₦airaland Forum

https://afritechnet..com/2016/12/yahoo-another-record-data-breach.html

Yahoo’s latest communique has firmly cemented its position as one of the most untrustworthy data management/transferal outfits.

According to a statement released by Bob Lord, Yahoo’s CISO, a recent investigation discovered another embarrassing breach that dwarfs the previous shameless record breach of 500 million users, also held by Yahoo.

Lord’s statement claims that the company was approached by law enforcement in November 2016 with data that Yahoo analysts assessed and found contains information on Yahoo user data. Lord states that the data had been given to the unnamed law enforcement agency by an (unnamed) ‘third party’.

To add the overall atmosphere of incompetence that now surrounds Yahoo the company also admits that their proprietary code has been compromised and been used to forge web security cookies.

The data in questions is believed to have been stolen in August 2013 by an ‘unauthorized third party’.

Lord’s blog posting puts the number of affected accounts at over one billion, double the previous record.

As of the time of writing the method of intrusion is unknown.

These latest revelations is yet another brick in Yahoo’s extensive house of security issues:

Yahoo Breach: Biggest Ever - https://afritechnet..com/2016/09/yahoo-breach-biggest-ever.html


Yahoo Hacked - Another Adobe Flash Exploit - https://afritechnet..com/2015/08/yahoo-and-menace-that-is-adobe-flash.html

Yahoo claim to be in the process of communicating their failure(s) with their users. In the meantime they recommend:

Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account;
Review all of your accounts for suspicious activity;
Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information;
Avoid clicking on links or downloading attachments from suspicious emails; and
Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.

Afritechnet has one additional piece of advice:
Please Delete Your Yahoo Account


Bob Lord’s blog posting in its entirety: https://yahoo.tumblr.com/post/154479236569/important-security-information-for-yahoo-users


https://afritechnet..com/2016/12/yahoo-another-record-data-breach.html

The almajiri president...

They use black models all the time - your sister has an inferiority complex.

That and a failure to understand that it makes sense to use a Nigerian model because those are the people most eager to waste their money abroad on 'schooling'.

geostrata:


Na reccession cause the hustle....He is as fake as APC campaign promises!!!

Fake people every where...even Liars dy fear

This nonsense was happening even before any recession.

Some people have been indoctrinated to believe in stupid, unfounded tales and mysticism.

You can't tell people that they should accept the Bible or the Koran as documents of perfection and then get mad at them when they believe any and everything.

https://afritechnet..com/2016/10/delete-yahoo-account.html

Yahoo, formerly an internet services behemoth, is now beleagured by a myriad of issues. Among the most recent of which has been the revelation that Yahoo suffered the largest ever data breach.

To add to its initial security inadequacies, Yahoo failed to notify its users of the breach - http://fortune.com/2016/09/23/yahoo-is-sued-for-gross-negligence-over-huge-hacking/

As well as Verizon - http://money.cnn.com/2016/09/22/technology/verizon-yahoo-data-breach/index.html

And the SEC - https://www.washingtonpost.com/news/the-switch/wp/2016/09/28/could-yahoo-be-in-trouble-with-the-sec/

To make matters worse news reports now reveal that Yahoo secretly monitored ALL emails on behalf of the US government. Something that its competitors (Microsoft and Google) claim not to have done.
https://www.theguardian.com/technology/2016/oct/04/yahoo-secret-email-program-nsa-fbi

Yahoo has justifiably been described as "a toxic surveillance liability" as a result of its behaviour. The right to privacy is recognized by the UNHCR, individuals have a right to private communication.

Yahoo isn't as popular as it once was and has been shedding users for years as a result of peculiar design and implementation decisions. The latest news cycle has lead to yet another mass exodus away from Yahoo services, here is how to make a clean break from Yahoo mail:

contd - https://afritechnet..com/2016/10/delete-yahoo-account.html

https://afritechnet..com/2016/10/mirai-malware-botnet-of-things.html

A form of malware designed to hijack the Busybox software commonly used in Internet of Things (IoT) devices has been released into the wild. The malware has been named 'Mirai' and uses IoT devices to form the botnets necessary to launch DDoS attacks such as that suffered by Brian Krebs and OVH has been leaked to a community of hackers.

