LulzSec Havoc: Change Your Important Passwords Before You Get Hit

The unknown and anonymous group (or single person) LulzSec is creating havoc, not just for companies like Sony, but also for government organizations like CIA and FBI. Most recently, the targets of the group has been common individuals like you and me.

In today’s data dump, LulzSec uploaded 62000 username and passwords for various users. Using this data anyone could login to your email account, , , bank account and more. It is definitely a huge privacy and security issue.

If you go through the Twitter feed of @LulzSec, you will see how the leaked passwords are being used. Some of those updates are really scary, take for example the one below where someone managed to destroy relationships over Facebook using those stolen accounts.

LulzSec Destruction

As you can see from the above screenshot, several users have used those accounts to access Xbox Live, PayPal, Facebook, Twitter, accounts. Some users even withdrew money from PayPal accounts and claimed to ruin relationships. This is definitely sickening.

Gizmodo has written an article to check if your passwords were leaked and find them out, however, don’t sit back happy if you are not one of the people who were not compromised. Regardless of whether or not your data was leaked, take about 15-20 minutes out of your time today and update the passwords for your Facebook, Twitter, Bank accounts and email providers like (, Hotmail, Yahoo) and other important services you use.

Make sure to create a new password for these services and if possible use different passwords on all of them. If you are having trouble with creating strong passwords read our guides on how to create strong passwords and more or use some password creation tools which can help you generate strong passwords

Though you might use hundreds of services, upgrading your passwords for some key services might save you trouble other individuals are going through. As a practice, try and use different passwords for different services and use alternative logins like (login through Twitter or Facebook) wherever you can.

Create Strong, Secure and Safe Passcodes for iPhone, iPod Touch and iPad

A recent study about iPhone passcodes revealed that several users use unsecure passcodes for the , and . This study shows that people are more than vulnerable if their mobile phone or gadget lands in the hands of intruders.

While it is easy to create strong passwords with password creation tools and more, not many take the time to do it. If you are someone who uses any of the most common passcodes for iPhone or the most common passwords on the internet, it is time to buck up a bit and create a stronger and secure password for your device.

If you are an iPhone, iPod Touch or iPad user, here is a simple way to create stronger passcodes for your device.

How To Use Strong Passcodes on iPhone, iPod Touch and iPad

Step 1: Go to the Settings App on your device.

iPhone General Settings

Step 2: Go to the General option and then click on the option "Passcode Lock". This will prompt you to enter your current passcode. Enter the same and click on the "Done" button.

Step 3: On the passcode screen, click on the "On" button next to Simple Passcode and change it to "Off". You will now be prompted to enter your current passcode, followed by an option to create a new alpha-numeric passcode. You can create very strong passcodes using alphabets, numbers and special characters.

Performing these three easy steps will allow you to protect your iPhone, iPod Touch and iPad better than the 4 digit passcodes. You can always create strong passwords using the tips and tools mentioned above in this article.

Common iPhone Passcodes Could Put Your iDevice At Risk

Mobile devices have become the lifeline of our existence. From making simple calls, these devices have now transformed into smartphones allowing us to keep in touch with family and friends, checking our email, check our favorite websites, read news, banking online and more.

However, when we are increasingly using our mobile devices to do almost everything that we did on a desktop, we still do not protect it that well. Every mobile device including an have a feature which allows us to lock the device. This ensures that the device can only be accessed if a pass code is entered.

While many tech savvy people might use strong passcodes or symbols, a majority of users still prefer to use very weak passcodes. A recent study by Daniel Amitay, he found that the top ten iPhone passcodes are really easy to crack.

Most Common iPhone Passcodes

Out of 204,508 passcodes he had access to, the top ten iPhone passcodes were 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212, 1998. Most of these were easy to crack and were used very frequently. The most common one was 1234 which is also part of one of the most common internet passwords.

Interestingly passwords like 5683, which do not seem to follow any pattern is actually the numeric value for the word "LOVE" when typed on a phone keypad.  Another common password usage was to use the 4 digit year. For example, 1998, 1999 and so on or birth years.

These trends are pretty disturbing as it gives intruders an easy chance to access the content of your phone. Having memorable and difficult passcodes is not hard at all.

In addition to that, you can also use a much stronger protection for your iPhone, or by visiting our guide for Setting stronger passcodes for iPhone, iPod Touch and iPad.

Nissan LEAF In-Car Computer Leaks Location Information

The Nissan LEAF (Leading, Environmentally friendly, Affordable, Family) car is currently being put through the paces in the hands of Casey Halverson, a network engineer at InfoSpace. At the heart of the LEAF is CARWINGS, a “telematics system” used for plotting and displaying various internal functions such as energy consumption, charge status as well as the ability to display content pulled from the internet.  Nissan has taken the technology of the car and is attempting to empower users with it by providing information about the car instantly through iPhone apps and an always-connected web app. Unfortunate for many LEAF owners, it would seem that Nissan may have overlooked customer privacy when developing the system.

