Speculations include a massive hack of the TrueCrypt developers, some Lavabit-like forced shutdown, and an internal power struggle within TrueCrypt. I suppose we’ll have to wait and see what develops.
Awesome presentation of data breaches
“Hijacking cookie on WP gives you login for 3 years. There’s no session expiration for the cookie, even when you log out.” Yan tweeted.
But, an attacker “couldn’t do some blog administrator tasks that required logging in again with the username/password, but still, not bad for a single cookie.” she explained.
Recently, similar Cookies reuse vulnerability was discovered by ‘The Hacker News‘ team on eBay website, that could allow an attacker to hijack eBay accounts without knowing the victims’ actual credentials.
Very useful source to learn #Hacking:
If you have an eBay Account then you should change your password immediately, because the World’s biggest E-commerce company with 128 million active users announced today in a press release that it had been Hacked.
eBay revealed that attackers compromised customers’ database including emails, physical addresses, encrypted passwords and dates of birth, in a hacking attack between late February and early March, but financial information like credit card numbers, as well as PayPal information were stored separately and were not compromised.
‘After conducting extensive tests on its networks,’ They also said they’ve found no evidence of unauthorized access or activity by registered eBay users, but as precaution, eBay is resetting everyone’s passwords that ‘will help enhance security for eBay users.’
Why did eBay wait so long to tell everyone? because just two weeks ago they discovered data breach. They conducted a forensic investigation of its computers to find the extent of the theft and found that intruders compromised some employees accounts and then used their access to get the data from servers.
“Cyber attackers compromised a small number of employee login credentials, allowing unauthorized access to eBay’s corporate network,” the company said in a statement.
They detected the unauthorized employee logins two weeks ago and “Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.” company said.
eBay customers are now potentially vulnerable to phishing attacks i.e. spoofed e-mails. Hackers or spammers could craft very convincing phishing emails which may appear legitimate at first glance, but could trick you into revealing further personal information.
To change your eBay password, log into your account, select Account Settings, then click “Personal Information”, then “edit” next to your password. If you are using same login details for other websites, you should also update them as soon as possible.