Ethereum life staff wowhead question43 comments
R3 blockchain coalition movie
I spent a few days last week speaking at and attending a conference on responding to identity theft. The forum was held in Florida, one of the major epicenters for identity fraud complaints in United States. One gripe I heard from several presenters was that identity thieves increasingly are finding ways to open new mobile phone accounts in the names of people who have already frozen their credit files with the big-three credit bureaus.
A big part of her job is helping local residents respond to identity theft and fraud complaints. The freeze process is designed so that a creditor should not be able to see your credit file unless you unfreeze the account. Google has virtually no useful information available about an entity called Centralized Credit Check Systems. If anyone finds differently, please leave a note in the comments section.
Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. First, the Flash Tuesday update , which brings Flash Player to v.
And with good reason: But really, none of it was my fault at all. The botnet that hit my site in Sept. By the time of the first Mirai attack on this site, the young masterminds behind Mirai had already enslaved more than , IoT devices for their DDoS armies.
These 24, Mirai devices clobbered my site for several days with data blasts of up to Gbps. The attack was so bad that my pro-bono DDoS protection provider at the time — Akamai — had to let me go because the data firehose pointed at my site was starting to cause real pain for their paying customers.
Akamai later estimated that the cost of maintaining protection against my site in the face of that onslaught would have run into the millions of dollars. But what if there were also a way to work out the cost of these attacks to the users of the IoT devices which get snared by DDos botnets like Mirai?
The attacker who wanted to clobber my site paid a few hundred dollars to rent a tiny portion of a much bigger Mirai crime machine. That attack would likely have cost millions of dollars to mitigate. The consumers in possession of the IoT devices that did the attacking probably realized a few dollars in losses each, if that.
Perhaps forever unmeasured are the many Web sites and Internet users whose connection speeds are often collateral damage in DDoS attacks. But if you have a Twitter account, please change your account password now. And then come back and read the rest of this.
We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone. A message posted this afternoon and still present as a pop-up warns all users to change their passwords. You can change your Twitter password anytime by going to the password settings page.
Last week, KrebsOnSecurity notified a host of companies that employees were using Trello to share passwords for sensitive internal resources. Among those put at risk by such activity included an insurance firm, a state government agency and ride-hailing service Uber. By default, Trello boards for both enterprise and personal use are set to either private requires a password to view the content or team-visible only approved members of the collaboration team can view.
And unfortunately for organizations, far too many employees are posting sensitive internal passwords and other resources on their own personal Trello boards that are left open and exposed online. A personal Trello board created by an Uber employee included passwords that might have exposed sensitive internal company operations.
KrebsOnSecurity spent the past week using Google to discover unprotected personal Trello boards that listed employer passwords and other sensitive data.
Uber spokesperson Melanie Ensign said the Trello board in question was made private shortly after being notified by this publication, among others. Ensign said Uber found the unauthorized Trello board exposed information related to two users in South America who have since been notified. Employee awareness is an ongoing challenge, We may have dodged a bullet here, and it definitely could have been worse.
In this case, we got multiple reports about the same thing, but we always pay the first report we get. Of course, not every company has a bug bounty program to incentivize the discovery and private reporting of internal resources that may be inadvertently exposed online.
Screenshots that KrebsOnSecurity took of many far more shocking examples of employees posting dozens of passwords for sensitive internal resources are not pictured here because the affected parties still have not responded to alerts provided by this author.
This post explains in a question and answer format some of the reasoning that went into that prediction, and responds to many of the criticisms leveled against it. The law, enacted by the European Parliament, requires companies to get affirmative consent for any personal information they collect on people within the European Union. Most registrars offer a privacy protection service that shields this information from public WHOIS lookups; some registrars charge a nominal fee for this service, while others offer it for free.
Under the new system, registrars would collect all the same data points about their customers, yet limit how much of that information is made available via public WHOIS lookups. The data to be redacted includes the name of the person who registered the domain, as well as their phone number, physical address and email address.
The new rules would apply to all domain name registrars globally. Assuming ICANN meets that deadline, it could be many months after that before the hundreds of domain registrars around the world take steps to adopt the new measures. In a series of posts on Twitter, I predicted that the WHOIS changes coming with GDPR will likely result in a noticeable increase in cybercrime — particularly in the form of phishing and other types of spam.
