Amazon Recommends Users Change Their Passwords

Who doesn’t have an Amazon account? If you do it may be worth changing your password as Amazon recommends users take the precaution after it discovered that some of their Amazon accounts could be found online.

Amazon discovered the leaked passwords were contained within a password list online, and while not exclusive to Amazon services, it has recommended that users change their passwords, even more, so if they use the same password on several sites. If your accounts email address was found to be on any of the lists then Amazon has taken the precaution to force a password reset on your account.

While many recommend against it, it’s common practice for people to use the same password and email combinations on several sites, thus increasing the chance that if one account is hacked, others will be compromised alongside.

While it’s recommended by some that we get rid of passwords altogether, alternative methods like biometric scanners for your fingerprints have been seen as easily bypassed and companies are even looking at using videos or selfies to access your accounts, a technique that has been met with mixed views. Would you prefer to access your account with a selfie or video of yourself or do you believe that the password still has a while to go if used correctly?

UPDATE: We were asked to remove the image, so one of our own, Robert Ainsworth, provided us with a copy of the email he received.

FBI Reveals Reason for Asking Apple to Unlock Their iPhones

In the recent case of Apple vs the FBI, the FBI requested Apple’s assistance in unlocking an iPhone, a request that caused legal worries and issues for a number of technology companies. We may finally know the reason for why the FBI pushing so hard on Apple to unlock their iPhones.

In an email, it was revealed that the reason Apple needed to help the FBI was a little more personal than some might expect. The email reveals that James Comey, Director of the FBI , likes iPhones and is actually quite a big fan of Apple altogether, or, at least, was until he forgot his passcode.

After forgetting his passcode, Comey tried to recover access to his device by resetting the passcode and once that failed, by using his password to attempt to gain access. When all this failed, Comey had no option but to reach out for help to gain access to his phone.

With Apple refusing to unlock his iPhone the FBI were forced to use alternative means to gain access to the device, which turns out to be as simple as removing the battery and forcing a hard reset. Apple has since revealed that it fixed the problem in subsequent versions of the iPhone, but in a generation of secure devices being able to reset passwords by forcing a hard reset worrying, simply turning it off and back on again seems a little low-tech solution to a problem.

For more information you can read the full email here.

Synology Officially Releases DiskStation Manager (DSM) 6.0

Synology released the final version of DiskStation Manager (DSM) 6.0 after six months of beta programs and it was well worth the wait. DSM 6.0 is a major leap in the development of DSM and introduces major enhancements in every aspect including Virtualisation, Cloud Solution, Collaboration, Security, Multimedia, Accessibility and much more. Loyal readers will also have seen our review on DSM 6.0 just a few weeks ago where we had a go with it ahead of time.

There are so many improvements in DSM 6.0 that it is hard to get them all mentioned in a post like this, but I’ll try to bring you the highlights. Should you want to check out more details on the individual new function before you upgrade, then you can visit the official minisite for DSM 6.0 and check up on all the details. One of the awesome new functions that you’ll barely notice except for its usability is the new powerful content indexing service. This effective feature allows you to quickly reach all your data with a full content search for more than 700 file formats including office documents and metadata from your media files. With this, you’ll quickly find the files you’re looking for, no matter where on your NAS they’re located.

The Cloud Station Suite also made file syncing a lot easier, no matter what device you’re using. It is now all in one place and easy to setup and configure. Whether you just want to use it for backups to your personal cloud or sync it with a host of cloud storage services too, the Cloud Station Suite makes it easy.

A lot of the really new features in DSM 6.0 focus on the enterprise users, but the home users were in no way forgotten. DSM 6.0 focused highly on optimizing the multimedia experience. The redesigned Video Station with offline transcoding allows you to watch movies anytime, anywhere. Multimedia mobile apps support multiple devices including the new Apple TV, Apple Watch, and Windows 10. Media storage and access are some of the main reasons for home users to get a NAS and with these improvements you can be sure to have a smooth experience, anytime, anywhere.

The advanced collaboration tools are equally useful for home and enterprise users alike. Whether you are calculating prices for customers or keep track of your household expenses, you can do it all on your own NAS without the need for any local software. Create Spreadsheets or use the advanced Note Station yourself or share, edit, and collaborate with friends, family, and coworkers.

The concept of electronic mail is as old as the internet itself. DiskStation Manager now also comes with the all-new MailPlus and MailPlus Server packages that allow you to set up a secure and reliable private mail server as well as use a modern email client for receiving and sending messages. Again, everything will run on your own server and you remain in full control and don’t need to rely on third-party services. While this mostly is relevant to enterprise users, there are quite a few enthusiasts such as myself that could benefit greatly from this system at home too.

DSM 6.0 also offers a much greater support for SSD cache that ensures a significant boost in performance for those that need more than the average. This is mainly for enterprise users and so is the newly added support for shared folders with over one petabyte of storage space. The Btrfs file system is now also supported on more NAS models than before, which in itself adds a row of great features such as data compression and data scrubbing.

DSM 6.0 also introduces Snapshot Replication to Synology’s NAS’ that offers near-continuous data protection as well as multi-site replication for an even better protection of your files. In addition, Synology’s Hyper Backup package can now perform multi-version backups of all types of destinations.

