Researcher Discovers 100k IEEE User Passwords on Public FTP

If you are a member of IEEE, it might be the time for you to change the password.

A Romanian university teaching assistant, Radu Dragusin, has discovered a publicly accessible FTP server that stored around 100,000 usernames and passwords in plain text.  The passwords where found in logs stored on the FTP server. There where around 100GBs of logs which contained 376 million HTTP requests. Out of these, 411,308 entries contained passwords.

He reported the vulnerability to the officials on September 24th and they are rectifying the issue at the moment. The FTP server which contained the information has been taken offline and they are sending password reset email to all those affected. But we are yet to see a public statement from them.

IEEE, if you are not aware, stands for Institute of Electrical and Electronic Engineers and is an international organization that promotes technology and science. Its members include high position holders from various prestigious institutions. Radu says that the logs consisted passwords of Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford etc. The data is assumed to have been available online for about a month. But it is not certain whether the data has been acquired by hackers.

IEEE officials will have to answer a lot of questions in the coming days. Most importantly, why was the password stored as plain text. Secondly, why was the FTP server permissions not set correctly, when it contained massive amount of logs. Hopefully, they will rectify the issues as soon as possible and this should be a cue for others to secure the customer’s data.

Source: IEEE Log

Find out if Your Account Was Compromised and Leaked in Recent Hacks

For the past month or so, a group called Lulzsec has been causing havoc on the internet. They have been hacking servers and leaking usernames and passwords on the internet.

Should I Change My Password

Earlier today, Groupon India was hacked too, however, it is not known as to who was behind the hack. As a user, it is definitely difficult to find out if your account has been compromised or not. However, a new website called "Should I change My Password" is allowing users to search the database of leaked accounts to see if your account has been compromised.

Also Read: Editorial: LulzSec, AntiSec and Why the Internet is a Sadder Place Now

All you need to do is to enter the email address for your account and click on the "Check it!" button. It will then search the database that have been released by hackers to the public and see if your email address exists in it.

I would want to further add that regardless of whether your email was leaked or not, update your password immediately. It takes only few minutes and you can easily create strong passwords or use tools to generate strong passwords.

(via LH)

Electronic Arts/BioWare Hacked, Customer Information Stolen

In a continuing pattern of attacks on high profile targets, Electronic Arts has suffered a breach of security. The attack, which occurred on June 14, effected the message board system for one of the companies older titles.

According to EA, the server hosting the message board for Neverwinter Nights, a 10-year old game by BioWare, suffered a “highly sophisticates and unlawful” attack. In a post dates June 23, EA reports that, while no sensitive personal information like credit card or social security numbers were taken, a large amount of user’s personal data is at risk. This data included user names, encrypted passwords, e-mail addresses, mailing addresses, and phone numbers.

BioWare Ea Hack Homepage

While the full extent of the hack is unknown, EA is assuring its users that they have re-secured the server and are working hard to inform anyone they believe to be affected by the attack. The company wrote in its forum post that it is e-mailing “all potentially affected users.”

If you are an active user of the Neverwinter Nights forum and do not receive an email from EA, then you may be one of the lucky ones who were unaffected. That doesn’t mean you can relax, however. It is important to remember that security measures are important.

With the recent surge in attacks on popular websites, we should all remember to practice good security practices. That includs being wary of who we give sensitive information to, as well as changing our passwords frequently.

As of this writing, no group has stepped up to claim responsibility for the hack. EA is continuing to investigate in hopes of discovering the full extent as well as the identity of the individual or group responsible.

Google Chrome 8 Officially Gets Password Sync

dev channel has been updated to version 8.0.552.18. The latest version on the dev channel has officially got a long requested feature to sync passwords to the cloud.

Google Chrome 8 Password Sync

If you visit your sync options, you will now see an option which will allow you to sync your passwords to your Google account. This is definitely something I have been waiting for a long time and will make my life easier when it comes to switching between multiple computers.

Chrome 8.0.552.18 has been updated for Windows, Linux and Mac OS X. You can see this feature by visiting Options -> Personal Stuff. If you want to add an extra layer of security to your data, you might want to encrypt it using the "Encryption" tab in the Sync window. This will ensure that your data can only be synced if you enter the encryption key.

It is Confirmed. Google Street View Cars Captured User Emails and Passwords

The French National Commission on Computing and Liberty (CNIL) has finally confirmed that data captured by Google Street View cars had usernames and passwords. This puts Google at a high level of scrutiny and Google has been criticized widely for this.

Google, which started to collect data to improve its location service also collected private user data and tried to cover it up by making up stuff like “it was collecting only fragments of data” and other tech jargon to confuse people. Though, we know the better of these claims.

This investigation has laid the foundation for many further investigations to be carried out in Spain and Germany. Germany in particularly, has not been very friendly to Google and Google should gear up for some serious allegations.

Google has a database from thirty such countries and most countries, when came to know of this, asked Google to delete the data. Some others though, wanted Google to keep the data and investigate into it.

Google should be extra careful from now on. No wonder it has made life easier for all, though, this has also earned it scrutinizers who are much more interested in what goes on behind the scene.