Slashdot Mirror

← Back to Domains

Domain: krebsonsecurity.com

Stories and comments across the archive that link to krebsonsecurity.com.

Comments · 228

  1. Sure sure by jbmartin6 · · Score: 2 · on A Hacker Has Dumped Nearly One Billion User Records Over the Past Two Months (zdnet.com)

    This appears to be the same person behind the "Collection #1" releases circa Jan 18th. it was just a collection of a bunch of older dumps i.e. data aggregated from other breaches. I didn't see any reason to think this person was behind all of the hacks, I got the sense he might also brag he could hack into any porn site on the Internet by putting in his mom's credit card number.

  2. Re:Dear Slashdot Users by noodlesup · · Score: 2 · on A Leaky Database of SMS Text Messages Exposed Password Resets and Two-Factor Codes (techcrunch.com)

    Brian Krebs' blog is always a good read https://krebsonsecurity.com/

  3. The bigger picture by jasonharrop · · Score: 1 · on Apple Rebukes Australia's 'Dangerously Ambiguous' Anti-Encryption Bill (techcrunch.com)

    Here is mine... pity I sent it before Krebs wrote https://krebsonsecurity.com/20...

    This is a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) review of the Telecommunication and Other Legislation Amendment (Assistance and Access) Bill 2018 [0].

    Chinese surveillance society [1] offers a chilling vision of a society I never want to live in.

    Just as Apple differentiates itself [2] clearly from Google and Facebook by saying we will never sell your data (you aren't the product), I think Western democracies ought to clearly differentiate themselves from China.

    Currently we're heading towards a local optima that will look more and more like China. Because of certain problems (paedophiles, drug dealers, terrorists), government wants weak encryption. Then in large part because of weak encryption, we can't use Chinese components in our networks [3].

    Well, the truth is that paedophiles/drug dealers/terrorists will all wake up to the fact that comms on common services can be intercepted, and will use their own encryption (routed over TOR or similar, so you can't tell who the endpoints are). Phantom Secure is evidence that this horse has already bolted[4]. Though I guess you might make any private encryption technology illegal? Why not?!!

    The net result being that only people with "nothing to hide" will be using services that you can surveil.

    Thinking more broadly, if drugs such as marijuana and MDMA were legal, then probably 95% of the so-called encryption problem goes away. And lots of other problems as well... Count on certain relatively benign recreational drugs being legalized soon after self-driving cars become common.

    And then I'd argue that you catch the paedophiles and terrorists with creative policing[5]. You don't absolutely need this kind of legislation to then get into their phones [6].

    In summary, a much better approach would be to support strong encryption (the global optimum), and say clearly we don't want to follow China. With strong encyption right across our telecomms networks, we'd be able to source equipment from Huwaie and ZTE ... Of course, there's the additional concern that the Chinese could stop packet transmission entirely (ie a kill switch), or make it unreliable, but that's a different problem to "they might read our stuff".

    The real concern would then be any laptop server[7] or phone made in China (ie most of them) - the terminal devices where stuff must be decrypted for the user to see.

    Of course, the problem is that embracing "strong encryption" is anathema to the received wisdom from the rest of the Five Eyes [8], and you need to take a broader perspective to realise it is the right choice for an open society.

    [0] https://www.aph.gov.au/Parliam...

    [1] http://www.abc.net.au/news/201...

    [2] https://www.washingtonpost.com...

    [3] https://www.itnews.com.au/news... https://www.itnews.com.au/news...

    [4] http://www.abc.net.au/news/201... https://www.theregister.co.uk/...

    [5]

  4. Who did it? by l0n3s0m3phr34k · · Score: 1 · on One Year After Data Breach, Equifax Goes Unpunished (boingboing.net)

    We, the public affected by this breach, still have very little information on just what happened or by whom. We have a bit of "how" info, in articles like this, and this shows another penetration in Argentina. "online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”"

    With megacorps spanning the world, no one countries data laws are doing shit to stop any of this. Megacorps will just move portals to the easiest country to operate in, and then obfuscate, confuse, and stall any inquiries while they furiously delete off-shore evidence because it's not strictly "illegal" for some separate, non-US company to do so. "the credit bureau took the whole thing offline shortly after being contacted by KrebsOnSecurity this afternoon". My bet is it's more than offline; or offline as in deleted and all servers and backups burned with thermite and dumped into the ocean.

