Tag: hack

3 workshop uses for a cutting board

Post author By Cottage Life
Post date 24 February 2023

By MaraZe/Shutterstock

There are good reasons plastic cutting boards are the preferred choice for commercial food preparation. High-density polyethylene (HDPE) is extremely durable, impervious to liquids, and has a forgiving surface that is kind to knives. These same qualities make HDPE a useful raw material for workshop projects. Cutting boards are readily available at thrift shops and dollar stores—but you’re more likely to find the thicker, better quality ones at a thrift store. The dollar-store ones are thinner and more brittle.

There are a bunch of uses for this material, and it can be easily worked with standard tools:

1. Cut pieces of HDPE to match the footprint of picnic-table or Muskoka-chair legs and attach the plastic feet with screws. These high-density pads protect the ends of the legs from moisture and make it easier to drag the tables and chairs around.

2. HDPE makes excellent bumpers. Folding swim ladder digging into your dock? Attach an HDPE pad to the problem area to stop abrasion.

3. HDPE is also great for repairs in wet areas. I recently removed a broken gauge from the dashboard of my boat. An HDPE patch, secured with stainless steel screws, made a neat, weatherproof, and near-indestructible fix.

This article was originally published in the Winter 2022 issue of Cottage Life.

Build it, fix it, get it done!

Get Dockside DIY, for tips on how to maintain your cottage…and then some

Tags bumpers, cutting board, diy, hack, HDPE, muskoka chair, picnic table, repairs, workshop

Mobile Syrup

Twitter data breach exposed contact details of 5.4 million accounts

Post author By Mobile Syrup
Post date 22 July 2022

An attacker allegedly gained access to the contact details of 5.4 million Twitter accounts through a vulnerability Twitter has known about for months.

The data exposed in the attack ties Twitter handles to phone numbers and email addresses, even for users who have restricted the ability to be found on Twitter this way. The attacker offered a sample of the data on a hacking forum and is selling the full database for “nothing lower than 30k” (presumably USD, or roughly $38,505 CAD).

Restore Privacy detailed the breach, noting that the attacker claims the dataset ranges from “Celebrities, to Companies, randoms, OGs, etc.” Moreover, the publication reports that the owner of Breach Forums verified the authenticity of the leaked data and said it was extracted via a vulnerability reported in January.

That vulnerability, detailed in a HackerOne post from user ‘zhirinovskiy,’ exploits a bug with Twitter’s Android app and the Twitter authorization process and can obtain the Twitter ID of any user by submitting a phone number or email. zhirinovskiy describes Twitter IDs as “almost equal to” the username of an account.

Five days after the report, Twitter staff acknowledge it as a “valid security issue” and after investigating, awarded zhirinovskiy with a $5,040 USD bounty (about $6,469 CAD).

9to5Mac notes that the attacker likely obtained existing databases of phone numbers and emails from other breaches, then used those with the Twitter breach to connect them with existing Twitter IDs. So far, there isn’t a way to check if your account is included in the breach. The best thing Twitter users can do is be aware of phishing scams and avoid clicking links in emails or texts, especially if they come from an unknown or untrusted source.

News of the breach comes as Twitter takes aim at Elon Musk, blaming the Tesla CEO for lower-than-expected quarterly earnings.

Source: Restore Privacy Via: 9to5Mac

Tags contact details, Data breach, hack, Twitter

Mobile Syrup

Hacker hijacks YouTube accounts of Justin Bieber, Drake, and more

Post author By Mobile Syrup
Post date 6 April 2022

Several of the biggest names in music — including multiple Canadian artists — were targets of a massive hack that saw a bunch of odd videos uploaded to YouTube accounts.

The YouTube accounts hit include Taylor Swift, Justin Bieber, Drake, Lil Nas X, Harry Styles, Michael Jackson, The Weeknd, Travis Scott, and Eminem. According to Gizmodo, the hacker uploaded a video titled “Justin bieber – Free Paco Sanz (ft. Will Smith, Chris Rock, Skinny flex & Los Pelaos)” to Bieber’s channel.

