Adultery site data hits the web with serious consequences
The Ashley Madison hack continues to grab headlines, with a reported 39GB of data having now been dumped online. What also emerged from the leaked data is that around 90% of users were in fact male. Some minor celebrities have had fingers pointed and there have even been claims of suicides and extortion as a result the leak. Police are now taking the matter even more seriously, as are Avid Life Media who own the site; offering $500k for information leading to the arrest of the hackers responsible. Ashley Madison execs are also being accused of having hacked into a competing site, from internal emails contained in the data dump. Rest assured this story is going to be around a while longer.
Another nail in Flash’s coffin
Following the Hacking Team breach new Flash vulnerabilities were discovered, encouraging renewed calls for Flash to be discontinued. Flash has been famously bug-ridden for years; with support from most browsers being axed and firefighting of the bugs happening on almost a monthly basis.
This week, Amazon announced that they were no longer going to support Flash content in their advertising, although their reasons were apparently cosmetic rather than security-minded. Firefox, Safari and Chrome have now all prevented Flash from running on their browsers without express user permission, which might present a more likely explanation for Amazon’s move. While Flash is still staggering on at the moment, with support increasingly removed how long will it be until Adobe finally give in and lay it to rest?
China unveil operation ‘cleaning the internet’
An official statement from the Ministry of Public Security in China this week, claimed that 15,000 people have been arrested in a huge operation they’ve dubbed ‘cleaning the internet’. The operation was launched in July and it’s said this has already resulted in 7400 investigations of cybercrime and of 66,000 individual websites.
Two of the types of cybercrime which details were given on are hacking in order to post phony ads and sending of malicious SMS messages in order to take control of mobile phones. The targets of the operation are said to be ‘illegal and harmful content’ and ads for sales of explosives, firearms and pornography. However, naturally there are some sceptics who claim this operation could also be a cover for targeting activists and dissidents at the same time.
According to the government news agency Xinhua, in 2015 alone 758,000 pieces of illegal or criminal information have been removed from the internet as part of their work.
Stolen IRS tax records hits 3 million
You may recall the IRS confirming the theft of tax records some weeks ago. Well, it now emerges that the number is higher than anticipated, with a confirmed 3 million records having been compromised. Details have also been released about how the attack was carried out. Apparently fraudulent registrations were made to the IRS site, using genuine social security information and then fraudulent tax returns were filed. Apparently attempts were made to exploit the details of 610,000 citizens and 334,000 of these were successful. The authentication system the IRS were using was clearly insufficient for attackers having succeeded in more than half of their attempts. Users were required simply to enter their name, date of birth, social security number and filing status before being asked four questions on topics such as previous loan amounts and previous addresses.
As Brian Krebs pointed out late last year, obtaining such information is not very difficult. In an experiment, he was able to obtain the above information for all members of the US Senate Committee, which just shows how vulnerable people are to identity theft; many corporations use this type of information to complete registrations and transactions. We’re yet to see what measures will be taken to prevent this type of situation from occurring in future. But meanwhile, if you’re an American citizen we suggest you register with the IRS website and check that nobody else got there first!
Get the latest content on web security
in your inbox each week.