Jump to content

Search the Community

Showing results for tags 'accounts'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 9 results

  1. Firefox Multi-Account Containers introduces sync functionality Mozilla published the Firefox Multi-Account Containers add-on for the Firefox web browser in 2017. The extension introduces options to separate websites by loading them into containers which act independent from one another. Site data, such as the browsing cache or cookies, is restricted to the container the site is loaded in. Other features of Firefox, e.g. bookmarks or extensions, work in all Containers. The functionality may be used to sign-in to multiple accounts on the same site, limit tracking, or separate different browsing tasks, e.g. for work and home, from one another. Several extension developers created add-ons that extend or improve the Containers functionality of the web browser. Containers with Transitions supersedes Mozilla's extension. It introduces a rules-based system to define how sites opened from within a container are opened in the browser. There are also specific container extensions for YouTube, Facebook and Google that limit activity on these sites to specific containers, and the Temporary Containers extension to use temporary containers that delete automatically. Firefox Multi-Account Containers 6.2 The latest version of Firefox Multi-Account Containers introduces support for a long-request feature. It is now possible to sync container data between different devices using Firefox Sync. A click on the extension's icon in the Firefox main toolbar should display a panel that highlights the new feature. You may enable syncing right away with a click on "start syncing" to sync containers and data between devices. Mozilla notes the following on the official company blog: The new sync feature will align Multi-Account Containers on different computers. The add-on carries over Container names, colors, icons, and site assignments on to any other machines with the same Firefox account. Syncing requires a Firefox Account and that you are signed in to the account in the Firefox web browser. Closing Words Firefox users who use the Containers extension and Firefox Sync will find the new sync functionality useful as it keeps Containers data in sync between devices. Landing Page: https://addons.mozilla.org/firefox/addon/multi-account-containers/ Source: Firefox Multi-Account Containers introduces sync functionality (gHacks - Martin Brinkmann)
  2. Users of credit monitoring site Credit Karma have complained that they were served other people’s account information when they logged in. Many took to a Reddit thread and complained on Twitter about the apparent security lapse. “First time logging in it gave me my information, but as soon as I refreshed the screen, it gave me someone else’s info,” said one Reddit user. “Refreshed again and bam! someone else’s info — it’s like roulette.” Another user said they logged in and out several times and each time they had “full access to a different random person’s credit file,” they said. One user told TechCrunch that after they were served another person’s full credit report, they messaged the user on LinkedIn “to let him know his data was compromised.” Another user told us this: The reports are split into two sections: Credit Factors — things like number of accounts, inquiries, utilization; and Credit Reports — personal information like name, address, etc.. The Credit Reports section was my own information, but the Credit Factors section definitely wasn’t. It listed four credit card accounts (I have more like 20 on my report), a missed payment (I’m 100% on time with payments), a Honda auto loan (never had one with Honda), student loan financing (mine are paid off and too old to appear on my report), and cards with an issuer that I have no relationship with (Discover). Several screenshots seen by TechCrunch show other people’s accounts, including details about their credit card accounts and their current balance. Another user who was affected said they could read another person’s Credit Factors — including derogatory credit marks — but that the Credit Report tab with that user’s personal information, like names and addresses, was blank. One user said that the login page was pulled offline for a brief period. “We’ll be right back,” the login page read instead. Credit Karma spokesperson Emily Donohue denied there was a data breach, but when asked would not say how many customers were affected. “What our members experienced this morning was a technical malfunction that has now been fixed. There is no evidence of a data breach,” the statement said. The company didn’t say for how long customers were experiencing issues. Credit Karma offers customers free credit score monitoring and reports. The company allows users to check their scores against several major credit agencies, including Equifax, which last month was fined at least $575 million for a 2017 data breach. Source