The hacker behind the ‘Mirai’ program released the source code on Friday 30th September. The code was revealed on hackforums.net by a user, “Anna-senpai”, who claimed to have been motivated by the increased scrutiny from the security industry.

Mirai is designed to infect IoT devices that haven’t had their default usernames and passwords changed.
https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/

Mirai is one of at least two malware families that are currently being used to quickly assemble very large IoT based DDoS armies. The other has been christened “Bashlight” and functions similar to Mirai in that it also infects systems via default usernames and passwords on IoT devices. Most IoT malware targets web servers, routers, modems, NAS devices, CCTV and industrial control systems.

Privacy professionals regularly cite IoT devices as being the least secure hardware online. Security cameras have, ironically, been shown to be particularly insecure.
http://arstechnica.com/security/2016/01/how-to-search-the-internet-of-things-for-photos-of-sleeping-babies/
https://securityledger.com/2016/06/security-pros-give-iot-devices-poor-marks/

IoT botnets are set to become more prevalent, firstly because of a growth in the number of IoT devices but also because of an increase in the effectiveness of traditional desktop DDoS protection. The cost of running a desktop initiated botnets has increased in cost as the price of effective anti-DDoS services have dropped. Meanwhile the cost of maintaining an IoT botnet is still very low.
https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html

Readers have been previously warned as to the potential dangers of a poorly secured IoT. Botnets have expanded in size and are likely to grow in capacity as the number of unsecured internet-connected devices increases. Gartner anticipates that by 2020 there will be close to 21 million IoT devices online – it is likely that they will be plagued by the same inadequate security issues then as now.

Cyber criminals in the near future will launch more powerful DDoS attacks and undoubtedly leverage that power to attack bigger targets and extract more lucrative ransoms.
https://afritechnet..com/2016/06/what-is-internet-of-things.html

https://afritechnet..com/2016/10/mirai-malware-botnet-of-things.html

https://www.nairaland.com/3262432/ph-man-arrested-interpol-accused

Why did the OP post this in the 'politics' section?

And why are the mods asleep at the wheel?

Mynd44:
https://www.nairaland.com/3261888/nigerian-behind-60m-online-fraud

Why is it in the 'politics' section?

https://afritechnet..com/2016/08/interpolefcc-arrest-nigerian-man.html
Interpol, in collaboration with Nigeria's EFCC have arrested a 40 year-old Nigerian national, identified as 'Mike'. The accused is alleged to have headed a network of at least 40 individuals that spanned across Nigeria, South Africa and Malaysia.

The crew made $60 million from hundreds of victims worldwide, most of whom were small and medium business in Australia, Canada, India, Malaysia, Romania, South Africa, Thailand and the US,. One victim alone lost $15.4 million to the scammers.

The gang was said to be prominent in the field of romance fraud:

"Dating or romance fraud is when you think you’ve met your perfect partner online, but they aren’t who they say they are. Once they’ve gained your trust, they ask for money for a variety of emotive reasons." http://www.actionfraud.police.uk/fraud-az-romance-scams

and the CEO fraud/Business Email Scam:

contd - https://afritechnet..com/2016/08/interpolefcc-arrest-nigerian-man.html

satelliteDISH:
Beautiful. But am still waiting for the day that the governor will declare OPERATION LIGHT UP LAGOS HOMES.

If he can successfully build even a 200mw plant to provide Lagos homes with electricity, he would have successfully light up Lagos streets because home owners provides mini-street lightning on their fences which in turns lights the streets.

Nigeria desperately needs a decentralized power system.

A national grid makes no sense in a place like Nigeria. Let each state take care of its own power needs.

Those that cannot generate their own power can purchase from those that have excess.

https://afritechnet..com/2016/07/pokemon-go-hackers-delight.html

Pokemon GO is the first Pokemon game sanctioned by Nintendo for iOS and Android devices. The game has been so successful that is alleged to have added $7 billion to Nintendo's market value. However, the good news has been dampened somewhat by revelations that the Japanese gaming company's latest hit may have been used to spread malware.

