Windows Secrets Newsletter website hacked

View the original article here

Windows Secrets Newsletter website hacked

Windows Secrets is known by many for its newsletter that gets sound out regularly to free and paid subscribers of the site. At its core, it is a news site that is publishing its stories on its website and the newsletter, with some articles released exclusively to paid subscribers of the service. Articles are written by professionals and experts making this one of the few newsletters around the web that is worth subscribing to.

It recently became known that the Windows Secrets Newsletter website got hacked. The attacker managed to brute force an administrator account to gain access to the site. Using the account, the hacker planted malicious code on the site to get access to the site’s database and information. When subscribers and editors started to receive spam that appeared to come from Windows Secrets, site administrators began an investigation to find out what was going on.

They discovered the hacked administrator account and malicious code on the website, and removed all traces of the code and attack from the site. A full audit of the website, servers and sites on the same network is still undergoing.

Windows Secret users need to know what has been compromised. According to site operators, the following information could have been exposed:

subscriber name, e-mail address, reader number, ZIP code (if applicable), geographic region, and hashed password — all the entries on your profile page.

It seems fairly certain that email addresses have been exposed, considering that users have received spam in the last days.  Payment information are not kept on site, and credit card processing is handled by a third party service exclusively. There is no indication at the time of writing that financial information were compromised in the attack.

It is recommended to change the account password at the earliest convenience on this page to protect the account from third party access. Subscribers who have used the same password on other sites should change it on those sites as well as it is likely that the attacker will try to use the email and password combination to log in on popular sites such as Facebook, Twitter or Google (provided that the brute-forcing of hashed passwords is successful of course). (thanks Ilev)

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.
Zappos Hacked, Security Email Asks Users To Change Passwords
LinkedIn Hacked, Are You Affected?
How Web Accounts Get Hacked
Steam Forum Hacked, Time To Panic?
How Much Is A Hacked PayPal Account Worth?

About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Thursday September 20, 2012 -
Tags:Hacking, newsletter
Categories: Security

You are here: Home » Security » Windows Secrets Newsletter website hacked

View the original article here

Web Hoster Dreamhost Hacked, Asks Users To Change Passwords

After a relatively quite holiday period attacks on popular services on the Internet seem to have picked up again. After the Zappos incident a few days ago, it is now the popular web hoster Dreamhost who noticed unauthorized activity within one of the company’s databases. Dreamhost is not going into further detail but mentions that they do not have evidence that customer login information or passwords have been dumped by the attackers.

The company nevertheless decided to reset all FTP and shell user access passwords for all Dreamhost users. This should not be confused with the account password used to log into the Dreamhost site itself though. Dreamhost customers who are using the same passwords for multiple services should change passwords on all of them to eliminate the possibility of unauthorized access to those accounts.

Dreamhost furthermore notes that users should also be changing email passwords of all Dreamhost managed email addresses as soon as possible.

We have been sending out update emails to every account owner we have, letting them know what happened, and how to proceed from here on out. As a precaution, we advise every user to change all email passwords as well. We are not forcing this change, however, so make sure you take care of that ASAP.

Shell and ftp passwords can be changed in the Manage Users interface which is accessible here. Dreamhost customers need to click on the edit button next to the ftp or shell user to change the log in password for that account.

A company representative noted that neither credit card data nor web panel logins were accessed by the attackers. If you read through all of the 270 or so comments on the Dreamhost blog, you will notice that many customers were quite infuriated about the level of information they received. Web panel access was not available at all times due to users trying to change their passwords, and rumors spread that Dreamhost was storing passwords in plain text (which was later refuted by a Dreamhost employee who stated that they were hashed).

Lets take a look at what Dreamhost customers need to do right now:

Log into the web panel and change FTP, SFTP, MYSQL, Email and other account passwords. Some passwords have been reset automatically by Dreamhost which means that they need to be changed anyway to regain access.Change passwords on other accounts if the same password was used for access.

Passwords with a reasonable length should be safe, but it is nevertheless better to make the changes to be certain that the attackers cannot use successfully decrypted passwords to gain account or service access. A password manager like KeePass can aid in the creation of secure passwords.

Are you a Dreamhost customer? If so, when did you receive notification about the security incident and what did you experience afterwards?

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter. Print Covers using Undercover XP
Adding LDAP entries from the command line
4Chan Thread Downloader
Microsoft Security Updates March 2010
Improve Firefox Private Browsing With Private Browsing Window Add-on About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Saturday January 21, 2012 -
Tags:dreamhost, Hacking

You are here: Home » Security » Web Hoster Dreamhost Hacked, Asks Users To Change Passwords

Click on the following link(s) to read more about Security

View the original article here

Zappos Hacked, Security Email Asks Users To Change Passwords

Zappos yesterday notified all of their employees and customers that a company server has been compromised. The email, accessible online only for visitors from the US, indicates that the attackers may have gotten hold of part or all of the customer account database of Zappos.com. Information that may have been retrieved by the attacker include customer names, email addresses, billing and shipping addresses, phone numbers, the last four digits of the credit card number and encrypted passwords.

Tony Hsie, Zappos’ CEO, notes that the credit card and payment database has not been affected or accessed by the attacker.

While not in immediate danger, customers are asked to change their account passwords at the next possible moment to protect their accounts from unauthorized access. If the attackers managed to dump the account username and password, they have likely started to decrypt the passwords with the help of dictionary lists and brute forcing. The attackers cannot use the information directly on the Zappos site though, as passwords have been reset by the company. Customers are asked to create a new password by “clicking on the “Create a New Password” link in the upper right corner of the web site and follow the steps from there”. It is alternatively possible to open the Password Change page right away on the website which leads to the create a new password page.

Zappos notes that users should change passwords on other websites if they have used the same password for accounts on those sites. If the attackers manage to decrypt the passwords, they could try to log into email accounts or other popular web services.

We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.

Resetting more than 24 million customer passwords must have not been an easy decision for the company CEO. Other hacked companies have reacted differently in the past, for instance by only emailing their customers about the breach and asking them in the email to change their account passwords. The better safe than sorry approach seems to be better suited for these kind of situations. What’s your take on the news, and do you think that Zappos made the right move?

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter. RockYou Hacked. Some 30 million passwords in the wild [Security]
Recover Or Change Thunderbird Passwords
Hotmail Blocks Common Passwords, Adds My Friend’s Been Hacked Reporting
Hotmail Phishing Attack: Time To Change Passwords
Audit Windows Passwords With Password Security Scanner About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Monday January 16, 2012 -
Tags:Hacking

You are here: Home » Security » Zappos Hacked, Security Email Asks Users To Change Passwords

Click on the following link(s) to read more about Security

View the original article here