#AceSecurityNews – Russia’s email site Rambler.ru has been breached and 98-million users login details and passwords stolen and being sold online after it was revealed there was NO ENCRYPTION OR HASHING applied but they were just stored on the server in plain text – @AceNewsServices

#AceNewsReport – Sept.07: Russian site ‘hit by huge data breach’_91041872_thinkstockphotos-494914784.jpgLogin names and passwords for more than 98 million users of the Russian Rambler.ru email service have been stolen and put online.

The data included email addresses and passwords that had been stored without any protection, a security firm said.

Leaked Source said the massive cache of credentials dated from 2012 but had only now been leaked and put online.

And it had come from a hacker who had supplied security firms with 43 million user names from music service Last.fm.

Rambler has been described as the Russian equivalent of Yahoo as it offers email services as well as acting as a news and content hub for its users.

Leaked Source broke the news about the breach and said it had verified some of the data with the help of Russian journalists.
Rambler.ru has not responded to requests for comment on the breach.

Leaked Source said passwords associated with login names had been stored with “no encryption or hashing“. Instead, it said, they had been listed in plain text.

Analysis of the long list of passwords showed that “asdasd” was the most popular string, used by more than 723,000 people, it said.

The second most popular password among the 98 million users was “asdasd123“.

In June this year, details of more than 100 million users of the Russian VK.com service were shared online.

Copies of the long list of login names and passwords was offered online at a price of 1 bitcoin (£456).

Editors Notes:

I would remind you that this blog is produced free for the public good and you are welcome to republish or re-use this article or any other material freely anywhere without requesting further permission.

News & Views welcome always published as long as NO bad language or is not related to subject matter.

To keep online information secure, experts recommend keeping your social media accounts private, changing your passwords often, and never answering unsolicited emails or phone calls asking for your personal information. Need help and guidance visit https://acepchelp.wordpress.com and leave a comment or send a private message on Telegram @Aceone31

Ace News Services Site Links Listed Here:

AceTweet This News

#acesecuritynews

#AceSecurityNews – Ahmed Mansoor’s iPhone promised to reveal details about torture in the United Arab Emirates’ prisons. All Mansoor had to do was click the link – @AceNewsServices

#AceNewsReport – Aug.28: Apple tackles iPhone one-tap spyware flaws_90932747_eb00416d-0f27-40e7-9192-cf6afd41fa72.jpgThree flaws in Apple’s iOS operating system are found that meant spyware could be installed with a single tap.

The discovery was made after a human rights lawyer alerted security researchers to unsolicited text messages he had received.

They discovered three previously unknown flaws within Apple’s code.
Apple has since released a software update that addresses the problem.

The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.

Apple issues iPhone security update after spyware discovery

iphone-spyware.jpg

The suspicious text message that appeared on Ahmed Mansoor’s iPhone promised to reveal details about torture in the United Arab Emirates’ prisons. All Mansoor had to do was click the link.

Editors Notes:

I would remind you that this blog is produced free for the public good and you are welcome to republish or re-use this article or any other material freely anywhere without requesting further permission.

News & Views welcome always published as long as NO bad language or is not related to subject matter.

To keep online information secure, experts recommend keeping your social media accounts private, changing your passwords often, and never answering unsolicited emails or phone calls asking for your personal information. Need help and guidance visit https://acepchelp.wordpress.com and leave a comment or send a private message on Telegram @Aceone31

Ace News Services Site Links Listed Here:

AceTweet This News

#acesecuritynews

#AceSecurityNews REPORT: EU Wants your ‘ Private Data ‘ and they intend to get it with is plans to extend telecom rules covering security and confidentiality allowing web services and social media companies such as Google and Facebook to make money out of your data and to prevent encryption – @AceNewsServices

#AceNewsReport – Aug.16:.EU plans to extend some telecom rules to web-based providers

EU is planning to extend telecom rules covering security and confidentiality of communications to web services such as Microsoft’s Skype and Facebook’s WhatsApp which could restrict how they use encryption

The rules currently only apply to telecoms providers such as Vodafone and Orange.

According to an internal European Commission document seen by Reuters, the EU executive wants to extend some of the rules to web companies offering calls and messages over the Internet.

Telecoms companies have long complained that web groups such as Alphabet Inc’s Google, Microsoft and Facebook are more lightly regulated despite offering similar services and have called for the EU’s telecoms-specific rules to be repealed.

