Several Gaming Services hit by DDoS Attacks

Blizzard’s Battle.net, Microsoft’s Xbox LIVE, and Sony’s Playstation Network have all been hit by DDoS attacks, causing disruption in the services.

A DDoS (distributed denial of service) attack is basically a large-scale attempt to disrupt a web server using requests from many different “zombie” computers. Suppose there’s a pizza store in your town, and it normally gets 3-4 orders by phone every hour. Continue reading Several Gaming Services hit by DDoS Attacks

42 Vulnerabilities Found in “Secret” App So Far

The “Secret” app is supposed to allow people to share their secrets with friends, friends of friends, and the public. Clearly, if secrets are being shared, they are no longer secret within the group to which it was revealed. However, the app claims to keep the identity of the sharer secret. According to founder David Mark Byttow, “You know who’s on the guest list, but you don’t know who is saying what.” But just how secret are posters’ identities? Continue reading 42 Vulnerabilities Found in “Secret” App So Far

New Facebook Malware Uses Old Tricks

New Facebook malware has surfaced, but the type of trick it uses is at least 2 years old. According to Cheetah Mobile, which claims to be the first to report the latest iteration of the malware, the malware exhibits one or more of the following behaviors:

1. Provides a link claiming to lead to an app capable of changing the color of a user’s Facebook layout. If clicked, the link leads to a Facebook page that redirects the user to a malicious site.

2. At the malicious site, users are asked to view a tutorial video that allows them to steal the user’s access tokens.

3. Continue reading New Facebook Malware Uses Old Tricks

1.2 Billion Usernames and 500 Million E-mails Stolen

1.2 billion usernames and 500 million emails have been stolen from 420,000 websites. The worst part is that we still don’t know exactly which websites were affected.

The everyday user may not be able to do much to convince companies to allocate their budgets so that they take security more seriously, but that doesn’t mean we are completely helpless.

Perhaps the most important lesson we can take away from this breach is Continue reading 1.2 Billion Usernames and 500 Million E-mails Stolen

Google Outs Man Suspected of Sending Child Abuse Pictures

Google has revealed the identity of a Gmail user suspected of sending explicit pictures of a child, leading to his arrest.

In this case, a predator may been caught, but the incident also indicates that your e-mail is not as private as you might like it to be. Google recently failed to have a potential class action lawsuit alleging that it wiretaps Gmail dismissed.

As Google itself has said, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties”. These words serve as a sobering reminder that whenever you place any kind of information into the hands of Gmail, webmail providers in general, or any third-party service, even for completely legal purposes, you can expect that the information may be seen by humans other than your intended recipient (or at least scanning bots). This includes apps such as Snapchat, which, as I wrote in an earlier post, Bruce Schneier does not think we can rely on to protect our privacy.