fbpx
Open post

The most popular passwords, proven by hacked accounts

So apparently, every year SplashData compiles a list of passwords and rates them according to occurrence. These passwords are from accounts that have been stolen and made public. There are millions of these accounts and the similarities in the passwords show the unoriginal ideas people come up with to secure their information.

Due to the sheer number of accounts that was used to support this data, you can trust what your about to see as being something that can be applied to a greater population. The reason SplashData makes this list every year, is  to make it apparent that we need to take our passwords more seriously, and stop using pop culture and sports references. SplashData also noted that the list supplied this year, is using passwords mainly from North America and Western Europe, and that adult websites and the Yahoo hack were excluded from this list.

We actually did an article a while back about password security, and how our thoughts on a strong password have changed and the best way to form a password. You can find that article by clicking here

Now, for the list of disappointments

  1. 123456
  2. Password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou
  11. admin
  12. welcome
  13. monkey
  14. login
  15. abc123
  16. starwars
  17. 123123
  18. dragon
  19. passw0rd
  20. master
  21. hello
  22. freedom
  23. whatever
  24. qazwsx
  25. trustno1

They say great minds think alike, but it seems not so great passwords do the same thing!

It is amazing to see the thought that occupies someones mind for a split second that makes them say “hey that should be my password, no one will ever think it’s so simple and obvious!” as you turn around and high five your friend for wearing the same Starwars shirt.

Let’s try to take our online security a bit more seriously into this next year, you could even call it a new years resolution!

If you do have any concerns about other aspects of your online security or network, give us a call and let’s ensure your walls are made of hacker kryptonite! (my password is Sup3rM4n…not really)

Open post

Net neutrality and the FCC’s use of deceased people’s name

Lately the internet has been abuzz about net neutrality and preventing it from being stolen from us, lest we want to see a degradation in our society. Even knowing this, and having sent the FCC millions of petitions and signatures, the chair of the FCC still ignored the pleas of the masses and voted for tearing down our rights to online access and freedom to roam. Not only did the FCC ignore the masses, but the FCC also decided to revive the dead and use them against us.

 

What is net neutrality? 

First lets quick cover the basis of what net neutrality is. Net neutrality is basically a guiding rule or principle. It preserves our right to roam and communicate freely online, without the interference of those in a higher power position. It is free speech for the internet. This allows us to have access to all forms of information without any bias in the mix, restricting what we see and read and learn. For example, if net neutrality does become history, Fox news could pay to have specific internet providers show news from them, and them alone. This would cause a great tunnel vision in our society, and depending on peoples specific situations, cause a rift in general knowledge and understanding, leading to more chaos separation in our society.

Deceased commentators 

So back to the first paragraph, deceased persons coming to life. On multiple instances, there has been a realization that people who have passed away are somehow posting onto the FCC’s site, tickets that are in favor of getting rid of net neutrality. Family members of these deceased commentators have outright called on the FCC for their immoral and illegal actions, demanding they stop such horrid actions and be taken to court for just desserts.

Comments by the deceased were sometimes word for word, the same as other comments by other deceased persons. This shows the action as being a form of spam. But the issue at hand is that the FCC is using identities of Americans who have died to try and defend their actions by putting words in their mouths and pretending they were still alive.

As a response, the FCC has said that unvetted commentary has lost all forms of power online, and will therefore be dismissed. The only way comments will be considered is if they are cryptographically secure identities, tied to living persons.

The FCC has stated they will not help in the pursuit of those using deceased Americans identities.

Net neutrality is obviously something very important for more than just online surfing, it gives access for students and education, for keeping the world in mind and staying up to date on global events and being able to read both sides and come to ones own conclusions. Net neutrality is so much more than just “the internet” it is a necessity in a world ever growing in technological involvement.

Educated yourself on the issue

Learn about net neutrality, make an educated, well thought out decision on the matter, and then give your comments to the FCC. Here is a helpful link to the FCC’s site where you can submit your comments. http://gofccyourself.com

Open post

Companies who have been breached are still confident in their defenses

There has been a lot of articles and news covering companies and businesses who have security breaches and had people’s vulnerable information out in the hands of some hackers. Despite this news, APAC organisations are still confident in their online security measures, and feel like they don’t need to change or enhance those measures.

Fortinet recently took a poll with an enterprise security survey and the results were, unique. If we look at the companies who took the poll we see that 86% of those organizations had actually been the victim of a breach, and yet 48% of the IT decision makers at APAC are still confident in their security defenses.

There were a total of 1,801 respondents across 16 countries globally. 82% percent of the APAC IT decision makers see themselves in a higher standard  when it comes to cybersecurity compared to other organisations. However there was an honest 6% that said they felt they were lagging behind. This curious insight tells a bigger picture of the false sense of security an organization can have, which can lead to a self detrimental outcome down the road.

