Monthly Archives: April 2017

Hacker leaks ‘Orange is the New Black’ Season 5 after Netflix refused to Pay Ransom

orange-is-the-new-black-netflix-season-5

After releasing 10 back-to-back episodes of the Season 5 premiere of Netflix’s “Orange Is the New Black,” a hacking group calling itself The Dark Overlord is threatening to leak a trove of other unreleased TV shows and movies.

The Dark Overlord (TDO) posted links to the first 10 episodes of the upcoming season of “Orange Is the New Black” show to a piracy website after Larson Studios and Netflix failed to fulfill the group’s ransom demand.
According to Netflix’s website, the season 5 of “Orange Is the New Black” show is scheduled to debut June 9 and supposed to run 13 episodes. But TDO claimed that only the first 10 episodes were available at the time the group gained access to the show.

On Saturday, the group headed on to Twitter and posted links to a Pastebin page, GitHub profile, and the Pirate Bay torrent site sharing Episode 1 of “Orange Is The New Black” season 5 show.
At the time of writing, the Pastebin (
web archive) and GitHub links went down, but the Pirate Bay torrent file remained up, and users have downloaded and shared its content.

10 out of 13 “Orange Is The New Black” Season 5 Episodes Leaked Online

Following the release of Episode 1, TDO posted links to Pastebin and a second torrent file, hosted on The Pirate Bay, which includes episodes 2 through 10 of the season 5 of “Orange Is The New Black.”
According to the Pastebin post, the group released 10 episodes of the show because Netflix didn’t pay a ransom demand.
Here’s what the TDO’s statement
posted on Pastebin (web archive) stated:

“It didn’t have to be this way, Netflix. You’re going to lose a lot more money in all of this than what our modest offer was. We’re quite ashamed to breathe the same air as you. We figured a pragmatic business such as yourselves would see and understand the benefits of cooperating with a reasonable and merciful entity like ourselves. And to the others: there’s still time to save yourselves. Our offer(s) are still on the table – for now.”

In an interview with the DataBreaches.net, the hacking group revealed it managed to steal “hundreds of GBs [gigabytes] of unreleased and non-public media” from the servers of Larson Studios, an ADR (additional dialogue recorded) studio based in Hollywood in late 2016.

The Dark Overlord Demanded 50 BTC

While the group did not reveal its attack method nor how much ransom it demanded, according to a copy of a contract allegedly signed between TDO and Larson, the hacking group asked for 50 BTC ($70,422) by January 31.

But after the studio stopped responding to the group’s email requests in January, TDO turned to Netflix, which also did not pay the ransom either, eventually forcing the group to release the first 10 episodes of season 5 of “Orange Is The New Black” after two months.
Netflix said in a statement that it was “aware of the situation. A production vendor used by several major TV studios had its security compromised, and the appropriate law enforcement authorities are involved.”

The Dark Overlord Threatens to Leak More Shows to the Internet

After releasing all the 10 episode of the unreleased show, TDO threatened to leak other unreleased shows and movies from several other studios in its possession.
The Dark Overlord
tweeted: “Who is next on the list? FOX, IFC, NAT GEO, and ABC. Oh, what fun we’re all going to have. We’re not playing games anymore.”
The hacking group provided a list of unreleased shows and movies (some are released on their scheduled date) it stole from different studios, which includes:

  • A Midsummers Nightmare – TV Movie
  • Bill Nye Saves The World – TV Series
  • Breakthrough – TV Series
  • Brockmire – TV Series
  • Bunkd – TV Series
  • Celebrity Apprentice (The Apprentice) – TV Series
  • Food Fact or Fiction – TV Series
  • Hopefuls – TV Series
  • Hum – Short
  • It’s Always Sunny in Philadelphia – TV Series
  • Jason Alexander Project – TV Series
  • Liza Koshy Special – YoutubeRed
  • Lucha Underground – TV Series
  • Lucky Roll – TV Series
  • Making History ) – TV Series
  • Man Seeking Woman – TV Series
  • Max and Shred – TV Series
  • Mega Park – TV Series
  • NCIS Los Angeles – TV Series
  • New Girl – TV Series
  • Orange Is The New Black – TV Series
  • Portlandia – TV Series
  • Steve Harveys Funderdome – TV Series
  • Story of God with Morgan Freeman – TV Series
  • Superhuman – TV Series
  • The Arrangement – TV Series
  • The Catch – TV Series
  • The Middle – TV Series
  • The Stanley Dynamic – TV Series
  • The Thundermans – TV Series
  • Undeniable with Joe Buck – TV Series
  • X Company – TV Series
  • Above Suspicion – Film
  • Handsome – Film
  • Rebel In The Rye – Film
  • Win It All – Film
  • XXX Return of Xander Cage – Film

The Dark Overlord is a known hacking group that was responsible for cyber attacks on Gorilla Glue and Little Red Door, an Indiana Cancer Services agency. The group also put 655,000 healthcare records lifted from 3 separate data breaches up for sale on the dark web.

