Saturday, July 23, 2016

Who was behind the arrest of the well known torrent site kickass ?

Artem Vaulin, the alleged owner of the torrent directory service KickassTorrents, was arrested in Poland earlier this week, charged with copyright infringement and money laundering. As we dig deeper as to what exactly happened, it turns out Apple and Facebook were among the companies that handed over data to the U.S. in its investigation. Department of Homeland Security investigators traced IP addresses associated with KickassTorrents domains to a Canadian ISP, which turned over server data, including emails. At some point, investigators noticed that Vaulin had an Apple email account that was used to make iTunes purchases from two IP addresses -- both of which also accessed a Facebook account promoting KickassTorrents.if you're wondering where exactly iTunes came into play, here's a further explanation. It all started in November 2015, when an undercover IRS Special Agent reached out to a KickassTorrents representative about hosting an advertisement on the site. An agreement was made and the ad, which purportedly advertised a program to study in the United States, was to be placed on individual torrent listings for $300 per day. When it finally went live on March 14th 2016, a link appeared underneath the torrent download buttons for five days. Sure it was a short campaign, but it was enough to link KAT to a Latvian bank account, one that received $31 million in deposits -- mainly from advertising payments -- between August 2015 and March 2016. Upon further investigation of the email accounts, and corresponding reverse lookups, it was found that the account holder had made a purchase on iTunes.

A Safe Bet Verizon-Yahoo



Yahoo is set to be bought by Verizon
Why the telecom company is interested to invest in a Internet poortal ? Here is why
Why Yahoo Was Up For Sale?

Founded in 1995, Yahoo! was once the brightest star of the Web. But when its rivals including Google, Facebook and even few-years-old companies like Snapchat and WhatsApp have won over users, Yahoo! has not been able to maintain that glory.

Saturday, July 9, 2016

Cithack GoToMyPC Resets All Passwords Citrix

GoToMyPC, a service that helps people access and control their computers remotely over the Internet, is forcing all users to change their passwords, citing a spike in attacks that target people who re-use passwords across multiple sites.

Owned by Santa Clara, Calif. based networking giant Citrix, GoToMyPC is a popular software-as-a-service product that lets users access and control their PC or Mac from anywhere in the world. On June 19, the company posted a status update and began notifying users that a system-wide password update was underway.

“Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack,” reads the notice posted to status.gotomypc.com. “To protect you, the security team recommended that we reset all customer passwords immediately. Effective immediately, you will be required to reset your GoToMYPC password before you can login again. To reset your password please use your regular GoToMYPC login link.”

John Bennett, product line director at Citrix, said once the company learned about the attack it took immediate action. But contrary to previous published reports, there is no indication Citrix or its platforms have been compromised, he said.
“Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users,” Bennett wrote in an emailed statement. “At this time, the response includes a mandatory password reset for all GoToMyPC users. Citrix encourages customers to visit the  GoToMyPC status page to learn about enabling two-step verification, and to use strong passwords in order to keep accounts as safe as possible. ”

Citrix’s GoTo division also operates GoToAssist, which is geared toward technical support specialists, and GoToMeeting, a product marketed at businesses. The company said it has no indication that user accounts at other GoTo services were compromised, but assuming that’s true it’s likely because the attackers haven’t gotten around to trying yet.
It’s a fair bet that whoever perpetrated this attack had help from huge email and password lists recently leaked online from older breaches at LinkedIn, MySpace and Tumblr to name a few. Re-using passwords at multiple sites is a bad idea to begin with, but re-using your GoToMyPC remote administrator password at other sites seems like an exceptionally lousy idea.

 

Fake Passport Copy can hijack anyone's Facebook Account

BBC has the story. The confusion is that a scan of a passport is much easier to forge than an actual passport. This is a truly hard problem: how do you give people the ability to get back into their accounts after they've lost their credentials, while at the same time prohibiting hackers from using the same mechanism to hijack accounts? Demanding an easy-to-forge copy of a hard-to-forge document isn't a good solution.