The 25 Worst Passwords of 2015 | Jan 26th, 2016 Password management company SplashData released its annual round-up of the worst passwords of 2015. The report is based on more than 2 million passwords that leaked online during the year. One trend the company found in 2015 is that while users are coming up with longer passwords, they are simple and not random. Here’s Splashdata’s complete list of the 25 worst passwords for 2015, with their ranking from 2014 in brackets: Top Passwords 2015 Shell 123456 (Unchanged) password (Unchanged) 12345678 (Up 1) qwerty (Up 1) 12345 (Down 2) 123456789 (Unchanged) football (Up 3) 1234 (Down 1) 1234567 (Up 2) baseball (Down 2) welcome (New) 1234567890 (New) abc123 (Up 1) 111111 (Up 1) 1qaz2wsx (New) dragon (Down 7) master (Up 2) monkey (Down 6) letmein (Down 6) login (New) princess (New) qwertyuiop (New) solo (New) passw0rd (New) starwars (New) 12345678910111213141516171819202122232425 123456 (Unchanged)password (Unchanged)12345678 (Up 1)qwerty (Up 1)12345 (Down 2)123456789 (Unchanged)football (Up 3)1234 (Down 1)1234567 (Up 2)baseball (Down 2)welcome (New)1234567890 (New)abc123 (Up 1)111111 (Up 1)1qaz2wsx (New)dragon (Down 7)master (Up 2)monkey (Down 6)letmein (Down 6)login (New)princess (New)qwertyuiop (New)solo (New)passw0rd (New)starwars (New) A Brief History of the Password Problem, Part 4: Worst Passwords of...

23,000 US government emails were dumped on the Dark Web and no one knows where they came from | Jun 15th, 2015 Last week the US Office of Personnel Management (OPM) owned up to being breached by hackers. No concrete facts have surfaced since, and the extent of the hack’s damage remains unclear. We just know it’s worse than anyone is willing to say. Now databases containing private federal-employee data are being dumped on the Dark Web. One such database includes over 23,000 government email addresses, reports Motherboard. So what’s going on here? The hacker behind the 23,000 .gov emails dump goes by the name of Ebolabad. He has taken credit for the huge OPM breach, posting in broken English “Is not China. Is me I am sell [sic] for highest bid.” Motherboard asked experts to analyze the data Ebolabad posted on the Dark Web forum, and they believed the names and addresses to be real. Another cybersecurity expert, however, told Business Insider that he does not believe Ebolabad’s data trove to be from the OPM. “To me, it would not make sense that this is from the same database,” said Dave Aitel, the CEO of cybersecurity company Immunity. “In particular, the database that the OPM had was a list of all the background information of the federal employees.” What was just posted for sale online, explained Aitel, included passwords. It doesn’t appear that the OPM had access to passwords. “That would,” Aitel went on, “indicate it’s from a forum or some other source.” What, then, should we think about the OPM breach? Even so, for the last week many have characterized the OPM hack as one of the biggest government data breaches to date. On Thursday, the American Federation of Government Employees sent out a letter blasting the OPM for its poor security posture. The letter said: Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the targeted database, and that the hackers...

Programmer Site GitHub Says It’s Victim of Service-Denial Attack | Mar 30th, 2015 (Bloomberg) — GitHub Inc., a U.S. website designed for computer programmers, has been under attack since Thursday in what may be an attempt by China to disrupt efforts to circumvent that country’s censorship policies. The San Francisco-based service, which helps programmers and tech companies share ideas for software development, has experienced its biggest-ever distributed denial of service attack, the company said on its website. “87 hours in, our mitigation is deflecting most attack traffic,” GitHub posted on its status blog shortly after 1 p.m. New York time on Sunday. “We’re aware of intermittent issues and continue to adapt our response.” About three hours later GitHub said its evolving tactics were improving performance. The Wall Street Journal, citing cybersecurity experts it didn’t identify, on Sunday reported the attack may have originated in China and routed overseas users of Baidu, China’s biggest search engine, to overwhelm two GitHub pages that linked to sites banned in China. Roland Dobbins, a senior computer-security analyst with Arbor Networks Inc., said in a telephone interview that the incident appears to be a so-called reflection attack in which traffic is redirected from other sites to overwhelm the victim. He said he doesn’t have any insight on who is behind it and that tracking down a culprit often is less important than a strong defense against the attacks. Those behind the assaults are “basically using other systems to attack” on their behalf, Dobbins...

