Cyber Security

User avatar
Tiredretiredlawyer
Posts: 3155
Joined: Tue May 10, 2016 2:56 pm
Location: Animal Planet
Occupation: Permanent probationary slave to 5 dogs, 2 cats, the neighbor's cat, and 1 horse

Re: Cyber Security

Post by Tiredretiredlawyer » Mon Jul 10, 2017 1:21 pm

RTH10260 wrote:
Addie wrote:TIME

Trump Backtracks on His Idea for a Joint Cyber Security Unit With Russia after Harsh Criticism
:snippity:
The idea appeared to be a political non-starter. It was immediately scorned by several of Trump's fellow Republicans, who questioned why the United States would work with Russia after Moscow's alleged meddling in the 2016 U.S. election.
And why would the US want to cooperate with Russia when Russia is clearly derailing the US efforts in Syria... :brickwallsmall:
Because the trump was honored to meet Putin at the G19.
“I’ve been hooked since my first smell of C-4.” Linda Cox, first female Air Force Explosive Ordnance Disposal Technician, first to lead her own unit, go to war, be awarded a Bronze Star, and hold the highest enlisted rank of chief master sergeant.

User avatar
RVInit
Posts: 3720
Joined: Sat Mar 05, 2016 4:31 pm

Re: Cyber Security

Post by RVInit » Mon Jul 10, 2017 1:48 pm

Yeah, but there is still the issue of the possibility of Trump being able to meet with Putin without a career State Department or career (meaning non-political appointee) intelligence officer present. I don't trust Trump or any of his appointees to meet with Putin.

We really don't know what went on in that meeting he and Tillerson had with Putin. Tillerson was very careful how he worded his statement (which is why HE is the one who gave the statement) and I believe he deliberately worded his statement in such a way as to give the impression that Trump gave any meaningful objection to Russian interference in our election and also worded not to alarm us about what really went on in that meeting. I'm sure if we knew exactly what the four of them talked about we would indeed be alarmed. IMO.

Yeah, Trump said that the "American people" were concerned about Russian interference - meaning Trump himself was not concerned about it.
"I know that human being and fish can coexist peacefully"
--- George W Bush

User avatar
RTH10260
Posts: 12401
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

Post by RTH10260 » Sun Sep 03, 2017 5:08 pm

711 million email addresses ensnared in 'largest' spambot
The spambot has collected millions of email credentials and server login information in order to send spam through "legitimate" servers, defeating many spam filters.

By Zack Whittaker for Zero Day | August 29, 2017 -- 19:30 GMT (20:30 BST) | Topic: Security

A huge spambot ensnaring 711 million email accounts has been uncovered.

A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam.

Those credentials are crucial for the spammer's large-scale malware operation to bypass spam filters by sending email through legitimate email servers.

The spambot, dubbed "Onliner," is used to deliver the Ursnif banking malware into inboxes all over the world. To date, it's resulted in more than 100,000 unique infections across the world, Benkow told ZDNet.

Troy Hunt, who runs breach notification site Have I Been Pwned, said it was a "mind-boggling amount of data."
http://www.zdnet.com/article/onliner-sp ... -millions/
Members of the public can check if their accounts have been affected via the" Have I Been Pwned" service.
http://www.bbc.com/news/technology-41095606

This is the website you can check your email (or a domain name):
https://haveibeenpwned.com/



More background info can be found here:
https://www.forbes.com/sites/leemathews ... 47a2f72aa9



Note by this poster: One of my anonymous web aliasses shows up. May have been from a prior Yahoo breach. But need to change p/w :cry:

User avatar
RTH10260
Posts: 12401
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

Post by RTH10260 » Fri Sep 08, 2017 11:07 am

Due to the nature of this security breach, picked most pertinent info even above the 4 para limit
Equifax Says Cyberattack May Have Affected 143 Million Customers

By TARA SIEGEL BERNARD, TIFFANY HSU, NICOLE PERLROTH and RON LIEBERSEPT. 7, 2017

Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.

The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cybersecurity threat for the agency since 2015.

Equifax, based in Atlanta, is a particularly tempting target for hackers. If identity thieves wanted to hit one place to grab all the data needed to do the most damage, they would go straight to one of the three major credit reporting agencies.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

Criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants. The company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases.

In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken.
https://www.nytimes.com/2017/09/07/busi ... ttack.html

User avatar
RTH10260
Posts: 12401
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

Post by RTH10260 » Fri Sep 08, 2017 11:10 am

and possible some insider trading...
Equifax execs sold stock before hack was disclosed
by Paul R. La Monica September 8, 2017: 9:31 AM ET

Three Equifax executives sold shares of the credit-reporting company worth nearly $2 million shortly after a massive data breach was discovered. The sales occurred before the company announced the breach to the public on Thursday.

Equifax said in a statement to CNNMoney that it found out about the security incident on July 29 and immediately took action.

But according to filings with the SEC, Equifax Chief Financial Officer John Gamble sold shares worth nearly $950,000 on August 1.

Joseph Loughran, Equifax's president for U.S. information solutions, sold shares worth about $685,000 on August 1 as well.

And Rodolfo Ploder, president of workforce solutions, sold stock for just more than $250,000 on August 2.
http://money.cnn.com/2017/09/08/investi ... index.html

User avatar
MRich
Posts: 657
Joined: Sun Aug 22, 2010 4:07 pm

Re: Cyber Security

Post by MRich » Fri Sep 08, 2017 12:44 pm

Can anyone tell me how this can happen? Honestly, the executives of this company should be criminally charged.

