Short URL Addresses May Be Creating Easy Paths To Spy On Your Data

We’ve all seen those huge URL’s, be it for a website or a document you have saved in the cloud, they just seem to go on and on with no sign of ever stopping. Then you spot the tiny URL they offer you instead, short and sweet with only a few letters and numbers to copy and paste before you can open your document anywhere you want. Why not use it? well for starters that small URL may be creating just as easy a path to spy on your data!

Research conducted by Martin Georgiev and Vitaly Shmatikov suggest that looking at the abbreviated “short URL’s” used by companies such as Google, Microsoft, and even bit.ly, a company dedicated to creating and sharing short URL addresses, revealed that using a simple trial and error method they were able to gain access to your cloud storage files.

In particular, Georgiev and Shmatikov were able to find and access files shared through Google Drive and Microsoft’s OneDrive with short URLs. If this wasn’t scary enough, someone could place malicious code in the files that had write permissions enabled, allowing them to infect and spread their effect all through one of your files stored in the cloud. Estimating that around 7 percent of the accounts on OneDrive and Google Drive they scanned were vulnerable to this flaw, it’s scary, to say the least.

More worrying may be companies differing responses to be being alerted about this result, with Google doubling the character length of their short URLs, while Microsoft stated that the vulnerability “does not currently warrant an MRSC case”, while quietly removing the short link function on OneDrive so not to expose others to the problem while they no doubt investigate.

Wetherspoons Reveals Extent Of Hack

From phone calls made to and from prisons, to the details of thousands of children and their parents, hacks seem to be everywhere and are affecting everyone these days. The latest one to reveal they’ve been hacked is  JD Wetherspoons, the popular pub chain.

Revealing that its old website was hacked between the 15th and 17th of June, but only learning about the attack on the 1st of December, Wetherspoons called in security specialists before informing customers on the 3rd of December. Yet again the hack seems to have revealed a database containing numerous customer details, currently put at around 656,723 customers.

The details included in the database were the first name, surname, date of birth and contact details such as mobile phone numbers and email addresses.

If you purchased a voucher before August 2014, the last four digits of your credit or debit card could have been accessed, although they are keen to express that no other details, such as security codes or the remainder of your card details, were exposed.

Don’t pay by card? How about not using your card when you go to Wetherspoons? This doesn’t affect me? Did you sign up for their free wifi, or maybe even used the Contact us form? If you did then your data could be included in that which was revealed.

Amongst TalkTalk, Vodafone and VTech, more and more companies are finding their systems breached. Maybe now is a good time to avoid handing out any details to any company or person.

US IPv4 Address Pool Reported to Be at Its Last Drop

Well folks, the time has come to gradually transition from IPv4 towards IPv6. But don’t panic! Everyone was aware of the change and the limit is expected to be reached, as previously analysis show, sometime this summer. Will this affect your everyday user? Of course not, people will most probably not see any type of change at all (hopefully).

The guys in charge of handling the transition and making sure that everything works are the ISPs, who should have already started on getting things ready for the big change. So why do we need to make the change? Limited addresses, of course. Back in 1981 when the first IPv4 was made, it used only 32 bits to generate unique addresses. The latter number of bits is able to generate 4.3 billion unique addresses and back then people couldn’t have imagined that so many devices will be connected to the Internet is such a short amount of time.

However, further analysis pointed out the issue and so IPv6 was introduced in 1999, a 128-bit upgraded version of the IPv4 protocol, able to generate 340 trillion trillion trillion unique addresses. Now the thing is, if we are to run out of addresses for this protocol, it means that we either have the worst tech addiction or we are in an era where there are more androids running around than people.

Thank you Sci-Tech Today for providing us with this information

Thousands of Uber Accounts Are Said to Be Selling on the Dark Web

At least two vendors on the dark web marketplace named AlphaBay are allegedly selling Uber accounts. The accounts are said to let buyers order trips using whatever payment method attached to the accounts, while also providing them with the full trip history, email addresses, phone numbers and even location information of people’s home and work address stored on the accounts.

The price for such an account is said to be as low as $1, but it could get to $5, a price that won’t even get you around the block with a taxi. One of the sellers is said to have sold over 100 accounts to other buyers, but a lot more accounts are estimated to have been sold by now.