How to Secure Mobile Messaging App Features | Mar 26th, 2015 When you send a text or MMS from your phone the normal way, you can’t control what happens to the information once it leaves your device. Wireless carriers are required to save messages for a certain length of time to assist authorities in criminal investigations. The recipient can save the message indefinitely, or send it to someone else without your knowledge or permission. That means those risqué photos, videos or texts you sent to your significant other could come back to haunt you in the future. There are web sites where people post pictures and messages of a private nature sent by their exes as a form of revenge. Relatively innocuous business-related messages could prove damaging if taken out of context later. Even if you don’t have a disgruntled ex or business partner, the recipient’s device could be lost or stolen, or their cloud accounts hacked. Several messaging and social media apps have sprung up in response to these security concerns. But how secure are they? Let’s examine the features you should look for in a messaging app that will keep your private messages under wraps. End-to-End Encryption Encryption uses a public and private key to encode and decode the messages. A secure messaging app should generate and store the keys on the user’s device, not on a server. The keys should only leave the device by action of the user, such as creating a backup or transmitting them to a new device. This means that even if a company is subpoenaed or required to deliver your private messages to the authorities, they technically cannot. In-Transit Encryption Encryption during transmission is important because these apps use a data connection instead of the phone connection. If you or the recipient is on WiFi, the messages could be intercepted and read by a third party. The app should also encrypt stored...

Advantage Dental of Redmond hacked; 151,000 patients affected | Mar 18th, 2015 REDMOND — A company with more than 30 dental clinics serving low-income people in Oregon says it’s been hacked, and the intruders got Social Security numbers and other personal information, but not treatment or financial data. Redmond-based Advantage Dental is notifying patients and paying for an identity-theft monitoring service, The Bulletin newspaper of Bend reported Tuesday. An intruder breached its internal membership database in late February and accessed information on more than 151,000 patients, said Jeff Dover, Advantage’s compliance manager. He said malware got a username and password from an employee’s computer for access to the membership database, which is separate from the database that contains financial and treatment information. The intruder accessed the information for three days beginning Feb. 23, and then Advantage workers detected the breach. All Advantage computers are equipped with anti-virus software, but sometimes software does not detect new variations of a virus, he said. “Unfortunately this happened,” he said. “What you can do is be as transparent as you can, take responsibility for it, learn from it and then move on.” No patients have reported the data being used for criminal activity. Dover said Advantage made security changes, including shutting off access to its internal patient database from computers that are not within Advantage clinics or its headquarters in Redmond. — The Associated...

How to Upgrade Kali Linux to Latest Version (1.1.*) | Mar 16th, 2015 Hello there, in this post I am going to write the upgrade procedures for Kali Linux to the latest version as I did in my lab environment. I would like to inform you that these steps may change according to your environment. In my case, I upgraded from 1.0.7 x64 version to 1.1.0 x64. Let us start; Backup the current apt source list file as follow. Kali Linux Shell cp /etc/apt/sources.list /etc/apt/sources.list.backup 1 cp /etc/apt/sources.list /etc/apt/sources.list.backup Open the current apt source list file with an editor (nano, pico, vi, vim etc.) (I use vim editor) as follow. Kali Linux Shell vim /etc/apt/sources.list 1 vim /etc/apt/sources.list Delete all lines in the source list, in other words, empty file content. Then add the following lines into the file (/etc/apt/sources.list) as shown. Kali Linux Shell deb http://http.kali.org/kali kali main non-free contrib deb http://security.kali.org/kali-security kali/updates main contrib non-free deb-src http://http.kali.org/kali kali main non-free contrib deb-src http://security.kali.org/kali-security kali/updates main contrib non-free 12345 deb http://http.kali.org/kali kali main non-free contribdeb http://security.kali.org/kali-security kali/updates main contrib non-free deb-src http://http.kali.org/kali kali main non-free contribdeb-src http://security.kali.org/kali-security kali/updates main contrib non-free Update the system and install kali-archive-keyring package by using apt-get or aptitude as follow. Kali Linux Shell apt-get update && apt-get install kali-archive-keyring 1 apt-get update && apt-get install kali-archive-keyring or Kali Linux Shell aptitude update && aptitude install kali-archive-keyring 1 aptitude update && aptitude install kali-archive-keyring Upgrade the system by using apt-get or aptitude as follow. It will take some time to fully upgrade the system. Kali Linux Shell apt-get dist-upgrade 1 apt-get dist-upgrade or Kali Linux Shell aptitude full-upgrade 1 aptitude full-upgrade After fully upgraded has been done successfully, you can check the new Kali Linux version as follow. Kali Linux Shell root@kali:~# lsb_release -a No LSB modules are available. Distributor ID: Kali Description: Kali GNU/Linux 1.1.0 Release: 1.1.0 Codename: moto 123456 root@kali:~# lsb_release -aNo LSB modules are available.Distributor ID: KaliDescription: Kali GNU/Linux 1.1.0Release:...