In addition to requesting data through an RSS feed, CARWINGS takes it upon itself to pass along your current location in the form of  GPS co-ordinates, speed, direction and more. What’s worse, is that any configured feed is given the information and it can be harvested by third parties.

While there are many legitimate uses for providing these details, such as location-aware feeds for weather, driving directions or even traffic details – it would seem that at no time is this told to users and no option is available for opting out.

A video documentation shows off CARWINGS in use, set up with a simple feed that takes the information the LEAF has stored and provides it back to the user. Whether or not LEAF owners will consider this a gross invasion of privacy due to how such information can be leverage or if they find it a nice luxury that they don’t have to enter in their current location to see it’s raining will largely depend on how Nissan explains to the general customer why they share this information.


Via SeattleWireless

Microsoft Standalone System Sweeper Heals Virus Infected Systems

Windows-System-SweeperMicrosoft has quietly released a new security tool called Microsoft Standalone System Sweeper. The product is currently in beta, and is meant to complement Microsoft Security Essentials, which by itself is an excellent antivirus software.

Microsoft has never been good at naming things, and Microsoft Standalone System Sweeper only reinforces that fact. However, Microsoft does have a reputation of developing stellar Windows applications. According to most third party tests, Microsoft Security Essentials is as good as (or even better than) most other antimalware software available in the market. System Sweeper could turn out to be another extremely handy tool from the software giant.

Microsoft-System-Sweeper

System Sweeper creates a bootable rescue disk that can be used for scanning systems without booting into Windows. This can be helpful in getting rid of hard to remove malware, or detecting advanced rootkits. It also makes it possible to run a scan even when Windows has been rendered unusable by malware infections.

System Sweeper is available in both 32 bit and 64 bit flavors, and supports Windows XP (SP3), Vista and 7. It is capable of creating bootable CDs, DVDs, and USB devices. The latest definitions are downloaded from the web; hence, an internet connection is required for creating the bootable image.

Microsoft-System-Sweeper-Create-Rescue-Disk

Microsoft Standalone System Sweeper isn’t a revolutionary product. Most other antivirus vendors have been offering system rescue disks for a long time. However, it’s nice to see Microsoft stepping up its game, and getting serious about offering a comprehensive set of tools for tackling malware infections.

[ Download Microsoft Standalone System Sweeper ]

Thumbnail via OpenClipArt

Firefox 5 Beta Released

Eight weeks after Mozilla rolled out Firefox 4, it has launched a beta version of its fifth edition of the Firefox Web browser on Monday. Firefox 5 is faster and fixes plenty of bugs left over from Firefox 4. It’s new features include performance and stability enhancements, a channel switcher and CSS animations standard.

Firefox 5 Beta

The channel switcher lets users move between aurora, beta and final releases of the browser and test features at each level of development and quality.

CSS animations allows users animate transitions from one CSS style configuration to another.

Firefox 5 beta also includes opt-in location-aware browsing feature. This feature can tell websites where you’re located so you can find info that’s more relevant and useful and improve your browsing experience.

Mozilla’s first mobile release of Firefox 5 is an Android version of the browser. Both the desktop and mobile versions of Firefox 5 have a Do Not Track feature that lets users browse anonymously.

You can download Firefox 5 beta.  If you’ve been using Firefox 5 Aurora, you can switch the channel to continue to use Firefox 5

The final version of Firefox 5 is scheduled for roll-out on June 21.

8 Things You Need To Know About Google Chromebook

The much awaited laptop powered by Google Chrome (a cloud-based operating system) is all set for launch on June 15.

Here are few things that you need to about the all new Chromebook.

Chromebook

How does it work?

The Chromrebook should always be connected to the Internet in order to make use of its functionalities. In other words, everything will be on cloud and you’ll need Internet to access all of the apps, documents, photos, movies etc. Installing software or updating them, making backup of files or running anti-virus checks and all other PC related tasks will be eliminated as everything will be done over the cloud.

Who will release the laptops?

Google has tied up with Samsung and Acer which will release laptops powered with Chrome OS.

The Samsung device will come with 12.1-inch screen with an 8-hour battery life and will retail for $429 (Wi-Fi enabled) and $499 (3G enabled laptop), while Acer’s device will be an 11.6-inch display and a 6.5-hour battery life. Acer’s notebook will start at $349 and up.

No storage

Since Chromebook is Internet based, all of the files and folders will be stored on the cloud. The laptops will be highly integrated with cloud services and there will be no storage space available. However, the laptop will have slots to plug in other storages devices.

Boot-up Time?

According to Google, Chromebooks will boot in about less than eight seconds. Once it is up and running it’ll check for any updates and will reboot up with the latest version.

Offilne mode?

Yes, you can work with your Chromebook if you’re not connected to the Internet. You can access Google Docs, Google Calendar and Gmail accounts without an Internet connection. (However, you won’t be updated with new notifications/mail if you’re not connected to the Internet)

Security

Chromebooks uses the principle of “defense in depth” to provide multiple layers of protection, so if any one layer is bypassed, others are still in effect. Your files and folders will be protected and will be kept safe.

