Sunday, December 4, 2011

Club Penguin data loss

Club Penguin is an online gaming site that offers a virtual gaming world for kids. It also offers the players an option to kind of social network, which  made it very popular among the kids.

Dataloss DB recently published a data loss involving this gaming site, where 309 usernames, e-mail addresses, passwords and IP dumped on the pastebin site by hacker(s).

The links to the dataloss db and the pastebin sites are below. If your kids have accounts in Club Penguin, I highly recommend changing the passwords immediately.

http://datalossdb.org/incidents/5050-309-usernames-e-mail-addresses-passwords-and-ip-dumped-on-web-by-hacker

http://pastebin.com/Bzxpc1RF




Saturday, December 3, 2011

InfoSec - Weekly Roundup


  • Mandiant released a new version of their popular memory analysis tool, Redline. Redline accelerates the process of triaging hosts suspected of being compromised or infected while supporting in-depth live memory analysis. Read the related blog post below

  • NSRL database is being updated. "The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the effort involved in determining which files are important as evidence on computers or file systems that have been seized as part of criminal investigations. Link for the NSRL database is below.
          http://www.nsrl.nist.gov/

  • FTC recently reported that Facebook has agreed to settle charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The proposed settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including giving consumers clear and prominent notice and obtaining consumers' express consent before their information is shared beyond the privacy settings they have established. Check the below link from FTC for more information.
          http://www.ftc.gov/opa/2011/11/privacysettlement.shtm

  • The big risk item people are talking about is the Carrier IQ key logging software installed on many phones, which allows the carriers to gather many details of you browsing habits. More information is available at the below links.

          http://allthingsd.com/20111201/carrier-iq-speaks-our-software-monitors-service-messages-ignores-other-data/?mod=snippet