The reasons for this confidence are found in the method that caused their data breach in the past. There is a lack of fear in their cybersecurity because most organizations chalk up their data breaches to things like social engineering, ransomware and email phishing, things that are less to do with cybersecurity and more to do with human error.

When questioned what these organisations would do differently in their security career, 46% said they would invest more into employee training when it comes to cybersecurity awareness, which would in turn prevent their security breached past to begin with.

As a follow up from the Fortinet poll, organisations have planned to employ an IT education program for 2018 to enhance user security in the organisations. This is a great start. but it was also made aware that only 26% of the APAC businesses plan to employ network segmentation to reduce the spread of malware.

It is important to not only be aware of threats online like email phishing, but also to enhance your understanding of cybersecurity methods that would prevent things like the spread of malware, or open back doors to the network!

If you have any networks that could use some beefing up, or your looking for some insight into online security, give us a call today and let Re2tech be your source of cybersecurity!

Open post

Follow up information on the Uber data breach

Earlier today, it was made public the specifics that were stolen during the Uber data breach. Uber gives a more in-depth idea of the information accessed by the hackers, giving customers and drivers a stronger understanding of their vulnerability.

Some U.S. senators have been hounding Uber for more information on their security breach and what it meant for the customers who’s information was involved. Uber had hired an outside cybersecurity firm after the massive data breach, to get some more detailed information on the event. The cybersecurity firm has stated that they found no evidence of any riders’ credit card information, bank account information or social security numbers being downloaded by the two hackers. Uber has however disclosed that in some cases, the hackers had retrieved the location information from the place where people signed up for Uber, as well has some heavily encoded versions of the user passwords.

The company has stated that they have not seen any evidence of account fraud or misuse of data from the breach. As a response to the data breach concealment, there has been two employees who were fired for not “informing the appropriate parties”. The two employees were anonymously contacted by the hackers, being told they had just been breached and demanded payment. Through the tracking of the breach using private cloud data stored on Amazon’s web services, Uber was able to shut down access from the hackers.

The two employee’s agreed to pay the hackers $100,000 so that they would delete the data. Later on, the hackers real identities were identified, and they signed documents saying that all breached data was deleted, ensuring that the information could not be abused. It was disocvered that the hackers first gained access to Uber’s network on Oct. 13th, 2016 and the last use point of contact was on Nov. 15th. 2016.

It is still unclear if a criminal investigation has been started. Uber has since installed a stronger online defense to prevent the same issue from arising again. 

Open post

HP laptops pre-installed with keyloggers

Recently made public by a security researcher by the name of ZwClose, is the unfortunate mishap affecting some of the HP laptops.

Supposedly in the past there have been complaints about HP leaving key loggers installed on laptops, posing a potential danger to those whose laptops are involved. Key loggers that could allow hackers to record every keystroke on the laptop and steal sensitive data from the users which can include everything from usernames and passwords to credit card information.

Unfortunately the mistake has once again risen is head. The key loggers have been found to be in an estimated 460 HP laptops, supposedly “accidentally left behind” from the manufacturing and testing stages of the laptops. The key loggers are turned off, which may seem like its not be deal then, however, there is the potential for hackers to alter the registry value associated with the key logger that would turn it on, and give the hackers access to the device.

HP claimed it was also a “debug trace” and has since been removed when made aware of the problem. A list of the affected models for HP laptops can be found at this link here. If your model is listed, it is important to update your drivers as soon as possible to prevent any possible key logging travesties.

It’s important to keep up to date on your devices and their security, so keep checking back for more insight on what may prove a threat to your home, life and online presence!

Open post

PayPal acquires TIO networks but with a cost

Just hours ago, it was made public that PayPal has had a security breach due to their newly acquired networks company TIO.

Back in February, Paypal had acquired TIO Networks in hopes of introducing the TIO customers to PayPal’s services. This attempt at bolstering their user numbers has actually backfired.

Thus far it is estimated that 1.6 million customers’ personal information has been breached. PayPal has suspended TIO networks last month after discovering the evidence of a security breach. PayPal stated that TIO’s network had discovered the vulnerability in security and that the forms of information that was taken could be customer names, addresses, SSN, and login credentials.

It is important to note that the PayPal systems and TIO systems are separate networks and PayPal customers were unaffected. Thus far, TIO will remain in suspension until TIO’s platform issues with data security and information security standards are up to PayPal’s standards.

It’s quit lucky that PayPal had chosen not to fully merge the systems otherwise this could have become an even bigger issue and also involving customers with PayPal accounts.

Be careful where you put your sensitive information on the web, and ensure the businesses your using has strong network defenses. 

