Tag Archives: Security Breach

Evernote Breached; Enforces Password Reset

Popular note taking service, Evernote has announced that they suffered a data breach recently. But thankfully, according to a blog post made at the Evernote blog, the hackers were not able to break into and access stored notes of individual users.

However, they did get access to usernames and encrypted passwords. Evernote stores passwords after hashing and salting process. So there’s little chance that even if the hacker did get the encrypted passwords, they will be able to decode the original ones.

Nonetheless, Evernote is asking its users to reset their password to ensure maximum safety.

After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours.

Evernote hacking is in the wake of a series of data breaches on high profile tech companies such as Facebook, Twitter, Microsoft, Apple etc. Now, they haven’t released any details on how the actual hacking occurred, but props have to be given to the company for quick action on their part in letting the users know about the hacking and taking actions to reset their passwords as soon as possible.

Skype Password Reset Bug Allows Anyone to Hack a Skype Account

Hackers have discovered a new vulnerability in Skype that could allow anyone to practically reset any Skype account if the email associated is known.

The vulnerability which first surfaced on Russian hacker forums was first reported by The Next Web. The Next Web has verified the vulnerability and was able to successfully reproduce the hack twice. The hack basically includes creating a secondary account using the target’s email id associated with Skype. Using this secondary account, one can access the original Skype account and change the password of the target.

Microsoft has since acknowledged the issue and at the moment, they have taken down the Password reset page from Skype’s website.

We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority.

This issue is only applicable to Skype accounts while Microsoft accounts which can also be used to login to Skype are safe from this vulnerability.

LG Smart World Hacked, User Information Leaked

A hacker going by the Twitter handle @Ur0b0r0x has breached LG Smart World, and leaked email addresses and password hashes of 11,316 users [Please see update below]. Smart World is LG’s official app store, providing apps for smart TVs, smartphones, and home appliances. The same hacker had earlier hacked 32 websites belonging to the Government of Columbia.

LG-Smart-World-Hacked

The hacked data dump has already been indexed by OZ Data Centa. If you want to find out if your info has been leaked, head over to ozdc.net and search for your email address. According to OZDC, the leaked information contains 11203 valid emails, out of which, 284 had already been compromised by some other data breach incident. Thankfully, LG was not storing passwords in plain text. However, I am not sure exactly what hashing algorithm it was using. If your account has been affected, immediately change your password on Smart World as well as all other websites on which you were using the same password.

Nothing on the internet is truly secure. Data and privacy breaches are often inevitable. However, you can avoid being burned by being prepared for the worst case scenario. Some of the elementary precautions are:

  • Using distinct, non-guessable, and non-dictionary word passwords. You can use a password manager like Lastpass to manage your various accounts.
  • Enabling two-step authentication on services like Gmail that supported it.
  • Using a truly secure secret question for password reset options.

Update: LG spokeperson reached out to us stating that LG has been unable to verify a breach. “Äs far as we know, no private or sensitive information has been accessed”, he added.

Researcher Discovers 100k IEEE User Passwords on Public FTP

If you are a member of IEEE, it might be the time for you to change the password.

A Romanian university teaching assistant, Radu Dragusin, has discovered a publicly accessible FTP server that stored around 100,000 usernames and passwords in plain text.  The passwords where found in logs stored on the FTP server. There where around 100GBs of logs which contained 376 million HTTP requests. Out of these, 411,308 entries contained passwords.

He reported the vulnerability to the officials on September 24th and they are rectifying the issue at the moment. The FTP server which contained the information has been taken offline and they are sending password reset email to all those affected. But we are yet to see a public statement from them.

IEEE, if you are not aware, stands for Institute of Electrical and Electronic Engineers and is an international organization that promotes technology and science. Its members include high position holders from various prestigious institutions. Radu says that the logs consisted passwords of Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford etc. The data is assumed to have been available online for about a month. But it is not certain whether the data has been acquired by hackers.

IEEE officials will have to answer a lot of questions in the coming days. Most importantly, why was the password stored as plain text. Secondly, why was the FTP server permissions not set correctly, when it contained massive amount of logs. Hopefully, they will rectify the issues as soon as possible and this should be a cue for others to secure the customer’s data.

