Although it took eBay itself an absolute age to disclose that a serious breach had taken place, and then [completely screwed up the process of ensuring users change their passwords](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/479152/more-ebay-security-stupidity-exposed), this should come as no real surprise. Happygeeks' Law states: the larger the corporate, the longer it takes to admit anything and the bigger the chance it will handle it badly. What is surprising is that it has taken so long for the stolen database of user credentials to go up for sale on the dark market. If you consider that the breach itself happened a couple of months ago, …

Member Avatar
Member Avatar
+1 forum 4

The news that JPMorgan Chase & Co, which is the largest of the US banks with a reach that extends to half of all American households, has been breached will surprise nobody. At least not in the sense that this is old news, with a disclosure of the event happening in August. The actual breach was discovered by the bank back in July, and is thought to have been active for at least a month prior to that. What is surprising, however, is that a financial organisation of such a size and reputation should fall victim to such a breach …

Member Avatar
Member Avatar
+1 forum 2

Sanjib Mitra is a man who likes to be responsible and do the right thing. A year ago he discovered, quite by accident, that a little bit of URL tweaking could reveal personal data about people other than himself within a website database. He was completing a complicated application form himself when he was faced with a blank page and a browser back button that did nothing, so he tried changing numerical data at the end of the URL in an effort to salvage some of the information he had spent the previous hour entering. His reward was not time …

Member Avatar
Member Avatar
+0 forum 12

As [news breaks](http://www.usatoday.com/story/tech/2015/06/12/office-of-personnel-management-hack-china/71146452/) that a second breach at the federal Office of Personnel Management may have seen another set of data, potentially more valuable than that accessed during [the first](http://arstechnica.com/security/2015/06/why-the-biggest-government-hack-ever-got-past-opm-dhs-and-nsa/), Philip Lieberman, President of privileged identity management specialists [Lieberman Software](http://www.liebsoft.com/), has been talking about what went wrong. Here's what he had to say on the matter: > The apparent US Government policy with regard to the protection of commercial enterprises attacked by nation states and others has been benign neglect (perhaps a shoulder to cry on). Current law and government policy forbid commercial enterprises to take any action against the …

Member Avatar
Member Avatar
+2 forum 5

"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems." These are the words of Brad Arkin, Chief Security Officer at Adobe as he reveals that one of the biggest names in the software business has fallen victim to …

Member Avatar
Member Avatar
+3 forum 10

Teens just love using social networks for everything from [URL="http://www.daniweb.com/news/story220006.html"]posting naked photos online[/URL] to [URL="http://www.daniweb.com/news/story218938.html"]wasting time during class at school[/URL]. We also know that [URL="http://www.daniweb.com/news/story219438.html"]parents have little idea what teens get up to online[/URL] but, it would appear, the teen online love affair has not gone unnoticed by young hackers who are actively targetting their fellow teenagers. Researchers at the Imperva Application Defense Center have uncovered a new hack attack which specifically targets teens using the popular Habbo Hotel virtual world come social networking site. Since it launched in 2000, Habbo Hotel has gone on to see around 75,000 new …

Member Avatar
Member Avatar
+0 forum 2

It's the festive season but would you really expect Lady Gaga to give you a free iPad 2? That was the exact message being broadcast from Lady Gaga's Twitter account earlier, promising each and every one of her 17 million followers an iPad 2 and all they had to do was click the link for details. [ATTACH=RIGHT]23296[/ATTACH]Of course, there was no iPad. The Lady Gaga Twitter account had been hacked and if you clicked on that link it would take you to a number of different sites via redirects and then dump you at a survey designed to scam you …

Member Avatar
Member Avatar
+1 forum 6

You might be forgiven for thinking that the iPhone is the most secure of the smartphone choices, especially if you've opted for a 5S or above with that fingerprint reader for secure ID and iOS 8 as the most robust of operating systems. Forgiven, but wrong; despite the claims from Apple that iOS is designed with advanced security technologies built in rather than bolted on. If you go by the results of the annual [PWN2OWN](http://www.pwn2own.com/) hacking competition which was held in Tokyo last week, then iOS fell behind Android and to add to the jaw-dropping amongst many pundits Android in …