Consolidating physical servers with virtualization technology can increase server utilization and reduce business operating costs – and it’s also really cool. DSM 6.0 introduces two new features here with Docker DSM and Virtual DSM that enables users to build a reliable and multi-tenant environment on their Synology NAS.

Virtual DSM allows you to deploy multiple virtual instances of DiskStation Manager on the same unit. You can easily live migrate virtual machines to another Synology NAS and test out DSM upgrades in isolated virtual machines before you effectively install it. There is no need to worry about downtimes when upgrading with such a feature. It also adds another layer of security as it protects the physical machine from being affected if the virtual machine gets attached.

Docker DSM is a lightweight virtualization system with data protection where you don’t have to give up system performance. It can be containerized and run on a Btrfs shared folder with little performance impact, yet provide you with a lot of benefits. It only requires 256MB memory for each Docker DSM where Virtual DSM requires 1GB or more each and the only real difference is the whether you need the ability to use iSCSI LUN and targets.

 

So, it might be time to upgrade your Synology NAS. You can find a full list of applied models for each function and check out the full software specification too if you want to know more. As a user that already had the pleasure to play with DSM 6.0, I can highly recommend it.

Gmail Says Use of Encrypted Emails Has Risen 25%

We use email every day, be it sending them for work or personal reasons or getting a thousand and one emails advertising everything from something you are interested in helping a foreign prince distribute their wealth. One way that you can be protected when sending emails is to send encrypted emails, something which has risen in use by 25% for Gmail users.

What caused this spur of encrypted emails? Google stated last year that they would start flagging up emails which were unencrypted, warning users which providers and emails were being sent from services that supported TLS encryption. This change came into effect in February this year, the end result of which was the 25% increase in encrypted emails that Gmail has reported in the last month.

Google isn’t acting alone on this, with Comcast, Microsoft, Yahoo and other companies in the industry looking to create SMTP, a new standard that could be used to help protect emails from man-in-the-middle attacks.

Combining all these with their recent push on security updates in Chrome and Android, including their use of two-factor authentication encryption and warning people about state-sponsored attacks on accounts, it’s becoming more and more clear that even in the digital world, companies want your private information to remain private.

New SMTP STS Email Security Standard Published by Industry Leaders

A number of engineers from some of today’s top tech firms have come together to provide a new standard of security for the sending and receiving of emails. Google, Microsoft, Yahoo, Comcast, LinkedIn and 1&1 Mail & Media Development & Technology are all part of this new standard that is named SMTP Strict Transport Security (SMTP STS). The new standard will allow email providers to define policies and rules that control the sending and receipt of encrypted email communications, which is a vast improvement over current email security.

When SMTP (Simple Mail Transfer Protocol) was envisioned back in 1982, it included no facilities for encryption or security. This same protocol has been in use to this day, and despite additions over the years, such as  STARTTLS that have added support for TLS (Transport Layer Security) to SMTP connections, its adoption rate has been low and the majority of email traffic is as unencrypted as in the 80s. Between May and August 2014, in the wake of Edward Snowdon’s leaks, Facebook saw adoption for STARTTLS jump from 58% to a whopping 95%. STARTTLS is not without flaws, though, as it does not validate the digital certificates and is vulnerable to both man-in-the-middle attacks and simple stripping of the encryption.

The newly proposed SMTP STS addresses both of the main flaws that exist in STARTTLS. Firstly, it informs connecting clients that TLS is available and recommended for use as well as how the certificate should be validated and the consequence of failure to establish a TLS connection. SMTP STS policies are set via special DNS records added to the email for the server’s domain name, providing ways for clients to validate the policies and report failure. Man-in-the-middle attacks can be foiled by a mail server telling a client to cache its SMTP STS policies for a set duration, to prevent false policies being injected.

Whether this new standard will catch on the wider world of the internet remains to be seen, but with so many key companies involved in its development and security being such a key topic in the modern-day, we can only hope that it allows us to keep our emails that much secure and private.

Sony Hands Out Free Game Codes To Compensate For 2011 Hack

A few years ago Sony had a rather bad hack, which affected around 70 million of their customers. In the wake of the hack, Sony offered to renew its efforts to increase security alongside some gifts to appease players who suffered during the 23-day outage. As of March 2nd, you may find that the promised free game codes have finally arrived.

Depending on the services you were signed up to when the hack happened (PlayStation Network, Qriocity and Sony Online Entertainment), you can claim a variety of rewards. As part of Sony’s initial scheme people were offered to grab a game, but don’t worry if you didn’t manage to grab one all the time back then, you can grab two now.

The games available vary based on which of the available platforms you wish to collect your reward for, with the Playstation 3, Vita and PSP all being offered free rewards as a sorry. If you want to grab a game you can now get inFamous, LittleBigPlanet and even the God Of War HD Collection for free but they will be limited to the aforementioned consoles.

With the lawsuit spawning this reward scheme valued at $2.75 million, Sony must be happy that they can get away with a few free games or even a little account credit or PSN time almost five years since the hack began the security awareness that so many companies are still suffering from.

