security

Russian Hackers Compromise 4.5 Billion Records

Hold Security had warned the media outlets that a gang of Russian hackers have gained access to 4.5 billion email addresses and passwords.

The Milwaukee based security firm estimates that 420,000 web and ftp sites, including some Fortune 500 company sites, have been compromised. But details on what specific websites were compromised were not released.

The New York Times have claimed to have had the information analyzed by a security expert not affiliated with the security firm who confirmed the authenticity of the database of stolen information. And The New York Times have also reported that some of the companies involved are aware of the situation.

Most of this information was gathered via a botnet, a collection of interconnected computers that have been infected with a virus that collects and forwards information to individuals who either sell it or use the information to send unsolicited commercial email or gain access to web sites and credit card information.

According to Hold Security the most vulnerable users are those that use a generic password on multiple sites, whose generic passwords can be used to gain access to sites that are not in the records.

They had found that out of the 4.5 billion records, only 1.2 billion had unique passwords so the firm suggest the use of more secure, unique passwords.

An individual password should not be used on multiple sites and a combination of letters (in upper and lower caps), numbers and special characters (punctuation, symbols, etc.) should be used to prevent predictability.

The use of a frequently updated anti-virus program also helps keep individual computers from being infected with viruses that keep track of the passwords used.

Security Flaw Found In IE

Microsofticon is currently working on fixing a bug that has been found in versions 6 to 11 of Internet Explorer and the United States Computer Emergency Readiness Team has issued a press release asking individuals to use alternative browsers until the bug is fixed :

Click here to download Firefox

Click here to download Chrome

Click here to download Opera

This bug is exploited by malicious web sites so IE users can continue to use their browsers by avoiding potentially dangerous sites. XP Users should use alternative browsers.

Bill S-4 – (The not quite) Digital Privacy Act ?

I had originally wanted to wait until the Privacy Commissioner of Canada released a report on Bill S-4 before commenting but decided that I should just go ahead and post something about this senate bill.

This bill was proposed to help in the cases of security breaches, to help control identity theft. But unfortunately it may also cause individuals to have their information given to third parties without their consent or knowledge.

“an organization may disclose personal information without the knowledge or consent of the individual if

(a) the disclosure is made to the other organization, the government institution or the part of a government institution that was notified of the breach under subsection (1); and

(b) the disclosure is made solely for the purposes of reducing the risk of harm to the individual that could result from the breach or mitigating that harm.” – Bill S-4, Section 10.2 (3)

Furthermore warrants may not be required under Bill C-13 and the costs associated to the infrastructure required to keep records of your online activities would be passed onto either consumers and/or taxpayers.

Are to believe this bill is meant to improve our situation ? We would be paying more for internet and give more private information to a government that was just hacked because of the Heartbeat Bug.

I think this bill needs to be re-written. And if you do too I think you should sign the Open Media petition on Privacy.

Thank you.

Important Message For PC Users

Microsofticon will be ending their support for XP on April 8th, 2014.

This means that you have a month to upgrade to retain support for your PC.

Their will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates for this operating system so upgrading to Windows 7icon or Windows 8icon is recommended.

Please note that an upgrade to Windows 8.1icon is provided free to those upgrading from XP or Vista to Windows 8icon and that file backups are recommended prior to upgrading.

Microsoft Store

Adobe Hacked

Adobe had been breached and have issued a consumer security alert.

Those of you with accounts at Adobe have probably received emails asking you to reset your password. You may also want to keep an eye out for Phishing attempts by fraudsters claiming to be Adobe and unusual activity on the credit cards you’ve used on Adobe. 

For additional details, consult the consumer security alert linked above.