Member Avatar
Member Avatar
+1 forum 3

So it seems that an Internet Explorer zero day vulnerability allowed the back door to be opened that resulted in the [URL="http://www.daniweb.com/news/story252590.html"]hack attack on Google[/URL] and many others that has received such publicity this week. According to [URL="http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/"]McAfee[/URL] it has identified an Internet Explorer vulnerability as being one of the attack vectors but the security vendor also warns that targeted attacks such as this often use "a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios" so it is possible, likely even, that other as yet unidentified attack vectors were also involved. However, McAfee dismisses some early reports which …

Member Avatar
Member Avatar
+0 forum 4

At the start of the year, [DaniWeb reported](https://www.daniweb.com/internet-marketing/social-media-and-communities/news/470719/snapchat-plays-blame-game-after-hack) how Snapchat, the self-destruct photo messaging service, had been hacked and information regarding 4.5 million users had been stolen. Fast forward to now, and Snapchat is again in the mire: nude images have started to appear on 4chan which have been stolen from Snapchat accounts. According to new [reports](http://venturebeat.com/2014/10/10/snapchat-responds-to-nude-photo-hack-passes-blame-to-users/) images from 200,000 Snapchat accounts have been stolen and are now starting to appear online. Snapchat itself denies that its own servers have been breached, however it does confirm that accounts have been hacked. This rather confusing admission would appear to be due …

Member Avatar
Member Avatar
+1 forum 4

The Internet of Things (IoT) is something of a buzz-phrase right now, and locking down the IoT is certainly something that vendors across both security and hardware industries are talking up. The problem with the publicity surrounding stories of 'things' that have been hacked is that, well, they never really have much potential impact right here, right now, to you or your business. So someone managed to break into an Internet-connected baby monitoring device and make creepy announcements over it, or there's the potential to control an Internetified self-driving car in the future; neither of which fill me with dread …

Member Avatar
Member Avatar
+2 forum 3

There's a truism that I like to share with as many people as possible: if you don't want other people to see something, then don't post it online. It is, you might think, a pretty simple concept to grasp. After all, you wouldn't stroll into a bar with a megaphone and yell "I'm not wearing underwear" if you wanted to keep that secret would you? But would you write that fact down on small pieces of paper and slip them unnoticed into the pockets of people in that bar if you wanted to reveal all (please excuse the unfortunate choice …

Member Avatar
Member Avatar
+2 forum 6

Reports started circulating yesterday that Gmail had been hacked, with some 5 million logins at risk. This follows the publication, on Tuesday, of a plain text list of Gmail usernames and passwords on a Russian Bitcoin forum. Within 24 hours the 'hack hysteria' had taken hold and people were being advised to check if their accounts had been compromised, change their passwords etc. Trouble is, there appears to be absolutely no actual evidence that Gmail has been hacked at all, and plenty to suggest that this credentials list is just another composite; constructed with passwords taken from lists already published …

Member Avatar
Member Avatar
+2 forum 7

So, a bunch of US financial institutes have been hacked. Nothing new there, if we are being brutally honest. The newsworthyness in this particular case comes courtesy of one of those organisations apparently being none other than JP Morgan Chase. USA Today reported yesterday that a federal law enforcement official had told the media outlet, unofficially, that Russian hackers were behind the series of breaches which resulted in the loss of "sensitive data." JP Morgan Chase did not confirmed the accuracy of the report, but a spokesperson did tell USA Today that it uses "multiple layers of defense to counteract …

Member Avatar
+1 forum 0

A report from Hold Security claims that one of the biggest ever online heists has been committed by a Russian crime gang. It would appear that the data theft includes, wait for it, no less than 1.2 billion (yes billion) username and passwords along with around half a billion email addresses obtained from more than 400,000 websites. In total, Hold Security says, the stolen data amounts to some 4.5 billion items. According to the [report](http://www.holdsecurity.com/news/cybervor-breach/) the gang acquired databases of stolen credentials from online dark markets which were then used to attack e-mail providers, social media, and other websites. Spam …