    The US government doesn't even consider any of this "Critical infrastructure". This isn't in the same league as these reports, so it's all left up to the "free hand of the market". This attack is affiliated with China and not Russia: "One tool used by the hackers, China Chopper, has a Chinese-language interface but is also in use outside China"

    There has been lingering suspicions of internal bad actors in this. "The company hired Susan Mauldin, a former security chief at First Data, to run the global security team. Mauldin introduced herself to colleagues as a card-carrying member of the National Rifle Association, according to a person familiar with the changes." With the current probes pointing towards massive Russian money laundering into the GOP via the NRA, this is very bad. Also, "Overseeing technology for Equifax was David Webb, a Kellogg MBA and Russian-language major hired in 2010 from Silicon Valley Bank, where he had been chief operations officer. "

    Most frighteningly, this stolen info has STILL never shown up on the dark web. Looking at the Moloch data, there were two separate teams who spent quite some time on this. Obviously it is an APT, like Shell Crew, or such. This means government sponsored, someone had to pay for all of this and the info wasn't sold off for a profit. This is what happens when "unregulated industry" meets 21st century cyber economic warfare.

  5. Re:A simpler explanation by dbrueck · · Score: 5, Informative · on Amazon's Curious Case of the $2,630.52 Used Paperback (nytimes.com)

    Yup. See https://krebsonsecurity.com/20...

  6. DDoS booter services are illegal by Anonymous Coward · · Score: 0 · on What's Up With ProtonMail Outages? (bleepingcomputer.com)

    Didn't another group just recently get arrested for providing such a "service?"

  7. Band of cybercriminals penetrated bank digital san by najajomo · · Score: 1 · on The Biggest Digital Heist in History Isn't Over Yet (bloomberg.com)

    By any chance did the inner sanctums of these banks run on Microsoft Windows?

  8. Re:This is ridiculous... by Anonymous Coward · · Score: 1 · on Gamers Behind Fatal 'SWAT' Call Now Face Life In Prison (wlwt.com)

    in the end this is the only thing he did. Made a false 911 call and gave false information. THAT'S IT

    You should probably read about what actually happened. All three of them did a lot more than make a call and they all conspired to cover up what they'd done. That's why there are so many charges.

    The life in prison headline is also deceptive. it assumes that they'll all get the maximum sentence and serve them consecutively, rather than concurrently, and that nobody will win an appeal or qualify for parole. It's not impossible that all those things would happen, but it's really unlikely.

  9. Old News by mencik · · Score: 3, Informative · on Facebook Has Hosted Stolen Identities and Social Security Numbers for Years (vice.com)

    Brian Krebs reported on this a week ago, and then followed up with another story about how attempting to report more of them was rebuffed.

  10. Old News by mencik · · Score: 3, Informative · on Facebook Has Hosted Stolen Identities and Social Security Numbers for Years (vice.com)

    Brian Krebs reported on this a week ago, and then followed up with another story about how attempting to report more of them was rebuffed.

  11. Re:Honest question by Anonymous Coward · · Score: 0 · on Former Cambridge Analytica Employee Says Facebook Users Affected Could Be 'Much Greater Than 87 million' (theverge.com)

    Why should anyone care about the kind of information farmed from Facebook. I mean, it's not all THAT sensitive

    Actually, some of those surveys contain questions which could give people insights to answering those idiotic standard security questions ...

    People may not fully realize what they're giving away in what seems like an innocent set of questions. Hell, Facebook wants half of that information for your damned profile ... DOB, school, that kind of stuff.

    People need to get into the mindset of understanding they simply can't trust stuff like this on the internet, because it's likely to be anything but safe.

    It's bad enough that banks and other things you need to use have such moronic canned questions (often pretty much the same set), but at that point, providing that to anybody else is just dangerous.

  12. Re:Unicode hack? by Anonymous Coward · · Score: 0 · on In a Remarkable Turn of Events, Hackers -- Not Users -- Lost Money in Attempted Cryptocurrency Exchange Heist (bleepingcomputer.com)

    See this article: Look-Alike Domains and Visual Confusion

  13. Re:Unicode hack? by tattood · · Score: 3, Informative · on In a Remarkable Turn of Events, Hackers -- Not Users -- Lost Money in Attempted Cryptocurrency Exchange Heist (bleepingcomputer.com)

    And of course.... the browser makers such as Google and Firefox had to be complicit in changing from the original defaults which was to Refuse to interpret Punycode under Latin TLDs.

    Brian Krebs wrote punycode yesterday. Chrome and Microsoft Edge and IE will not display the punycode, but rather the ascii representation of it. Firefox does show the punycode by default, but you can change it in settings.