Source: IEEE Log

Leaked Email Exchange Indicates Hacker Group Trying to Extort Money from Symantec

Anonymous has made a Pastebin dump of email exchanges between a Symantec representative called Sam Thomas and Yamatough, the spokesperson of the hacker group Lords of Dharmaraja.

The hacker group is accusing Symantec of ‘bribing’ them in order to prevent the release of the pcAnywhere source code. Looking at the email exchange however, it seems that the hacker group was in fact trying to extort money from Symantec.

The emails shows how Yamatough was trying to extort money through a service called ‘Liberty Reserve’ to an offshore account or to accounts in Lithuania or Libya. Sam instead suggests wiring $1000 through PayPal which Yamatough declines. Sam then increased the total payment to $50,000 with an initial transfer of $2500 for three months and the rest of the money after they provide enough proof that the source code has been destroyed. At this point, Yamatough becomes suspicious that the FBI is involved and the email exchange stops even though Sam tries to continue the conversation. You can read the entire conversation in the above link.

In a comment made at Infosec Island, Cris Paden of Symantec confirmed that the email exchange posted was legitimate.

In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still on going, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

Paden also confirmed to Forbes that Sam was in fact an agent trying to get more information out of Yamatough.

“Anonymous has been talking to law enforcement, not to us. No money was exchanged, and there was never going to be any money exchanged. It was all an effort to gather information for the investigation,” he said.

Anonymous has uploaded the leaked source code to the torrents. But Symantec has reiterated that, you are safe, as long as you are using the latest version.

You can find additional information about the source leak here.

Symantec admits a 2006 Network Breach led to Source Code Leak

Symantec has now retracted its previous statement that the security breach which led to the leak of source codes of their older security products happened at a third part server, reports Reuters.

In a statement made to Reuters, spokesperson of Symantec, Cris Paden confirmed that the data breach occurred at the networks of Symantec in 2006.

“We really had to dig way back to find out that this was actually part of a source code theft. We are still investigating exactly how it was stolen”, he said.

Previously, it was assumed that the breach had occurred at a server of Indian Government. He also revealed that source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere were also obtained by the hackers. Symantec in their earlier statement had said that the source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 were the ones that leaked.

A few days ago, ‘Yama Tough’ who is acting as the spokesman of the hacking group Lords of Dharmaraja (who took the responsibility of breaching) tweeted that they will be releasing the code of pcAnywhere to the black hat community so that they can exploit its users using zero day vulnerabilities. They had also threatened of releasing the source code of Norton to the public, but backed out at the last moment tweeting,

We’ve decided not to release code to the public until we get full of it =) 1st we’ll own evrthn we can by 0din’ the sym code & pour mayhem

Paden has acknowledged that pcAnywhere users are indeed facing ‘a slightly increased security risk’ and said,

Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.

Symantec is still reiterating that the code leaked is old and there isn’t a huge risk for its customers provided that they are using the latest versions. But as long as they didn’t write the source codes of their latest products from scratch, there are chances that at least part of the leaked source code is still used. The leak however will be a great advantage for competing security product vendors to understand the working of the Symantec products and use it to improve their own products.

Online Retailer Zappos Breached; Customer Info Accessed

Zappos, an online retailer run by Amazon has suffered a security breach and has confirmed that its customer information was accessed.Zappos

In an email sent to its customers, CEO of Zappos, Tony Hsieh said,

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

Fortunately for its users, Tony has confirmed that the database containing the credit card information and shipping addresses was not breached. A similar kind of breach had occurred at CoveritLive, a few days ago. Like the breach at Zappos, while the hackers could access the username and/or password of CoveritLive users, luckily, they failed to get their hands on the financial data.

As a result of the breach, Zoppos has temporarily blocked international users and has cancelled telephone support. They are urging its users to contact them by email, in case they have any questions.

Zappos is now enforcing a password reset for all of its users. They are also working along with the law enforcement agencies on the investigation of the hacking incident. So if you have an account on Zappos, it is recommended that you change the password as soon as possible. Also, if you have the same password associated with any other online accounts, it would be wise to change that as well.

CoveritLive hacked; Consumer data presumed Stolen

Today morning, I woke up to see the following email from Cover It Live.

