Tag Archives: hacker

Avira

LastPass Has Been Breached: Change Your Master Password Now

Leave a comment

Luckily no passwords were actually stolen in the attack on LastPass last Friday, according to the Company’s Blog: “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.” Nonetheless account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

Because of that everyone using the LastPass service will receive a mail, prompting them to reset their master password, according to the blog entry. On top of that the company will also require users who log in from a new device or IP address to verify their ID via mail if multifactor authentication is not enabled for the specific account.

Considering your stored passwords the blog says: “Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.”

So apparently there is no need to change every password you have stored with them. You can if you are really really concered for your accounts, but according to LastPass there is no need for it. Just make sure none of the other passwords you use is the same as the master password of your LastPass account.

The post LastPass Has Been Breached: Change Your Master Password Now appeared first on Avira Blog.

Avira

OPM: Are Personnel Records of All Fed Workers Exposed?

Leave a comment

Two weeks ago OPM, the US Office of Personnel Management got hacked and the information of 4 million federal government workers was exposed. This is of course, horrible. But it’s not all: On Friday we learned that the issue at hand was huge and much bigger than everyone believed at first.

As can be read in a letter to OPM Director Karen Archuletta, David Cox, the president of the  American Federation of Government Employees, believes that “based on the sketchy information OPM has provided, the Central Personnel Data Files was the targeted database, and the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees.”

Cox goes on and says that the thinks the hackers have the Social Security number, military records and even veterans status’ information of every affected person. Addresses, birth dates, job and pay histories, health and life insurances and pension information, age, gender, and almost everything else you’d never want anyone else to know are included on his list as well.

Sounds bad? It’s not all. The letter states: “Worst, we believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous.”

I bet they now wish that “only” 4 million records got stolen … :(

The post OPM: Are Personnel Records of All Fed Workers Exposed? appeared first on Avira Blog.

Avira

OPM Data Breach: Data of 4 Million Federal Workers Exposed

Leave a comment

According to the official news release, hackers managed to breach the Office of Personnel Management (OPM). With the information of 4 million federal government workers exposed, it is one of the biggest in the federal government’s history. The hack was discovered because “within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks”.

In order to determine the full impact the OPM is now investigating the issue together with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI).

In their statement the agency wrote: “Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.”

Sounds all good, but who is to blame? According to The Washington Post and the Wall Street Journal the hackers might have been Chinese, a link that China’s Foreign Ministry Spokesman calls “irresponsible”.

The post OPM Data Breach: Data of 4 Million Federal Workers Exposed appeared first on Avira Blog.

Avira

Popular Free VPN Hola Sells Users Bandwidth for Botnets

Leave a comment

Sounds good, right? Especially in times when you just want to access Netflix U.S. for this one show but can’t because of licensing restrictions; or when everyone might be spying on you. Yes, now is the perfect time for a VPN (Virtual Private Network). Normally you have to pay for the service though. And that’s where Hola comes into play. Hola is a free Chome browser plugin and according to the ratings left on its’ Chrome page VERY popular.

So how come a service like this can afford to stay free? It’s pretty simple really: they sell your bandwidth. “When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this,” says Fredrick Brennan, the operator of 8chan in a note on his site.  He continues:  “Hola has gotten greedy. They recently (late 2014) realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet (right now, for HTTP requests only) at https://luminati.io. […] An attacker used the Luminati network to send thousands of legitimate-looking POST requests to 8chan’s post.php in 30 seconds, representing a 100x spike over peak traffic and crashing PHP-FPM.”

This is definitely not cool, but what does it mean for you? Well, if you are using Hola your connection will be used by other users to access pages in your country that are blocked for their IP but are available with yours. This is perhaps annoying, but not all that bad. But what of you IP might be one of those that get abused by people to perform illegal acts online?

Now is probably the best time to rethink using this specific free service.

The post Popular Free VPN Hola Sells Users Bandwidth for Botnets appeared first on Avira Blog.

Avira

Banned From the Internet: The Life of an Ex-Hacker

Leave a comment

Higinio Ochoa, a former hacker who went by the name “wOrmer” when online, talks about it on Reply All. He recounts how he got the ultimate punishment for his crime: “I’m not to touch any computer, smartphone or device that has internet connectivity. That would be against my rules.”

Just imagine how hard it would be for you to not be allowed and use the internet. It’s everywhere nowadays – you shop online, you chat with your friends and family online, you sometimes even have a job that requires you to be online all the time!

Ochoa is a programmer, which means he still works with computers. Not being allowed on the internet makes this job pretty weird though: He codes from his home in Austin, but in order to get whatever he did to his boss, he has to actually print and mail it because he is – of course – not allowed to use an email program.

Find out more about how Ochoa lives without the net in the digital age in this article on Digg or listen to the Reply All podcast over here. He also talks about what he did to get arrested and his first computer experience.

The post Banned From the Internet: The Life of an Ex-Hacker appeared first on Avira Blog.