Data Recovery: Best Practices | Mar 12th, 2015 OVERVIEW Computer service centers encounter failed hard drives. Data recovery can be arevenue source, but it must be wisely and carefully done. Well-intentioned but ill-informed efforts and practices can reduce or even ruin the prospects for successful recovery, and they can even expose the provider to legal liability. As in medicine, the main precept of data recovery is “first, do no harm.” The purpose of this article is to share basic data recovery practices intended to minimize the chances of harming a drive during the initial diagnostic and imaging (or copying) phases of the data recovery process. The article will present general principles as well as specific examples. THE LEARNING CURVE Gaining expertise in data recovery is neither a quick nor easy process. There are many different drive makes and models; what works for one brand may not apply to another. Models from the same manufacturer can be markedly different in construction and operation. A huge amount of technical information and details must be absorbed and mastered to become even modestly adept. Hard drive manufacturers are frugal about releasing technical details of their products because they want to safeguard their intellectual property and trade secrets. Good drive diagnostic and firmware tools are expensive. Comprehensive training on how to use them is also generally expensive, when available. Most third-party data recovery training classes provide only a cursory introduction; there is no substitute for hours of hands-on experience. Although much of what data recovery technicians learn and use comes from trial and error, it is important not to get one’s education at the client’s expense. We receive a lot of drives that have been worked on by other technicians. A fair number of those have been damaged or ruined – along with the chances of recovery – by mistake. Incorporating a set of best practices for hard drive data recovery can improve the...

18,000 HMSA members’ information hacked | Feb 26th, 2015 At least 18,000 Hawaii Medical Services Association members may have had their personal information accessed in a cyber attack on the Anthem Inc. A post on the HMSA website says users who received services from Anthem over the last 10 years could have had their information accessed. The number of affected members could be as high as 20,000 as the organization processes 2,000 unknown names. The information that may have been compromised includes names, dates of birth, cities of residence, and part of the membership number. HMSA will be sending letters to affected members over the next few...

BadUSB attack and the Industrial control systems | Feb 23rd, 2015 Industrial control systems are in danger of being hacked by using a modified version of the BadUSB attack says Michael Toecker in his presentation at the Security Analyst Summit 2015 in Cancun. Not that long ago, BadUSB swept across the cybersecurity community as one of the hottest hacks of the year. BadUSB featured the ability to modify the firmware of USB controller chips of many USB devices, with focus mainly on USB flash drives. Of course, a plethora of other devices, including webcams, USB keyboards, touchpads, etc., can potentially be compromised in much the same way. Once the device is infected with the malicious code, there is practically no way to find out or to remove it – making it a perfect tool for APT groups. Now, a new threat has emerged – consider it to be a BadUSB attack for industrial control systems (ICS). Michael Toecker of Context Industrial Security proposed just that at the Security Analyst Summit 2015. In his talk, Toecker proposed how such an attack might be carried out. At this point, the attack is only theoretical, but there is no valid reason to believe it cannot be executed. He proposed that the USB-to-serial converters that are being used to connect to the older critical hardware can have their firmware reprogrammed and can be abused to manipulate the ICS gear. “Engineers trust these [serial] connections more than Ethernet in ICS; if they have a choice, they pick serial vs Ethernet, because they trust that,” says Toecker. “What engineers don’t see is that bump in the wire that could be programmed maliciously, Telnet over two wires. That’s what I thought of when I heard about BadUSB.” Toecker tested his theory on 20 different USB-to-serial converters that he purchased online. He disassembled each one to examine what chips they use and whether these are reprogrammable. To his...

Shodan Founder finds 250,000 routers sharing same SSH keys | Feb 23rd, 2015 The Founder of Shodan John Matherly was revamping the SSH banner when discovered a large number of devices that share same SSH keys. The Founder of Shodan, John Matherly, has conducted in December 2014 a personal research discovering that more than 250,000 routers used in Spain and deployed by Telefonica de Espana, and thousands more used in other countries worldwide are using the same SSH keys Matherly was revamping the SSH banner and collecting the fingerprint, when he observed that a few SSH keys were used by several devices. For example, the following SSH fingerprint is used by 250,000 routers. dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0 1 dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0   Matherly explained that the routers appear to be sold by Telefónica de España, the devices come pre-configured with the same operating system image. The expert highlighted that a small percentage of routers configured to allow a remote access may be vulnerable to cyber attack because share the same SSH private key. “It looks like all devices with the fingerprint are Dropbear SSH instances that have been deployed by Telefónica de España,” Matherly wrote in a blog post. “It appears that some of their networking equipment comes setup with SSH by default, and the manufacturer decided to re-use the same operating system image across all devices.” Matherly discovered other similar cases, separate batches of 200,000 and 150,000 devices were using the same SSH keys. “The next duplicated fingerprint on the list comes in at around 200,000 devices, followed by another one used by 150,000 devices. By analyzing the facets it’s easy to get a picture of systemic issues that plague both hardware manufacturers as well as ISPs/ hosting providers.” continues the post. Matherly has published on GitHub the list of unique fingerprints discovered in his analysis with Python script that he used to discover the duplicate SSL serial numbers. https://gist.github.com/achillean/07f7f1e6b0e6e113a33c The Reddit user cybergibbons run a similar analysis in UK discovering a block of shared fingerprints....