“We investigated and found no evidence of a breach,” a Uber spokesperson told The Verge. “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”

The method used to acquire the accounts is not yet clear, but this comes after Uber disclosed the information about 50,000 of its drivers had been accessed by a third-party in May. The latter might indicate that a security breach might have been found in the company’s system and exploited to get access to user’s account credentials.

However, Uber stated that the breach did not affect user names and suggested that the information leaked to the third-party is unrelated to the stolen user credentials currently selling on the dark web.

Thank you The Verge for providing us with this information

Nubem Start to Offer a Free Dynamic DNS Service

Nubem, an emerging service providers in cloud computing technologies, has announced that it will start offering a Free Dynamic DNS service to all customers.

For those who do not know, Dynamic DNS, or DDNS, is the process of keeping up-to-date DNS record used by a computer with a dynamically assigned IP address. The DDNS service automatically updates with record of IP addresses, without the need for anyone to manually input it in its memory.

Also, DDNS allows a fully qualified domain name to be associated with a dynamically assigned IP address. This is why Nubem is founded on open standards, being widely compatible and supporting almost any devices.

In order to get the service, users can navigate to Numbem’s page, click on the ‘Get Your Free Dynamic DNS’ button and follow the instructions given on-screen.

Source: Nubem

iOS8 to Include MAC Address Spoofing – Marketing Data Will be Heavily Affected

With Apple’s latest iOS8 platform drawing nearer and nearer to its release date – which even at this time is not confirmed (although we do estimate a date of around three months time), information regarding what the new OS will have featured is very much in the open.

Whilst Apple’s keynotes have displayed all of the latest and greatest features that users will have at their fingertips, information has been discovered which relates to user privacy and the way in which iOS 8 tackles this growing concern for some users. The adjustment that I’m referring to here comes down to the collection is user data when they are out in public and marketing analysts are scanning for data to help them build up a shoppers profile as part of market research. To collect data at the moment, information is collected through wireless networks – whether you are actively connected to them or not – and in particular the key piece of information that analysts are after is the devices MAC address – the unique identifier which is much like the chassis number on a car for example.

Now as the user is becoming more conscious of their privacy in the open world, there has been a growing demand to have this information withheld rather than being freely available. To combat this, Apple have introduced MAC spoofing into the latest iOS, which scrambles and masks the devices actual MAC address, resulting in false data being collected on the other end. What does this mean for the analysts? Simply put it means that, even with the collaboration of store inventory and video records, the whole integrity of their operation to build up a picture of the shopper is under threat – MAC spoofing results in false data and therefore false statistics.

As the awareness of user privacy continues to grow and the consumers demand grows on what data they share, Apple’s move has started what could be a massive turn in user privacy – and what will Apple users need to do? Simply update their phone to iOS 8 – that’s all.

Source: AppleInsider

Dogevault Goes Offline – Millions of Dogecoins Appear Stolen

As far as cryptocurrencies go, Dogecoin has by far got to be the most popular one of recent times and it’s not surprising really considering it went viral after it was created in the spirit of the popular internet Doge meme.

News has come to light however that some people may have taken a liking to the currency a bit too much after the online wallet Dogevault reportedly went offline without any warning and some users are realising that large quantities of Doge were transferred out of their accounts just before the service went down.

Whether or not the Dogevault servers were hacked or whether the owners have shut up shop and made for the hills is still under investigations, but after some investigation in to where the coins have been transferred to, it seems like we could be looking at the biggest Dogecoin thefts in history. One user posted a shot of his wallet, showing that 950k coins were removed and after following the transaction path, they appear to have landed in this wallet, along with nearly 120 million more coins. Another wallet has been found as well that suggests the Dogevault owners are also responsible, with a balance of over 2.6 million coins itself.

What is certain though is that the coins sadly are not likely to be returned which turn may cost their rightful owners a lot of real hard cash. My suggestion though is that if you use an online wallet, get a desktop wallet that I personally feel is more secure, transfer all your coins there and make sure you keep it safe. A flash drive in a safe would be better suggestion even still.

Source: The Cryptocurrency Times