Hacker Who Leaked Bush’s Emails To Be Extradited

In this day and age, security and technology are constantly at odds. With the ability to chat with people all over the world with the press of a button, sometimes storing that information can be troublesome. A year and a half ago the U.S. found this out when it was discovered that former president George W Bush’s emails, now it would seem the hacker responsible is to be extradited.

Marcel Lehel Lazăr reportedly broke into the email account of several family members of George W Bush, gaining access to everything from family photos to self-portraits painted by the former president himself. The hack contained emails regarding family matters such as a funeral for his father, former president George H. W. Bush.

Lazăr, a former cab driver, is being charged with cyberstalking, obstruction of justice, aggravated identity theft, wire fraud and unauthorised access to a protected computer. Under Romanian Law, he can be extradited for up to 18 months to face the charges. With a former conviction in 2014 for hacking into accounts of Romanian officials, the past looks to have repeated itself again with his latest act.

With no names mentioned in the case, it lists one of the victims as a “family member of two former US presidents who was the true owner of an AOL account known to the grand jury”. With so few families having two former presidents in their midst, I think it’s safe to say that this case revolves around the Bush family.

Roy Tomlinson – The Creator of Emails Has Passed Away

It is with great sadness that we report that Roy Tomlinson, the man credited with creating the first email system, has passed away.

Tomlinson was working on ARPANET, the precursor to the internet, back in 1971 when he contributed to the first email system. Tomlinson is recorded as saying that most of the emails he sent when testing the system were “entirely forgettable, and I have, therefore, forgotten them”.

Tomlinson’s contribution doesn’t end there, it was originally Tomlinson’s idea to use the @ symbol for stating that you could find a user “at” this particular host. He explained his reasoning on picking the @ symbol on BBN’s website:

“I chose to append an at sign and the host name to the user’s (login) name. I am frequently asked why I chose the at sign, but the at sign just makes sense. The purpose of the at sign (in English) was to indicate a unit price (for example, 10 items @ $1.95). I used the at sign to indicate that the user was “at” some other host rather than being local.”

We cannot deny the influence that Roy Tomlinson had not only on the technology we use but also on the way we live. May he rest in peace.

Teen Hacker is Back and Hit the Director of National Intelligence

This is pretty much what I’d normally call a burn, and it is a big one. Back in October last year, a group of teenage hackers broke into the CIA director’s email account and now one of them is back. His latest victim is the Director of National Intelligence, James Clapper, a man that should know a thing or two about keeping your privacy private. Okay, I’ll be honest right here as we always got the comment haters due to the terminology ‘hacking’. This wasn’t technically a hack, but more social engineering skills. But then again, almost every large-scale hack that happens, started with social engineering. So technically it isn’t wrong either.

Back to the story at hand, where the teenage hacker who calls himself Cracka, and who claims he’s a member of the group Crackas with Attitude, targeted none less than the Director of National Intelligence James Clapper. This should theoretically be one of the toughest targets with that position, but that wasn’t the case at all. Crackas didn’t just gain access to an email inbox this time, he went a little further and also had some fun with it.

With access to Clapper’s email, he could easily break into a series of accounts connected to Clapper, including his home telephone and internet connection, his personal email, and his wife’s email. Just dumping or stealing information is boring, so while Cracka was in control, he went into Clapper’s Verizon FiOS account and changed the settings to make every call to his house get forwarded to the Free Palestine Movement instead.

Cracka originally contacted Motherboard with the story, probably to brag a bit. After all, it is a pretty nice accomplishment. “I’m pretty sure they don’t even know they’ve been hacked,” he told. Later a spokesperson for the Director confirmed the hack.

Michael Adams, a former information security expert in the US Special Operations Command, said that it was insane that Clapper didn’t do more to hide his personal details, making it as easy as it was. “If I’m the Director of National Intelligence of the United States of America nobody is going to know where the fuck I live, nobody is going to have my goddamn phone number or address,” Adams told Motherboard.

Image Credit: Business Insider

Unable to Create a PSN Account? Here’s Why!

Christmas is a time for giving and sharing. More often than not these days games and consoles are shared, resulting in a very busy period where everybody is online creating new accounts and downloading their new game updates. Sony’s PlayStation network (PSN) seems to be having some problems with the Christmas boom, resulting in slightly slower than average speeds for getting the required emails.

The Playstation network appears be having trouble sending the verification emails you get sent at the start when you first create a new account or a sub-account, meaning that you won’t be able to create a new user without a major delay. What we describe as a major delay though is that these emails appear to be taking longer than an email to be received.

As late as 5 PM GMT, AskPlayStation, the official twitter handle for Playstation support questions, tweeted that they were still looking into the issue regarding account validation and password resets.

While users are still able to play single-player games and even download the updates to their games, you won’t be able to play multiplayer games or even visit the Playstation store to spend those gift cards that you received and purchase new games straight to download. While this should be a temporary glitch, how long it will last for is anyone’s guess.

This is bad news for Sony after problems with PSN hacking in the past and now this, it’s no surprise that people are upset with Sony and the PlayStation franchise and you can see why Microsoft’s Xbox is a market leader in certain regions and countries across the world.

Have you been affected by this delay? Do you know someone who got a new Playstation device this Christmas or even a new game that they have been longing to play online? Let us know in the comments below.