  14. Re: Windows XP in ATMs by Anonymous Coward · · Score: 0 · on First 'Jackpotting' Attacks Hit US ATMs (krebsonsecurity.com)

    the OS may not be that big of a problem.

    RTFA

    The Secret Service alert says ATMs still running on Windows XP are particularly vulnerable, and it urged ATM operators to update to a version of Windows 7 to defeat this specific type of attack. - https://krebsonsecurity.com/20...

  15. Was it worth it? by MoralCharacter · · Score: 2 · on Canadian Charged With Running LeakedSource.com, Selling Stolen Info (reuters.com)

    So he ran a website facilitating the commerce of identity theft - in the order of billions of records handled. In that time he managed to make just north of $120k per year (USD $96.6k/year). (This based on https://krebsonsecurity.com/20... saying the site began selling data in Oct 2015)

  16. Re:Spam never went away by damn_registrars · · Score: 1 · on Spam Is Back (theoutline.com)

    The only thing that works is to approach spam as the economic problem that it is. We need to stop pretending that spammers send out spam to piss people off; that is one of the dumbest lies on the internet. Spammers send out spam to make money. If you don't want spam, you need to do something to prevent spammers from getting paid. Cut off their cash flow and they go on to doing other things with their botnets instead.

    Or find way to employ the people who create spam such that the creation of said spam is less economically tenable. The idea of targeting them economically is a great idea but instead of doing so in a way which will leave them poorer why not try to employ their creativity in ways which benefit everyone?

    That is a noble idea but it requires knowing who the spammers are and getting through to them on some sort of personal level. If you make it so that they cannot pay their bills by creating and sending spam, wouldn't you accomplish a similar end? I don't seek to harm the spammers though I do acknowledge that some of them are pretty awful people, who I probably don't want to associate too closely with.

    Perhaps if we could incentivize more beneficial applications of their talents, then we could get there as well. As I stated before, spammers go to spam because it makes money. If they could make money doing something else they would do that.

  17. Microsoft Windows strikes again .. by najajomo · · Score: 0 · on While Equifax Victims Sue, Congress Limits Financial Class Actions (marketwatch.com)

    Equifax Breach: Setting the Record Straight

  18. What about Equifax TALX? by Anonymous Coward · · Score: 0 · on New Law Bans California Employers From Asking Applicants Their Prior Salary (sfgate.com)

    Looks like salary history is pretty much available: see KrebsOnSecurity.

    https://krebsonsecurity.com/2017/10/equifax-breach-fallout-your-salary-history/

  19. Re:Should users uninstall their AV software? by zifn4b · · Score: 1 · on Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software? (slashdot.org)

    I've already said that an OS which requires an AV in order to guard apps/data is not the OS you should be running in the first place.

    Also, I am indeed a raving idiot because I don't have an AV installed and for my 25+ years of computer usage I've never been infected or lost my credentials (aside from companies leaking them, e.g. Adobe). That couldn't be attributed to sheer luck, right? Windows is inherently insecure and an AV gives you a false sense of security as indicated by literally tens of millions of examples when people have got infected while having a fully updated AV installed and running.

    I asked you a direct question: How does one offer an antivirus solution that does not involve a kernel mode driver? And you failed to respond. Thanks for playing!

  20. Re:Should users uninstall their AV software? by Artem+S.+Tashkinov · · Score: 1 · on Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software? (slashdot.org)

    I've already said that an OS which requires an AV in order to guard apps/data is not the OS you should be running in the first place.

    Also, I am indeed a raving idiot because I don't have an AV installed and for my 25+ years of computer usage I've never been infected or lost my credentials (aside from companies leaking them, e.g. Adobe). That couldn't be attributed to sheer luck, right? Windows is inherently insecure and an AV gives you a false sense of security as indicated by literally tens of millions of examples when people have got infected while having a fully updated AV installed and running.

  21. Re:Mail your creditors. by Anonymous Coward · · Score: 0 · on Equifax Says 2.5 Million More Americans May Be Affected By Hack (reuters.com)

    Your personal information is being shared by your creditors/bank with equifax. That is the only way they collect information.

    That is not entirely true. If you work for a company that uses TALX services (now rebranded as Equifax Workforce) for HR, tax, or payroll or the Work Number then your HR department is directly feeding your salary information to Equifax.

    FWIW, TALX lost control of their database starting in April of 2016.