The game release is being staggered by region over a period of weeks, with some regions still awaiting official release. For some the wait is too much and avid gamers are looking for alternate means of installing and playing the game. Those who wish to have the game prior to its official release in their particular region may be tempted to 'side-load' the APK file.

Side loading entails installing an app downloaded from an unauthorized site. Enterprising criminals have been hard at work, packaging the latest blockbuster game with malware designed to relieve users of their valuable personal data.

Contd - https://afritechnet..com/2016/07/pokemon-go-hackers-delight.html

Twitter supremo, Jack Dorsey, has been forced to suffer the indignity of being hacked on his own social media platform.

Story here:
https://afritechnet..com/2016/07/jack-dorsey-hacked.html

How safe is your biometric data? https://afritechnet..com/2016/07/spoof-fingerprints.html

In 2002, Tsutomu Matsumoto devised a technique to take a photograph of a latent fingerprint (e.g. from a glass) and recreate it using gelatin. The model was said to be good enough to fool biometric scanners 80% the time.

In 2009 Lin Ring paid doctors in China $14,600 to change fingerprints so as to bypass the biometric sensors used in Japan’s airports. Lin had been deported previously. The surgeons swapped the fingerprints from her left and right hands. The ploy worked but was exposed when she attempted to marry a middle-aged Japanese man. Japanese police claim to have uncovered a thriving business in biometric surgery, Lin was the ninth person to have had the surgery.

One of the first smartphones widely available to the public to make use of biometric security hardware was the Apple iPhone 5s. Shortly after its official release The Chaos Computer Club successfully bypassed Apple's much lauded Touch ID fingerprint scanner. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.
https://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid

The examples above are just a few of the older techniques used to spoof fingerprint and should cast doubt on the narrative that biometric data is inherently more secure.


Possible solution?
See here - https://afritechnet..com/2016/07/spoof-fingerprints.html

Other state governments have fixed key FG roads, then demanded reimbursement from the FG.

Why did that not happen here before it got to this point? This isn't even a road.

JS/Ransom-DDL Ransomware https://afritechnet..com/2016/06/jsransom-ddl-ransomware.html


A new, menacing form of ransomware has been uncovered by Sophos - JS/Ransom-DDL

Like all ransomware JS/Ransom-DDL encrypt files and demands payment to unlock. However, JS/Ransom-DDL installs additional password stealing malware after the ransom has been paid.

JS/Ransom-DDL isn't a file to be downloaded but becomes active as soon as it gains access to the network. It takes advantage of the power and ubiquitous nature of Javascript to exploit Windows users, hiding itself as a text file to avoid detection.

Click here for how to avoid - https://afritechnet..com/2016/06/jsransom-ddl-ransomware.html

https://afritechnet..com/2016/06/android-privacy-focused-apps.html

With more of our lives lived via smartphones than any other device it is important that we take steps to safeguard our data. With that in mind, here are some useful (and free) apps for those looking to protect their privacy from their Android devices. The apps listed are all 'open source', meaning that the code can be viewed and improved upon by all:

https://afritechnet..com/2016/06/android-privacy-focused-apps.html

https://afritechnet..com/2016/06/us-visa-applicants-attacked-by-qarallax.html
Criminals impersonating US Visa Service staff on Skype have infected victims with a RAT (remote access trojan) known as Qarallax.

US bound hopefuls looking for additional US Visa information may find themselves talking to cyber criminals who are looking to send them a malicious file. The fraudulent accounts are very similar in name to the legitimate agents. Those in a rush or tired may not notice the slight difference.

Continued - https://afritechnet..com/2016/06/us-visa-applicants-attacked-by-qarallax.html

The only thing between Mark Zuckerberg’s social media accounts and a ‘hacker’ were two letters, ‘d’ and ‘a’. Apparently, the man behind Facebook, the world’s most popular social network, has a woeful grasp of online security/privacy.

Eschewing multiple strong passwords that encompass a combination of upper and lower case letters, numbers and symbols, Zuckerberg instead settled on one password - the simplistic ‘dadada’, possibly one of the worst passwords that is not 'password' or '123456'.

CONTD - https://afritechnet..com/2016/06/zuckerbergs-poor-security-etiquette.html

Privacy-focused products and services listed.

