ICT Security-Sécurité PC et Internet

Yahoo has disclosed that more than one billion accounts may have been stolen from the company's systems in another cyberattack.

The company said in a statement Wednesday after the markets closed that unnamed attackers stole the accounts in August 2013, a little over a year prior to a previously disclosed attack in September, in which attackers stole around 500 million accounts in 2014.

But the company said it wasn't able to identify the intrusion associated with August breach.

The statement said that the hackers may have stolen names, email addresses, telephone numbers, hashed passwords (using the weak, easy to crack MD5 algorithm) dates of birth, and in some cases encrypted or unencrypted security questions and answers.

Yahoo said it has invalidated unencrypted security questions and answers so that they cannot be used to access affected accounts.

But payment card data and bank account information, stored in separate systems, are not thought to have been stolen in the attack.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Yahoo...

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cyberattacks

Im Netz kursiert eine gewaltige Menge an Zugangsdaten aus Raubzügen bei Yahoo, LinkedIn und Co. c't hat die Spur der Daten-Hehler verfolgt und einen Insider interviewt. Zudem liefert das Magazin Tipps, wie man sich vor Account-Missbrauch schützt.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=cybercrime

The web design platform Weebly was hacked in February, according to the data breach notification site LeakedSource. Usernames and passwords for more than 43 million accounts were taken in the breach, although the passwords are secured with the strong hashing algorithm bcrypt.

Weebly said in an email to customers that user IP addresses were also taken in the breach.

“We do not believe that any customer website has been improperly accessed,” Weebly said in the notice to users.” The company also said that it does not store credit card information, making fraudulent charges unlikely.

LeakedSource said it received the Weebly database from an anonymous source and notified Weebly of the breach. In addition to the customer notification emails, LeakedSource claims that password resets are being issued — but, if you’re a Weebly user and you don’t receive a password reset, you probably want to change your password anyway.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Die im Jahr 2012 von Hackern kopierte Dropbox-Datenbank ist online aufgetaucht. Die darin enthaltenen Passwörter sind zwar geschützt, etwa die Hälfte jedoch nur mit dem als nicht mehr sicher geltenden SHA1-Verfahren.

Der Sicherheitsforscher Thomas White hat 68 Millionen Passwort-Hashes von Dropbox-Nutzern veröffentlicht und stellt die Daten zum Download zur Verfügung. Unbekannte Angreifer haben die Passwörter Mitte 2012 abgezogen. Es ist davon auszugehen, dass die Daten echt sind.

E-Mail-Adresse plus Passwort-Hash
Alle Passwörter sind verschlüsselt. Rund bei der Hälfte greift das als sicher geltende Hash-Verfahren bcrypt. Beim Rest kommt ein einfacher SHA1-Hash mit Salt zum Einsatz. Diese Hashes lassen sich vergleichsweise schnell berechnen und Cracker könnten selbst gute Passwörter in überschaubarer Zeit knacken (siehe dazu Die Passwortknacker; Ein Blick hinter die Kulissen der Cracker).

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Dropbox

Do you have a Sky email account? There's potentially bad news - that service comes courtesy of Yahoo.

Here is what Sky is telling its customers:

At Sky, we take the security of our customers’ data and information extremely seriously.

You may have seen that overnight Yahoo! announced that a copy of certain user account information was stolen from its company’s network in late 2014. Yahoo! is the provider of sky.com email accounts.

If you are a sky.com email holder, in line with the advice provided by Yahoo!, we advise that you change your passwords online and follow good password management practices.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Yahoo...

Jetzt also auch bei Dropbox: Der Online-Speicherdienst hat zugegeben, dass ihm höchstwahrscheinlich im Jahr 2012 über 68 Millionen verschlüsselte Passwörter gestohlen wurden.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Dropbox

https://gustmees.wordpress.com/2013/06/23/ict-awareness-what-you-should-know/

Dropbox hack released password of more than 68 million accounts online

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Dropbox

Opera has confirmed that an unknown hacker managed to gain access to its Opera sync system, potentially compromising the data of about 1.7 million active users. In response to the breach of Opera's web sync feature, which allows users to synchronise their browser data and settings across multiple platforms, the company has issued a forced password reset for all Sync users.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet

MySpace’s turn

Well, it’s happened again.

This time, the breach is said to come from MySpace, and the number of passwords claimed is an eye-popping 427 million.

Apparently, there are only 360 million users on the list, but some accounts have more than one password listed, for reasons that aren’t explained.

Once again, the passwords allegedly exposed in this breach were simple, unsalted SHA-1 hashes, vulnerable to just the same sort of high-speed try ’em all attack as in the LinkedIn breach of 2012.

According to Leaked Source, lots of passwords have already been cracked, with the top 50 choices so far accounting for more than 6 million passwords, or 1.5% of the total.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Hundreds of millions of users put at risk after AdultFriendFinder and other sites suffer hack.

