Hold Security had warned the media outlets that a gang of Russian hackers have gained access to 4.5 billion email addresses and passwords.
The Milwaukee based security firm estimates that 420,000 web and ftp sites, including some Fortune 500 company sites, have been compromised. But details on what specific websites were compromised were not released.
The New York Times have claimed to have had the information analyzed by a security expert not affiliated with the security firm who confirmed the authenticity of the database of stolen information. And The New York Times have also reported that some of the companies involved are aware of the situation.
Most of this information was gathered via a botnet, a collection of interconnected computers that have been infected with a virus that collects and forwards information to individuals who either sell it or use the information to send unsolicited commercial email or gain access to web sites and credit card information.
According to Hold Security the most vulnerable users are those that use a generic password on multiple sites, whose generic passwords can be used to gain access to sites that are not in the records.
They had found that out of the 4.5 billion records, only 1.2 billion had unique passwords so the firm suggest the use of more secure, unique passwords.
An individual password should not be used on multiple sites and a combination of letters (in upper and lower caps), numbers and special characters (punctuation, symbols, etc.) should be used to prevent predictability.
The use of a frequently updated anti-virus program also helps keep individual computers from being infected with viruses that keep track of the passwords used.
It’s Canada Day 2014 and most Canadians have probably noticed their email inboxes filling up with requests to confirm their subscriptions to several mailing lists.
This is of course because the new anti-spam legislation comes in effect today, restricting the sending of unsolicited emails to Canadians.
I’ve personally taken advantage of several offers to confirm my subscriptions in exchange for contest entries. But I have also used the opportunity to unsubscribe to the mailings lists I no longer read regularly and recommend that you do so as well, as soon as possible.
You should note that this legislation is not limited to commercial email but extends to “malware, spyware, address harvesting, and false or misleading representations involving the use of any means of telecommunications, short message services (SMS), social networking, websites, URLs and other locators, applications, blogs, Voice over Internet Protocol (VoIP), and any other current or future Internet and wireless telecommunication threats prohibited by Canada’s anti-spam legislation.”
You can also help stop some of this activity by securing your Wi-fi with a password and by updating your antivirus & firewall software regularly.
Microsoft is currently working on fixing a bug that has been found in versions 6 to 11 of Internet Explorer and the United States Computer Emergency Readiness Team has issued a press release asking individuals to use alternative browsers until the bug is fixed :
This bug is exploited by malicious web sites so IE users can continue to use their browsers by avoiding potentially dangerous sites. XP Users should use alternative browsers.
I had originally wanted to wait until the Privacy Commissioner of Canada released a report on Bill S-4 before commenting but decided that I should just go ahead and post something about this senate bill.
This bill was proposed to help in the cases of security breaches, to help control identity theft. But unfortunately it may also cause individuals to have their information given to third parties without their consent or knowledge.
“an organization may disclose personal information without the knowledge or consent of the individual if
(a) the disclosure is made to the other organization, the government institution or the part of a government institution that was notified of the breach under subsection (1); and
(b) the disclosure is made solely for the purposes of reducing the risk of harm to the individual that could result from the breach or mitigating that harm.” – Bill S-4, Section 10.2 (3)
Furthermore warrants may not be required under Bill C-13 and the costs associated to the infrastructure required to keep records of your online activities would be passed onto either consumers and/or taxpayers.
Are to believe this bill is meant to improve our situation ? We would be paying more for internet and give more private information to a government that was just hacked because of the Heartbeat Bug.
I think this bill needs to be re-written. And if you do too I think you should sign the Open Media petition on Privacy.
Microsoft will be ending their support for XP on April 8th, 2014.
This means that you have a month to upgrade to retain support for your PC.
Their will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates for this operating system so upgrading to Windows 7 or Windows 8 is recommended.
Adobe had been breached and have issued a consumer security alert.
Those of you with accounts at Adobe have probably received emails asking you to reset your password. You may also want to keep an eye out for Phishing attempts by fraudsters claiming to be Adobe and unusual activity on the credit cards you’ve used on Adobe.
For additional details, consult the consumer security alert linked above.