massive bug may have leaked user data from millions of sites so … change your passwords | Search | Laxaro
Laxaro Your source for the latest research news
 massive bug may have leaked user data from millions of sites so … change your passwords
massive bug may have leaked user data from millions of sites. so … change your p

One of the biggest internet infrastructure companies leaked sensitive data for up to five months. The post Massive Bug May Have Leaked User Data From Millions of Sites. So Change Your Passwords appeared first on WIRED.

private data leaked online by cloudflare bug

A cry for people to change all of their online passwords because of a Cloudflare bug created a buzz on Twitter, where #CloudBleed became a trending topicInternet users Friday were being urged to change all their passwords in the wake of a Cloudflare bug that could have leaked passwords, messages and more from website visits.
A Cloudflare service used by millions of websites to enhance security and performance said that it had fixed the flaw quickly after being alerted a week ago by Google researcher Tavis Ormandy."It turned out that in some unusual circumstances, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data," Cloudflare chief technology

private data leaked online by cloudflare bug

Internet users Friday were being urged to change all their passwords in the wake of a Cloudflare bug that could have leaked passwords, messages and more from website visits.

cloudflare security breach exposes data from uber, fitbit, okcupid among 3,400 w

Update 1: See list of sites below.Update 2: We received a brief statement from UberVery little Uber traffic goes through Cloudflare. Only a handful of tokens were involved and have since been changed. Passwords were not exposed.Update 3: OKCupid has made a similar statementCloudflare alerted us last night of their bug and we’ve been looking into its impact on OkCupid members. Our initial investigation has revealed minimal, if any, exposure. If we determine that any of our users has been impacted we will promptly notify them and take action to protect them.User data from 3,400 websites has been leaked and cached by search engines as a result of a bug in Cloudflare, a content delivery network. Sites affected over the course of several months include major ones like Uber, Fitbit and dating si

what it must do now that cloudflare leaked user data

Once an item is exposed on the internet, it’s there forever. Although content delivery network Cloudflare has fixed the problem in its code that resulted in leaking customer data across the web, the incident is far from over for the millions of websites that rely on the company for security and content optimization services.What makes this leak so odd and frustrating is that website administrators don’t actually know if their information was leaked or where it wound up. Although Cloudflare knows which customers were affected based on data found in search-engine-cached files, it doesn’t know what information was actually exposed or to whom. Cloudflare has more than 4 million clients, including governments, e-commerce sites, and financial services organizations, so the ripple effects could b

wishbone app data breach affects huge number of users

Wishbone, an app popular among teenagers, has suffered a data breach, it has been revealed. The company informed its users of the intrusion in a notification recently, saying it became aware of the data swipe on March 14. The notification says that unknown individuals “may have had access” to the company’s API and used it to nab data on the service’s users. The info may contain more than 2 million email addresses, among other things.According to the notification, the stolen data includes personal names, telephone numbers, usernames, and email addresses. Anyone who provided their birthday information for the account will also likely have had that data stolen, however the thieves did not acquire any account passwords or financial data.Wishbone says that it has taken precautionary measures an

yahoo breach lessons it can't ignore

As more details emerge about how a group of four Russians breached Yahoo, it's increasingly clear that the Internet's very interconnectedness is what makes us so vulnerable to online attacks. It's enough to want to just unplug from the Internet and go back to semaphore and Morse code.
The Justice Department's indictments against four individuals allegedly responsible for the two attacks against Yahoo in late 2014 and August 2013 included several bombshells, including the fact that two members of the Russian FSB were involved. Yahoo had previously stated the attackers had stolen names, recovery email addresses, telephone numbers, hashed passwords, and birthdates from more than a billion victims. The indictment claimed the attackers used data gleaned from the stolen cache to carry out second

facebook says its data can't be used for 'surveillance'

