CyberSecurity Pulse 2016-09-01
|“He knows nothing; and he thinks he knows everything. That points clearly to a political career.”|
|George Bernard Shaw|
Dropbox Confirms Another Major Leak: Time to Think Again About Our Password Policies
This leakage is a new one to be added to the list of high-profile platforms which has been leaked recently in which Myspace, Linkedin, Adobe, Badoo or Tumblr has also been added. Anyway, it’s true that the recommendations published by Dropbox more than four years ago are still valid today: using Two Factor Authentication whenever possible and using password manager tools to help us to deal with unique complex passwords for each and every platform. The question is: which will be the next one?
The FBI Is Worried About How Encryption Can Make Criminals Harder To Catch
The FBI Director has stated in the 2016 Symantec Government Symposium held in Washington that he is really concerned about how strong cryptography can help criminals to remain in the dark. Corney says that although Americans has the right of being private in their homes, cars and using their electronic devices, the government has also the right to invade that privacy when appropriate according to law. He has confirmed that his office will make an effort to collect as much information as possible to study the feasibility of forcing technology companies to backdoor their own products. The idea is to provide a mechanism that would let Law Enforcement Agencies gain access to computer systems in spite of the risks that developing such a system will pose to end users in the case of a leak of the golden keys.
25 Million Accounts from Mail.ru Group Stolen
Mail.Ru Group confirmed that customer details from up to 25 million accounts have been stolen from hacked servers belonging to the company. Two hackers would have been able to get access to usernames, email addresses, passwords, phone numbers, birthdays and even some IP addresses in at least three different attacks between July and August according to the Russian Ministry of Internal Affairs. Although a spokesman of the company has stated that the credentials would no longer be valid ones, they still can be used to discover valid passwords in other services what could be valuable to conduct new advanced attacks.
Rest of the Week´s News
Experimental suhide Mod for SuperSU Hides su Binary from Applications
Famous Android developer Chainfire released an experimental app called “Suhide” that allows users to hide the root status of their rooted Android devices. Suhide comes into the picture if you have apps that detect for the presence of root. One of the most popular use cases is Android Pay, but there are several other apps (mainly apps that have to do with banking and corporate security) that will not work if you have root.
Voter Databases in Two US States Breached by Hackers
The FBI’s Cyber Division revealed that it uncovered evidence that the election databases were hacked, which led to the agency issuing warnings to election officials across the country to strengthen the security of their computer systems. The news follows on suspicions that Russian state-sponsored hackers were behind the July intrusions into systems belonging to the Democratic National Committee as well as other political groups in order to affect results for the upcoming presidential election.
Opera Browser Sync Service Hacked
Opera browser has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week. Opera has around 350 Million users across its range products, but around 1.7 Million users using its Sync service had both their synchronized passwords as well as their authentication passwords leaked in the hack.