Wetherspoons Reveals Extent Of Hack

From phone calls made to and from prisons, to the details of thousands of children and their parents, hacks seem to be everywhere and are affecting everyone these days. The latest one to reveal they’ve been hacked is  JD Wetherspoons, the popular pub chain.

Revealing that its old website was hacked between the 15th and 17th of June, but only learning about the attack on the 1st of December, Wetherspoons called in security specialists before informing customers on the 3rd of December. Yet again the hack seems to have revealed a database containing numerous customer details, currently put at around 656,723 customers.

The details included in the database were the first name, surname, date of birth and contact details such as mobile phone numbers and email addresses.

If you purchased a voucher before August 2014, the last four digits of your credit or debit card could have been accessed, although they are keen to express that no other details, such as security codes or the remainder of your card details, were exposed.

Don’t pay by card? How about not using your card when you go to Wetherspoons? This doesn’t affect me? Did you sign up for their free wifi, or maybe even used the Contact us form? If you did then your data could be included in that which was revealed.

Amongst TalkTalk, Vodafone and VTech, more and more companies are finding their systems breached. Maybe now is a good time to avoid handing out any details to any company or person.

Amazon Passwords Could Have Been Leaked

It’s that time of the year again, when everyone goes crazy and starts buying ready for all the events and gift giving that is come over the next few months (some even preparing so much as to get some ordered for next year). Black Friday, one of the busiest shopping days of the year is upon us and with it a lot of people are looking and watching online stores waiting for that juicy one time deal they could quickly scope up before it all goes. To no surprise, Amazon is one of these online stores, so what does it mean when people started receiving emails asking them to change their passwords? That’s right another potential breach.

As reported by ZDNet, a selection of their readers received emails asking them to reset their password (the email was also sent via Amazons message centre, confirming that it came from a legitimate source). The reason given was that your password could have been stored on your device or transmitted in a way that exposed it to third parties.

Amazon continued to state they had corrected the issue, but that temporary passwords were being issued as a sign of caution.

Given recent hacks and breaches, it’s not surprising that Amazon is airing on the side of caution when it comes to people’s accounts, especially around this time of year.

Yahoo Mail Restricting Access If You Use An Ad-Blocker

So remember those days when you waited five minutes to load a video or had to browse through those five tabs to find the one which was playing a video you had no idea even existed? A lot of people still suffer this fate, having their internet traffic and experience trampled on by the online plague of intrusive adverts. To combat this a series of software, often plug-ins to web browsers, was released under the title of ad-blockers. These pieces of software blocked unwanted ad’s and allowed you to whitelist any adverts you did like or even whole sites which you knew you could trust. Companies dislike this approach because they have no control over what adverts are played and therefore, end up losing money, a big name to join the crowd to punish ad-blocker users are Yahoo mail.

As shown in the screenshot above, provided by Portnoyd on the Adblock plus forums, shows the welcome message they got when they tried to access their email and found that Yahoo ‘recommended’ disabling Ad Blocker to continue using the email system, even going so far as to say “Uh oh … We are unable to display Yahoo Mail”. This would be believable, Ad Blocker may accidentally block something if it’s designed in a certain way, the sad part is though the URL states ADBLK _TRAP, clearly showing that the redirect is built to prevent Ad blocker’s users from accessing the site, rather than the error it pretends to be.

Are you a Yahoo Mail user? Have you found this problem? Should companies just accept that we wouldn’t use Ad Blockers if their adverts didn’t disrupt us on a regular basis?

Snooper Charter Powers are Increasingly Worrying

Security is one thing, from a virus on your phone or PC to a coordinated breach and remote access that compromises your computer. While we may not want to believe them, they are the things that happen more than anyone would want and as such, people are employed to look out for any risks and report and maybe even fix them. Security researchers are essential in the world where our digital security is as important to many as locking your door. So what does the new law that the UK government want enforced mean for you? For one it’s more than often known as the Snooper Charter, and its powers could be a problem for security researchers and even you.

The typical process for security researchers upon finding a backdoor, something that can give anyone access to your system, is to check your findings with colleagues and make sure that it is, in fact, a security risk, then to alert your client, normally the creator of the software or the owner of it at least. They then report it, get a fix out and then you can reveal to the world that they need to update in order to receive this fix.
Under the snooper charter, though, even so much as revealing a backdoor could be punishable with up to 12 months in jail or a fine. For someone who spends their life finding these flaws, the risk of you exposing one created by the government, could put you not only out of a job but also out of work for good.

If that wasn’t enough, intercepting information, equipment interference (hacking) and retaining communications data would also be protected under gag orders, including those for bulk communications data collection, such as all the emails sent from your home IP.

Granting access to all your information, without having to provide anything for scrutiny. This is made all the worse by that fact that even in talking to your MP, to prove someone innocent of a crime they were falsely accused for or even in the court when you’re being charged using this information, it would become illegal to even disclose that these tactics were used to obtain the information.

With these powers and the charter as it is, not only would the government and agencies have abilities to access and obtain information with little oversight, but you would be unable to discuss or reveal that these activities even took place.