In this May 16, 2012, file photo, the Facebook logo is displayed on an iPad in Philadelphia. In a post on Monday, March 13, 2017, Facebook says it is prohibiting developers from using the massive amount of data it collects on users for surveillance. This includes using such data to monitor activists and protesters. (AP Photo/Matt Rourke, File)Facebook is prohibiting developers from using the massive amount of data it collects on users for surveillance. This includes using such data to monitor activists and protesters.
The company said Monday that it is making an existing policy "explicit." Facebook says it has already taken action against developers who created or marketed tools meant to be used for surveillance. It says it wants to "be sure everyone understands the underlying policy and

best iphone security apps to secure contacts, photos and everything

Just like many iOS users, I keep a lot of my private data like photos, videos and personal notes on my iPhone. To ensure they have the needed safeguard, I use iPhone security apps which keep prying eyes at bay and prevent unauthorized access to my data.Lock up your private data in a separate folder and use Touch ID to access it safely. Get break-in alerts when anyone tries to access your data. Manage your passwords smartly to ensure your accounts remain secure. Read on to check out what's more these security apps for iOS can do for you!#1. DashlaneDashlane is a handy password manager app. You can securely lock up all of your passwords and keep them completely safeguarded.With the password generator, you can promptly generate passwords for your accounts. It allows you to quickly access your

the best password managers

Who should get thisEveryone should use a password manager. The things that make strong passwords strong—length, uniqueness, variety of characters—make them difficult to remember, so most people reuse a few easy-to-remember passwords everywhere they go online. But reusing passwords is dangerous: If just one site suffers a security breach, an attacker could access your entire digital life: email, cloud storage, bank accounts, social media, dating sites, and more. And if your reused password is weak, the problem is that much worse, because someone could guess your password even if there isn't a security breach.If you have more than a handful of online accounts—and almost everyone does—you need a good password manager. It enables you to easily ensure that each password is both unique and stron

yahoo execs botched its response to 2014 breach, investigation finds

If your company has experienced a data breach, it’s probably a good idea to thoroughly investigate it promptly.Unfortunately, Yahoo didn’t, according to a new internal investigation. The internet pioneer, which reported a massive data breach involving 500 million user accounts in September, actually knew an intrusion had occurred back in 2014, but allegedly botched its response.The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach, which the company has blamed on a state-sponsored hacker.That breach, which only became public last year, involved the theft of user account details such as email addresses, telephone numbers, and hashed passwords. After Yahoo went public with it, the company established an independent committee

cloudpets connected toy data leak makes personal voice messages public

Connected toys are becoming increasingly popular, and one such toy is CloudPets’ stuffed animals. With these and a related app, parents and kids can record messages for each other that are shuttled between the toy and app via the company’s cloud service. That cloud service, it turns out, is quite insecure and has allowed voice messages recorded by parents and kids to be leaked online for anyone with the skills to grab them.The security vulnerability was recently detailed in a lengthy post by Troy Hunt over on his website. The issue, it seems, is CloudPets’ lax security, which allowed ‘a MongoDB that was in a publicly facing network segment without any authentication’ requirements to be indexed by a search engine called Shodan. This database contains extensive information about the company’

cloudbleed: what you need to know

CloudFlare, a popular internet intermediary service that provides performance and security for a host of other sites, has had a large data leak.Dubbed "CloudBleed", it made potentially sensitive information available online, including from popular sites like OKCupid and Authy.Last Friday, Tavis Ormandy from Google's Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare.It turned out that in some unusual circumstances, which I'll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had b

mobile devices: the 'last mile' to enterprise biometrics

Authenticating who is truly behind any action, whether it’s logging into Twitter or accessing a bank account, is the biggest challenge in security today.At the enterprise level, this reality is infinitely more critical: businesses need to completely secure access to their systems and data, and be certain that only those who are granted access have it. At the same time, companies must also make sure their employees are able to work as productively as possible -- and constant and stringent security protections would certainly get in the way of “business as usual.” These situations create a dichotomy that firms and security experts have struggled to overcome.To date, PINS, passwords and OTP hardware have been the compromise of choice: enough to authenticate a user’s access, but not so burdens

how to protect your private photos and personal data from being hacked

How do you protect your private photos and personal content from being hacked? With these security precautions!There's been another round of celebrity hacks online. While blame and fault rests entirely and completely on the criminals doing the hacking and leaking, it's a cold reminder that security in the digital world is just as urgent and imperative as security in the real world. We don't just need to close our data doors, we need to lock them. With deadbolts and sirens.Whether it's Apple's iCloud, Google Accounts, Microsoft, Dropbox, or any other service, you want to avoid using weak, repetitive, single-factor passwords and start using long, strong, unique passwords with multi-factor and a password manager.It's a hassle but so is your home security system or personal protection detail.