For those looking for laptops, smartphones, operating systems and social networking sites that make your privacy a priority:

https://afritechnet..com/2016/06/privacy-focused-products-and-services.html

Here is a list of a the terrible passwords used by naive Myspace users. The list is several years old but is still being shopped around on the Dark Web by hackers for $3200. The following should act as an example of what kind of passwords you should not be using.

Courtesy of the Myspace breach:

list on https://afritechnet..com/2016/05/bad-passwords-courtesy-of-myspace-breach.html

https://afritechnet..com/2016/05/why-is-malware-so-pervasive.html

Malware, short for malicious software, an umbrella term used to refer to a variety of forms of hostile or intrusive software. Malware is defined by its malicious intent, acting against the requirements of the computer user - it does not include software that causes unintentional harm due to a deficiency.

Why Is Malware So Pervasive?
Commercial software typically has between twenty and thirty bugs per thousand lines of code.This provides ample opportunity for software to be exploited and malware to be spread.

contd...https://afritechnet..com/2016/05/why-is-malware-so-pervasive.html

https://afritechnet..com/2016/05/happy-childrens-day-keep-your-kids-safe.html

May 27 is Children's Day in Nigeria, a day where we celebrate the joy of childhood and the responsibility that society has in caring for them. Just as we work hard to ensure that they are safe in the home and when they go out we also need be vigilant of their online activities. Sadly,they are just as much prey to being scammed, cheated and abused online as the adults. With that in mind here are some vital tips to keeping our children safe in the cybersphere:

contd - https://afritechnet..com/2016/05/happy-childrens-day-keep-your-kids-safe.html

https://afritechnet..com/2016/05/127-million-in-3-hours.html

It took thieves in Japan just three hours to steal $12.7 million from Seven Bank ATMs. A crew of 100 criminals helped themselves to $12.7 million from 1,400 ATMs located in small convenience stores across Japan. The heist took place on May 15 between 0500 and 0800. The thieves extracted $9,000 per transaction, the limit for Japanese ATMs.

contd...https://afritechnet..com/2016/05/127-million-in-3-hours.html

https://afritechnet..com/2016/05/the-downfall-of-swift.html

The fallability of the SWIFT international bank transfer system that underpins the global banking network has again been exposed. SWIFT advertises itself as the global provider of 'secure financial messaging services'. That claim of being 'secure' has been undermined with serious financial consequences.

After the Bangladesh Bank breach comes the revelation that Banco del Austro SA in Ecuador was hacked in 2015, the result being that a group of cyber crooks are now $12 million richer.

contd...https://afritechnet..com/2016/05/the-downfall-of-swift.html

https://afritechnet..com/2016/05/phineas-fisher-watch-hacker-in-action.html

Phineas Fisher, the man behind the Hacking Team breach has again decided to reveal his secrets, this time in video form.

His latest victim is the Catalan Police Union, he attacked their website and leaked the data. The breach is documented in four videos. Fisher uses Kali Linux, the operating system of choice for advanced penetration testers. The video gives a step-by-step guide on SQL database injection.

contd...https://afritechnet..com/2016/05/phineas-fisher-watch-hacker-in-action.html

https://afritechnet..com/2016/05/android-gaming-malware-black-jack-free.html

Yet another malicious app that slipped through Android's development security has been uncovered by researchers. The casino gaming app, ‘Black Jack Free’, was used as the conduit to spread Acecard malware.

Black Jack Free was an app promising users free games of black jack with virtual money. A common ploy of malware creators is to offer something for nothing , distracting users with entertainment whilst stealing their information and money.

Contd...https://afritechnet..com/2016/05/android-gaming-malware-black-jack-free.html

https://afritechnet..com/2016/05/best-privacy-focused-search-engines-in.html
One reason why so many of us fall prey to online criminals is that we entrust companies that claim to be reliable and reputable with our data. Search engines are a prime example of how we are overly trusting with our personal information. The data collected by search engines about you is collected as you search and then sold onto third party advertising and marketing companies. Companies such as Google know your hardware, location, age, occupation, interests, fears, dreams, health status and income level.This business model has turned Google into a multi-billion dollar global behemoth.