California’s Legal System Now Supports Digital Privacy

In recent years, there has been a big uproar courtesy of a certain reveal by a man named Edward Snowden, regarding digital privacy. To be more precise, it was about the lengths that groups went to in order to avoid any legal requirements when it came to accessing and using your personal information. The Electronic Communications Privacy Act looks to be the first, and hopefully the first of many, to enforce a legal right to digital privacy.

Governor Gerry Brown signed the Act taking it into full effect and I have no doubt that a wide variety of people will be happy about it. The Electronics Communications Privacy Act states that any, I repeat, any state law enforcement agency or any other investigative entity are required to have a warrant in order to obtain digital information (including information stored in the cloud, such as emails or text messages) and that they cannot ‘compel’ businesses to hand over this information without a warrant. It doesn’t end there though if they want to use your GPS to track you or even to search your phone, they will need a warrant for that too.

While not the first to outline in a legal document the requirement of a warrant for your data, or even your location, it is the first to cover things like metadata and your device searches. Many hope that this could be the first of many laws, with other states taking up their own versions of the Electronics Communications Privacy Act or pushing for these conditions to be placed on a national scale, affecting all agencies regardless of state.

Thank you Wired for the information.

Image courtesy of Falkvinge

WHSmith Contact Us Sends Email To Companies Mailing List

Online shopping is a big thing, and companies like to keep track of what you’re buying and even send you the odd offer here or there, you brought a TV so why not buy a sound system for 20% less? Normally these offers mean we sign up with some sort of password and email combination, and you expect them to store these and be safe. In recent years we’ve seen some sites hacked and their details published online, but today it would seem that WHSmiths has taken it a step further with their contact us form emailing everyone who had registered for magazines with the company!

In a statement, WHSmiths stated that “I-subscribe [the company responsible for their magazine subscriptions] have immediately taken down their ‘Contact Us’ online form which contains the identified bug, while this is resolved”. They stressed in their discussion with the Guardian newspaper that it was “a bug not a data breach”.

The emailed not only included the information such as the person’s name and the message they wished to send but was sent to a large list of contacts, thus exposing their details to a wider than wanted audience.  Some of the earlier messages contained not only their real names and emails but also postal addresses and phone numbers.

With data security at its highest and customers, both paying, and interested parties, worried about the extensive breaches and accidents, will companies soon look at different ways of storing information where these accidents could happen less?

Thank you The Guardian for the information.

Image courtesy of Corporate Marks and Spencers

Ashley Madison Hackers Leaving Behind Footprints

Hacking has been big news in recent years, with everyone from Sony to Apple having breaches and personal information released. The latest in this long stream of hacks is a website titled Ashley Madison. In case you aren’t familiar with this website here is what’s happened so far. The Ashley Madison site is a site designed for people to search for companions, no matter what their marital status. This has resulted in it being a site popular among those who are unfaithful for their partners, a problem for many given that to leave the site you are required to pay a £15 fee. In protest of this though they seem to have been hacked, and as a result, this information has since been released on the internet. Now for the fun parts.

In contrast to the initial “moral” stance taken, of which many suspected the reason the hacked data was made public was in order to force people to be faithful and honest with their partners and in protest to the leaving fee, it would appear that this data is now being used by criminals to extort the people who have had their data exposed online. Demanding roughly 1.0000001 bitcoins (£147.28) from each person or to have their information revealed to their significant others.

All is not lost, as a file containing the emails of Ashley Madison’s CEO was left on an unprotected bittorrent server for hours. By not password protecting or disabling the web management system used in the file sharing system people were able to access and change the server configuration, and if it turns out that this was the original torrent server used to upload the files it could be possible to track down the IP of connecting users and find out who initially uploaded the files.

Hacks are appearing every day now and it would seem that people are using these to their own benefits, turning one crime into hundreds.

Thank you Neowin and Ars Technica for the information. 

Image courtesy of Ashley Madison.

Hackers Post 10GB Stolen Data as Ashley Madison Stays Online

It has been a while since hackers attacked the online cheating site Ashley Madison where the hackers claimed that they had downloaded pretty much all relevant information about the users from the site. For those who don’t know it, Ashley Madison is an online dating site specifically designed and advertised to married people who want to cheat on their partner. A pure disgrace in my book that a site like that is allowed to stay online, but that is beside the point right now.

The hackers wanted the site to shut down and threatened to release the user data if that didn’t happen. The site didn’t give in to the blackmail as it looks to be a very lucrative operation, even though they’ve exposed for having 90-95% male profiles and most female profiles being faked by the company. I don’t think that women cheat less than men, perhaps they’re smarter about it.

Now the hackers have made good on their promise and released 10GB stolen data that includes not only usernames and emails, but also appears to contain credit card information to pay for the membership as well as many other personal information. While the site doesn’t verify the profiles in any way and it is possible to create fake profiles with any email you wish, it’s still scary how many government email addresses were found in the database.

Avid Life Media, the company behind Ashley Madison, condemned the release of the data with a statement: “This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world.”

All the information has been posted to the “Dark Web” that only can be accessed through the Tor browser. It will be interesting to see what new dirt will show up as experts dig through the data and decrypt the parts that were secured.