  22. Don't fall for it. by The+Raven · · Score: 1 · on Equifax Will Offer Free Credit Locks for Life, New CEO Says (bloomberg.com)

    Credit FREEZES are already free, and are far better than Credit Locks. Companies like Equifax cannot sell your information if you request a credit freeze. From Brian Krebs:

    Q: I see that Trans Union has a free offering. And it looks like they offer another free service called a credit lock. Why shouldn’t I just use that?

    A: I haven’t used that monitoring service, but it looks comparable to others. However, I take strong exception to the credit bureaus’ increasing use of the term “credit lock” to steer people away from securing a freeze on their file. I notice that Trans Union currently does this when consumers attempt to file a freeze. Your mileage may vary, but their motives for saddling consumers with even more confusing terminology are suspect. I would not count on a credit lock to take the place of a credit freeze, regardless of what these companies claim (consider the source).

    Also this from a more recent article:

    Other bureaus, like TransUnion and Experian, are trying mightily to steer consumers away from a freeze and toward their confusingly named “credit lock” services — which claim to be the same thing as freezes only better. The truth is these lock services do not prevent the bureaus from selling your credit reports to anyone who comes asking for them (including ID thieves); and consumers who opt for them over freezes must agree to receive a flood of marketing offers from a myriad of credit bureau industry partners.

  23. Don't fall for it. by The+Raven · · Score: 1 · on Equifax Will Offer Free Credit Locks for Life, New CEO Says (bloomberg.com)

    Credit FREEZES are already free, and are far better than Credit Locks. Companies like Equifax cannot sell your information if you request a credit freeze. From Brian Krebs:

    Q: I see that Trans Union has a free offering. And it looks like they offer another free service called a credit lock. Why shouldn’t I just use that?

    A: I haven’t used that monitoring service, but it looks comparable to others. However, I take strong exception to the credit bureaus’ increasing use of the term “credit lock” to steer people away from securing a freeze on their file. I notice that Trans Union currently does this when consumers attempt to file a freeze. Your mileage may vary, but their motives for saddling consumers with even more confusing terminology are suspect. I would not count on a credit lock to take the place of a credit freeze, regardless of what these companies claim (consider the source).

    Also this from a more recent article:

    Other bureaus, like TransUnion and Experian, are trying mightily to steer consumers away from a freeze and toward their confusingly named “credit lock” services — which claim to be the same thing as freezes only better. The truth is these lock services do not prevent the bureaus from selling your credit reports to anyone who comes asking for them (including ID thieves); and consumers who opt for them over freezes must agree to receive a flood of marketing offers from a myriad of credit bureau industry partners.

  24. All Internal Email. All Admin Accounts by Anonymous Coward · · Score: 1 · on Deloitte Hit By Cyber-attack Revealing Clients' Secret Emails (theguardian.com)

    https://krebsonsecurity.com/2017/09/source-deloitte-breach-affected-all-company-email-admin-accounts/

    Source: Deloitte Breach Affected All Company Email, Admin Accounts

    Deloitte, one of the world’s “big four” accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted “very few” clients. But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloitte’s entire internal email system.

  25. Re:Sounds about right... by Anonymous Coward · · Score: 0 · on Judge Kills FTC Lawsuit Against D-Link for Flimsy Security (dslreports.com)

    If a person was knowingly harmed due to this security lapse, I think we would have heard about it.

    Yea it's a shame "we" haven't heard any examples.

    Like almost-exactly a year ago when Krebs was taken offline for three days along with significant damage to the Akamai network when hit by a DDoS attack from D-Link (and others) insecurities:
    https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/

    Or when hundreds of thousands of websites at OVH were DDoSed offline:
    https://securityintelligence.com/news/leaked-mirai-malware-boosts-iot-insecurity-threat-level/

    Or when Dyn's entire US east-coast network was taken offline for a good part of a weekend a month later effecting millions of Americans accessing pretty much everything:
    https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/

    All of which were caused by a massive botnet of infected embedded devices, such as D-Link routers and D-Link IP cameras.

    Shame none of that hit the news for "us" to hear about...

  26. Didn't Equifax Use Wordpress.... by forkfail · · Score: 1 · on Backdoor Found In WordPress Plugin With More Than 200,000 Installations (bleepingcomputer.com)

    ... for their disaster response site after their massive data breach?

    Why, yes, yes, they did!

    https://krebsonsecurity.com/20...

    At what point do they declare the foot completely blown off and stop shooting?

  27. Re:Two other words by pthisis · · Score: 1 · on Ask Slashdot: What's a Practical Response To the Equifax Breach?

    Clark only has 3 of the 5 major credit bureaus listed at that link; PRBC is a little wonky, but if you're freezing your credit you'll want to freeze it with Equifax, Experian, Innovis, and TransUnion. http://krebsonsecurity.com/201... has all 4, or use Clark's links and add https://www.innovis.com/person...

