Bits from Bill
February 02, 2013
Updating your Twitter Password Isn’t Enough

Today, the public news report is that information from approximately 250,000 Twitter accounts was stolen. Twitter has taken action but I recommend you do more than just change your password. Even if you don’t use Twitter this attack may still affect you.

Continued reading: http://billpstudios.blogspot.com/2013/02/updating-your-twitter-password-isnt.html


LinkedIn Hack

by certifiedbug on June 8, 2012

in Internet Security

ESET Threat Blog

Several people have notified us that they received emails today asking them to confirm their LinkedIn email addresses and we have determined that these are a scam. We are investigating the exact details but in the meantime please DO NOT CLICK on links in email to change or verify account information, at LinkedIn.com or on any other membership site. Instead, navigate to the site directly by typing in the address bar in your browser.


Please don’t use the same password at every site, create passwords unique to each one and don’t make your password “password”.

Yes people do that…




Hot on the web it is being reported that 6.5 million encrypted LinkedIn passwords were dumped onto a Russian hacker forum.

“Sophos researchers have confirmed that the file does contain, at least in part, LinkedIn passwords.”

More than 200,000 of these passwords have reportedly been cracked so far. The file only contains passwords hashed using the SHA-1 algorithm and does not include user names or any other data, security researchers say. However, the breach is so serious that security professionals are advising people to change their LinkedIn passwords immediately.


If you use this service change your LinkedIn password immediately, make it strong and use a different password at every site.


Bad week for LinkedIn.

LinkedOut – A LinkedIn Privacy Issue

LinkedIn’s mobile application has an interesting feature that allows users to view their iOS calendars within the app. However, it turns out that LinkedIn have decided to send detailed calendar entries of users to their servers. The app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcodes. If you have decided to opt-in to this calendar feature in iPhone, LinkedIn will automatically receive your calendar entries and will continue doing so every-time you open your LinkedIn app.



An Update on LinkedIn Member Passwords Compromised
Vicente Silveira, June 6, 2012

We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts: Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.



Zappos hack exposes personal information

by certifiedbug on January 16, 2012

in Internet Security

Beta News
By Ed Oswald

Data on up to 24 million customers of online shoe retailer Zappos was compromised according to an email sent by its CEO Tony Hsieh on Sunday. While Hsieh says that full credit card information is safe, hackers may have the last four digits of the cards.

Hackers accessed names, email addresses, physical addresses, and phone numbers. Passwords were also compromised, however in encrypted form. As a result, the company sent out an email to all its customers, advising them to change their passwords as a protective measure. Zappos is also asking customers to reset their passwords elsewhere where it may be the same.



DigiNotar SSL Certificate Hack

September 1, 2011

Microsoft Security Advisory (2607712) Fraudulent Digital Certificates Could Allow Spoofing Published: August 29, 2011 | Updated: August 29, 2011 Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows. Although this is not a […]

Read the full article →

WordPress warns of trojaned plugins

June 23, 2011

WordPress News June 21, 2011 Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked […]

Read the full article →

iTunes hack

June 9, 2011

Betanews iTunes hack goes global, new affected games identified With Apple all but silent on the issue, it has been difficult to determine what may be the source of the problem. However, with the quantity of reports received now numbering over three dozen, a pattern has emerged: every game targeted is a free download, and […]

Read the full article →

Epsilon Breach

April 5, 2011

No April Fools Day joke, on Friday Dallas based on-line marketing firm Epsilon said that its system had been breached. Epsilon Notifies Clients of Unauthorized Entry into Email System IRVING, TEXAS – April 1, 2011 – On March 30th, an incident was detected where a subset* of Epsilon clients’ customer data were exposed by an […]

Read the full article →

Play.com confirms breach

March 22, 2011

March 21, 2011 http://certifiedbug.com/blog/2011/03/21/play-com-customer-emails-leaked/ A message sent out to customers by Play.com: Dear Customer, Email Security Message We are emailing all our customers to let you know that a company that handles part of our marketing communications has had a security breach. Unfortunately this has meant that some customer names and email addresses may have […]

Read the full article →

More LUSH websites hacked

February 17, 2011

http://nakedsecurity.sophos.com/2011/02/15/lush-customers-check-credit-card-statements-more-websites-hacked/ http://certifiedbug.com/blog/2011/01/21/lush-website-hacked/

Read the full article →