Thank You Wired for providing us with this information

Hack Targets Email System Of The Pentagon

NBC news is reporting information which has been supplied by US officials who have stated that Russia has launched a “sophisticated cyber attack” with the aim being the Pentagon’s Joint Staff unclassified email system.

The email system has since been shut down by being taken offline for almost two weeks. The attack happened “sometime” around July the 25th 2015, this has affected around 4,000 military and civilian personnel who work for the joint chief of staff. I love how specific highly trained government officials are behaving concerning this possible intrusion.

Sources have briefed NBC News that the hack relied on “some kind of automated system that rapidly gathered massive amounts of data and within a minute distributed all the information to thousands of accounts on the Internet”. There is suspicion that Russian hackers planned and implemented the cyber attack via encrypted accounts on social media.

The phrase, “oh here we go again” comes to mind with these types of cyber attacks, which conjure a feeling of Déjà vu or Groundhog Day depending on your movie of choice. If governments, companies and infrastructures intend to keep information stored within networks and connected devices, then it needs to be secure. It’s absurd that it keeps happening over and over again; it’s almost deciding which foot to shoot and ending up shooting both.

Officials have stressed at this time no classified information has been compromised, hopefully this will not change. There is also the unknown factor of whether this has been orchestrated by hackers on behalf of the Russian government. I expect more information to be placed in the public domain within the coming days, or it will be forgotten by a new hack from a far-flung country. Who knows, at this stage nothing is surprising.

Thank you NBC News for providing us with this information

Image courtesy of masteringfilm

Windows 10 Ransomware Discovered

Well this didn’t take long! A new form of ransomware has been discovered which if downloaded, will automatically encrypt your files before demanding a fee to unlock them. The distributors of this malicious code are attempting to impersonate Microsoft by “offering” users a free upgrade via email. This scam takes full advantage of the Windows 10 download process, which asks consumers to virtually wait in a metaphorical line for the upgrade.

So how does it work?

The distribution works by sending an email to consumers offering them a free Windows 10 upgrade. A sample of this type of email is below, firstly, the “from” address on the email is spoofed, (update<at>microsoft.com). This is not actually from Microsoft but from an IP address in Thailand. The attackers are also using a similar colour scheme to that of Microsoft with the aim of luring consumers into associating this email as genuine.

The next red flag is courtesy of the letter format which does not parse properly. This could be due to the targeted audience, a demographic using a non-standard character set, or the character set the adversaries were using to craft the email. Another suspicious but sneaky technique is the mail virus scanner which indicates the email is fine, it links to an open source mail scanner, but this is designed to trick users.

What is the Payload of the virus?

If this email is taken as a genuine correspondent from Microsoft, you will be asked to download a zip file which contains an executable file. Once run, the below screenshot will pop up. The payload is CTB-Locker, a ransomware variant and is currently being delivered to users at a high rate, whether it is via spam messages or exploit kits, adversaries are dropping a huge amount of different variants of ransomware. The functionality is similar to this kind of ransomware with a few extra features which include, the use of elliptical curve encryption which provides the same public/private key encryption but it’s a different type of algorithm with lower overheads.

Another feature for this locker includes using hard-coded IP addresses on non-standard ports to establish communication. There is also a significant amount of data being exchanged between systems, which are largely uncharacteristic for ransomware. An analysis of network traffic reveals that there were ~100 network streams to various IP addresses.  The most common ports being utilized are 9001, 443, 1443, and 666.

So how do I protect myself from this threat?

Be very careful with emails of this nature, look at the details and if unsure, research it, this is a powerful weapon at staying current and educated on the nature of these threats. Always question a “Free Upgrade” which is sent to your inbox, never open or install executable or any other file without checking the authenticity of the email and file. If in doubt, don’t open it.

These scams are becoming more sophisticated for the average user with the aim of virtually locking your files up. Always perform regular backups and use an up to date antivirus scanner as a matter of course.

Thank You to Cisco Blogs for providing us with this information

Image courtesy of digitallife

Take a Look at a Leaked Version of Cortana for Android

Microsoft announced in May that it will roll out its personal assistant, Cortana, to Android and iOS. As the official launch is getting closer, so are the leaks it seems. Word is that a pre-release version of Cortana has cropped up last weekend on various websites.

It is said that the standalone Cortana app is already running smoothly on devices and is compatible with Android 4.1.2 and later OS versions. There have been some problems with getting it to work on some handsets, but that is bound to happen as it is a leaked version and not the official app. However, you can at least try it out before you decide if you actually want to get it for your Android handset.

People who had a chance to test it out say that it performs “as expected” and if you got a chance to test Windows 10 Preview for PC or Phones, then you most likely are familiar with what Cortana can do on Android or iOS devices too. There are some minor differences, like Cortana not being able to get content from emails or listen for music, but there were bound to be some restrictions in place. Compared to the integrated version on Windows Phones, the standalone Cortana for other OS’ requires permission to get access to pretty much everything, so if you don’t have a way to provide it, the app will not be able to use the external information.

Microsoft plans to launch Cortana for iOS and Android next week. They say it will hit the US, UK, Chinese, French, Italian and Spanish markets at first, followed by Canada and India in the following months and then the rest of the targeted markets by the end of the year. The company chose this approach due to the fact that it also wants to personalize the user interaction with Cortana. For example, the Japanese market will feature Cortana bowing by default to show signs of politeness, while the UK market will house a Cortana that expresses the well-known British humour.