Google admit to retaining information that would allow a hacker to personally identify you for at 18 months, after which they claim that the data is then ‘anonymized’. Google remains the market leader amongst search engines.

Contd...https://afritechnet..com/2016/05/best-privacy-focused-search-engines-in.html

https://afritechnet..com/2016/05/viking-horde-android-malware.html

Once again, malware has slipped through the Google Android vetting process to find its way onto user devices. Just as legitimate outfits such as Facebook use games as a way of capturing data and generating ad revenue so too do cyber criminals.

This time around the culprit is the appropriately named ‘Viking Horde’. Discovered by Check Point, at least five versions have managed to escape detection by Google Play malware scans. The most popular means by which the malware has been spread is via a relatively popular game called Viking Jump with between 50,000 to 100,000 downloads. The app was trusted enough to become a ‘Google Top Free App’ in some regions. The author of Viking Jump, as well as other infected apps, was listed as Nikolay Lisin.

Contd...https://afritechnet..com/2016/05/viking-horde-android-malware.html

https://afritechnet..com

In its quest to expand Facebook has launched Free Basics to capture more users and thus more data.

As stated by Facebook:

“Free Basics by Facebook provides people with access to useful services on their mobile phones in markets where internet access may be less affordable. The websites are available for free without data charges.”

And as per Airtel:

You can do many things with Free Basics, like:

Use Facebook to connect with friends & family
Get up to date on global and local news
Buy and sell things
Get sports updates
Find health and education information

Contd - https://afritechnet..com/2016/05/facebook-free-basics-how-secure-is-it.html

https://afritechnet..com/2016/05/world-password-day-2016.html

World Password Day is observed on the first Thursday in May, the focus of which is to promote superior password etiquette.

Passwords are often the only barrier between our most treasured photos, personal and professional email messages, social media accounts and financial services accounts.

Here are some tips on how to keep your data at arms length from the cybercrooks:

1) Use a password manager such as Keepass or Dashlane – a good password manager comes equipped with a password generator that will allow for the creation of multiple, unique passwords.

2) Create a unique password for each account.

3) Do not use one word passwords – such as the word ‘password’ (still one of the most common). Or any of the other most common passwords.

4) Use multi-factor authentication whenever possible – email confirmation, fingerprint recognition, SMS or add a trusted device as an additional security layer.

5) Add password/pin protection to your mobile phone.

https://afritechnet..com/2016/05/world-password-day-2016.html

https://afritechnet..com/2016/04/hacking-team-attacker-reveals-secrets.html

An individual purporting to be the attacker behind the breach of the Italian cyber outfit 'Hacking Team' has released a blog posting detailing his modus operandi. Here are some of the most revealing points:

Anonymity
Use a VM (virtual machine) and route traffic via TOR – TOR hides the IP address and provides a sense of anonymity. A VM allows the user to keep personal files separate.
A good hacker will use new servers and domain names, registered to new email addresses and make any payments with bitcoin (using new addresses). They will also use tools that are publicly available or brand new, specifically created for that particular breach so as to avoid leaving a forensic footprint.

Exploit weak passwords
Companies should use strong passwords and ensure that data/system admins take password management seriously. System admins are critical, they have access to the various servers. The Hacking Team's system admin's (Pizzo) weak password (P4ssword) made spying on him easier than it should have been. Domain admin passwords lead to email access and for passwords to be reset on the mail server.

Social Engineering
Employee information for a targeted phishing campaign can be found via Google, LinkedIn, Data.com and may sometimes be found in file metadata. Metagoofil extracts files from websites.
Spear phishing continues to be successful for many organizations, particularly larger entities. Smaller, security focused outfits are less likely to fall for such a ploy.

Malware/Zero Day Exploits
Large companies often have compromised computers within their networks. Bots diligently working quietly in the background, gathering information.
Rather than immediately announce a coding flaw, malicious hackers prefer to keep their knowledge secret and stealthily hide within the network like a cyber sleeper cell. Most companies are woefully poor at detecting when the have been breached – as per Verizon’s Data Breach Investigation Report 2013. 92% the time it is a contractor, customer or law enforcement who discovers the breach.

https://afritechnet..com/2016/04/hacking-team-attacker-reveals-secrets.html