News

It's all around the Internet, but I just found out. Some of the highlights that I found interesting are that the hackers (yes, they are of the malicious variety) apparently managed to compromise the entire thing: they downloaded all of Gawker's source code, found out they were running a Linux kernel that's over a year old, and have posted a database that supposedly includes the account information of anyone that has ever posted a comment to a Gawker Media website.

Oh, but it get a little bit worse - plenty of the Gawker Media staff use weak passwords, use the same password for many different accounts, and haven't encrypted the password database of its users - quite ironic, considering Lifehacker's wealth of password security and encryption tutorials.

The easiest way to find out more, at this point, it probably just to run a Google search for: gawker media hacked.

Summery:

Quote

A security research firm has discovered several security problems with PayPal’s iPhone app, warning that hackers can use man-in-the-middle attacks to steal sensitive user data.

Even though it has been reported fixed by PayPal, I am not so sure I would continue using the PayPal application on the iPhone. People may want to wait this one out, and make sure that it is okay to use.

Here is a blurb from the article:

Quote

According to an audit of the app by Chicago-based viaForensics, the vulnerability stems from the app’s failure to confirm the authenticity of PayPal’s website when communicating over the Internet.

Without that confirmation, a hacker could electronically step between a user and PayPal, pretend to be the PayPal website and gather usernames and passwords. The hacker would need to be in the same physical location as the user or have gained access to the same Wi-Fi network.

In practice, that could mean setting up a Wi-Fi hotspot in a location, such as a train station, and waiting for someone to use the network for a PayPal transaction on their iPhone app. It would be a fishing expedition, but the equipment and software needed is commonly available.

To read more, and find out more on this security issue, jump over to ZDNet and read the rest of the article.

According to TorrentFreak, many different torrent sites crashed on Saturday due to a hack to the Master Boot Records (MBR's) on many of the host servers. This caused many torrent users to seek other torrent sites for several hours due to the downtime. The host, Reality Check, made some comments to TorrentFreak regarding this issue.

Quote

“We are writing this letter to inform you that a very targeted malicious attack took place on our network this morning at 6AM EST. As a result, most of our server operating systems have been corrupted resulting in the current downtime,” the company wrote to the affected customers a few hours ago.

“We have access to all backups and have already figured out a strategy for bringing your servers back up, and have all hands on deck working to restore service,” Reality Check Network President Moisey Uretsky added.

Now interesting enough, they were unsure at first who was responsible for the large scale hack, and had a hunch that it was an anti-piracy organization, but found out later that it was a disgruntled ex-employee as stated here:

Quote

“It was the result of an ex-employee who was with us for three years as a result he had intimate knowledge of our systems which is why the effects are so large,” Uretsky wrote.

To read the complete article, jump on over to TorrentFreak