They have also said that companies such as Google and Facebook can make money from the use of customer data.

Unlike telcos, OTT (web-based) are global players that are allowed to commercially exploit the traffic data and the location data they collect,” telecoms group Orange said in a response to the EU’s public consultation on the reform proposals.

Under the existing “ePrivacy Directive”, Public Consultation on the Evaluation and Review of the ePrivacy Directive | Digital Single Market https://duckduckgo.com/?q=existing%20%22ePrivacy%20Directive%22, telecoms operators have to protect users’ communications and ensure the security of their networks and may not keep customers’ location and traffic data.

The EU rules also allow national governments to restrict the right to confidentiality for national security and law enforcement purposes.

Many tech companies such as Facebook and Google already offer end-to-end encryption on their messaging and email services.

They argue there is no need to extend the telecoms rules to web services and that the EU should not dictate how they protect their users’ communications.

Facebook, which uses full-scale encryption on WhatsApp, said in its response to the Commission’s public consultation that extending the rules to online messaging services would mean they could in effect “no longer be able to guarantee the security and confidentiality of the communication through encryption” because governments would have the option of restricting the confidentiality right for national security purposes.

Proposed changes in 2017 … Commission to propose reform of ePrivacy directive in 2017 – EurActiv.com

https://duckduckgo.com/?q=ePrivacy%20Directive%22,

Editors Notes:

I would remind you that this blog is produced free for the public good and you are welcome to republish or re-use this article or any other material freely anywhere without requesting further permission.

News & Views welcome always published as long as NO bad language or is not related to subject matter.

To keep online information secure, experts recommend keeping your social media accounts private, changing your passwords often, and never answering unsolicited emails or phone calls asking for your personal information. Need help and guidance visit https://acepchelp.wordpress.com and leave a comment or send a private message on Telegram @Aceone31

Ace News Services Site Links Listed Here:

AceTweet This News

#acesecuritynews

` Joint Investigations are Under-Way in US States Over Alleged Cyber-Attacks and Ebays Security Practices '

#AceSecurityNews – UNITED STATES – May 23 – Several U.S. states, including Connecticut, Florida, and Illinois, are jointly leading an investigation into eBay’s security practices, following eBay’s reveal this week of a massive cyber-attack which the company says compromised a large number of users’ personal information.


Courtesy of LoopNews

Though eBay claims that financial data, which was stored separately, was not acquired during this breach, these U.S. States Attorney Generals’ offices are taking the matter seriously after a series of high-profile attacks at retailers like Target, Neiman Marcus and Michael’s have left U.S. consumers vulnerable to identity theft.

#ans2014, #connecticut, #ebay, #florida, #illinois, #united-states

` NSA Records Almost All Domestic and International Phone Calls in Afghanistan ‘

#AceSecurityNews – NSA – May 23 – The NSA records almost all domestic and international phone calls in Afghanistan, similar to what it does in the Bahamas, WikiLeaks’ Julian Assange said.

Reports in the Washington Post and the Intercept had previously reported that domestic and international phone calls from two or more target states had been recorded and stored in mass as of 2013.

Both publications censored the name of one victim country at the request of the US government, which the Intercept referred to as ‘Country X’.

Assange says he cannot disclose how WikiLeaks confirmed the identity of the victim state for the sake of source protection, though the claim can be “independently verified” via means of “forensic scrutiny of imperfectly applied censorship on related documents released to date and correlations with other NSA programs.”


This is not the first time it has been revealed mass surveillance was being conducted on Afghanistan by the NSA. According to a book released by Der Spiegel entitled ‘Der NSA Komplex’, a program called ACIDWASH collects 30-40 million telephony metadata records per day from Afghanistan. ACIDWASH has been identified as being part of the MYSTIC program.

WikiLeaks cannot be complicit in the censorship of victim state X. The country in question is #Afghanistan. https://t.co/vWwU4DJw0I#afpak
— WikiLeaks (@wikileaks) May 23, 2014
The Intercept, which Glenn Greenwald, who first broke the Edward Snowden revelations helped to found, had earlier named the Bahamas as having their mobile calls recorded and stored by a powerful National Security Agency (NSA) program called SOMALGET.

SOMALGET is part of a broader NSA program called MYSTIC, which the the NSA is using to gather metadata – including the numbers dialled and the time and duration of the calls – from phone calls in the Bahamas, Mexico, Kenya and the Philippines. SOMALGET by its nature is far more controversial, however, as it stores actual phone conversations for up to 30 days.