  3. Accounts of some Reddit users have been locked out or suspended due to irregular behavior that could suggest unauthorized access. The Reddit security team has stated that they plan on allowing affected users to perform a password reset in a few hours time. The suspected cause for the unusual activity seen from the locked accounts is a credential stuffing attack, which takes advantage of users’ practice of reusing the same login password for multiple websites and online services. Recycling credentials is a dangerous habit because it presents a hacker with the opportunity to test stolen username/password across other services. If they work, the attacker gains access to other accounts with minimum effort. Unauthorized access spotted in some cases Some users are not convinced that a credential stuffing attack is a possible explanation for the precautionary measure, saying that their Reddit credentials were unique and sufficiently strong. One member suggested a “check for reddit data/security leaks instead of only user-errors.” Another suggested a large scale account hijacking scenario, similar to what happened recently to 50 million Facebook accounts due to a vulnerability that allowed the stealing of access tokens. However, multiple users reported that the activity log for their account showed that it had been accessed from different countries (Italy, Brazil, Russia, Bangladesh, Thailand). One of them admitted to having a simple password. Users slowly regaining access to their accounts It is unclear how many accounts have been locked, but in a post a few hours ago, Reddit admin Sporkicide refers to “a large group of accounts.” Reddit is working on establishing normal access conditions and affected users with an email address associated to the Reddit account should receive a notification to reset their password. However, access to Reddit is possible without a password, and Sporkicide says that users falling in this category should try the login page until they are able to gain access again; this does not mean, though, that you should constantly refresh the page until access is permitted. Another way to receive the notification is if you have added an email address to any support ticket you sent in. A user stated they received the password notification below after initially being delivered a note informing that their account had been permanently suspended for breaking the rules. He claims he had done nothing wrong to get the suspension. “It may be a little while before you receive your notice, but please be patient. There’s no need to file additional support tickets or send messages to the admins at this time,” Sporkicide says. At the moment, some users have regained access to their Reddit account, but others are still waiting for the password reset notification. Sporkicide urges users to choose strong, unique passwords and encourages adding a valid email address to the account and turning on two-factor authentication (2FA) protection. The recommendation from Reddit’s security team is to use at least 12 characters for the password, or, better yet, a short sentence. Source
  4. When it comes to what works and doesn’t work for protecting critical data, nearly one third (32%) of respondents at the recent Black Hat conference said that accessing privileged accounts was the number one choice for the easiest and fastest way to get access to critical data. The survey, carried out by Thycotic, found that was followed closely by 27% indicating access to user email accounts was the easiest path to disclosing sensitive data. Additionally, 85% of respondents blame humans for security breaches, more so than the lack of security or unpatched software. For instance, more than a third (35%) said that remembering and changing passwords is the top source of cybersecurity fatigue. The focus on hacking privileged and email accounts reflects a recognition on the part of hackers that traditional perimeter security is no longer an effective barrier to getting inside networks and gaining access to critical data. Findings from the survey indicate that 73% of hackers believe traditional security perimeter of firewalls and antivirus are irrelevant or obsolete. In fact, antivirus and anti-malware are considered the “least effctive and easiest to get past” security technologies by 43% of the Black Hat survey respondents, followed by firewalls (cited by 30% of Black Hat respondents). “Given that privileged accounts are prime targets for hackers, IT professionals should consider the opinions of the hackers themselves when it comes to protecting privileged accounts,” said Joseph Carson, chief security scientist, Thycotic. “In today’s connected world, organizations can no longer rely only on the traditional cybersecurity perimeter controls.” Hackers also view threat Intelligence solutions as one of the least effective security protections, along with reputation feeds and education/awareness; however, multi-factor authentication (38%) and encryption (32%) are their biggest obstacles, according to the survey. “Hackers are focusing more on gaining access to privileged accounts and email passwords by exploiting human vulnerabilities allowing the hacker to gain access abusing trusted identities,” noted Carson. “More than ever, it is critical for businesses to mitigate these risks by implementing the right technologies and process to ward off unsuspecting attacks and access to sensitive data.” Article source
  5. Hi guys.TorrentLeech or should i say the faimous TL just now posted on thier facebook page that they are taking in new members into thier family. More exacly ? 10k new members by using SUMMER2014 as an invite code when your go and register for an account. http://www.torrentleech.org/user/account/signup 10 years old tracker.In our days this must mean something,i think :). Enjoy and happy downloading.