  28. First thing: request a credit freeze by sandbagger · · Score: 5, Informative · on Ask Slashdot: What's a Practical Response To the Equifax Breach?

    The security freeze prevents anyone, even you, from opening a credit account or getting a loan in your name, including yourself, until you lift the freeze.

    You never know about a identity theft until after the fact and weird bills start coming in. Basically you agree to a PIN number. No new loans can take place in your name unless the applicant knows the number.

    It's close to free but there may be a few $10 fees depending on where you do it: https://www.transunion.com/cre...

    The credit reputation agencies don't offer it by default because their business model is to sell you fraud alert monitoring services. Logically, if there's a freeze, there's nothing for them to monitor. This is the cheapest and best solution.

    Second, stop giving Equifax your money.
    Third, class action suit.

    PS: Krebs on Security has a great piece that's now a few years old but shows why credit freezes are good and the other crap sold by Equifax and their peers are more or less useless in comparison: Transition and Experien promote have little value: https://krebsonsecurity.com/20...

  29. Per Brian Krebs... by jddj · · Score: 5, Informative · on Ask Slashdot: What's a Practical Response To the Equifax Breach?

    Don't waste your time or money on their monitoring "services", which don't do much. Instead, freeze your credit with each of the agencies.

    Krebs' "Dumpster Fire" post on the Equifax debacle is worth reading.

    https://krebsonsecurity.com/20...

  30. Re:Most of their customers have no recourse by burtosis · · Score: 2 · on Credit Reporting Firm Equifax Announces 'Cybersecurity Incident Impacting Approximately 143 Million US Consumers' (cnbc.com)

    Reminds me of when Experian basically let all thier data be stolen too. The purchased a company that then stole the data. Or when all 3 credit agencies had a breach. But they sure got thier due when the hundred billion dollar fines rolled in!!! Just kidding of course, barely a slap on the Wrist. Nothing is going to happen and Equifax will promise not to do it again - until it happens again in about 18 months.

  31. Krebs On Security dusputes this by BilGe · · Score: 2 · on Ukraine Hacker Cooperating With FBI In Russia Probe, Says Report (thehill.com)

    Brian Krebs has a blog post today claiming the NYT is incorrectly attributing these claims.

    https://krebsonsecurity.com/2017/08/blowing-the-whistle-on-bad-attribution/

  32. Now Stop Routing Traffic for Black Hat Groups by rsmith-mac · · Score: 1, Interesting · on Cloudflare Stops Supporting Neo-Nazi Site The Daily Stormer (arstechnica.com)

    So Cloudflare won't stand up for speech, but they'll stand up for black hat criminal operations? WTF?

    The problem with taking a stance is that now you have to justify why you take action sometimes and not other times. I totally get why Cloudflare would back down here and that's their call.

    But if they're going to start policing content, then why the hell are they shutting down the routing of objectionable content, but not clearly criminal content? Along with TOR, they're the haven of choice for Black Hats and other criminal groups. Brian Krebs and others have been trying to get them to stop for years, to no avail. And the people they are protecting are causing actual (criminal) damages to other groups.

    If Cloudflare wants to be a true neutral party, I can respect that. Similarly, if they want to have a say over the traffic they route, I can respect that as well. But if they're going to take the latter route, then I think they need to be held more accountable for all the scumbag criminals that they provide protection for.

  33. Krebs by Gravis+Zero · · Score: 1 · on Flaw In IoT Security Cameras Leaves Millions of Devices Open To Hackers (vice.com)

    more info at Krebs: https://krebsonsecurity.com/20...

    “You probably wouldn’t be able to make a universal, Mirai-style exploit for this flaw because it lacks the elements of simplicity and reproduceability,” Karas said, noting that the exploit requires that an attacker be able to upload at least a 2 GB file to the Web interface for a vulnerable device.

    it's worth noting that using you can easily send several gigabytes of zeros if you can mark the communication as using gzip compression.

  34. Re:Even if... by q4Fry · · Score: 1 · on Kaspersky Lab Has Been Working With Russian Intelligence (bloomberg.com)

    Hahaha, you're so naive...

    Why would the CIA *and* NSA not have 'someone' inside Kaspersky?

    You mean like Ruslan Stoyanov?