Paco Sanz is a Spanish conman who was sentenced to two years in jail a few months ago for fraud. Sanz reportedly lied about having terminal cancer and defrauded large sums of money between 2010 and 2017.

A Twitter account under the name of ‘Los Pelaos‘ claimed responsibility for the hack and asked for suggestions on who to target next from followers. The account reportedly offered to sell security to celebrities who didn’t want to be hacked. It’s not clear who controls the account, but the profile picture appears to show Sanz.

Has @justinbieber been #hacked!! #youtube pic.twitter.com/oDIkHp0iL7

— India (@India55876909) April 5, 2022

The video uploaded in the hack shows Sanz holding a guitar the wrong way while singing along to a Spanish trap song remixed by ‘La Mafia Del Edit.’ Gizmodo notes that that’s an Instagram meme account that previously defended Sanz when he was convicted.

Although the videos have been taken down now, they racked up thousands of views first. Moreover, YouTube hasn’t acknowledged the incident yet, while a representative for music video network Vevo did address the incident in a statement to the New York Post:

“Some videos were directly uploaded to a small number of Vevo artist channels earlier today by an unauthorized source. All of those improperly uploaded videos have since been deleted by Vevo. No pre-existing content was accessible to the source. While the artist channels have been secured and the incident has been resolved, as a best practice Vevo will be conducting a review of our security systems.”

As Gizmodo explains, artists’ record labels upload music videos to Vevo through a separate, verified channel. Then, YouTube merges that content with the artists’ YouTube channels.

YouTube has been dealing with a wave of attacks recently. Some reportedly targeted high-profile content creators, publishing cryptocurrency scams or auctioning off access to the YouTube accounts. YouTube has since required popular pages to enable two-step verification.

Source: Gizmodo, New York Post

Tags Drake, hack, Justin Bieber, The Weeknd, youtube

Mobile Syrup

Hackers breached Mailchimp, targeted crypto holders with phishing scams

Post author By Mobile Syrup
Post date 5 April 2022

Email marketing firm Mailchimp confirmed over the weekend that hackers breached an internal tool and used it to access 300 user accounts and steal audience data from 102 of those accounts.

The breach was outed first by Trezor (via Bleeping Computer), a company that makes hardware wallets for cryptocurrency. Trezor used Mailchimp to send newsletters to customers.

Following the breach, several customers received phishing emails that appeared to be from Trezor and warned of a “security incident.” The emails prompted users to download a malicious version of Trezor’s app to reset their hardware wallet PIN. If installed, the malicious app could have allowed hackers to steal users’ cryptocurrency.

Mailchimp’s chief information security officer (CISO), Siobhan Smyth, told TechCrunch that the company became aware of the breach on March 26th. Smyth explained that the company a malicious actor accessed a tool used by its customer support staff and account administration teams through a successful social engineering attack — social engineering refers to manipulating people and exploiting human error to gain private information, such as login credentials.

“We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected,” Smyth said in the statement.

Although Mailchimp declined to share with TechCrunch what data hackers accessed in the breach, it did say that the attack targetted customers in the cryptocurrency and finance sectors. Moreover, Mailchimp said that the attackers gained access to API keys for an undisclosed number of customers — those keys potentially allow attackers to send spoofed emails that appear to be from legit Mailchimp customers.

Mailchimp says it has disabled those API keys and they can no longer be used. However, Smyth told TechCrunch that the company received reports that hackers used the information they obtained from user accounts to send phishing campaigns to accounts’ contacts.

Smyth declined to answer TechCrunch’s questions about whether Mailchimp would implement additional security measures. Further, Mailchimp wouldn’t disclose how many other cryptocurrency or finance customers were impacted by the breach.

As it stands, anyone subscribed to newsletters should be on alert for possible phishing scams, especially if subscribed to crypto or finance newsletters. It’s best to avoid clicking any links in emails you receive.