Member Avatar
Member Avatar
+2 forum 2

SuperValu has confirmed that is has, indeed, suffered a data breach. The supermarket company [stated](http://www.supervalu.com/security.html) that what it calls a "criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores, including some of its associated stand-alone liquor stores" may have resulted in "the theft of account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some point of sale systems at some of the Company’s owned and franchised stores." If you thought that was a bit of …

Member Avatar
+1 forum 0

The Onion Router, better known as the Tor Network, is often thought of as being the dark-side of the web. Not least as the anonymity provided by Tor meant that sites hosted on so-called hidden service servers were free to trade in just about anything from drugs and guns through to child pornography. In amongst the depravity and illegal excess, of course, were political activists and dissidents looking for an online safe haven in order to escape persecution, prosecution and potentially death. Revelations that the FBI would appear to have been behind the takedown of Freedom Hosting, apparently responsible for …

Member Avatar
Member Avatar
+2 forum 4

my friend, who told me that he can hack any facebook, yahoo, gmail account. First i didn't believe him but when he pulled out his laptop and asked me to name any account email address on the earth. I mentioned some random guys, my relatives. And in few seconds he told me there passwords which really worked when i tried, then next day i made another yahoo account and just after making it i sms'n him my id and told him to crack password and just within few mins he replied with exact password but he won't tell me the …

Member Avatar
Member Avatar
-4 forum 9

Is HACK object orientated and what application development is it designed for?

Member Avatar
Member Avatar
+3 forum 1

Following on from the news that an eBay password database has been compromised, and universal advice from security experts that users should now change their passwords, one thing has been loud clear: the total lack of that password change requirement from eBay. Sign into eBay and there is nothing to say stop, change your password. There has been no email sent to registered users urging them to make the change. In fact the only I've read of it have come from news stories in which they state that eBay are 'urging users to change their passwords' but truth be told …

Member Avatar
Member Avatar
+1 forum 13

The latest major online outfit to suffer from a breach is Bitly, the url shortening service beloved by users of Twitter and Facebook. According to a statement from Bitly CEO Mark Josephson, the company has "reason to believe that Bitly account credentials have been compromised." ![c385df134b645f20b10410443c05d835](/attachments/large/0/c385df134b645f20b10410443c05d835.jpg "c385df134b645f20b10410443c05d835") Although Josephson insists that there is no indication at the current time that any Bitly accounts have actually been accessed by the hackers, he has quite wisely taken the proactive step of disconnecting all users' Facebook and Twitter accounts which means they will be required to reconnect these when they next login once …

Member Avatar
Member Avatar
+0 forum 3

It has been [officially confirmed](http://php.net/archive/2013.php#id2013-10-24-2) that the php.net website of the open-source PHP programming language has been hacked and infected with malware. The successful breach of the site came to light yesterday morning when the Google Safe Browsing service started flagging php.net as serving up malicious scripts. This was, at first, denied by php.net which Tweeted claims that it was down to a false negative by Google. However, that position has changed and now it has been officially confirmed that two servers at php.net had been hacked and were, indeed, hosting malicious code in order to install malware on the …

Member Avatar
Member Avatar
+13 forum 10

The photo messaging application Snapchat, which allows users to post images, video and text on a time limited basis to a group of recipient users, has been hacked. The attraction of Snapchat, apart from not being Facebook and therefore somewhere teenagers can meet online without their parents having a clue about it, is in the 'Mission Impossible' nature of the service: your photo will self-destruct in 10 seconds. Well sort of, as users set the time limit up to 10 seconds that the snap will be viewable to the receiving group, after which they can no longer see it and …