  35. Re:Guilt by being Russian. by eaglesrule · · Score: 1 · on US Senators Seek Military Ban on Kaspersky Lab Products Amid FBI Probe (reuters.com)

    A Russian company is far more vulnerable to what really are mafia tactics.

    Exactly.

    This comes in the wake of a senior executive of Kaspersky being arrested for classified reasons. The Krebs article speculates on some reasons for the arrest.

    Even assuming Putin did not want to take advantage of Kasperky's position of having a software foothold on millions of machines, the corruption in Russia makes the firm particularly vulnerable to organized cyber criminals. That reason alone is enough to not trust Kaspersky code.

  36. Russia has 2x as many ~K12 CS students as the US by Khopesh · · Score: 1 · on How Silicon Valley Pushed Coding Into American Classrooms

    I've been saying this for years: make Computer Science (theoretical math, logic, basic linguistics) a mandatory subject in K12 education alongside (applied) math, science, etc. Also, yank pre-calculus and calculus (save it for physics majors in college, offer it as a math elective in high school) and offer statistics for students advanced enough to get that far. Statistical illiteracy is one of the main drivers behind our fake news problem.

    Brian Krebs agrees with me, citing this as Why So Many Top Hackers Hail from Russia:

    Compared to the United States there are quite a few more high school students in Russia who choose to specialize in information technology subjects. One way to measure this is to look at the number of high school students in the two countries who opt to take the advanced placement exam for computer science.

    According to an analysis (PDF) by The College Board, in the ten years between 2005 and 2016 a total of 270,000 high school students in the United States opted to take the national exam in computer science (the “Computer Science Advanced Placement” exam).

    Compare that to the numbers from Russia: A 2014 study (PDF) on computer science (called “Informatics” in Russia) by the Perm State National Research University found that roughly 60,000 Russian students register each year to take their nation’s equivalent to the AP exam — known as the “Unified National Examination.” Extrapolating that annual 60,000 number over ten years suggests that more than twice as many people in Russia — 600,000 — have taken the computer science exam at the high school level over the past decade.

  37. Re: Do you editors even read your own stories?! by bestweasel · · Score: 3, Insightful · on The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise (theverge.com)

    That's one way of looking at it; this is another:

    Nicholas Weaver, a security researcher at the International Computer Science Institute and a lecturer at UC Berkeley, said Petya appears to have been well engineered to be destructive while masquerading as a ransomware strain.

    Weaver noted that Petyaâ(TM)s ransom note includes the same Bitcoin address for every victim, whereas most ransomware strains create a custom Bitcoin payment address for each victim.

    Also, he said, Petya urges victims to communicate with the extortionists via an email address, while the majority of ransomware strains require victims who wish to pay or communicate with the attackers to use Tor, a global anonymity network that can be used to host Web sites which can be very difficult to take down.

    âoeIâ(TM)m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,â Weaver said. âoeThe best way to put it is that Petyaâ(TM)s payment infrastructure is a fecal theater.â

    From Krebs on Security

    For the non-native English speakers here (and I know there are a lot of you), fecal theater is a euphemism for shit show.

  38. Still less than Windows by manu0601 · · Score: 1 · on A New Instance of Android Malware is Discovered Every 10 Seconds, Say Researchers (9to5google.com)

    1 malware for 10 seconds means 8640 per day, which is still much lower that Windows' malware feed which was over 50000 malware sample per day in 2010

  39. The spam king was arrested for spamming/botnets by Anonymous Coward · · Score: 0 · on Russian Arrested in Spain 'Over US Election Hacking' (bbc.com)

    Source: https://krebsonsecurity.com/2017/04/alleged-spam-king-pyotr-levashov-arrested/

    The above-referenced Reuters story on Levashov’s arrest cited reporting from Russian news outlet RT which associated Levashov with hacking attacks linked to alleged interference in last year’s U.S. election. But subsequent updates from Reuters cast doubt on those claims.

    “A U.S. Department of Justice official said it was a criminal matter without an apparent national security connection,” Reuters added in an update to an earlier version of its story.

    The New York Times reports that Russian news media did not say if Levashov was suspected of being involved in that activity. However, The Times piece observes that the Kelihos botnet does have a historic association with election meddling, noting the botnet was used during the Russian election in 2012 to send political messages to email accounts on computers with Russian Internet addresses. According to The Times, those emails linked to fake news stories saying that Mikhail D. Prokhorov, a businessman who was running for president against Vladimir V. Putin, had come out as gay.

    So, the association here was that a spam king's botnet once sent election spam? Who paid for it?

