Welcome to Dead Drop number 6, a look at what's happening in the worlds of computer security and digital freedom. All source links mentioned are below. All footage used is under fair use guidelines for news and comment.
Website building service Weebly has reportedly had over 43 million records stolen in a recent breach. Information taken includes usernames, email adresses, IP addresses and password hashes.
And over in India, over 3 million debit card details have been stolen from multiple banks and financial platforms. This effects the State Bank of India, HDFC Bank, Yes Bank, ICICI Bank and Axis, and customers should change their PINs immediately. The attack was allegedly due to malware which targets ATMs and Point of Sale machines.
Hackers are also claiming they have stolen a database with over 70 million account details from the swinger website AdultFriendFinder.
Security researchers at the University of California have shown that Skype and other Voice-Over-IP calls can reveal user keystrokes, by using acoustic eavesdropping. Dubbed Skype & Type, they show that when users type whilst in calls, keystrokes and typing patterns can be accurately guessed, potentially revealing sensitive data.
skype logo https://www.youtube.com/watch?v=PQUDQo—tg
A report by the Center for Privacy & Technology at Georgetown University has found that one in two Americans, some 117 million adults have their faces in facial recognition databases created by US law enforcement, and since this technology is fairly new, there aren't really any rules or oversight in place for potential misuse.
Veracrypt, the open source encryption app, and successor to Truecrypt had the results of it's recent security audit released this week. QuarksLab found 8 critical vulnerabilities and various lower level problems in the software, with all of them except the most minor, being fixed.
And speaking of encryption, 2 people in California have been forced by police to press their fingers to their phones in order to unlock them, and get around the built in encryption.
A bunch of researchers have documented an interesting, if somewhat convoluted hack which allowed attackers to sabotage 3D printing files for a drone, causing it to fail mechanically after short use. Although this is a bit of a novelty at the moment, it may develop into more of a problem if 3D printing goes mainstream.
I've been talking about how insecure Internet of Things devices are going to be a problem for a while now, and we all saw this the other day with the massive DDoS attack on the DNS service which is used by many big tech companies, like Twitter, Spotify, Reddit, Netflix and more.
It could be related to the Bruce Schneier post I mentioned a few weeks back, where he thought someone was trying to figure out how to take down the Internet. It may be a testrun for something closer to the upcoming US election, or perhaps Wikileaks' reported bombshell they'll be releasing soon, but no-one knows for sure. I guess we will find out in the next few weeks. What do you think's going on?
And finally this week, here are two guides you might enjoy. The first is called 'A Noob's Guide to Mesh Networking', and goes over a few of the alternative network projects out there. The next shows your how to bypass VPN blocking that some sites implement.