Member Avatar
Member Avatar
+1 forum 1

The popular [MacRumors Forums](http://www.macrumors.com/) site has confirmed that it was successfully hacked on Monday this week. The vBulletin powered forums fell victim to what it describes as a similar breach that hit the Ubuntu forums earlier in the year. "Our case is quite similar" says MacRumors founder Arnold Kim who continues "with a moderator account being logged into by the hacker who then was able to escalate their privileges with the goals of stealing user login credentials." Unlike the Ubuntu breach, no site defacement appears to have taken place though. In the case of MacRumors, that means some 860,000 usernames, …

Member Avatar
+3 forum 0

In my [DaniWeb report](http://www.daniweb.com/hardware-and-software/tablets-and-mobile-devices/news/462936/apple-iphone-5s-the-worlds-first-64-bit-smartphone) on the launch of the new iPhone 5s from Apple, I stated that you could "forget the fingerprint scanner built into the new circular home button" but I knew all along that was never going to be the case. In context, I was focusing upon what I think is the most innovative and important feature of the new iPhone; namely the 64bit chip that powers it. Of course the fingerprint scanner is an innovation, in as far as it will now drive other manufacturers to consider implementing biometrics on devices such as smartphones and tablets as …

Member Avatar
Member Avatar
+2 forum 1

Last week, the NoSQL database host MongoHQ suffered a breach which exposed customer files, email addresses and password data to the attackers. The ripples from that breach are still being felt, as users of the Sunrise calendar app on the iPhone found out this morning. Luckily that password data was not only encrypted, but hashed using bcrypt. As security expert [Paul Ducklin](http://nakedsecurity.sophos.com/2013/10/31/lessons-to-learn-from-the-mongohq-database-breach/) from Sophos explains: "bcrypt is a so-called keystretching function that ramps up the time it takes for a supplied password to be checked against its stored hash, by requiring various parts of the hash calculation to be repeated …

Member Avatar
Member Avatar
+0 forum 1

How can I prevent a XSS attack but allow user to post iframe and img? My page is php based but I allow users to submit text and have allowed only iframes and imgs with strip_tag How do I prevent a user from launching an xss attack?

Member Avatar
Member Avatar
+0 forum 4

UK home shopping pioneers Lakeland have sent an email to all customers past and present to warn them that the retailers website has been hacked. What Managing Director Sam Rayner calls a "sophisticated and sustained attack" took place late on Friday 19th July. Measures were taken at the time to block that attack and repair the system, however the ongoing investigation has revealed that two encrypted databases were compromised. In that email to customers, Rayner states that the company has been "unable to find any evidence that the data has been stolen" but nonetheless has taken immediate action to delete …

Member Avatar
Member Avatar
+1 forum 1

Within days of the New York Times website suffering an outage which was widely reported as being down to another cyber attack, although the NYT itself insists it was actually an internal issue following system maintenance, media sites belonging to CNN, Time and the Washington Post have been attacked by the Syrian Electronic Army (SRA) in support of President Bashar al-Assad. All three sites concerned apparently used a single link recommendation service called Outbrain, and it seems that a social engineering attack there led to the successful breach. ![0612f5b78049dbb2f29c20a86e26b88f](/attachments/small/0/0612f5b78049dbb2f29c20a86e26b88f.jpg "align-right") Outbrain [announced yesterday](http://www.outbrain.com/blog/2013/08/update-outbrain-security-breach.html) that "we have fully secured the network …

Member Avatar
Member Avatar
+1 forum 1

Security researchers at ESET [have revealed](http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/) that a prolonged and highly targeted data stealing attack aimed at Pakistan, using fake PDF documents, appears to have originated in India. Using a code signing certificate (issued to what looks like a legitimate company 'Technical and Commercial Consulting Pvt. Ltd') to sign malicious binaries the chances of them being able to distribute the payload was greatly improved. The company concerned, ESET says, was based in New Delhi and the certificate itself was issued in 2011. Documents, mainly PDFs, attached to emails were infected with data stealing malware and signed off with the aforementioned …

Member Avatar
Member Avatar
+1 forum 3

The End.