User avatar
Sugar Magnolia
Posts: 8145
Joined: Sun Apr 01, 2012 6:44 am

Re: Cyber Security

Post by Sugar Magnolia » Fri Sep 08, 2017 12:54 pm

MRich wrote:Can anyone tell me how this can happen? Honestly, the executives of this company should be criminally charged.
If they make security breeches criminal (for anything other than actual criminal conduct) for a company that's hacked we'd have to say goodbye to a shit ton of electronic transactions. It's already criminal to hack, but I can't see where making the victims of the hack responsible will do much of anything.

But they need to hang the insider trading scum out to dry. I'd be ok with that.

User avatar
tek
Posts: 1650
Joined: Fri Nov 16, 2012 6:02 pm
Location: Happy Valley, MA
Occupation: Damned if I know

Re: Cyber Security

Post by tek » Fri Sep 08, 2017 12:57 pm

Not ready to jump yet; correlation is not causation.

Often execs have preplanned sell orders (for just this reason).. it is entirely possible these were just ordered set to fire on August 1.

But the SEC could get to the bottom of that quickly, if they cared to.
We are so far down the rabbit hole..

User avatar
RTH10260
Posts: 12401
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

Post by RTH10260 » Fri Sep 08, 2017 5:19 pm

tek wrote:Not ready to jump yet; correlation is not causation.

Often execs have preplanned sell orders (for just this reason).. it is entirely possible these were just ordered set to fire on August 1.

But the SEC could get to the bottom of that quickly, if they cared to.
PS. the article mentioned a spokesperson for the company saying that the shares sold were only a small part of what the guys were holding.

User avatar
Notorial Dissent
Posts: 8111
Joined: Thu Oct 17, 2013 8:21 pm

Re: Cyber Security

Post by Notorial Dissent » Sat Sep 09, 2017 9:54 am

It is entirely possible the share sale was coincidence, it is also possible that the data breach wasn't as bad as first reported. I don't believe that either. I think I see some REALLY nasty and expensive lawsuits coming. I do NOT see good things for their stock or financial stability.
The fact that you sincerely and wholeheartedly believe that the “Law of Gravity” is unconstitutional and a violation of your sovereign rights, does not absolve you of adherence to it.

User avatar
Lani
Posts: 2630
Joined: Fri Nov 16, 2012 4:01 pm
Location: Some island in the Pacific

Re: Cyber Security

Post by Lani » Sat Sep 09, 2017 7:37 pm

Editor's note, September 8: We recommend that anyone with a credit history assume they were affected by the hack, as Equifax's hack-checker tool proved unreliable in our tests.

:snippity:

How can I find out if I was affected?

Equifax has set up its own program to help people find out if they were one of the millions affected in the hack. It includes a tool that lets you check to see if you were affected and a program, Trusted ID, that may help prevent identity theft. But, be aware: the checker that lets you know if you were hacked might be broken and -- per the above note -- enrolling in the program might prevent you from participating in a class-action lawsuit against the company.

Because of these circumstances, we recommend that, for now, anyone with a credit history should assume they were affected by the hack.
https://www.cnet.com/how-to/equifax-dat ... on-hacked/
Insert signature here: ____________________________________________________

User avatar
Tiredretiredlawyer
Posts: 3155
Joined: Tue May 10, 2016 2:56 pm
Location: Animal Planet
Occupation: Permanent probationary slave to 5 dogs, 2 cats, the neighbor's cat, and 1 horse

Re: Cyber Security

Post by Tiredretiredlawyer » Sun Sep 10, 2017 1:24 pm

https://medium.com/new-york-state-attor ... a5d8c231b7
How To Protect Yourself From The Equifax Hack

P.S. — some of you may have seen reports about the terms of use for Equifax’s website to check whether your personal information is at risk. We called yesterday. After conversations with my office, Equifax publicly stated that consumers who check their status will not waive their rights. We are continuing to closely review.
Cybersecurity Incident & Important Consumer Information
September 8, 2017

We understand that some consumers are experiencing difficulties getting the answers and support they need through our website and call center. Ramping up the website and call center to handle the anticipated volume is ongoing and we are focused on making improvements as quickly as possible. We apologize for any inconvenience this process has created.

Thus far today, we’ve made the following adjustments:

1). YOU CAN DETERMINE YOUR STATUS IMMEDIATELY
Some consumers who visited the website soon after its launch failed to receive confirmation clarifying whether or not they were potentially impacted. That issue is now resolved, and we encourage those consumers to revisit the site to receive a response that clarifies their status.

2). NO WAIVER OF RIGHTS FOR THIS CYBER SECURITY INCIDENT
In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.

3). EXPANDED OUR CALL CENTER
We have tripled our call center team to over 2000 agents and continue to add agents.
:snippity:
“I’ve been hooked since my first smell of C-4.” Linda Cox, first female Air Force Explosive Ordnance Disposal Technician, first to lead her own unit, go to war, be awarded a Bronze Star, and hold the highest enlisted rank of chief master sergeant.

User avatar
ZekeB
Posts: 13552
Joined: Mon Oct 12, 2009 10:07 pm
Location: Northwest part of Semi Blue State

Re: Cyber Security

Post by ZekeB » Wed Sep 13, 2017 6:03 pm

The Feds are going to ditch Kaspersky as their AV utility. I always wondered why they used Russian stuff when the good old U S of A stuff is as good or better than Kaspersky. Chalk one up for Trump. OTOH Trump probably hasn't a clue about this.

Post Reply

Return to “Computers & Internet”