Hackers

A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122. 

Mysql_hashdump module from Metasploit uses a known username and password to access the master user table of a MySQL server and dump it into a locally-stored "loot" file. This can be easily cracked using a tool like John the Ripper, providing clear-text passwords that may provide further access.

Jessie Cross has been running a food and cooking blog from her home in Salem, Mass. for four years. She’s amassed quite the audience, pulling in 200,000 visitors every month. Her blog became so popular, she was given a deal to publish a cookbook: and that’s when the hackers hit. 

On April 15, when Cross’ book based on her TheHungryMouse blog was supposed to come out, she logged in to her WordPress account to do a slew of promotional posts. It’s something she had done a thousand times, but on that day, something went wrong.

The original author of the MD5 password hash algorithm has publicly declared his software end-of-life and is “no longer considered safe” to use on commercial websites.

This comes only a day after a data breach led to 6.46 million LinkedIn hashed passwords leaking to the Web. Since the data breach, thousands of passwords, including many that could be considered strong, have been decrypted, either through brute force or through lookups.

Professional social networking site LinkedIn is working hard to set things right after millions of its users' passwords were hacked. It is reported that the site is working closely with the Federal Bureau of Investigation (FBI) to track down the hackers.

If you're worried about high-tech hackers using advanced and sinister techniques to break through your fancy firewalls -- well, that's not outside the realm of possibility. By all means, spend money on firewalls! But you might also want to keep in mind some distinctly low-tech security problems that are not particularly sophisticated -- in fact, some might call them distinctly dumb -- that nevertheless mean bad things for the companies or people who suffer them.

"North Korea is trying to steal military secrets and cripple our defence information system by using experts specially trained to hack into our military information network," said Defence Security Commander Bae Deuk-Shik, at a security forum. 

He said the North has tried to "stir up social disorder by paralysing our core infrastructure through cyber terror as it can cause enormous damage in a short period."

Online dating site eHarmony has confirmed that a massive list of passwords posted online included those used by its members.

Confined to a forum thread, a Blizzard staff representative responded to the article we recently ran about the dangers of joining a public game in Diablo III. According to Blizzard, public games are safe. Session spoofing is "technologically impossible" and authenticators are the best bet to safety. 

In response to widespread reports of a massive data breach at LinkedIn, the company Wednesday confirmed that passwords belonging to "some" of its members have been compromised.

In a carefully worded blog post, LinkedIn director Vicente Silveira said the company has confirmed that an unspecified number of hashed passwords posted publicly on a Russian hacker forum earlier this week, "correspond to LinkedIn accounts." Silveira made no mention of how the passwords may have ended up on the forums but noted that LinkedIn is continuing to investigate. 

A flaw in Google's account-recovery process has resulted in CloudFlare CEO Matthew Prince losing control of his Google Apps for Business account, despite it being protected with two-factor authentication.