I can point to dozens of stories printed here — and probably hundreds elsewhere — that clearly demonstrate otherwise. Whether or not cyber crooks do provide their real information is beside the point. To understand why data reuse in WHOIS records is so common among crooks, put yourself in the shoes of your average scammer or spammer — someone who has to register dozens or even hundreds or thousands of domains a week to ply their trade.
Are you going to create hundreds or thousands of email addresses and fabricate as many personal details to make your WHOIS listings that much harder for researchers to track?
The answer is that those who take this extraordinary step are by far and away the exception rather than the rule. Very often, if a spammer, phisher or scammer can get away with re-using the same WHOIS details over many years without any deleterious effects to their operations, they will happily do so.
Why they may do this is their own business, but nevertheless it makes WHOIS an incredibly powerful tool for tracking threat actors across multiple networks, registrars and Internet epochs.
All domain registrars offer free or a-la-carte privacy protection services that mask the personal information provided by the domain registrant. This is demonstrably true even for organized cybercrime groups and for nation state actors , and these are arguably some of the most sophisticated and savvy cybercriminals out there. And so they may not particularly care about covering their tracks. Or in other cases they do care, but nevertheless make mistakes or get sloppy at some point, as most cybercriminals do.
The GDPR does not apply to businesses — only to individuals — so there is no reason researchers or anyone else should be unable to find domain registration details for organizations and companies in the WHOIS database after May 25, right? It is true that the European privacy regulations as they relate to WHOIS records do not apply to businesses registering domain names.
Authorities in the U. Investigators say that prior to the takedown, the service had more than , registered users and was responsible for launching somewhere between four and six million attacks over the past three years. Neither the Dutch nor U. MEDantex , a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians.
No authentication was required to access any of these pages. Contacted by KrebsOnSecurity, MEDantex founder and chief executive Sreeram Pydah confirmed that the Wichita, Kansas based transcription firm recently rebuilt its online servers after suffering a ransomware infestation.
Pydah said the MEDantex portal was taken down for nearly two weeks, and that it appears the glitch exposing patient records to the Web was somehow incorporated into that rebuild. Although many of the exposed documents appear to be quite recent, some of the records dated as far back as Last week, Facebook deleted almost groups totaling more than , members.
The groups were mostly closed — requiring approval from group administrators before outsiders could view the day-to-day postings of group members. Selling everything from stolen credit cards, identities and hacked accounts to services that help automate things like spamming, phishing and denial-of-service attacks for hire.
To its credit, Facebook deleted the groups within just a few hours of KrebsOnSecurity sharing via email a spreadsheet detailing each group, which concluded that the average length of time the groups had been active on Facebook was two years.
But I suspect that the company took this extraordinary step mainly because I informed them that I intended to write about the proliferation of cybercrime-based groups on Facebook. That story, Deleted Facebook Cybercrime Groups had , Members , ended with a statement from Facebook promising to crack down on such activity and instructing users on how to report groups that violate it its community standards. Roughly two days later I received a series replies saying that Facebook had reviewed my reports but that none of the groups were found to have violated its standards.
Perhaps I should give Facebook the benefit of the doubt: In any case, one thing seems clear: In , KrebsOnSecurity exposed a network of phony Web sites and fake online reviews that funneled those seeking help for drug and alcohol addiction toward rehab centers that were secretly affiliated with the Church of Scientology.
Not long after the story ran, that network of bogus reviews disappeared from the Web. The listing on Craigslist. Assistants are cautioned not to create more than two listings per street address, but otherwise to use any U. Although the current Web site registration records from registrar giant Godaddy obscure the information for the current owner of seorehabs[dot]com, a historic WHOIS search via DomainTools shows the site was also registered by John Harvey and TopSeek in Harvey did not respond to requests for comment.
DomainTools previously was an advertiser on KrebsOnSecurity]. Their Wiki entry documents multiple cases of accidental deaths at Narconon facilities, where some addicts reportedly died from overdoses of vitamins or neglect. Follow me on Twitter. Join me on Facebook. Krebs on Security In-depth security news and investigation.
Change Your Password Now! Data Breaches — 52 comments 23 Apr 18 Transcription Service Leaked Medical Records MEDantex , a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians.
Your email account may be worth far more than you imagine.