CoveritLive recently discovered that certain proprietary data files were accessed without authorization starting on or about January 7, 2012. We have not yet determined if, or to what extent, CoveritLive account information (i.e., user names, email addresses and/or passwords) was accessed. We do know, however, that no financial account information has been compromised.

We take this matter very seriously and will continue to work to ensure that all appropriate measures are taken to protect your personal information from unauthorized access. We also would like to take this moment to remind you of a couple of tips that should always be followed:

· Do not open emails from senders you do not know. Be especially cautious of “phishing” emails, where the sender tries to trick the recipient into disclosing confidential or personal information.

· Do not share personal or sensitive information via email. Legitimate companies will not attempt to collect personal information outside of a secure website.

We regret any inconvenience that this password change process may cause you. Please do not hesitate to contact us at [email protected] if you have any questions.

Sincerely,

CoveritLive Team

cover_it_live

CoveritLive, as you might know, is a tool used primarily for live blogging. Many popular websites and blogs such as ESPN, USA Today and ZDNet use CoveritLive for live blogging.

According to the email sent to its customers, CoveritLive user’s passwords are encrypted and there is no evidence yet that they have been retrieved. The email also states that no financial data has been stolen, which is a major relief for its customers.

As of now, we don’t know exactly what kind of data was stolen. The company has started an investigation and hopefully more details will be released soon.

In the meantime, if you have a CoveritLive account, I strongly suggest that you change the password immediately. In fact, from today (January 14) onwards, CoveritLive will be enforcing a password reset for all of its users. So when you login to CoveritLive next time, you’ll be asked to change the password.

If you have been using the same password for any other accounts, it is a good idea to change that as well.

Symantec confirms Norton Source Code Leak

symantecToday, Symantec confirmed that source codes of two of its old enterprise products were obtained by hackers.

The hack is assumed to be the work of an Indian group who call themselves ‘Lords of Dharmaraja’. Interestingly, the security breach did not take place directly at Symantec’s servers. Instead, the source code was obtained (along with other confidential documents) by hacking into an Indian Military server.

The group posted some details regarding the source code on Pastebin (which was taken down after the news spread) and has warned that they will be releasing the source code, once they overcome the blockade put forth by Indian and US agencies.

A hacker called ‘Yama Tough’ emailed the source file to the folks at InfoSec Island who in turn forwarded it to Symantec for verification. Yama Tough has also posted some screenshots of a confidential document about Cellular Surveillance.

Symantec, after verifying the file, posted the following response in their Facebook wall.

Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information. We will communicate that process once the steps have been finalized. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.

Although the leaked source code is of older products, what its repercussions are going to be for Symantec is yet to be seen.

Amnesty International website Hacked to Serve Java Exploit

Amnesty_InternationalAmnesty International’s UK website was hacked recently, to incorporate an iframe that served a Trojan.

The iframe loads a CVE-2011-3544 based java exploit code, fetched from a Brazilian automobile site which itself was hacked. Security Analyst, Brian Krebs reports that the retrieved executable file is a trjoan classified as Trojan Spy-XR. This Trojan, which relies on a patched Java vulnerability, tracks and steals the affected user’s keystrokes.

According to Paul Royal of Barracuda Labs, the website was compromised on or before December 16th. So, if you have visited the website anytime between and have out-dated Java software, there’s a good chance that your computer is infected. In that case, run a complete system scan using your updated anti-virus. It is also a good idea to change the passwords of your online accounts.

This exploit will not affect you if you had already installed the latest Java updates or if you don’t have Java installed.

This is not the first time that Amnesty’s website was compromised. Last year, their Hong Kong website was hacked to spread malware of similar kind. The UK website itself has been compromised previously to exploit a Flash Player zero-day vulnerability.

Speculating about motive for the attacks, Paul went on to say in his blog post that,

The working theory for this anomaly relates to Amnesty International as a human rights non-governmental organization. To explain, certain countries use zero day exploits and other techniques to gain electronic information about the activities of human rights activists. Of course, a subset of these activists are too smart to click on links in even well-worded spearphishing emails. But what if you compromised a website frequented by these activists (e.g., Amnesty International)? Then your targets come to you. The context-specific damage potential is significant.