You can download the leaked version of Cortana for Android from APKMirror. I already have a Windows Phone device, so if you have an Android handset and choose to test it out, don’t forget to share your thoughts with a comment below!

Thank you Sci-Tech Today for providing us with this information

Image courtesy of PCkoloji

SoftMaker Office 2016 Suite Launched in the UK

There aren’t that many office suites on the market, but there are few. There is the big Microsoft Office, Open and Libre Office, and then there is SoftMaker Office that often is referred to as the real alternative to Microsoft’s offer. The newest version is out and available in the UK too, SoftMaker Office 2016 for Windows.

SoftMaker Office 2016 doesn’t need a lot of storage space on your system which is particular useful on systems with smaller capacity NAND storage at their disposal and it offers fast speeds even on older systems with less advanced hardware. Best of all, it is compatible with all versions of Microsoft Office so you won’t run into file compatibility issues. It can both be used directly from a USB drive or be installed from it, allowing you a real plug and play where ever you go.

The new version boasts 400 improvements over the previous version and comes with more advanced features. It won’t cost you as much as a Microsoft Office either as you’ll only have to pay £50.15 for the SoftMaker Office Standard 2016 edition. The standard edition includes office tools TextMaker, PlanMaker, and Presentations as well as customized Thunderbird email client and calendar tool with SoftMaker enhancements. Each box comes with three licenses to be used for home and business and it is fully compatible with all versions of Windows.

There is also an advanced version called SofMaker Office Professional 2016 which is available for £64.50 or as update costs of €43. This version adds high-quality Berlitz Translation Dictionaries for English, German, French, Italian, and Spanish.

You can read a lot more on the official page if you’re tempted to make the switch to another office suite or looking to upgrade. Below you’ll is a list of the key highlights in this new 2016 version:

  1. Full compatibility with Microsoft Office: SoftMaker has redesigned the file filters, optimising quality and speed. This provides the highest compatibility possible with both current and older generations of Microsoft Office – both in the modern XML formats DOCX, XLSX and PPTX as well as the older binary formats DOC, XLS and PPT. SoftMaker Office now opens many Microsoft Office files much faster than Microsoft Office and can even edit some older Microsoft files which Microsoft Office 2013 is unable to open.
  2. Lightning fast even on slower machines: SoftMaker Office 2016 for Windows needs little storage space and is by far the fastest Office suite, making it an ideal choice especially for slower laptops and Windows 8 tablets.
  3. Portability: SoftMaker Office 2016 for Windows can be installed on USB sticks. This lets you take your personal office with you, wherever you go. Just plug and play.
  4. Administrative ease: SoftMaker Office 2016 for Windows can be installed in corporate networks automatically via GPO and SCCM, allowing easy deployment across large installations.
  5. Powerful: The new version of the PlanMaker spreadsheet program supports up to a million rows, letting users analyse data with pivot tables, scenarios and data consolidation. It offers conditional formatting with the same functionality as Excel 2016.
  6. Unique: TextMaker is a word processor with unique desktop-publishing features. These include master pages, an object mode that separates the text editing from the graphics layer, real-time preview of formatting and text wrapping to produce professional and finished documents.
  7. New PDF and EPUB export: Users can now create high-quality PDF files (including PDF tags, comments and bookmarks), and e-books in the ePub format directly from SoftMaker Office.
  8. Productive: SoftMaker Office 2016 for Windows includes customised versions of Mozilla‘s Thunderbird (email client) and Lightning (calendar software). This email client comes with practical, productivity-enhancing functions such as lightning-fast email moving and navigation in the folder structure. The new Thunderbird 38 included in SoftMaker Office 2016 offers important functional improvements, such as being able to store email folders in Maildir format, allowing users to circumvent the 4-gigabyte limit per folder. Gmail users will also be pleased to see that they no longer need to reduce Google’s security levels to access Gmail from Thunderbird, thanks to built-in native OAuth2 authentication in Thunderbird 38.
  9. Completely Customisable: Numerous improvements have been made to SoftMaker’s presentation programme – Presentations. The table function has been completely redesigned, a new full-screen mode added, and the software comes complete with sophisticated charting capabilities.

How a Hacker Made $45,000 Selling 0Day Exploits to Hacking Team

We previously reported that Italian spyware company, Hacking Team, has been hacked and had 400 GB of data publicly released via torrent websites. Well, Arstechnica reportedly found how easy it was doing business with the latter company by digging through their emails.

It seems that a Russian hacker approached the Hacking Team in 2013 with a few 0day bugs he found on Windows, OS X and iOS operating systems, with price ranges of $30,000 to $45,000. The company apparently was not interested in the latter, but it did show interest in another exploit offered by the hacker, namely the “Adobe Flash Player 9.x/10.x/11.x with the RCE exploit for the current Flash Player 11.9.x for Windows 32/64-bit and OS X 64-bit”.

The correspondence even revealed how the money was transferred to the hacker. According to the findings, the hacker received the money via bank wire transfer in three instalments, one of $20,000 in October 2013, the other of $15,000 in November 2013 and the last one of $10,000 in December 2013. There has not been any evidence of the hacker and the company doing any business up until 2015, when the Russian hacker received another $35,000 in his bank account in Moscow.

