Posts filed under security

Ebay hacked. Change your passwords.

Filed in SecurityTags: , ,

(edit: s/Changed/Change/g)

Maybe I should turn this into a security blog.  Seems I can’t go a week or three without a post about yet another major corporation getting hacked.  This time it’s Ebay.   Took them a couple of months to figure it out too.

What makes this one extra special is that it wasn’t through some SSL bug or other exploit.  It was through compromised (week?  social engineered?) employee passwords.

They got hacked back in March. and only discovered it a couple of weeks ago and announced it today.

Though no Credit card or bank info was in the compromised database, enough info on there for a good shot at identity theft was:

“The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.”

Ebay’s blog post about it at the link below.

And… Another one. This time in Flash.

Filed in Linux, Microsoft, OS-X, SecurityTags: , , , , ,

Look.  Another security exploit.  This time in that bastion of ultimate security.. er.. hang on.. what’s this?  It’s in Flash?  This is news?  Oh, a *NEW* one in Flash.  Got it.

Ok.  Where were we?  Looks like another security vuln in the wild.  This one’s in Flash and effects all three major OSes.  Yep, that’s right you penguins..  Linux is included in this one.  So get your YUM and APT repos spun up and update those boxen.

Krebs has the details here: Adobe Update Nixes Flash Player Zero Day

So there you have it.  Two major web exploitable vulns in two days.  Waiting for the other two shoes to drop; Java and Acrobat.

PS: Is it strange that I’m using a terminal window to cut/paste text from websites to strip it of hidden formatting?  Yes?  It is?  Good.

Click to view/hide
Click to view/hide
February 2024