Availability

Chromebooks will be available for sale from June 15.

Laptop Specs

Acer Specifications:
11.6″ HD Widescreen CineCrystalTM LED-backlit LCD
2.95 lbs. | 1.34 kg.
6 hours of continuous usage 1
Intel ® AtomTM Dual-Core Processor
Built in dual-band Wi-Fi and World-mode 3G (optional)
HD Webcam with noise cancelling microphone
High-Definition Audio Support
2 USB 2.0 ports
4-in-1 memory card slot
HDMI port
Fullsize Chrome keyboard

Samsung Specifications:
12.1″ (1280×800) 300 nit Display
3.26 lbs / 1.48 kg
8.5 hours of continuous usage 1
Intel ® AtomTM Dual-Core Processor
Built in dual-band Wi-Fi and World-mode 3G (optional)
HD Webcam with noise cancelling microphone
2 USB 2.0 ports
4-in-1 memory card slot
Mini-VGA port
Fullsize Chrome keyboard
Oversize fully-clickable trackpad
Oversize fully-clickable trackpad

Click here for more details.

The Legend of Google Chrome Sandbox is No More

Google Chrome’s sandbox was assumed to be the uber security feature in any browser till date. Prize money worth a whopping hot $20000 and star recognition was not motivation enough to crack Google Chrome’s sandbox. It seemed like Pwn2Own contestants were giving up on hacking Google Chrome. Though now, they will have more hope.

chrome-sandbox-hacked

Finally, VUPEN, a security research firm seems to have gotten in and out of the Google Chrome sandbox with ease. They claim this by saying,

The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).

The attack was carried out on Google Chrome v11.0.696.65 on a Windows 7 64 bit system. This attack exploits the Chrome sandbox and successfully downloads a sample calculator program on your computer. This calculator can of course be any other malicious EXE file if you are a cracker. The guys at VUPEN have refused to release any code for the hack, though they have decided to share it with the Government.

This has come up a few hours from the Google I/O Conference and last I heard, Google I/O was going to be all about Android this time.

As expected always, Google must release a statement on this very soon. Over the years, Google has grown extremely protective of Google Chrome and it was only time before someone hacked the sandbox. Clearly, the sandbox is all that stands between the browser and the hacker. In the meanwhile, you can see this video on YouTube and understand better what is happening there.

Check out the VUPEN research page here.

Three years of legacy comes to an end. Google Chrome finally seems to be hacked.

Get Rid Of Facebook Scams and Infectious Links From Facebook

In today’s world of social networking, Facebook is the word of the day. And so is anything that gets posted on it. Every major incident happens and it goes viral on Facebook. Someone updates and everybody else follows the suit. Sharing information has never been easier. However, people with evil intentions are not lagging behind. They misuse this addiction for all the all the wrong reasons.

Recently as Osama bin Laden was shot dead in an US raid, Facebook was scattered with fake links pointing to Osama execution censored video. And the result was obvious. Curious people ended up clicking them and falling prey to it. The more worrying news is that, those links are going to appear again. So what do we do to stop from getting affected? Well, some rational thinking helps. However here is a great free tool that can save you the worry.

Installing Using Protection

Using Protection is a free (for personal use) browser extension for Firefox and Internet Explorer that does the job for you. Google Chrome let me install the extension, although, there were no significant changes to the scam links I tested.

install-using-protection

3 simple steps and you are done. Provide an email to sign up. You will then be prompted to post an update letting your friends know about the installation. This is optional and you can choose to skip this step. Finally, download and install the add on.

How Does It Help?

using-protection-find-fake-scam-link

Every time you visit any page on Facebook, the page will scanned for any suspicious link. Once detected, the link will be removed and instead it will be provided with a link to post an update letting your friends know about it. Yes, it is as simple as that.

using-protection-sitting-silent

The tool performs the job silently without cluttering your screen space which makes it even better. Provided the fact that Facebook is not going to be clean any time soon, the tool is a definite necessity for any Facebook user.

CCAvenue Payment Gateway Hacked By SQL Injection

Reports have started pouring in that CCAvenue, India’s largest payment gateway has been hacked and all the administrator passwords of various merchants using CCAvenue has been stolen in the process. The method of hack which was used in this is sadi to be SQL Injection. Such incidents are not at all expected from a company which happens to be the basis of lot of online e-commerce businesses.

The hackers have managed to lay their hands on all administrative passwords at CCAvenue, list of various databases and some information on tables within the databases. This was revealed by a portal called Hackerregiment which received an e-mail from a hacker with the screenshots suggesting that all administrator passwords at CCAvenue may have been leaked.

However, the CEO of CCAvenue has a different story to tell. He says that netbanking and non-credit cards related transactions form to be more than 85-90% of the overall transactions on CCAvenue. During these transactions, CCAvenue does not store any such important information on their servers and merely acts as a redirector.