Wednesday, June 15, 2011

26,000 sex website passwords exposed by LulzSec



Red light district
The notorious LulzSec hacking group has published login passwords for almost 26,000 users of an x-rated porn website.
The hackers compromised the database of the hardcore website (called “Pron”), exposing not only the email addresses and passwords of over 25,000 members but also the credentials of 55 administrators of other adult websites.
Furthermore, LulzSec drew particular attention to various government and military email addresses (.mil and .gov) that appeared to have accounts with the porn website..
To add insult to injury, the LulzSec group called on its many recent Twitter followers to exploit the situation, by logging into Facebook with the email/password combinations and tell the victim’s Facebook friends and family about their porn habit.
Porn passwords
It should go without saying that logging into someone else’s account without their permission is against the law in most countries around the world.
Fortunately, it’s reported that Facebook’s security team responded quickly to the threat – and reset the passwords for all of the accounts it had which matched the email addresses exposed. Of course, it’s still possible that those email address/password combinations are being used on other websites.
If anything should be a reminder to internet users of the importance of usingdifferent passwords for different websites, this should be it.
The danger is that once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain or, in this case, potential embarrassment.
If you believe there might be a chance that your username/password were exposed, or if you’re simply in the habit of using the same password for multiple websites – now is the time to change your habits.

Facebook Users DROP In U.S.: Millions Left The Social Network In May 2011


Facebook Users DROP In U.S.: Millions Left The Social Network In May 2011

Facebook Traffic
Facebook is almost at 700 million users, but it recently experienced big dips in U.S. and Canadian growth.
According to Inside Facebook, the social networking site hit 687 million monthly users in June, though the growth rate overall has been slower than normal for the past two months. Though for the past year Facebook has grown by at least 20 million users each month, in April and in May, it grew by 13.9 and 11.8 million respectively.
And in the U.S. and in Canada, Facebook actually lost users.
U.S. accounts fell by close to 6 million, from 155.2 million at the beginning of May to 149.4 million at the end. This marks the first time American Facebook membership has dropped in the last year. Canadian users also fell by about 1.5 million.
Inside Facebook notes that once about 50 percent of a country’s population is on Facebook, growth basically stops. Indeed, losses over 100,000 were recorded by the U.K., Norway, and Russia.
Meanwhile, Facebook’s growth was bolstered by gains in developing countries like Mexico, Brazil and India, each of which picked up about 2 million users from May to June.
TechCrunch also pointed out that Twitter and LinkedIn are making big gains in many of the surveyed countries, with Twitter coming in as the number two social network for the U.S., the U.K., Canada, Australia, Germany and France.

Happy 100th Birthday, IBM!


Happy 100th Birthday, IBM!

IBM will celebrate its centennial anniversary this week by having up to 400,000 employees worldwide skip the usual office work in order to donate time to charitable causes and schools.
This “Celebration of Service” will take place on June 15, one day before the actual IBM anniversary.
Happy 100th Birthday, IBM!
IBMers are being encouraged to pick projects that use their technical skills — and some charitable organizations say they know exactly how they plan to put them to work.
Family Services of Westchester, for instance, expects two dozen IBMers to march into the not-for-profit private agency’s headquarters this week to work on programming a website and database.MORE

Thursday, June 2, 2011

Sony Pictures attacked again, 4.5 million records exposed

 

Sony Pictures Website Hacked, 1 Million Accounts Exposed
The same hackers who recently attacked PBS.org have turned their attention back to Sony by releasing the latest dump of information stolen from Sony’s websites.
While the information disclosed includes approximately 150,000 records, the hackers claim the databases exposed contain over 4.5 million records, at least a million of which include user information.
The data stolen includes:
  • A link to a vulnerable sonypictures.com webpage. 
  • 12,500 users related to Auto Trader (Contest entrants?) including birth dates, addresses, email addresses, full names, plain text passwords, user IDs and phone numbers.
     
  • 21,000 IDs associated with a DB table labeled “BEAUTY_USERS” including email addresses and plain text passwords.
     
  • ~20,000 Sony Music coupons (out of 3.5 million in the DB).
     
  • Just under 18,000 emails and plain text passwords from a Seinfeld “Del Boca” sweepstakes.
     
  • Over 65,000 Sony Music codes.
     
  • Several other tables including those from Sony BMG in The Netherlands and Belgium.
The attackers, LulzSec, stated in their file titled “PRETENTIOUS PRESS STATEMENT.txt”:
“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
This sounds like a broken record… Passwords and sensitive user details stored in plain text… Attackers using “a very simple SQL injection” to compromise a major media conglomerate.
Worst of all the hackers are exposing over a million people to having their accounts compromised and identities stolen simply to make a political point.
Sony passwords leakedThe take away for the average internet users is clear. Don’t trust that your password is being securely stored and be sure to use a unique password for every website to limit your exposure if hacks like these occur.
I took a brief look at some of the information disclosed and many passwords used were things like “faithful”, “hockey”, “123456″, “freddie”, “123qaz” and “michael”.
Companies collecting information from their customers have a duty to protect that information as well.
In addition to employing proper encryption to protect against theft or loss, companies should work with reputable penetration testers to validate their security plans.
Interested in some practical help with data security? Download our Data Security Toolkit.
Interested in encrypting your own personal files? Try out Sophos Free Encryption.

