Wednesday, August 19, 2015

You´ve got a Date with a hacker (one of the bad ones)

10 Gigabytes of data, user names, real names and surnames, 33 Millions of passwords and partial numbers of credit cards. Those are the big numbers of the “hack” suffered by Ashley Madison the dating web for married people. A “hack” which grows more important because it has also been a “leak”: somebody filtered this info into the “deep web”: This happens the same day a critical “zero-day” for Internet Explorer appears. Who gives the most?

The Canadian firm Avid Life Media is behind Ashley Madison and has labelled this episode as a “crimson act”. While in Ars Tecnica they get deeper on what happened and assure that the “hack” is not only real, but also “worst tan we thought”: it has been hacked and filtered even accounts from users who decides to erase their profiles, and PayPal accounts from the company executives. “Its not only a capture of the database, the infrastructure has been compromised in a big scale”, says the TrustedSec researcher Dave Kennedy in a post.

“Critical” means “all versions”

We have had scare enough today, because just a few hours ago Microsoft warned about a “zero-day” vulnerability for Internet Explorer, which could be is use by cybercriminals, by using webs vulnerable to malicious code. Microsoft assures it´s a critical failure, and when the Redmon Company uses thsi Word, it means “for all Explorer versions”, including 11, TripWire assures in an overview about this risk. The new browser which comes with Windows 10, Edge, would be safe.

Fraud soothsayers

Meanwhile the marketing responsible of Forter, William Zielke, warns in an interview on Forbes that the online fraud will duplicate all from the next October. Obviously, they don’t interview fortune tellers on the prestigious economic magazine, but it´s just common sense on the expert’s opinion: we talk about the setting up of the EMV (Europay - Mastercard - VISA) payment systems in EEUU, which includes fraud prevention and at the same time leaves the traders who don’t update their payments systems “unprotected”. “If there are more accessible victims, cyber thieves will chase them” Zielke says.

Are you in or out?

Since we have downed with the hack+leak of Ashley Madison, it’s very pertinent the analysis on Net-Security performed by Chris Stonelff, technical management VP in Lieberman Software, who gets straight to the point since the headline: “The insider against the outsider, ¿who possess the bigger risk against security? The opportunities and risks generated by insiders, like Snowden, versus the objectives and methods of the outsiders, like Impact Team, the group who supposedly have hacked Ashley Madison.


Post a Comment