yahoo hackers accessed 32 million accounts with forged cookies

Yahoo publicly revealed the extent of these breaches in December, but admits in the report that in 2014 "it appears certain senior executives did not properly comprehend or investigate, and therefore failed to act sufficiently upon, the full extent of knowledge known internally by the Company's information security team."As a result of the investigation, its board has decided that CEO Marissa Mayer will not receive a cash bonus she was to receive for 2016, while general counsel Ronald S. Bell resigned. As a result of the revelations that account information had been stolen, which Mayer says she became aware of in September of last year, Verizon cut $350 million from its offer to acquire Yahoo.Security IncidentsDescription of EventsOn September 22, 2016, we disclosed that a copy of certain

harness hadoop and spark for user-friendly bi

Big data shouldn’t be an area for only academics, data scientists, and other specialists. In fact, it can’t be. If we want big data to benefit industry at large, it needs to be accessible by mainstream information workers. Big data technology must fit into the workflows, habits, skill sets, and requirements of business users across enterprises.
Datameer is a big data analytics application doing exactly that. Combining the user interface metaphors of a file browser and a spreadsheet, Datameer runs natively on open source big data technologies like Hadoop and Spark, while hiding their complexity and facilitating their use in enterprise IT environments and business user scenarios. 
In other words, Datameer creates an abstraction layer over open source big data technologies that integrates the

dutch elections: what's at stake?

Russian hackers charged in massive Yahoo breach Video duration02:11Previous slideNext slideVideo duration01:04Turkey Netherlands row deepens over ...Turkey Netherlands row deepens over sanctionsTurkish President Tayyip Erdogan has said a diplomatic row with the Netherlands could not be dismissed with an apology and warned of further possible measures, after Ankara suspended high-level diplomatic ties with the Dutch.
Russian hackers charged in massive Yahoo breach Video duration02:11Video duration02:11Russian hackers charged in massive Yahoo ...Russian hackers charged in massive Yahoo breach US Department of Justice has charged two Russian intelligence officers and two hackers over a mega data breach at Yahoo that affected hundreds of millions of user accounts. Adam Schiff on Trump 'tappi

security news this week: an iot teddy bear leaked millions of parent and child v

Each weekend we round up the news stories that we didn't break or cover in depth but that still deserve your attention. The post Security News This Week: An IoT Teddy Bear Leaked Millions of Parent and Child Voice Recordings appeared first on WIRED.

security news this week: an iot teddy bear leaked millions of parent and child v

Each weekend we round up the news stories that we didn't break or cover in depth but that still deserve your attention. The post Security News This Week: An IoT Teddy Bear Leaked Millions of Parent and Child Voice Recordings appeared first on WIRED.

goldenvoice confirms hack of coachella website

Goldenvoice has warned Coachella.com account holders of a potentially large data breach. In a message sent to users on Tuesday, the concert promoter said it recently discovered that hackers gained access to personal information, including full names, email addresses, phone numbers and birth dates provided to Coachella by festival-goers using the website.Organizers stressed that no user passwords were stolen in the security breach, and that all "unauthorized third parties" have been blocked from further access. The hack was reported to authorities and is currently under investigation, a rep for Goldenvoice parent company AEG confirmed to Billboard. The promoter then advised Coachella.com account holders to "be aware that you may be targeted by phishing emails sent from people impersonating

looking for new iphone wallpaper? here are almost 1,000 images to choose from …

There’s no shortage of iPhone wallpaper sites out there, but trawling through them to find decent images can be a tedious process. One Reddit user, however, has done the work for you, pulling together some 944 images from wallpaper sites across the web Images include textured and graphic backgrounds, cityscapes, nature scenes, cartoons and more.Tastes of course vary, so it’s unlikely you’ll like all of them, but in a scroll through just the first 50 or so, the hit-rate seemed high enough to call it a worthwhile resource. You can find a sample gallery below.The complete set of images can be seen on Imgur.If you have a favorite wallpaper site, please share it in the comments.Via BGR