  40. MOD: Please Fix article title by exabrial · · Score: 5, Informative · on Russian Arrested in Spain 'Over US Election Hacking' (bbc.com)

    He's not being arrested for "hacking the election" he's being arrested because of other crimes:

    * https://krebsonsecurity.com/20...
    * https://www.nytimes.com/2017/0...

  41. Re:Then again by Ol+Olsoc · · Score: 1 · on Nearly 200,000 Wi-Fi Cameras Are Open To Hacking (bleepingcomputer.com)

    How exactly do these wifi cameras get exposed to public hacking? Are these cameras that you configure to use your own wifi network, and that automatically makes them visible outside your network? I have two wifi baby monitors in my home, but they both generate their own wifi signal are not on my home network. I am comfortable with the risk that someone could theoretically walk up to my house, hack the (random) factory password, and watch the baby in its crib. Is there some magic I don't know about that connects them to the internet?

    https://krebsonsecurity.com/20... If your cams never attach to the internet, it's cool, but most cameras these days are IP, and they are the STD's of the web.

  42. How about the link directly to Krebs? by Kludge · · Score: 5, Informative · on Krebs Pinpoints the Likely Author of the Mirai Botnet (engadget.com)

    https://krebsonsecurity.com/20...

    BK rocks BTW.

  43. Re:Shorter summary by Shoten · · Score: 1 · on Hackers Corrupt Data For Cloud-Based Medical Marijuana System (bostonglobe.com)

    we don't know that, for all we know they were one of those mongodb databases that got cryptolocker-ed.

    Except that you're describing it wrong. Cryptolocker has nothing to do with the over 20,000 MongoDB databases that have been subjected to ransom.

    Here's what's happened...and may well be the case in this particular instance as well. MongoDB, by default, has no controls on being able to write, read, or even delete information. If you make the database accessible via the Internet, odds are you haven't fixed that default state..and that's exactly what's happened to tens of thousands of public-accessible MongoDB installations.

    Krebs on Security has an excellent writeup here: https://krebsonsecurity.com/20...

  44. Re:Devices by Anonymous Coward · · Score: 0 · on Mirai Botnet Attackers Are Trying To Knock Liberia Offline (zdnet.com)

    What devices are in the Mirai botnet?

    According to Brian Krebs,

    The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords. Many readers have asked for more information about which devices and hardware makers were being targeted. As it happens, this is fairly easy to tell just from looking at the list of usernames and passwords included in the Mirai source code.

    Username/Password,Manufacturer,Link to supporting evidence
    admin/123456,ACTi IP Camera,https://ipvm.com/reports/ip-cameras-default-passwords-directory
    root/anko,ANKO Products DVR,http://www.cctvforum.com/viewtopic.php?f=3&t=44250
    root/pass,"Axis IP Camera, et. al",http://www.cleancss.com/router-default/Axis/0543-001
    root/vizxv,Dahua Camera,http://www.cam-it.org/index.php?topic=5192.0
    root/888888,Dahua DVR,http://www.cam-it.org/index.php?topic=5035.0
    root/666666,Dahua DVR,http://www.cam-it.org/index.php?topic=5035.0
    root/7ujMko0vizxv,Dahua IP Camera,http://www.cam-it.org/index.php?topic=9396.0
    root/7ujMko0admin,Dahua IP Camera,http://www.cam-it.org/index.php?topic=9396.0
    666666/666666,Dahua IP Camera,http://www.cleancss.com/router-default/Dahua/DH-IPC-HDW4300C
    root/dreambox,Dreambox TV receiver,https://www.satellites.co.uk/forums/threads/reset-root-password-plugin.101146/
    root/zlxx,EV ZLX Two-way Speaker?,?
    root/juantech,Guangzhou Juan Optical,https://news.ycombinator.com/item?id=11114012
    root/xc3511,H.264 - Chinese DVR,http://www.cctvforum.com/viewtopic.php?f=56&t=34930&start=15
    root/hi3518,HiSilicon IP Camera,https://acassis.wordpress.com/2014/08/10/i-got-a-new-hi3518-ip-camera-modules/
    root/klv123,HiSilicon IP Camera,https://gist.github.com/gabonator/74cdd6ab4f733ff047356198c781f27d
    root/klv1234,HiSilicon IP Camera,https://gist.github.com/gabonator/74cdd6ab4f733ff047356198c781f27d
    root/jvbzd,HiSilicon IP Camera,https://gist.github.com/gabonator/74cdd6ab4f733ff047356198c781f27d
    root/admin,IPX-DDK Network Camera,http://www.ipxinc.com/products/cameras-and-video-servers/network-cameras/
    root/system,"IQinVision Cameras, et. al",https://ipvm.com/reports/ip-cameras-default-passwords-directory
    admin/meinsm,Mobotix Network Camera,http://www.forum.use-ip.co.uk/threads/mobotix-default-password.76/
    root/54321,"Packet8 VOIP Phone, et. al",http://webcache.googleusercontent.com/search?q=cache:W1phozQZURUJ:community.freepbx.org/t/packet8-atas-phones/4119+&cd=21&hl=en&ct=clnk&gl=us
    root/00000000,Panasonic Printer,https://www.experts-exchange.com/questions/26194395/Default-User-Password-for-Panasonic-DP-C405-Web-Interface.html
    root/realtek,RealTek Routers,
    admin/1111111,Samsung IP Camera,https://ipvm.com/reports/ip-cameras-default-passwords-directory
    root/xmhdipc,Shenzhen Anran Security Camera,https://www.amazon.com/MegaPixel-Wireless-Network-Surveillance-Camera/product-reviews/B00EB6FNDI
    admin/smcadmin,SMC Routers,http://www.cleancss.com/router-default/SMC/ROUTER
    root/ikwb,Toshiba Network Camera,http://faq.surveillixdvrsupport.com/index.php?action=artikel&cat=4&id=8&artlang=en
    ubnt/ubnt,Ubiquiti AirOS Router,http://setuprouter.com/router/ubiquiti/airos-airgrid-m5hp/login.htm
    supervisor/supervisor,VideoIQ,https://ipvm.com/reports/ip-cameras-default-passwords-directory
    root/,Vivotek IP Camera,https://ipvm.com/reports/ip-cameras-default-passwords-directory
    admin/1111,"Xerox printers, et. al",https://atyourservice.blogs.xerox.com/2012/08/28/logging-in-as-system-administrator-on-your-xerox-printer/
    root/Zte521,ZTE Router,http://www.ironbugs.com/2016/02/hack-and-patch-your-zte-f660-routers.html