Arstechnica also approached the hacker and surprisingly, he explained that such transactions are very common between companies such as Hacking Team and freelance hackers. He stated that such transactions are “routine sales like with ZDI, VCP, pentesters and other legal 0day buyers”. I don’t know about you, but this information is as exciting as it is scary. So what are your thoughts on this?

Thank you arstechnica for providing us with this information

Gmail Now Officially Supports ‘Undo Send’ Feature.

The convenience of instant, permanent communication via e-mail is a technological marvel but one which has caused an abundance of embarrassing moments. Whether you’ve accidentally sent your spouse’s sister a romantic e-mail or insulted business contacts in a drunken rage, it’s difficult to forget each moment of shame. Thankfully, these cringeworthy escapades can become a thing of the past providing your able to click ‘Undo Send’ within 10 seconds. This time period can also be extended to 30 seconds which helps you to deliberate about the message content. However, this doesn’t help users who are blind drunk at the time and require at least a 24 hour to 5 month period to remember even sending the e-mail.

By default, the ‘Undo Send’ command is disabled unless you are involved in the Google Labs programme. To enable this feature, simply navigate to the cog just below your Google account picture and click settings. Ensure the general tab is active and manually check the ‘Undo Send’ function.

I do find it rather perplexing that it has taken over 6 years for this vital Gmail component to be official supported and presume most power users are already familiar with it using Google Labs. The question remains if the average user will be aware of the added functionality and how often it’s utilized.

Let us know your most embarrassing e-mail blunders and we promise not to judge.

Russian Hackers Read Obama’s Email

According to the New York Times, Russian hackers may have gotten access to Obama’s White House email. While the White House itself has been silent on the issue, the emails were likely accessed during a hack related to the recent power outage. Sources with knowledge of the previous hack noted that Russians, likely connected to the Kremlin, were the perpetrators of the hack, a claim echoed again. Email at the White House was disrupted for about a month while the last vestiges of the hack were purged.

Despite being able to read Obama’s email, the hack is not as grievous as it could have been as it only breached the unclassified network. This means only unclassified emails sent to and from the system were accessed. Officials were quick to stress that no classified system was breached nor was classified information lost. The New York Times’s source suggests that the hack originated with a breach of the State Department’s unclassified network and found its way to the White House. That hack was so widespread, that to quote the New York Times:

“The disruptions were so severe during the Iranian nuclear negotiations in Vienna in November, officials needed to distribute personal email accounts, to one another and to some reporters, to maintain contact.”

Since the hack, Obama has reduced the frequency of his emails. Obama has been known for fighting against the Secret Service to keep access to his BlackBerry and email, unlike his predecessor, Geoge W. Bush, who completely eschewed email.  Given the recent revelations that the Pentagon unclassified networks were also hacked, it raises the issue as to how much these systems can be trusted and whether or not they are more of a liability than an asset.

Thank you New York Times for the information

Largest Ever Email Study Reveals That We All Are Very Predictable

Researchers from Yahoo labs are said to have examined more than two million users exchanging about 16 billion messages in search of patterns. In order to conduct the study, they are said to have tracked the identities of senders and recipients, the time of day emails were sent, email length, the number of attachments, the type of device used, as well as demographic factors, including age and gender.

The study concluded that younger people tend to send shorter and faster replies compared to older people and that men send shorter and faster replies than women. This might not seem as something unfamiliar to us all, but the study has been performed on an extremely wide range of users and with actual proof, meaning it gives a lot more credibility to it.

Researchers also have proved that we respond more promptly during weekdays and working hours and that we respond to only a small fraction of messages, with short replies, when our inboxes get filled with new items.

The information gathered here is not only valuable to us as, but it is also valuable to computer algorithms. Developers can then use this data to create better email management applications to help and stop us from experiencing “overload”, a scientific term used when we would rather do anything else than open our inbox.

Thank you Gizmodo for providing us with this information

Swedish Man Faces up to Two-Years Prison and Fines for Leaking Music

Premature release of new material, or material never intended for release, is considered some of the most damaging by artists and record labels, and while it can create a buzz, it robs the artists of their choice of when and what to release. Such leaks can happen anywhere in the supply chain and usually they happen at the end, during mass production of the physical disks and close to the release date.

The current case against a Swedish man is a little bit different as the accused man didn’t work in the industry like so many other leakers, but rather hacked the email addresses of major record labels including Sony, Warner, and Universal and obtained unreleased songs. Some of the named artists include Nicki Minaj, Chris Brown and Mary J Blige.

The accused then sold the stolen tracks to DJs around the world, after which they started to turn up in the public. The FBI got involved in the case and they tracked the money wires and IP tracks to Sweden where the local authorities arrested the 25-year-old man.

The prosecution claims that the man, who denies the charges, made around $12,000 from sales of the tracks. He will go on trial in Sweden next month and will face fines and up to two years in prison. There isn’t really any doubt that the record companies will be back after the trial seeking damages they believe has been done to them.

Thanks to TorrentFreak for providing us with this information

Image courtesy of RigaPortal