January 18, 2019

posted on Friday, January 18, 2019 at 7:49 AM

Vast data-berg washes up 1.16 billion pwned records

By John E Dunn

The Have I Been Pwned? (HIBP) website has revealed another huge cache of breached email addresses and passwords discovered last week circulating among criminals.

Named “Collection #1” by HIBP’s maintainer Troy Hunt, its statistics are as impressive as they are worrying: 87GB of data, 12,000 files, and 1.16 billion unique combinations of email addresses and passwords.

After cleaning up the data, Hunt reckons 773 million email addresses are unique, as are 21 million of the passwords, which is to say appearing in unhashed form only once within the cache.

Hunt said the data was discovered by “multiple people” on the MEGA cloud service being advertised as a collection made up of 2,000 or more individual data breaches stretching back some time.

Who has the data?

Given that it was being advertised and discussed on a criminal forum, in theory almost anyone visiting that source.

Read more at https://nakedsecurity.sophos.com/2019/01/18/vast-data-berg-washes-up-1-16-billion-pwned-records/

Did you know you can see the ad boxes Facebook sorts us into?

By Lisa Vaas

Fitbit? Pollination? Jaguars? Snakes? Mason jars?

OK, fine, Facebook, I’m not surprised that I’ve clicked on those things. But when did I ever click on anything related to Star Trek: Voyager? Or Cattle?!

My “this feels weird” reaction makes me one of the 51% of Facebook users who report that they’re not comfortable that the ad-driven company creates a list that assigns each of us categories based on our real-life interests.

It’s called “Your ads preference.” You can view yours here. If you drill down, you can see where Facebook gets its categorization ideas from, including the things we click on or like, what our relationship status is, who employs us, and far more.

Most people don’t even know that Facebook keeps a list of our traits and interests. In a new survey from Pew Research Center that attempted to figure out how well people understand Facebook’s algorithm-driven classification systems and how they feel about Facebook’s collection of personal data, the majority of participants said they never knew about it until they took part in the survey.

Overall… 74% of Facebook users say they did not know that this list of their traits and interests existed until they were directed to their page as part of this study.

Once the participants were directed to the ad preferences page, most – 88% – found that the platform had generated material about them. More than half – 59% – said that the categories reflected their real-life interests. But 27% said that the categories were “not very” or “not at all” accurate in describing them.

Read more at https://nakedsecurity.sophos.com/2019/01/18/did-you-know-you-can-see-the-ad-boxes-facebook-sorts-us-into/

YouTube bans dangerous and harmful pranks and challenges

By Lisa Vaas

Driving while blindfolded is stupid. Ingesting laundry detergent pods is stupid. Asking your girlfriend to shoot you through an encyclopedia is stupid. And, in the case of Pedro Ruiz III, it’s lethal.

These are all so-called “pranks” that have been filmed and posted on YouTube. After reports of people getting hurt or even killed, YouTube has explicitly called it quits on the genre.

On Tuesday, Google announced that it had updated its dangerous challenges and pranks enforcement.

Specifically, Google updated its external guidelines to clarify that challenges like the Tide pod challenge, that’s when teens dare each other to bite into the laundry pods, which can and has led to poisoning, or the fire challenge which involves pouring flammable liquid onto your skin, then lighting it on fire, resulting in multiple cases of kids giving themselves second- and third-degree burns, “have no place on YouTube.”

Read more at https://nakedsecurity.sophos.com/2019/01/18/youtube-bans-dangerous-and-harmful-pranks-and-challenges/

Email crooks swindle woman out of $150K from home sale

By Lisa Vaas

In 2014, when Mireille Appert’s uncle died, he left her his house.

After four years of managing the house in Queensland, Australia from her own home in the US, she couldn’t afford it anymore.

As her uncle knew, she loves Australia, she told the Chronicle, but not the fees and the expensive intercontinental slogging:

I wasn’t able to afford a vacation home in Australia anymore. Flights, maintenance, rates, electricity. A lot of fees to pay, for not being able to enjoy my house as much as I wanted.

So Appert, 67, decided to sell. She got a local law firm, KF Solicitors, to help with the $148,554.11 sale. That was on 1 July 2018.

What followed was a flurry of back and forth emailing of legal documents, including Appert’s bank account details, which she says she sent… three times.

Six months later, she still hasn’t seen a dime of that money.

Unfortunately, somebody else has: it looks like it wound up in the pocket of an email fraudster who inserted themselves into the exchange and tricked Appert into sending an electronically signed PDF with her bank details. The scammer(s) apparently also convinced the solicitors to deposit Appert’s money into a purported “corporate” bank account that they controlled.

Read more at https://nakedsecurity.sophos.com/2019/01/17/email-crooks-swindle-woman-out-of-150k-from-home-sale/

Two charged with hacking company filings out of SEC’s EDGAR system

By Lisa Vaas

The Securities and Exchange Commission (SEC) on Tuesday indicted two Ukrainians for allegedly hacking its Electronic Data Gathering, Analysis and Retrieval (EDGAR) filing system and stealing corporate secrets from thousands of companies’ filings before they were made public.

The SEC also filed a civil complaint against a network of securities traders in the US, Ukraine and Russia with whom the hackers allegedly shared the hacked information and who allegedly used it to illegally profit by snapping up or selling off securities before the filings were public.

The 16-page indictment charges the alleged hackers – Artem Radchenko, 27, and Oleksandr Ieremenko, 26, both of Kiev, Ukraine – with securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud.

According to the US Attorney’s Office for the District of New Jersey, the two indicted men aren’t in custody. Nor are they believed to be in the US, the Washington Post reports.

According to the indictments, Radchenko, Ieremenko and others conspired to pry open the SEC’s EDGAR system, which is used by publicly traded companies to file required financial disclosures, such as annual and quarterly earnings reports. Those reports are full of information that can lead to profit for those who get their hands on them, including details about companies’ financial health, operations and earnings. Such information can and often does affect companies’ stock prices when it’s publicly disclosed.

Read more at https://nakedsecurity.sophos.com/2019/01/17/two-charged-with-hacking-company-filings-out-of-secs-edgar-system/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation