Hacking and more hacking ...

[RayDunzl]

It says that on our site???

8 on the page, yes. 15m is all sites visited historical block count total, for the year or more it's been running here.

I think it is the Facebook and Google +1 stuff at the bottom of the page (when I turn AdBlock off)

With AdBlock on, I don't see them at all:

 

[Sal1950]

8 on the page, yes. 15m is all sites visited historical block count total, for the year or more it's been running here.

I think it is the Facebook and Google +1 stuff at the bottom of the page (when I turn AdBlock off)

View attachment 2130

With AdBlock on, I don't see them at all:

View attachment 2131

You must have it set for the most aggressive blocking. I see those but adblock says 0 on this page?
Adblock is a God send. On my older laptop The Weather Channel had become almost unusable do to all the animated/video'd ads clogging my CPU. With Adblock it loads right up with "top" showing Chrome only using single digit CPU percentage usage. The general internet has become a mess with ads, popups, etc. I can only imagine the issues Windoz users deal with from malware, etc; unless their very savvy on how to protect themselves.

 

[Healthy]

Other than Google, Microsoft, and Amazon, I don't think there is any other site that you can trust to be safe. You should assume that your information is frequently exposed and be on guard that way.

Microsoft can't even keep its most valuable asset, the source code for its operating systems, out of the hands of hackers. There's no such thing as online safety.

 

[NorthSky]

Old news: https://www.thestar.com/business/20...ator-hacked-says-its-beefing-up-security.html

• http://www.securityweek.com/45-million-potentially-impacted-verticalscope-hack

And AVSForum is among those websites because VerticalScope is operating them.
Read the last part of that second link...about Microsoft.

It took few months for the news to be available. I find this story quite sad in the year we live in.
The first link above tells what has been compromised...this is serious.
Do you want to be part of a group run by an unsecured operator (VS)?

How large is that impact? Well, it is quite big from my living room's window.
In the last few days I had phone calls, emails and computers bizarre behaviors like never seen before, in addition to no more membership to some of my sites.
So, from now on I will spend more time @ my favorite forum, here @ ASR.

* VerticalScope is a Canadian corporartion from Toronto, Ontario, Canada → http://www.verticalscope.com/

 

[NorthSky]

This is what I got @ couple sites I frequent (I can no longer log in for the last three days):

|
Notice of Data Breach


You may have heard reports recently about a security issue involving VerticalScope. We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you.

What Happened?

On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online.

What Information Was Involved?

Community member usernames, email addresses, hashed passwords, community userIDS, community website, and the IP address the username originally registered with.

What We Are Doing

We are in the process of invalidating passwords of all VerticalScope user accounts. We have posted a site security notification on each site updating users on the potential risk to certain accounts, the password reset and steps we are implementing to improve security. We are in the process of implementing stronger password rules (passwords now require a minimum of 10+ characters and a mixture of upper- and lower-case letters, numbers and symbols) along with automated account password expiries to encourage more frequent password changes. We will remind our users to use good password practices (not using the same password for multiple online accounts and using unique strong passwords). We are in the process of implementing additional safeguards to detect, alert and mitigate any future brute force attempts, and have notified our third party vendors that interact with our various forum API's of the February breach to allow their own security teams to investigate. We are continuing our investigation and will be collecting information to provide to the appropriate law enforcement authorities.

VerticalScope is taking steps to strengthen account security. We were already using encrypted passwords and salted hashes to store passwords, and our new password controls are intended to further strengthen user security. We are taking steps to investigate and test new encryption and security technologies to further protect our users.

What You Can Do

To keep your account as safe as possible, we recommend that you regularly change your VerticalScope community password, and that you use a unique password for each of your online accounts. Using the same password for multiple online accounts significantly increases your chances of being compromised. Even though the passwords stolen in February were hashed, we recommend that if you were using (or are currently using) your VerticalScope community password across multiple online accounts, that you change your password for such other online accounts. We encourage you to regularly review your accounts and report any suspicious or unrecognized activity immediately.

For More Information

If you have any questions, please feel free to contact our Community Management team by email at [email protected] or on the website that you frequent. A support thread has been created on each website, and our support teams are on there to help you through the process and answer any questions you may have. |

 

[NorthSky]

Amir, what do you make of that? That sounds like a major breach of privacy with the potential of alarming consequences?
I asked you because of all the members here you are the most knowledgeable of the internet.

 

[NorthSky]

This one is from VerticalScope's own website (it also has few typos - can you spot them?):

|
Security Update

VerticalScope Forum Security Update

VerticalScope is aware of the possible issue and our internal security team has been investigating and we will be collecting information to provide to the appropriate law enforcement agencies. We believe that any potential breach is limited to usernames, userids, email addresses, ip addresses and encrypted passwords of our community users. In response to increased Internet awareness of security-related incidents, including potential incidents on our communities, as a precautionary security measure, we are implementing changes to strengthen our password policies and practicies across all of our communities, including:

- Resetting user passwords. Each community member is in the process of receiving a notification that they are required to reset their password befoer accessing their community accounts.

- Enhancing password rules to require strong passwords and periodic password expiraton. Acceptable passwords must have a minimum of 10+ characters a a mixture of upper- and lowercase letters, numbers and symbols. Additionally, our administrators and moderators will have a two-step password verification, and users will be reminded to use good "password hygiene" which means not using the same password for multiple online accounts and using unique strong passwords for each.

- Engaging certain third party vendors that provide desktop and mobile plug-ins and notifying them of the breach to allow their own security teams to investigate. While we run encrypted passwords and salted hashes to store passwords on our user accounts, our new password rules are intended to further strengthen user security. We are also taking steps to investigate and test new encryption and security technologies to allow us to further protect our users.

If you are a user of one of our communities, you will receive an email shortly to change your password. In addition, you can participate in the announcement threads on your forum if you have questions or need help changing your password. |
__________

This is not only a huge nuisance but also not handled diligently with the typos above. Who wrote that Security Update? Do they have a spelling corrector @ VerticalScope's corporate headquarters?

I counted four typos, did you see more?

I cannot log in @ two sites (few days now), and I have receive no emails, zero, after several requests.
And I've read that the way they are dealing with this issue (I cannot access those forum sections anymore, or I would have provided the info link), by sending emails to everyone with new passwords and their usernames, is the most unsecured way.
Is VerticalScope run by a bunch of ignorants? They don't have a solid security system in place? They cannot afford to hire the best people to protect their data?

And! Nobody seems to care because the news about it is almost non-existent!

So then, who cares? It's like no one really. I understand; there are other things in the world much more important than that...like children dying every single day because they have nothing to eat.

Anyway, now is a good time to buy gold.

 

[Don Hills]

I've received one email with a new password. It's from a vBulletin site.
I guess I'd better check that my email address is current at all the sites I frequent.

 

[NorthSky]

Don, if you have already received an email @ your email address, then you don't have to make sure that your email address is current.
Or unless you made a typo @ another site. If you frequent 1,000+ sites, I guess it should not take more than a month, when you have the time.
_________

Life is great, we live on a beautiful blue planet.

 

[cjf]

I asked you because of all the members here you are the most knowledgeable of the internet.

Hrrrmmm..I am beginning to form an opinion that of all the members here you yourself seem like....Um let's say...the most interesting

 

[NorthSky]

cjf, there are 166 members here. From that number Amir is the one I am aware of, who would be best positioned to put an objective handle on that.
Because not only he used to be an executive @ Microsoft but also he is one of the most calibrated in many audio/video technologies.
But mainly because of his expertise in the world of computers, Internet, etc.

My opinion on the man, I am not shy to say, is very high in regards and respect. His reputation is solid, the best, and all that excellent jazz.
And I'm very happy that Mike (Mivera) is back.

That hacking thing, the topic of this thread and not me, is certainly an interesting subject.
...Perhaps not as much as Britain and the UK and the Europe alliance, and Scotland and Ireland...still my main interest here.
More to the point; VerticalScope, and the proper security system, and the handling and the sharing.

If you look @ the first post of this thread you'll see that over 1,100 websites were affected with near 45 million people (people's accounts).
This ain't no small peanuts.

 

[amirm]

http://www.pcworld.com/article/3089...i-has-been-hacked-which-ceo-will-be-next.html

Michael Kan
IDG News Service

• Jun 27, 2016 12:34 PM

Google CEO Sundar Pichai has become the latest tech executive to have a social media account hacked, and the group responsible says more targets will follow.

On Sunday, a group of hackers calling themselves OurMine briefly took over Pichai’s account on Quora, a question-and-answer site.

"We are just testing your security,” the hackers wrote, with the same message auto-posted via Quora to Pichai’s Twitter account. On Monday, the posts had been deleted.

OurMine is the same group that hacked the social media accounts of Facebook CEO Mark Zuckerberg earlier this month, and they've claimed other victims too, including the CEO of Spotify and a prominent Amazon executive.

The hacks have been fairly innocuous so far, with no major repercussions or sensitive data stolen. But Silicon Valley types are likely wondering who'll be next.

In Zuckerberg's case, the hackers claimed to have broken in by finding his password, “dadada,” which was exposed in a breach at LinkedIn. In Pichai’s case, OurMine only said that “his security was really weak.” The group posted information about the hack on its website.

OurMine said via email that it would continue to hack the accounts of tech executives and celebrities. Last week, the group claimed to have taken over the Twitter accounts of movie star Channing Tatum and of Daniel Ek, the CEO of Spotify, and posted screenshots.

On Monday, the group hit the Twitter account of Amazon CTO Werner Vogels. In a tweet, Vogels said it was actually his Bitly account that had been compromised.

So far, it seems the hacks are more of a publicity stunt. The group has tweeted that users can upgrade their security by purchasing OurMine’s services.

For $100, the group claims it can improve the security of social media accounts. For $1,000, it will scan a website for vulnerabilities.

"We are just trying to tell everyone that nobody is safe!” OurMine said via email. Some accounts were broken into because of weak passwords, others because of some "vulnerability," the group added, without specifying. OurMine claimed to have made $18,400 so far selling its services.

 

[amirm]

Microsoft can't even keep its most valuable asset, the source code for its operating systems, out of the hands of hackers. There's no such thing as online safety.

The breach I am aware of back in mid 2000s, happened not at Microsoft, but one of the companies that licensed its source code. Maybe there is something newer, I don't know.

 

[NorthSky]

Nice one Amir, Google. These kids are pretty good.

Next; Dubai, Abu Dhabi, Saudi Arabia, North Korea, China, India, Russia, Japan, ...all their social mega media, their entertainment news centers.
Lol, the Internet is like a construction site where kids like to play before the buildings are completed. They never get completed because there are always renovations to be done.

Linkedin, Google, Facebook, Twitter, Instagram, Amazon, ...no one is exempt of hacking.
Lol, we love our Hollywood movies; distracting entertainment to keep our mind out of reality.
And we love our mega audio sound systems too (discos), for our listening pleasure and dance parties.
_______

Bonus (only because I mentioned construction site), and Alain Robert (Spiderman) is thinking about climbing it in 2020.

And fresh news (brand new today, same as Google's hacking) about Edward Snowden:
• http://www.nytimes.com/2016/06/28/w...cizes-big-brother-measure-in-russia.html?_r=0
_______

It's funny; because we are audio people who love listening to music, and watching TV and movies, some of us are true audiophiles, videophiles, music and movie lovers, audio/video scientists, acousticians experts, computers designers, programmers, company executives, directors, Hollywood actors and filmmakers, professional musicians, etc., and some of us we love sharing/learning on forums of the World Wide Web (WWW), and yet not one forum, website of the Internet cafe is impervious to hacking.

Do you know how funny it truly is? I'll tell you; no matter how big our cities and tall our skyscrapers are getting, no matter all the smartest mathematicians and scientists of all avenues of life, the astrophysicists, the astronomers, the super intelligence (AI icluded), etc., nobody can build a security system on the Internet with safe passwords and private information, including your blood type.
Every single day on the planet there are incalculable numbers of people who get hacked and with their privacy violated along with their credit card numbers.
And this, is only from hacking in the cyber world.

Yes, it is epidemic, just like in real life where injustice and corruption and crime is rampant and vast vast vast all over the globe.
Look @ India; the people who live from the dumping sites. Did you check?
Look @ many parts of our planet; people who don't consider women as equal to men.
Look right here in our own backyards, were discrimination and a bunch of other nasty stuff is making the news every single day.

Hacking is one thing, making typos another: http://www.telegraph.co.uk/business...d-up-millions-the-costliest-typos-in-history/

 

[cjf]

Anyone willing to bet that at some point we will see DNA based security being used for the ultra paranoid types and Govt agencies? Maybe even a combo of DNA and Alphanumeric based passwords for the schizophrenics

The usage scenario would be something like this:

Computer:::"Hello Mr/Mrs Fill in your name here"
Computer:::" To gain access, please spit/piss/bleed into the cup then enter your password"
Computer:::" Access Granted/Denied"

 

[NorthSky]

You are right; DNA fingerprint and iris recognition for top security.
To access anything; forums, shopping websites...amazon, to surf, to check emails, to interact with the Internet world on your private personal computer we would need to put our thumb on the screen and our eye in front of our camera so that only us have access and NO ONE ELSE can hack, crack, break-in, steal, ...etc., into our private business life.

But! If the shopping places (amazon, etc.), the audio/car forums, the social medias (Facebook, Twitter, ...), the web browsers (Firefox, EI, Google, ...), the banks, the financial institutions, the insurance companies, the health care system, the pension funds, the governments, the security protectors, ...etc., etc., etc. cannot even protect themselves, how can they protect us?

...And there is a lot of bad DNA on this planet. Plus, tactics to scare, tactics to blame others in order to not blame ourselves.

It amazes me that with all our advanced technological knowledge, hacking is just simple like that!
Hire the best hackers to write security programs, to create new ways to combat cyber crime.

There are two type of people in the world; the Windows people and the Apple people. Two operating systems running their own drums @ their own tandem.

Amazon get whacked, hacked, and cracked. Credit card numbers get stolen, privacy get violated, Google get hacked, no one is in the shade.
As for the two type of people, Windows and Apple; they aren't exempt either.
__________

* Last night I watched Eye in the Sky on Bu-ray. Early this morning I read the news around the world; Turkey, Istanbul airport.
The connection is eerie.

 

[cjf]

Well of all the types of Hacking and cracking taking place in the world the two that get most overlooked and tend to be the most sucessfull are those that exploit the Human aspect of security. Tactics incorporating things like "Social Engineering" and "Spear Phishing" use a clever and outside the box way of thinking to get around all the encryption, iron gates and barbed wire.

I can hear all the computers crying now....Damn Humans!!

 

[Thomas savage]

Well of all the types of Hacking and cracking taking place in the world the two that get most overlooked and tend to be the most sucessfull are those that exploit the Human aspect of security. Tactics incorporating things like "Social Engineering" and "Spear Phishing" use a clever and outside the box way of thinking to get around all the encryption, iron gates and barbed wire.

I can hear all the computers crying now....Damn Humans!!