  45. Re:Devices by Anonymous Coward · · Score: 0 · on Mirai Botnet Attackers Are Trying To Knock Liberia Offline (zdnet.com)

    See Who Makes the IoT Things Under Attack? particularly this image.

  46. Re:Devices by Anonymous Coward · · Score: 0 · on Mirai Botnet Attackers Are Trying To Knock Liberia Offline (zdnet.com)

    See Who Makes the IoT Things Under Attack? particularly this image.

  47. Technical Solutions by nuckfuts · · Score: 1 · on Slashdot Asks: How Can We Prevent Packet-Flooding DDOS Attacks? (oceanpark.com)

    There are possible technical solutions. In the case of the Mirai botnet attacks, the released source code identifies the affected devices. Device manufacturers can be mapped to MAC addresses. ISP's could filter traffic from known vulnerable hardware devices to known DDoS attack targets.

    Is this an easy solution? No. Is this a comprehensive solution? No. Would ISP's want to take on this responsibility? No. But is it technically possible? Yes.

  48. Re:Wow by The+Raven · · Score: 4, Insightful · on China Electronics Firm To Recall Some US Products After Hacking Attack (reuters.com)

    You misunderstand. You often can't change the password on the telnet / ssh ports. Per Krebs:

    BUT WAIT, THERE’S MORE

    Several readers have pointed out that while advising IoT users to change the password via the device’s Web interface is a nice security precaution, it may or may not address the fundamental threat. That’s because Mirai spreads via communications services called “telnet” and “SSH,” which are command-line, text-based interfaces [...]

    The trouble is, even if one changes the password on the device’s Web interface, the same default credentials may still allow remote users to log in to the device using telnet and/or SSH.

  49. Re:Asking too much` by Fire_Wraith · · Score: 3, Informative · on China Electronics Firm To Recall Some US Products After Hacking Attack (reuters.com)

    Sadly, this sort of thing has nothing to do with being a developing nation. It's horrifyingly commonplace, in fact. Brian Krebs posted a list a few weeks ago including some of the products that were vulnerable to the Mirai botnet exploits, and while it includes several Chinese firms' products, it also includes ones by Samsung, Xerox, Panasonic, Toshiba, etc.
    https://krebsonsecurity.com/20...

  50. Also at krebsonsecurity.com by manu0601 · · Score: 1 · on Two 19-Year-Olds Charged With Running Phone Harassment, Hack-For-Hire Sites (arstechnica.com)

    The story is also reported at krebsonsecurity.com.