Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Sceurity. Show all posts
Privacy
AI Privacy child online protection Data Sceurity Google online account security Privacy

Google Faces Scrutiny Over Internal Database Leak Exposing Privacy Incidents

 

A newly leaked internal database has revealed thousands of previously unknown privacy incidents at Google over the past six years. This information, first reported by tech outlet 404 Media, highlights a range of privacy issues affecting a broad user base, including children, car owners, and even video-game giant Nintendo. 

The authenticity of the leaked database was confirmed by Google to Engadget. However, Google stated that many of these incidents were related to third-party services or were not significant concerns. "At Google, employees can quickly flag potential product issues for review by the relevant teams. The reports obtained by 404 are from over six years ago and are examples of these flags — every one was reviewed and resolved at that time. In some cases, these employee flags turned out not to be issues at all or were issues that employees found in third party services," a company spokesperson explained. 

Despite some incidents being quickly fixed or affecting only a few individuals, 404 Media’s Joseph Cox noted that the database reveals significant mismanagement of personal, sensitive data by one of the world's most powerful companies. 

One notable incident involved a potential security issue where a government client’s sensitive data was accidentally transitioned from a Google cloud service to a consumer-level product. As a result, the US-based location for the data was no longer guaranteed for the client. 

In another case from 2016, a glitch in Google Street View’s transcription software failed to omit license plate numbers, resulting in a database containing geolocated license plate numbers. This data was later purged. 

Another incident involved a bug in a Google speech service that accidentally captured and logged approximately 1,000 hours of children’s speech data for about an hour. The report stated that all the data was deleted. Additional reports highlighted various other issues, such as manipulation of customer accounts on Google’s ad platform, YouTube recommendations based on deleted watch histories, and a Google employee accidentally leaking Nintendo’s private YouTube videos. 

Waze, acquired by Google in 2013, also had a carpool feature that leaked users' trips and home addresses. Google's internal challenges were further underscored by another recent leak of 2,500 documents, revealing discrepancies between the company’s public statements and internal views on search result rankings. 

These revelations raise concerns about Google's handling of user data and the effectiveness of its privacy safeguards, prompting calls for increased transparency and accountability from the tech giant.
Read more »
User Privacy
Cyber Security Data Sceurity Password Crackers password hack User Privacy

RTX 4090 can Crack Your Password in 50 Minutes

 

RTX 4090 can Crack Your Password in 50 Minutes RTX 4090 can crack one of your passwords twice as quickly compared to the previous leader RTX 3090. 

Threat analyst and password cracker Sam Croley expressed on Twitter how amazing the latest GeForce RTX 4090 is in breaching passwords. The Ada Lovelace architecture flagship graphics card can crack one of your passwords twice as quickly as the previous leader, the RTX 3090, by circumventing Microsoft’s New Technology LAN Manager (NTLM) authentication technique. 

According to the researcher, all of the tests were performed using Hashcat v6.2.6 in benchmark mode. Hashcat is a popular and widely employed password-cracking tool utilized by system administrators, cybersecurity experts, and hackers to examine or guess user passwords. 

“First @hashcat benchmarks on the new @nvidia RTX 4090! Coming in at an insane >2x uplift over the 3090 for nearly every algorithm. Easily capable of setting records: 300GH/s NTLM and 200kh/s bcrypt w/ OC! Thanks to a blazer for the run,” Croley tweeted. 

Croley's benchmark run results 

Based on the benchmark findings, a fully outfitted password hashing rig with eight RTX 4090 GPUs has the computing power to bypass through all 200 billion iterations of an eight-character password in 48 minutes. The sub-one-hour result is 2.5 times faster than the RTX 3090's previous record. Both benchmark measurements were performed using only commercially available GPU hardware and related software. 

Additionally, the Hashcat software offers multiple assault types created to facilitate password recovery assistance or, depending on the user, unauthorized access to another's accounts. The attack types include dictionary attacks, combinator attacks, mask attacks, rule-based attacks, and brute force assaults. 

While the benchmark results may sound ominous, it's important to note that the Croley performed a test on a limited set of real-world use cases and the cracking tool was working under ideal conditions on local/offline files. 

Moreover, individuals with enough bank balance can afford to buy RTX 4090. The password-cracking tools cost $1,600 including electricity costs. Therefore, it’s not merely a question of will. The RTX 4090 lowers the cost of actually cracking passwords, which will continue to happen as long as more potent GPUs are published and security techniques are primarily unchanged. 

The researcher advised users to employ multi-factor authentication and not use old passwords as it may allow a malicious hacker to get a hold of a password hash database.
Read more »
User Privacy
Cyber Security Data Sceurity IHA Ransomware attack User Privacy

Indianapolis Housing Agency Seeks Experts' Help to Identify the Ransomware Attack Operators

 

After suffering a ransomware attack earlier this month, the Indianapolis Housing Agency confirmed taking experts' assistance to discover the source and operators of the attack. 

The hackers targeted the internal information and email system of the IHA. The private data of nearly 25,000 IHA residents plus the data from vendors and employees as well as financial transactions shared with the Department of Housing and Urban Development was put at risk. 

“When we first learned about the breach, we contacted IHA and made sure they were ramping up and scaling up the technological expertise that they need to protect the data that may be subject to compromise,” Indianapolis Mayor Joe Hogsett stated. 

Although the source of this ransomware attack is still under investigation, hackers typically secure access by sending an unsuspecting email. “Phishing attack is when you get an email that looks like it came from a friend or someone trustworthy, but that sender address has been spoofed,” Apu Kapadia, professor of computer sciences at Indiana University’s Luddy School of Informatics, Computing, and Engineering, stated. 

Because these attacks could have foreign origins, it is challenging to identify the offenders. Hogsett claims he is preventing similar cyberattacks from affecting other city agencies. 

“In the interest of full disclosure, we made sure that the city of Indianapolis was firewalled, appropriately, so that our data would not be breached as the result of an intrusion,” Hogsett said. 

To ensure that landlords and vendors receive salaries on time, the officials at IHS are collaborating with its bank and the US Department of Housing and Urban Development. 

Over the past few years, IHA is making headlines for the wrong reasons. IHA faced federal financial reviews after a federal whistleblower complained that the agency was operating at the whim of private investors who called their loans or moved to seize control of properties that were underperforming. 

Marcia Lewis, IHA’s interim executive director recently extended her temporary one-year tenure while Mayor Hogsett has delayed his search for her permanent replacement even though the agency is selling off its interest in properties or contracting for on-site management. 

According to IU Kelley Business School Professor Scott Shackelford, the risk of disclosing the hack is to tip off the hackers that the agency under attack and its clients are aware their data has been compromised while at the same time the victims need to be recommended to take precautionary measures to guard their data. 

“As soon as the hack happens, the clock does start ticking and unfortunately that means that folks’ information, their identities, could be compromised almost immediately. First, you can put a fraud alert on your credit report,” advised Shackelford. “This makes it much harder for criminals for example to open up new accounts in your name because there’s going to be a double checking that has to happen before they do that. You could also think about freezing your credit.”
Read more »
Subscribe to: Posts (Atom)