how to delete a user profile on nintendo switch

My roommate moved out and I don't want his profile on my Nintendo Switch anymore. Delete him!There could be any number of reasons why you would want to get rid of a user profile on your Nintendo Switch. Maybe you created a temporary one for your niece when she visited, or your roommate insisted on having his own profile, but now he's living with your ex, or maybe you just wanted to create an account so you could show someone else how to do it. Whatever reason you created a user profile, you can get rid of it just as easily.How to unlink a Nintendo AccountDepending on the type of user profile you are trying to purge from your Nintendo Switch, you might have to first unlink a Nintendo Account.Note: When you unlink a Nintendo Account, save data and software may be lost. You also won't be able

t-mobile increases its lte usage cutoff to 30gb

+3,281
Andrew Myrick Mar 9th, 2017In a world where every major carrier is advertising “unlimited data”, it’s not truly unlimited data. Each carrier has implemented thresholds, which when met, your device is deprioritized to be put at the back of the line for other devices in your area.T-Mobile’s “cap” previously was enforced after you used 28GB of data in a month, but the company has increased that limit. Starting today, the threshold before being deprioritized is 30GB, giving you an extra could of gigs to use if you’re a data-hungry user. Of course, even after you reach the aforementioned threshold, you can still use your phone. However, your network speeds will be decreased to 3G or 2G speeds. So “using” your phone will definitely be a hassle as you are thrown back to 2008 network spee

t-mobile increases its lte usage cutoff to 30gb

+1,599
Andrew Myrick Mar 9th, 2017In a world where every major carrier is advertising “unlimited data”, it’s not truly unlimited data. Each carrier has implemented thresholds, which when met, your device is deprioritized to be put at the back of the line for other devices in your area.T-Mobile’s “cap” previously was enforced after you used 28GB of data in a month, but the company has increased that limit. Starting today, the threshold before being deprioritized is 30GB, giving you an extra could of gigs to use if you’re a data-hungry user. Of course, even after you reach the aforementioned threshold, you can still use your phone. However, your network speeds will be decreased to 3G or 2G speeds. So “using” your phone will definitely be a hassle as you are thrown back to 2008 network spee

Search Tags
metroid prime 4 e il nuovo pokemon arriveranno su switch nel legend jumps swan tattoovideo duration00 royal commission would hurt banks cba ceo analysis beauty after magical ton railway promotion for star batswoman kaur heath ledger documentary metroid prime ledger documentary arjun rampal creator of the fastest spreading computer virus ever comes to ip expo nordic 2018 in stockholm convictions depuis amsterdam knew it was breaking privacy laws with youth facebook analyses monday 20 august 2018 the week uk eye film museum to host conference for investors in cannabis industrial output up by 67 in q2 job shortage starts to bite says cbs отныне бутылка водки не может быть дешевле 205 рублей экономика деньги best international в уфе найден скелет человека происшествия california wildfires ferguson blaze ‘finally contained’ are bartons almond kisses still being made extremist positions eurozone bailout programme finally ends в башкирии готовятся выпустить на волю четырех маралов общество kelly marie tran was the happiest person in the galaxy at the last jedi premiere dutch state owned railway group ns earns more abroad сейчас мы на подъеме а летом увидим пик роста цен modern world ten things you need to know today monday 20 aug 2018 sans aucun doute donald trump’s lawyer rudy giuliani says ‘truth isn’t truth’ international observers to monitor swedish election for first time mysterious hairy carcass washes up on russian beach metro tunnel башкирский биатлонист александр бабчин выступит на чемпионате мира в чехии спорт естественным путем natasha trethewey rising wholesale electricity 75 of russian mobile phone users are also gamers xenoblade chronicles 2 season pass announced and detailed
Facebook Twitter Google Plus Digg Share This

All rights reserved. © Laxaro 2016-2017 Run in 0.028 seconds