Airplane boarding display leaks passenger data

Symantec researcher Candid Wueest spotted Airport boarding gate displays putting passengers at risk by leaking booking codes.

Wueest followed an IP address from a boarding gate display to access a landing page listing debug information listing databases containing information about the next flights which could be used to hack into passenger accounts, according to a Jan. 10 blog post.

An attacker would only need to guess a passenger’s last name and their booking reference codes, also known as passenger name record (PNR) locators, to access details about the flight and other passengers on the same booking including full names, email addresses, telephone numbers, frequent flyer numbers, postal addresses and, for intercontinental flights, passport details and dates of birth.

Wueest said the information was available to anyone that knew about the publicly accessible server. The airline has since patched the flaw.

SOURCE: Robert Abel | SCMagazine

339 Million AdultFriendFinder users compromised

Friend Finder Networks, the company that operates Adultfriendfinder.com and cams.com which was affected by a breach of 3.5 million users information in May, 2015 has been breached again.

How many victims? This time 339 million users including 15 million users whose accounts were deleted but their data were still held by the company.

What type of information? Usernames, email address, date of the last visit, password, last IP address used, browser information, and VIP membership status

What happened?  LeakedSource.com speculates that the breach was carried out through the use of an exploit for a Local File inclusion vulnerability which was publicly revealed last month. Passwords were found in unencrypted format or SHA 1 hashed which are both insecure. 99% of the hashed passwords have already been cracked. The team has decided not to make this particular data set searchable by the general public for now.

What was the response?  Friend Finder Networks has not confirmed the breach but they said the Local File inclusion vulnerability which was allegedly exploited has been fixed.

Quote: “It goes without saying that systems, software and processes should be regularly reviewed as previously accepted risk levels may no longer suffice.” – David Kennerley, director of threat research at Webroot, to SC Media.

​New Zealand online dating site data leaked

Personal information including usernames, passwords, e-mail address, gender, date of birth, country of residence and photos, as well as sexual preferences of over 1.5 million online dating users were found in an unsecured MongoDB database by MacKeeper researchers accessible on the internet. The data was found to belong to a New Zealand based company that runs haveafling.mobi, haveafling.co.nz, haveanaffair.co.nz, haveanaffair.mobi, hookupdating.mobi and the mobile application “Hook Up Dating.

In response to MacKeeper’s notification to the company, they claimed that the database is mostly dummy data used to test migrating data from SQL to MongoDB. The researchers are not okay with this claim considering the massive number of accounts.

Also, a one by one analysis of a random selection of more than 300 records shared with ZDNet proves otherwise.

The company is taking the leak lightly claiming that only the researchers had accessed the data. They did not invalidate the affected passwords and only notified users to change their password because they were upgrading their system for security reasons.

Microsoft brings Tuesday Patches to an end

microsoft-patch-tuesday-header

Yesterday’s Patch Tuesday is meant to be the last traditional Windows Patch Tuesday. Microsoft is changing its patch release model. The new model will have all patches for a month bundled together and users will not be able to pick and choose which updates to install.

Microsoft has said this will start with Windows 10 but will be affect other operating systems as well in due course.

Security teams should be prepared to make changes to their patching methods as soon as Microsoft implements its new patch release model.

Possible data breach of VoIPtalk

Voice over IP provider, VoIPtalk has warned its customers of a possible breach of their login credentials. The email notice stated that the company’s security systems discovered strange activity: “activity involving online attempts to exploit vulnerabilites in our infrastructure to obtain customer data” according to SC Magazine.

The company is threading the lane of caution to notify its customers even though there is no strong evidence of successful breach by attackers.

Election Database breached in two US States

us_voterThe FBI has issued a warning to election officials across the United States to harden their computer systems as they uncovered evidence that foreign hackers had penetrated two state election databases in recent weeks according to Yahoo News. The states which were not officially identified are speculated to be the states of Arizona and Illinois. In Arizona, malicious software was detected in its voter registration system and in Illinois, officials shuttered the statewide Illinois Voter Registration System for 10 days in July after personal data on up to 200,000 state voters was stolen.

The FBI bulletin listed eight separate IP addresses that were linked to the attacks and suspects that the two attacks were came from the same source. Rich Barger, Chief Intelligence Officer for ThreatConnect, a cybersecurity firm in response to Yahoo News’ request to review the FBI alert noted that one of the IP addresses on the FBI list has surfaced before in Russian criminal underground forums and that the method of the attack resembles methods used in other suspected Russian state-sponsored attacks.

On the motivation for the attacks, Vishal Gupta, CEO of Seclore told SCMagazine that intelligence gathering might be the prime motivation for the attacks and further stated that the attacks were “a stark reminder that defending data being stored in our systems is oftentimes more critical than historically unreliable network defenses.”

Know the right time for security messages

Brigham Young University researchers have found that 90% of people disregard important security messages if they come up at the wrong time.

The study was carried out by BYU researchers in collaboration with Google Chrome engineers. They found that warning messages appearing haphazardly results in up to 90% of users ignoring them. They found that this is as a result of the nature of the human brain which cannot handle multitasking well even when the tasks involved are simple ones.

The best times to present security messages to users are after watching a video, while waiting for a page to load or after interacting with a website as found by the research.

This research has convinced Google chrome security engineers to change the timing of security messages in future versions of the Chrome Cleanup Tool and hopefully other developers will follow too.