WikiLeaks initially opted not to reveal the name of ‘Country X’ as they were led to believe it could “lead to deaths” by Greenwald. WikiLeaks later accused The Intercept and its parent company First Look Media of censorship, saying they would go ahead and publish the name of the NSA-targeted country.

“We do not believe it is the place of media to ‘aid and abet’ a state in escaping detection and prosecution for a serious crime against a population,” Assange said in the statement.

Read More at: RT – 23/05/2104 – http://tinyurl.com/paehpu9

#ANS2014

#bahamas, #kenya, #mexico, #nsa, #philippines, #wikileaks

` Anti-Secrecy Group WikiLeaks Plans to Publish Name of Country Targeted by NSA ‘

#AceSecurityNewsUNITED STATES – May 21  – Despite warnings that doing so “could lead to increased violence” and potentially deaths, anti-secrecy group WikiLeaks says it plans to publish the name of a country targeted by a massive United States surveillance operation.

Wikileaks and Intercept

On Monday this week, journalists at The Intercept published a report based off of leaked US National Security Agency documents supplied by former contractor Edward Snowden which suggested that the NSA has collected in bulk the contents of all phone conversations made or received in two countries abroad. 

Only one of those nations, however — the Bahamas — was named by The Intercept. The other, journalists Ryan Devereaux, Glenn Greenwald and Laura Poitras wrote this week, was withheld as a result of “credible concerns that doing so could lead to increased violence.”

WikiLeaks has since accused The Intercept and its parent company First Look Media of censorship and says they will publish the identity of the country if the name remains redacted in the original article. The Intercept’s Greenwald fired back over Twitter, though, and said his outlet chose to publish more details than the Washington Post, where journalists previously reported on a related call collection program but chose to redact more thoroughly. 

“We condemn Firstlook for following the Washington Post into censoring the mass interception of an entire nation,” WikiLeaks tweeted on Monday.

“It is not the place of Firstlook or the Washington Post to deny the rights of an entire people to know they are being mass recorded,” WikiLeaks added. “It is not the place of Firstlook or WaPo to decide how people will [choose] to act against mass breaches of their rights by the United States.”

When Greenwald defended his decision to publish the names of four countries where telephony metadata is collected by the NSA but withhold a fifth where content is recorded as well, WikiLeaks said it could be interpreted as meaning that the unknown country doesn’t deserve to know they’re being surveilled, but Greenwald said

The Intercept was “very convinced” it could lead to deaths.

Later, WikiLeaks equated this as an act of racism.

But as the conversation escalated, the WikiLeaks Twitter announced it would disclose the nation’s identify if The Intercept did not, despite requests from the US government to leave that information redact over fears of what the response could be. 

When has true published information harmed innocents?” WikiLeaks asked.“To repeat this false Pentagon talking point is to hurt all publishers.” 

 

“We will reveal the name of the censored country whose population is being mass recorded in 72 hours,” WikiLeaks wrote at 6:35 p.m. EST Tuesday evening.

If the organization intends to uphold that promise, that the identity of the country could be revealed before the weekend. 

Read More at: RT

#ANS2014 

Enhanced by Zemanta

#edward-snowden, #bahamas, #glenn-greenwald, #laura-poitras, #twitter, #united-states, #washington-post, #wikileaks

` Google Must Comply with European Laws on Privacy by Amending Search Results ‘

#AceSecurityNews – EU COURT Of JUSTICE – May 13 – Google must comply with the European laws on privacy and amend some search results, a top EU court ruled on Tuesday, May 13.

English: Google Logo officially released on Ma...

English: Google Logo officially released on May 2010 (Photo credit: Wikipedia)

The European Union Court of Justice said that ordinary people can ask Google to remove some sensitive, irrelevant or outdated information from Internet search results.

Earlier, the search engine stated that it does not control search results and bears no responsibility for personal data that is “in open access”. The responsibility lies with the owner of the website that provides the information, and Google merely presents the user with a link.

The case was brought by a Spanish man who complained that an auction notice of his home that could be found on Google infringed upon his privacy.

Around 180 similar complaints have been filed in Spain.

#ANS2014

Enhanced by Zemanta

#do-not-track-policy, #european-union, #european-union-court-of-justice, #personally-identifiable-information, #spain, #spanish-language, #web-search-engine