Is Twitter Killing Off Third-Party Services?

 


Twitter’s announcement of its own photo-sharing service puts quite a few third-party photo-sharing services in a bind.
Apps such as Twitpic, Twitgoo and Yfrog have long been employed by users wishing to show images to their Twitter followers. In fact, Twitter even started supporting in-stream photo viewing with the revamping of Twitter.com.
But with Twitter’s soon-to-roll-out service, which will allow users to upload photos directly to Twitter via the official web and mobile apps, third-party services are being cut out of the picture.
A Twitter rep said in an email to Mashable, “We’re still supporting other third-party photo services in our mobile and desktop clients, so users can choose the one that works best for them.”
Although Twitter isn’t immediately revoking API access or support for these apps, it is entering into an entirely new field of competition. And the Twitpic and Yfrog devs certainly didn’t expect they’d be competing with Twitter.
We spoke with Twitpic founder Noah Everett Wednesday via email. “We had no idea Twitter was building a photo feature. Communication between developers and Twitter has never been very clear and the relationships between Twitter and its developers has changed a lot since the Chirp conference last year,” he said. “A more clear feature roadmap and better communication would have been much appreciated by all their developers.”

Twitter’s Turning Point


Everett refers to a turning point in the Twitter/third-party dev relationship about a year ago. Until spring 2010, Twitter apps built with Twitter APIs had been allowed to flourish with little interference and no competition from Twitter.
But at Chirp, the company’s first developer conference, Twitter announced it had acquired Tweetie, a popular iPhone client from dev shop Atebits. Before then, no one thought Twitter was going to develop an official mobile client, and an entire ecosystem of third-party Twitter mobile apps had sprung up.
With the Tweetie announcement, Twitter effectively crushed the futures of quite a few startups and mobile dev shops. The company had allowed and encouraged the development of these mobile apps, and it was now in direct competition with them.
In more recent announcements about the API’s use in building Twitter clients and the subsequent acquisition of TweetDeck, Twitter is taking a similar position in the ecosystem of Twitter desktop clients and dashboards. (In fact, some point to the Twitter.com redesign itself as an attack on desktop clients.)
And today, we’re seeing the same story being played out with photo-sharing apps.

Whose Business Is It, Anyway?


Of course, it’s Twitter’s prerogative to build user-requested features in-house rather than letting third-party apps capture all that traffic. The company’s API isn’t a public utility, and no one but Twitter actually has the right, in the legal sense, to use it.
None of the third-party devs would deny that Twitter needs to make money on its own product. What they do resent is the poor communication between the company and outside devs.
For example, early in the history of the company’s API, co-founder Biz Stone said, “The API has been arguably the most important, or maybe even inarguably, the most important thing we’ve done with Twitter. It has allowed us, first of all, to keep the service very simple and create a simple API so that developers can build on top of our infrastructure and come up with ideas that are way better than our ideas.”
However, every time third-party devs come up with an overwhelmingly popular feature, Twitter has swooped in and quickly dominated the space, putting indie devs out of business. And image-sharing is without doubt hugely popular. Twitpic.com alone gets around 10% of the traffic seen on Twitter.com, according to three traffic-reporting sites.
Ever since the turning point at Chirp, investing one’s time, effort and capital into a Twitter app has been a risky proposition, and as Twitter continues to encroach on the domain of third-party services, the opportunity for building a sustainable Twitter app becomes narrower and less certain.

Can Third-Party Apps Survive?


Just as Seesmic founder Loic Le Meur once told the anti-Twitter complainers at Chirp to [redacted] themselves, Everett is sticking to a staunchly optimistic line when it comes to Twitpic’s future.
While he admits he is “not sure what strategy we will be taking with Twitpic currently,” he does say, “We believe that Twitpic will live on. We’ve built an extremely powerful, worldwide brand, and we own that brand … regardless of this feature announcement from Twitter.”
But in fact, the fate of Twitpic, Yfrog and other third-party photo-sharing services remains uncertain. (Twitgoo’s predicament is unique, since that brand is under the Photobucket umbrella, and Photobucket is hosting Twitter’s official photo-sharing feature.)
At any rate, this latest development will certainly serve as further discouragement to any developer (or investor) with an eye on the Twitter ecosystem outside Twitter itself.

