Language Selection

English French German Italian Portuguese Spanish

Security: Equifax, Forrester, Akamai, Disqus, WhatsApp, FBI, Accenture

Filed under
Security
  • Equifax will give your salary history to anyone with your SSN and date of birth
  • Forrester Research Discloses Limited Website Data Breach

    At 6:17 ET PM on Oct.6, Forrester Research publicly admitted that it was the victim of a cyber-attack. According to the firm, the attack had limited impact, with no evidence that confidential client data had been stolen.

    According to Forrester Research's preliminary investigation, attackers were able to gain access to Forrester.com content that was intended to be limited exclusively to clients.

    "We recognize that hackers will attack attractive targets—in this case, our research IP," George F. Colony, chairman and chief executive officer of Forrester, stated.

    "We also understand there is a tradeoff between making it easy for our clients to access our research and security measures," Colony added. "We feel that we have taken a common-sense approach to those two priorities; however, we will continuously look at that balance to respond to changing cyber-security risk."

  • Akamai Reports Fast Flux Botnets Remain a Security Risk

    Attackers are continuing to benefit from the use many different technique to remain hidden. New research released Oct.10 by Akamai reveals that a botnet with over 14,000 IP addresses has been using the fast flux DNS technique to evade detection, while still causing damage to users and organizations.

    Fast Flux is an attacker technique that uses the Domain Name System (DNS) to hide the source of an attack. DNS operates by referring a domain name to a specific IP address

  • Disqus reveals data breach, but wins points for transparency

    Disqus has publicly announced that its user database leaked in 2012, exposing the usernames, email addresses, sign-up dates, and last login dates of more than 17 million users.

    In addition, the data included crackable SHA1-hashed passwords of “about one-third” of users. Presumably many accounts registered with the popular blog-commenting service do not have associated passwords due to many users signing-in using third-party social media accounts such as Google or Facebook.

    Quite how the security breach occurred is currently a mystery, and – frankly – despite their good intentions, Disqus may find it difficult to pinpoint exactly what happened five years after the event.

  • WhatsApp Exploit Can Allow Hackers To Monitor Your Sleep And Other Things
  • Multi-Layered Defenses Needed to Improve Cyber-Security, FBI Says
  • Hacking is inevitable, so it’s time to assume our data will be stolen

    If recent hacking attacks such as the one at Equifax, which compromised personal data for about half of all Americans, have taught us anything, it’s that data breaches are a part of life. It’s time to plan for what happens after our data is stolen, according to Rahul Telang, professor of information systems at Carnegie Mellon University.

    Companies are prone to understating the scale of hacks, which suggests that there needs to be better standards for disclosing breaches. Yahoo recently confessed that its data breach actually impacted 3 billion user accounts, three times what it disclosed in December. Equifax also boosted the number of people it says were affected by its hack.

  • 7 Security Risks User and Entity Behavior Analytics Helps Detect
  • UpGuard Reports Accenture Data Exposure, Debuts Risk Detection Service

    Security vendor UpGuard announced on Oct.10 that it discovered that global consulting firm Accenture had left at least four cloud-based storage servers publicly available. UpGuard alleges that the exposed cloud servers could have left Accenture customers to risk, though Accenture is publicly downplaying the impact of the cloud data exposure.

    "There was no risk to any of our clients – no active credentials, PII and other sensitive information was compromised," Accenture noted in a statement sent to eWEEK. "The information involved could not have provided access to client systems and was not production data or applications."

    Accenture added that the company has a multi-layered security model and the data in question would not have allowed anyone that found it to penetrate any of those layers.

More in Tux Machines

Andrew Crouthamel: How I Got Involved in KDE

Since this blog is starting after the beginning of my contributions to KDE, the first few regular posts will be explaining my prior contributions, before moving into the present. Read more

Security: Debian LTS, Linux Potential Local Privilege Escalation Bug, Australia Wants to Mandate Back Doors, Equifax Breach the Fault of Equifax

Graphics: NVIDIA and Gallium3D

  • NVIDIA Vulkan Beta Adds New KHR_driver_properties & KHR_shader_atomic_int64
    Not to be confused with the new NVIDIA Linux/Windows drivers that should be out today for RTX 2070/2080 "Turing" support and also initial RTX ray-tracing support, there is also out a new Vulkan beta driver this morning. The NVIDIA 396.54.06 driver is this new Vulkan beta and as implied by the version number is still on the current stable branch and not in the Turing era. But this driver release is quite exciting as it does bring support for two new extensions... These extensions are very fresh and not yet in the official Vulkan specification: VK_KHR_driver_properties and VK_KHR_shader_atomic_int64.
  • GeForce RTX 2080 Ti Linux Benchmarks Coming Today, NVIDIA Driver Bringing Vulkan RTX
    NVIDIA's review/performance embargo has now lifted on the GeForce RTX 2080 series ahead of the cards shipping tomorrow. I should have out initial Linux benchmarks later today, assuming Linux driver availability. As wrote about yesterday, just yesterday I ended up receiving the GeForce RTX 2080 Ti for Linux benchmarking. But, unfortunately, no Linux driver yet... But I am told it will be posted publicly soon with the Windows driver. Assuming that happens within the hours ahead, I'll still have initial RTX 2080 Ti benchmarks on Ubuntu Linux out by today's end -- thanks to the Phoronix Test Suite and recently wrapping up other NVIDIA/AMD GPU comparison tests on the current drivers.
  • Intel's New Iris Gallium3D Driver Picks Up Experimental Icelake Bits, GL Features
    One of the talks we are most interested in at XDC2018 is on the Intel "Iris" Gallium3D driver we discovered last month was in development. We stumbled across the Iris Gallium3D driver that's been in development for months as a potential replacement to their "i965" classic Mesa driver. But they haven't really detailed their intentions in full, but we should learn more next week. This is particularly exciting the prospects of an official Intel Gallium3D driver as the company is also expected to introduce their discrete GPUs beginning in 2020 and this new driver could be part of that plan.

Survey: Console Based Linux File Managers

The term ‘file management functions’ refers to the functions used to manage files, such as creating, deleting, opening, closing, reading from, and writing to files. In the field of system administration, Linux has bags of graphical file managers. However, some users prefer managing files from the shell, finding it the quickest way to navigate the file system and perform file operations. This is, in part, because console based file managers are more keyboard friendly, enabling users to perform file operations without using a mouse, and make it quicker to navigate the filesystem and issue commands in the console at the same time. A console application is computer software which can be used with a text-only computer interface, the command line interface, or a text-based interface included within a graphical user interface operating system, such as a terminal emulator. Whereas a graphical user interface application generally involves using the mouse and keyboard (or touch control), with a console application the primary (and often only) input method is the keyboard. Many console applications are command line tools, but there is a wealth of software that has a text-based user interface making use of ncurses, a library which allow programmers to write text-based user interfaces. Read more