Moreover, MobileSyrup uses Mailchimp for its weekly newsletter but has not seen any indication that it was impacted by the breach.

Source: Bleeping Computer, TechCrunch

Tags breach, Crypto, data, hack, Mailchimp, security, trezor

Mobile Syrup

Microsoft confirms hackers stole partial source code for Bing, Cortana

Post author By Mobile Syrup
Post date 23 March 2022

Microsoft confirmed that hacking group ‘Lapsus$’ compromised a “single account” and accessed partial source code for Bing and Cortana.

The company confirmed the breach in a blog post and detailed what Lapsus$ — or ‘DEV-0537’ as Microsoft calls the group — got from the breach. According to Microsoft, no customer code or data was involved. The company says that Lapsus$ only compromised one account, and Microsoft’s security teams responded quickly to remediate the account and prevent further activity.

Moreover, Microsoft said that it doesn’t rely on the secrecy of source code as a security tool. In other words, Microsoft assumes attackers will access source code, and so relies on other tools to protect itself. The company made a similar remark following the massive Solarwinds breach in 2020.

Lapsus$ claimed it got access to around 45 percent of the code for Bing and Cortana, as well as some 90 percent of code for Bing Maps.

The Verge notes that the Lapsus$ group claimed to be behind several recent security attacks and said it stole data from Okta, Samsung, Ubisoft, and Nvidia. While some of the companies have admitted data was stolen, Okta refuted the group’s claims and said its service hadn’t been breached.

Microsoft wrapped up its blog post by outlining steps organizations can take to improve security, especially in regard to Lapsus$. The company described the Lapsus$ attack pattern as gaining “access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion.”

With that in mind, Microsoft suggests organizations require employees to use multi-factor authentication, or MFA (also called two-factor authentication, or 2FA). MFA involves using multiple methods of authenticating users, such as passwords combined with a one-time passcode (OTP) sent via email, SMS, or through an authentication app. Of the three, Microsoft recommends using a dedicated authentication app to avoid vulnerabilities with email or SMS OTP codes, such as SIM swap attacks commonly used to intercept these codes.

Source: Microsoft Via: The Verge

Tags Bing, breach, Cortana, hack, Lapsus$, Microsoft, security

Potins

Google threatened with legal action over celebrity hacking

Post author By BUM Interactif
Post date 2 October 2014

Lawyers acting for Jennifer Lawrence, Rihanna, Cara Delevingne and other female stars whose private images were hacked have threatened to sue Google for $100 million.

A number of female celebrities – including Kim Kardashian West, Kate Upton, Amber Heard and Selena Gomez – have had their iCloud accounts targeted and had intimate photos shared on websites Reddit and 4Chan but legal representatives for over a dozen of the women has slammed the online giant for allegedly for allegedly failing to remove the images and ”making millions from the victimization of women.”

Lawyer Marty Singer has written a sternly-worded letter to Google founders Larry Page and Sergey Brin, as well as Eric Schmidt and Google lawyers accusing them of ”blatantly unethical behavior”.

According to the New York Post’s Page Six column, the document goes on to claim Google has failed ”to act expeditiously, and responsibly to remove the images, but in knowingly accommodating, facilitating, and perpetuating the unlawful conduct.”

It added: ”Google is making millions and profiting from the victimization of women.”

The lawyer pointed out his firm sent a notice to remove the images four weeks ago, and several more since, but many of the photos are still on BlogSpot and YouTube, which are both owned by Google.

He added: ”Google knows the images are hacked stolen property, private and confidential photos and videos unlawfully obtained and posted by pervert predators who are violating the victims’ privacy rights … Yet Google has taken little or no action to stop these outrageous violations.

”Because the victims are celebrities with valuable publicity rights you do nothing — nothing but collect millions of dollars in advertising revenue … as you seek to capitalize on this scandal rather than quash it.”

Tags avocat, cara, cinéma, delevingne, Google, hack, jennifer, lawrence, million, photo, pirate, potin, poursite, Rihanna, scandale