What should be included in next-generation video game systems

What should be included in next-generation video game systems


TAMPA – E3 2011 is fast approaching, and the big three console makers are expected to announce their plans for their future systems.
Nintendo has already announced development on its next console, at this point code named “Project Cafe.”
Sony’s upcoming handheld, the NGP, is the powerful successor to the the PlayStation Portable, which came to American store shelves in 2005.
Microsoft is the wild card, with rumors swirling that big time game makers already have development kits for their unnanounced Xbox 360 follow-up.
With all that in mind, here’s a look at what each company needs to put in their machines to catch the consumer’s eye – and get the money out of their wallet.
Nintendo’s Project Cafe:
1) The Nintendo Wii changed the way we play with its revolutionary motion controls and reintroduced video gaming to a generation that grew up with Mario and Zelda. The wand controller became second nature for the 80 million-plus that have enjoyed the Wii, and Nintendo needs to keep something similar in their next system. Changing back to a more modern version, with dual joysticks and multiple buttons and triggers, might alienate the crowd that snatched up the Wii.
2) The Wii was mocked by many hardcore gamers as an underpowered, unimpressive, weak system. Its graphics were marginally above those produced by the Gamecube, and as the Xbox 360 and PlayStation 3 dazzled a new generation with high definition visuals and surround sound, the Wii got left in the dust. The new system must be capable of 1080p graphics and digital surround sound. HDMI is also a must, and with 3D technology becoming more and more popular, that feature has to be considered as well. The Wii doesn’t even play DVDs, an absolute requirement for the next system.
3) Nintendo has always cranked out top hits with their own reliable stars: Mario, Link, Samus, Pokemon, and many more. It’s the third party developers that have been unkind over the years, often designing their smash hits like Call of Duty and Madden for the top-notch consoles and dumbing them down for the Wii. This leads to barebones versions of top titles that don’t sell nearly as well. Nintendo needs to build friendships with EA and Activision, among others, proving that their console is not a wimp in the next generation and that it’s worth their attention.
4) Playing online with your friends on the Wii is harder than acing the SATs. Individual “friend codes”, randomly generated numbers that must be entered for each game, have alienated many players looking to play with their pals online. Xbox and PS3 gamers can make their own username which applies across all games, and at this point, it’s stunning Nintendo hasn’t caught on. This simple idea is the first step Nintendo has to put in place in order to essentially “build” their online population. Their Virtual Console store, however, has been very popular, selling past games like the original Super Mario Brothers and many Super Nintendo hits as digital downloads for a few bucks each. These purchases need to carry over to the next system.
5) Finally, Nintendo’s systems have been priced lower than the competition nearly every console generation. That needs to stay the case for the next console. If Nintendo can squeeze all of that and more into “Project Cafe”, and keep it under $300, they’ll have another winner on store shelves.
Sony’s NGP:
1) The PSP was a daring first entry into the portable gaming market for Sony. Boasting better graphics and sound than anything Nintendo could offer, tech junkies were dazzled. The 3DS from Nintendo has closed part of the gap, offering glasses-free 3D. Whether the NGP has 3D or not, it needs to keep wowing players with amazing visuals. If early indications hold true, there’s little to worry about.
2) The original PSP ran on proprietary UMD discs, and this was a major drain on the system’s battery. Future design revisions have since eliminated the need for discs, instead storing games on memory sticks or a small built-in hard drive. Still, with the giant touch screen and constant internet connectivity of the NGP, there are concerns that the battery might last just six hours or less. This is unacceptable for players looking for something to do on long flights or vacations, when charging isn’t available. Sony must work on an alternative before launch time.
more on : http://www.abcactionnews.com/dpp/entertainment/what-should-be-included-in-next-generation-video-game-systems

Rihanna and Hayden Panettiere sex video spreads Mac malware on Facebook

Hot on the heels of an earlier Mac malware attack spreading via Facebook links, we are seeing another attempt to infect Mac users on the social network – with what claims to be a sex video of celebrities Rihanna and Hayden Panettiere.
If you see messages like the following on Facebook, please do not click on the links.
Hot Lesbian Video - Rihanna And Hayden Panettiere!!
one more stolen home porn video ;) Rihanna and Hayden Panettiere
Hot Lesbian Video - Rihanna And Hayden Panettiere!!
[LINK]
Rihanna And Hayden Panettiere !!! Private Lesbian HOT Sex Tape stolen from home archive of Rihanna!
For those who don’t follow such things, Hayden Panettiere played the part of the cheerleader in the sci-fi TV show “Heroes”, and Rihanna is a pop star famous for her umbrella-ella-ella.
Not that you’ll get to see much evidence of that if you click on the link as – on Apple Macs at least – you may find yourself ending up on a webpage which tries to infect you with malware in the form of a fake anti-virus attack.
Fake anti-virus attack on Mac
Has a private lesbian hot sex tape really been stolen from the home archive of Rihanna? Personally I think it’s unlikely, but it’s surprising what people will believe these days (and indeed, what celebrities will get up to) so it’s no wonder that some folks might click on the link.
SophosLabs is adding detection for the various components of this Mac malware attack as OSX/FakeAV-DWK, OSX/FakeAV-DWN, OSX/FakeAvDl-A and OSX/FakeAVZp-C. Users of Sophos products, including the free Mac anti-virus for home users, will be automatically updated.
If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.