  6. Roughly 400,000 Avast users' account details have been compromised, following a cyber raid on the security firm's forums. Avast Software CEO Vince Steckler revealed the breach in a blog post, confirming around 0.2 percent of the firm's 200 million users' details were compromised during the attack. The attack occurred over the weekend and forced Avast to shut down its forum. It is currently unclear how the breach occurred, though Steckler said Avast believes the hackers leveraged a vulnerability in third party software being used to host the forum. "This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately," read the post. Steckler said no financial information was stolen during the raid and that key bits of the compromised information, including passwords, were encrypted. "The Avast forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised," read the post. Despite the encryption, Steckler recommended users change their login details as soon as possible. "Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately," read the post. Steckler said Avast is migrating its forum to a more secure software platform to avoid further data breaches. Avast is one of many firms to suffer data breaches in the past few months. Last week eBay confessed hackers had managed to steal customers' passwords, usernames, email addresses, addresses, phone numbers and dates of birth during an attack in February while US retailer Target was hit last year. Source
  7. A 31-year-old South Korean has been recently accused by the police for the allegation of infiltrating and hacking the accounts of 25 million users of Naver, one of the popular search portal in South Korea. On Wednesday, the Asian National Police Agency revealed that the suspect purchased the private information of 25 million users, including names, residential numbers, Internet IDs and passwords from a Korean-Chinese, back in August last year, Korea Herald reported. The suspect surnamed 'Seo', supposedly used the purchased information to hack into the accounts of Naver users and sent out spam messages and other ‘illicit emails’ to the account holders. He had made an illegal profit of some 160 million won ($148,000) using this, according to the report. Also a hacker surnamed 'Hong', has been arrested by the police who was suspected to develop the hacking program that automatically enter users’ IDs and passwords, which was apparently used by 'Seo' to sign-in to the Naver users' accounts. The police have charged three accomplices of Seo without detention and enhancing their investigation to 86 others who are suspected to buy the computer programs made by Hong. On this issue, a Naver official stressed that Naver was not at fault regarding the incident, rather the personal information of the users are ready to purchase from the black market of the Korea. So, the data are not abused by the internal sources, rather it is very easy for the people having a hand on users’ sensitive information. He added “the best preventive measure for now would be for users to change their passwords on a regular basis so that even if someone should access their accounts the impact would be minimal.” He might be right at this point, as earlier this month, 20 Million Credit Cards in South Korea were stolen in the country of 50 million population, which is approx 40% Population of the country who were affected by the Data breach. Also In 2012, two South Korean hackers were arrested for data from 8.7 million customers in the nation's second-biggest mobile operator. Source
  8. A list of 4.6 million phone numbers and matching usernames from users of the Snapchat app are now being offered on a website called SnapchatDB.info. The information was collected using the API exploit that we told you about last week, and is being offered as an SQL dump (around 40 MB) or as a CSV text file. The site states that the information contains usernames matched up with phone numbers. The site reasons that since many people use the same username on sites like Facebook and Twitter, you could be able to find the phone number of someone you want to get in touch with. The hackers involved did redact the last two numbers of each phone number, but cautioned that there might be a time when it reveals all of the digits. "(This information) is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it." - SnapchatDB A company called Gibson Securities posted a link to the exploit on a tweet that was sent out last week. The company said that it had been trying to warn Snapchat about the exploit for months, but was ignored. The hackers running the SnapchatDB! site might also be trying to send Snapchat a message about tightening its security. They claim that they are sharing this information with the public to raise awareness of the issue. "You are downloading 4.6 million users’ phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with." - SnapchatDB Snapchat has allegedly turned down offers of $3 billion and $4 billion for the company from Facebook and Google respectively. The messaging app allows users to send text, video and photo messages that disappear after 10 seconds. If you want to see if your username is in the database, click on the sourcelink to get directed to a site where you can check this out. Source
  9. Google has announced one more: custom URLs are now rolling out to almost everyone. If you don’t see the option yet on your Google+ profile or Google+ Page, don’t worry: Google says it is expanding availability throughout the week. For those who don’t know what custom URLs (also called vanity URLs) are, here’s quick example. Currently, my Google+ profile is located at plus.google.com/u/0/103897375441006577816/. If I were to get a custom URL, I could maybe changed it to plus.google.com/+emil or plus.google.com/+epro, swapping out the string of numbers for something that is much easier to share. Google first started testing custom URLs back in the middle of August 2012. About a week later, the company started notifying individuals and brands with verified accounts, but then it largely stopped expanding the feature. Now that’s finally changing. If your profile meets the following criteria, Google+ will let you claim a custom URL: Has a profile photo Has at least 10 followers Has an account that’s at least 30 days old. At the same time, brands and businesses that have a linked website or a verified local business can claim a custom URL for their Google+ page as well. If you fall into either of these categories, you’ll want to read more about link and verification over at the Google+ Help Center. Once you meet the eligibility criteria and Google prepares your custom URL, you can just visit your Google+ profile or Google+ page to begin the claiming process. Until then, you’ll just have to wait patiently, probably playing with all the other Google+ features that rolled out today. source: tnw
×
×
  • Create New...