What has happened?

The AdultFriendFinder website appears to have been hacked, exposing the personal information of hundreds of millions of user accounts.

What is AdultFriendFinder?

I don’t want to be indelicate, so I’ll just tell you it’s strapline: “Hookup, Find Sex or Meet Someone Hot Now”.

Oh! So like Ashley Madison?

Yes, very much so. And we all know what a big story that was, how extortionists attempted to blackmail users, and how lives were damaged as a result. Fortunately, information about individuals’ sexual preferences do not appear to have been included in the exposed databases.

Still, it sounds nasty – and there clearly remains the potential for blackmail. Are there any .gov and .mil email addresses associated with the exposed accounts in this latest breach?

I’m afraid so. Of the 412 million accounts exposed on the breached sites, in 5,650 cases, .gov email addresses have been used to register accounts. The same goes for 78,301 .mil email addresses.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

IOT-BOTNETZE:
BSI fordert Zwangsänderung von Passwörtern
Die Hersteller vernetzter Geräte für das IoT sollen nach Ansicht des BSI höhere Sicherheitsstandards einhalten. Bei der Entwicklung dürfe nicht nur auf den Preis geachtet werden.
Nach wiederholten Denial-of-Service-Angriffen über Botnetze fordert das Bundesamt für Sicherheit in der Informationstechnik (BSI) höhere Sicherheitsstandards bei vernetzten Geräten. Der Angriff auf den Internet-Dienstleister Dyn "zeigt anschaulich, dass die Digitalisierung ohne Cyber-Sicherheit nicht erfolgreich sein wird", sagte BSI-Präsident Arne Schönbohm am Dienstag in Bonn. Hersteller von Netzwerkgeräten des sogenannten Internet of Things (IoT) sollten bei der Entwicklung neuer Produkte nicht nur auf funktionale und preisliche Aspekte achten, sondern notwendige Sicherheitsaspekte einbeziehen.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

As long as there is a demand for cheap IoT devices, there will be plenty of manufacturers happy to cut corners and put the internet community at risk.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Smart+Home

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

A former Yahoo executive familiar with the company's security believes the hack involves many more than 500 million accounts, as Yahoo claims.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Yahoo has confirmed that at least 500 million Yahoo accounts were put at risk by a data breach in 2014. Here is what you need to know, and what you need to do.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Yahoo...

Yes, hackers did manage to steal millions of account credentials back in 2012.
Make sure you have protected your account, and enabled two-step verification.

At the time, security commentators such as Brian Krebs, Troy Hunt and myselfurged internet users to be wary of the claims - as they had not been verified.

After all, it seemed possible that the data had been collected from heavily-reported mega breaches at Tumblr, LinkedIn and MySpace.

Now, however, Dropbox has confirmed to the media that a 5GB archive of files, containing the email addresses and hashed passwords for some 68,680,741 accounts, is genuine.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Dropbox

Durch die Vergabe von Standard-Passwörtern und Schwächen im firmeneigenen DDNS-Dienst waren Smart-Home-Systeme von Loxone über das Internet angreifbar. Auf Hinweis von c't dämmte der Hersteller das Problem stark ein; ein Restrisiko besteht aber weiterhin.

Smart-Home-Systeme des österreichischen Herstellers Loxone Electronics waren durch eine Sicherheitslücke leicht angreifbar. Dies berichtet c't in seiner kommenden Ausgabe 19/16, die am kommenden Freitag erscheint. Missbrauchspotenzial ergab sich demnach aus der Kombination aus einem Standard-Login (Benutzer: admin, Passwort: admin) und Schwächen im firmeneigenen DDNS-Dienst.

Besonders heikel ist die Sicherheitslücke, weil die Loxone-Anlagen nicht nur Sensoren und Aktoren aus den Bereichen Beleuchtung, Energie, Heizung und Kühlung, Rolladen und Audiosystemen ansteuern, sondern auch sicherheitskritische Komponenten wie Alarmanlagen, IP-Kameras und Zugangssysteme für Türen und Garagentore. Einem potenziellen Angreifer könnte es dadurch möglich sein, über angeschlossene IP-Kameras zu überprüfen, ob sich im Haus Personen befinden – und danach über das Web-Interface beispielsweise das Garagentor für einen gezielten Einbruch öffnen.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Smart+Home

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

If you're a user of online backup service Carbonite, you're getting a new password. Don't make it one you've used somewhere before.

Carbonite has released a statement telling users it's run a system-wide password reset in the face of a password-reuse attack.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Passwords

http://www.scoop.it/t/securite-pc-et-internet/?tag=CARBONITE

Password Day is a day for "taking our passwords to the next level" - here are five traditions the crooks really don't want us to start.