Open post

Morrisons supermarket data breach

Just hours ago, it was made public that Morrisons, a super market, is being held liable for the breach of information involving their workers.

Workers of Morrisons recently made a claim against the company after another employee named Andrew Skelton, stole data from the company that includes working salary, bank details, names and addresses of nearly 100,000 employees.

Morrisons believes it should not be held accountable for the actions of Skelton and is appealing against the decision.

This security breach occurred in 2014, that was when Skelton, a senior internal auditor leaked the information of employees to the internet and newspapers.

Supposedly this was a grudge retaliation over an incident that had recently occurred. Skelton was jailed for eight years in 2015, guilty for fraud,  securing unauthorized access to computer material and disclosing personal data.

Lawyers claim the company is at fault for lacking security means and the vulnerability of 5,518 former and current employees. The Judge has ruled in favor of holding Morrisons accountable for the incident. 

Open post

Reddit user discloses some major issues with Mac OS root login

Recently, a user on Reddit gave information on a huge Mac OS High Sierra vulnerability. Access to “root” permissions is as easy as an empty password, potentially leaving users extremely vulnerable. If someone has physical access to a Mac OS High Sierra system, they can access personal files and change anything without any admin credentials.

This is a huge vulnerability for Mac users. Developer Lemi Orhan Ergin contacted apple to inform them of the vulnerability. Apple at the time had no update ready for such an issue, however informed of users a way to mitigate the possibility of someone gaining root access.

Disable guest users 

Opening up the system preferences and finding the “Users & Groups” section you can select guest users and uncheck “Allow guests to log into this computer.”

By doing this, no one can log into a guest user account and give them direct access to the root permissions option.

Change root password on Mac OS High Sierra

Another means of mitigating this issue, is by actually assigning a password to the root permissions, so if someone did attempt to enter with an empty password, they would be outright blocked.

  1. Launch systems and preferences
  2. Select users and groups
  3. Login options
  4. Join which is next to the “Network Account Server”
  5. Open Directory Utility
  6. Click the lock icon, and enter your password to gain access
  7. Once inside, in the menu bar of directory utility, select “Change Root Password”

That’s it! Make your own password for the Root access and ensure it is strong to keep it worth this effort!

Apple has informed that they are working on a quick patch, so the problem shouldn’t be relevant for too long, however it is always good to become familiar with this side of your system and learn of it’s layout, in case something in the future pops-up involving the same issue.

Stay safe and hacker free! Give us a call at re2tech and we can beef up your security and help explain your system and it’s workings to you in the process! 

Open post

Imgur suffers a data breach, millions of accounts compromised

Recently reported, Imgur,  the image-sharing website has been victim to a data breach. Millions of accounts are suspected to have been compromised.

A security researcher recently discovered back in 2014 Imgur had suffered a massive data breach, putting millions of accounts in a state of vulnerability. The affected information consisted of emails and passwords for the accounts, however there are no reasons to believe any real names or other personal data was breached.

This is a lucky break for imgur, seeing as how many a businesses have been coming out informing their customers of a breach that occurred and customers very private information was stolen, like real names/addresses and credit card numbers.

Imgur has been praised for their swift action and transparency on the matter. Imgur’s chief operator put out a statement saying “We apologize that this breach occurred and the inconvenience it has caused you.”

The data researcher who discovered the breach thinks the encryption method Imgur used in 2014, A hashing algorithm, was broken through with brute force, and that because Imgur updated their encryption method in 2016, there shouldn’t be worries of it occurring again anytime soon.

Great job Imgur for addressing the issue in a time sensitive manner and with consideration for your customers. This is a great contrast in comparison to the Uber mishap that was recently made public.

Keep your information up to date and your usernames and passwords strong and changing between applications/websites. Don’t let data breaches like this affect your daily life! 

Open post

Data breach at the Department of Social Services

This just in, the department of Social Services credit card system has been breached, as of yesterday. This isn’t something to be thankful for that’s for sure.

8,500 people have received warnings that their personal data held by a contractor has been breached. Past and current employees alike are vulnerable. The breach included employee names, user names, work phone numbers, work email, credit card information, Australian government  service number, public service classification, organisation unit and system passwords. In early November, the department alerted it’s employees to the system breach prior to 2016.

There was not a communication of how long the data was exposed for, however a DSS spokesman said the contractor, business information services, said the data was open from June 2016 until October 2017. The data related to the period 2004-2015.

So far the DSS is putting blame on the third-party providers actions, stating that the breach is in no way a fault of the DSS. Recently stated, the DSS said the data has now been secured, and that there was no evidence of improper use of the departments credit cards. It was stated that the type of information that was stolen can be a strong factor to identity theft, fraud and masquerading, where the attacker is pretending to be an authorized user.

 

Posts navigation

1 2 3 4 5 6
Scroll to top