ICT Security-Sécurité PC et Internet

Erst Facebook dann LinkedIn: Sicherheitsexperten melden, dass Angreifer 500 Millionen Profil-Daten zum Verkauf anbieten.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others -- without the users' knowledge or consent.

Localblox, a Bellevue, Wash.-based firm, says it "automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks." Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles.

But earlier this year, the company left a massive store of profile data on a public but unlisted Amazon S3 storage bucket without a password, allowing anyone to download its contents.

The bucket, labeled "lbdumps," contained a file that unpacked to a single file over 1.2 terabytes in size. The file listed 48 million individual records, scraped from public profiles, consolidated, then stitched together.

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

LinkedIn bug allowed data to be stolen from user profiles
Private profile data — like phone numbers and email addresses — could have been easily collected.

A bug in how LinkedIn autofills data on other websites could have allowed an attacker to silently steal user profile data.

The flaw was found in LinkedIn's widely used AutoFill plugin, which allows approved third-party websites to let LinkedIn members automatically fill in basic information from their profile -- such as their name, email address, location, and where they work -- as a quick way to sign up to the site or to receive email newsletters.

LinkedIn only allows whitelisted domains to have this functionality, and LinkedIn has to approve each new domain. Right now, there are dozens of sites in the top 10,000 websites ranked by Alexa that have been whitelisted by LinkedIn, including Twitter, Microsoft, LinkedIn, and more.

That means any of those websites can retrieve this profile data from users without their approval.

But if any of the sites contains a cross-site scripting (XSS) flaw -- which lets an attacker run malicious code on a website -- an attacker can piggy-back off that whitelisted domain to obtain data from LinkedIn.

And it turns out that at least one of them did.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=LinkedIn

Online training sitey Lynda.com has suffered a security incident which saw a user database accessed by unauthorised parties.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Plus de 6 millions de mots de passe LinkedIn piratés...

Un pirate informatique a mis la main sur 6,5 millions d´identifiants de connexion au site LinkedIn. Voilà qui n'est pas rassurant, surtout pour l'identité numérique des 6,5 millions de comptes Linkedin qui semblent avoir été piratés par un hacker d'origine Russe.

Lundi, 6,5 millions de mots de passe cryptés ont été postés dans un forum spécialisés dans le piratage informatique. Le "posteur" réclame de l'aide pour lui permettre de déchiffrer les mots de passe. Des "précieux", codés en Sha1 (01). Pour le moment, seul les mots de passe sont proposés. Les logins sont restés dans les mains du "pirate".

Lire plus :

http://zataz.com/news/22202/Linkedin--hack--password--crack.html