Don't worry they will have the last laugh

 

[NorthSky]

♦ http://www.trendmicro.com/vinfo/us/...h?ClickID=dxzztrhzokwznxbxrk0myc0thzotr02smxh → Read on.
________

The Cost of Data Breaches

"The news of the breach broke out not long after a slew of social networking sites were reported to have become victims of year-old data breaches that have just been discovered and disclosed recently. At the onset of June, the Federal Bureau of Investigations (FBI) has issued a public service announcement aimed at warning the public of an onslaught of extortion schemes that came after known social sites have been breached. The scammers are leveraging the emergence of data dumped in the underground from LinkedIn, Tumblr, Fling, and even Myspace, sold at varying prices."

[Read: Spate of megabreaches result to extortion schemes]

"In Trend Micro’s research paper, Follow the Data: Dissecting Data Breaches and Debunking Myths, researchers highlight that the value of knowing the trail of data after it was stolen from the enterprise is as significant as determining who was affected by the breach and how they can recover.

Perpetrators behind every successful breach treat the database of its target as a goldmine as the amount of data that these databases house could easily translate to profit or could be used essentially as an ingredient in staging another attack.

In the recently disclosed data dump of stolen account information of LinkedIn members, a hacker with the monikerpeace_of_mind, or more commonly known as Peace, sold 117 million records containing both emails and passwords at a rate of 5 bitcoins or an amount totaling to 2,200 USD. For a cybercriminal with malicious intent, that is the price to pay to take over troves of sensitive information that could be used in other attacks. For a company, damages for breaches this big could translate to millions of losses."

____________________________ __________________________________

• 
• __________ _______________________________ ______________________________________

Those are just few sites ↑ (5) among 1,100 of them that have been hacked.
• http://www.verticalscope.com/technology/site-list.html

 

[NorthSky]

• https://en.wikipedia.org/wiki/Julian_Assange

Hacking
In 1987 Assange began hacking under the name Mendax.[11][23] He and two others—known as "Trax" and "Prime Suspect"—formed a hacking group they called the International Subversives.[11] During this time he hacked into the Pentagon and other U.S. Department of Defense facilities, MILNET, the U.S. Navy, NASA, and Australia's Overseas Telecommunications Commission; Citibank, Lockheed Martin, Motorola, Panasonic, and Xerox; and the Australian National University, La Trobe University, and Stanford University's SRI International.[24] He is thought to have been involved in the WANK (Worms Against Nuclear Killers) hack at NASA in 1989, but he does not acknowledge this.[25][26]

In September 1991 he was discovered hacking into the Melbourne master terminal of Nortel, a Canadian multinational telecommunications corporation.[11] The Australian Federal Police tapped Assange's phone line (he was using a modem), raided his home at the end of October,[27] and eventually charged him in 1994 with 31 counts of hacking and related crimes.[11] In December 1996, he pleaded guilty to 25 charges (the other six were dropped), was ordered to pay reparations of A$2,100 and released on a good behaviour bond,[25][28] avoiding a heavier penalty due to the perceived absence of malicious or mercenary intent and his disrupted childhood.[29][30][31][32] After the trial, Assange lived in Melbourne, where he survived on single-parent income support.[28]
_______

• https://en.wikipedia.org/wiki/WikiLeaks
_____

• https://www.theguardian.com/media/2...sh-more-hillary-clinton-emails-julian-assange
• http://heavy.com/news/2016/06/wikileaks-insurance-file-hillary-clinton-emails-when-released-what/
• https://wikileaks.org/spyfiles/
• https://www.theguardian.com/books/2014/sep/25/julian-assange-eric-schmidt-google-wikileaks

Assange said: “Compare the mission statements of Google and the NSA – the NSA, who literally say, ‘We want to collect all private information, pool it, store it, sort it, index it, and exploit it.’ Whereas Google says, ‘We want to collect all private information, pool it, store it, sort it, and sell those profiles to advertisers.’ Really, they’re almost identical.”

He said, “Every time you go to a party and take a picture and post that picture to Facebook, you’re being a rat. You’re being a narc.”

“People who use Google are the product,” he said.
_______

__________

_____________________