYGNSS) mission into a Low-Earth orbit. Pegasus is carried aloft by Orbital ATK’s Stargazer L-1011 aircraft to approximately 40,000 feet over the Atlantic Ocean, where it will be released and free-fall for five seconds before igniting its first stage rocket motor. With its unique delta-shaped wing, Pegasus will deliver these satellites into orbit in a little over 10 minutes.

CYGNSS, developed by the University of Michigan, will probe the inner core of hurricanes to learn about their rapid intensification. CYGNSS is designed to remedy the inability of current remote sensors to see through the heavy rain in the inner core of a hurricane or to observe changes in the storm over short periods of time.

[…]

On April 5, 1990, Orbital ATK began a new era in commercial space flight when our Pegasus rocket was launched from beneath a NASA B-52 aircraft in a mission that originated from Dryden Flight Research Center in California. In the decades since its maiden flight, Pegasus has become the world’s standard for affordable and reliable small launch vehicles. It has conducted 42 missions, launching 86 satellites.

Source: Pegasus XL CYGNSS

This is getting loads of new coverage for being an air launch, but as you can see above, Oribtal ATK have been doing this since 1990 for NASA. Nothing new to see here!

Hacking: macOS FileVault2 Password Retrieval

Posted on by
Reply

macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the mac to access everything on it. To secure your mac just update it with the December 2016 patches.Anyone including, but not limited to, your colleagues, the police, the evil maid and the thief will have full access to your data as long as they can gain physical access – unless the mac is completely shut down. If the mac is sleeping it is still vulnerable.Just stroll up to a locked mac, plug in the Thunderbolt device, force a reboot (ctrl+cmd+power) and wait for the password to be displayed in less than 30 seconds!

Source: Security | DMA | Hacking: macOS FileVault2 Password Retrieval