 

via: thehackernews

New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic

Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No.


According to the
McAfee Labs, malware attacks on Apple’s Mac computers were up 744% in 2016, and its researchers have discovered nearly 460,000 Mac malware samples, which is still just a small part of overall Mac malware out in the wild.


Today, Malware Research team at CheckPoint have
discovered a new piece of fully-undetectable Mac malware, which according to them, affects all versions of Mac OS X, has zero detections on VirusTotal and is “signed with a valid developer certificate (authenticated by Apple).”

Dubbed DOK, the malware is being distributed via a coordinated email phishing campaign and, according to the researchers, is the first major scale malware to target macOS users.
The malware has been designed to gain administrative privileges and install a new root certificate on the target system, which allows attackers to intercept and gain complete access to all victim communication, including SSL encrypted traffic.


Just almost three months ago, Malwarebytes researchers also discovered a rare piece of
Mac-based espionage malware, dubbed Fruitfly, that was used to spy on biomedical research center computers and remained undetected for years.

Here’s How the DOK Malware Works:

mac-malware.png

The malware is distributed via a phishing email masquerading as a message regarding supposed inconsistencies in their tax returns, tricking the victims into running an attached malicious .zip file, which contains the malware.

 
Since the malware author is using a valid developer certificate signed by Apple, the malware easily bypasses Gatekeeper — an inbuilt security feature of the macOS operating system by Apple. Interestingly, the DOK malware is also undetectable in almost all antivirus products.

Once installed, the malware copies itself to the /Users/Shared/ folder and then add to “loginItem” in order to make itself persistent, allowing it to execute automatically every time the system reboots, until it finishes to install its payload.

 
The malware then creates a window on top of all other windows, displaying a message claiming that a security issue has been identified in the operating system and an update is available, for which the user has to enter his/her password.

 
Once the victim installed the update, the malware gains administrator privileges on the victim’s machine and changes the victim system’s network settings, allowing all outgoing connections to pass through a proxy.

 
According to CheckPoint researchers, “using those privileges, the malware will then install brew, a package manager for OS X, which will be used to install additional tools – TOR and SOCAT.”

DOK Deletes itself after Setting up Attacker’s Proxy

osx-malware

The malware then installs a new root certificate in the infected Mac, which allows the attacker to intercept the victim’s traffic using a man-in-the-middle (MiTM) attack.

“As a result of all of the above actions, when attempting to surf the web, the user’s web browser will first ask the attacker web page on TOR for proxy settings,” the researchers say.
“The user traffic is then redirected through a proxy controlled by the attacker, who carries out a Man-In-the-Middle attack and impersonates the various sites the user attempts to surf. The attacker is free to read the victim’s traffic and tamper with it in any way they please.”

According to researchers, almost no antivirus has updated its signature database to detect the DOK OS X malware, as the malware deletes itself once it modifies proxy settings on the target machines for interceptions.

 
Apple can resolve this issue just by revoking the developer certificate being abused by the malware author.


Meanwhile, users are always recommended to avoid clicking links contained in messages or emails from untrusted sources and always pay extra attention before proving your root password.

 

via:   thehackernews

ISP Brought Down by Warring Malware Families

A battle between two rival families of malware is being blamed for the downtime that a Californian ISP suffered earlier this month.

As BleepingComputer reports, customers of Sierra Tel unexpectedly found themselves without telephone and internet connectivity on April 10.

In a statement issued by the ISP the following day, the blame was put firmly on “a malicious hacking event” that had disabled the Zyxel HN-51 routers in many Sierra Tel customers’ homes.

In a desperate attempt to resolve an escalating problem, Sierra Tel’s affected customers were advised to physically take their broken routers into the ISP’s offices and pick up a replacement. However, supply shortages meant that replacements quickly ran out, and users reliant on an internet connection had to drop off their devices and wait for news that they had been properly repaired.

It took almost two weeks before Sierra Tel felt ready to announce on its Facebook page that it would soon have finished fixing the last of the affected modems:

Now, BleepingComputer reports that the blame for the outage is being put at the door of two warring malware families: Mirai and Brickerbot.

Mirai needs little introduction, having infamously hijacked hundreds of thousands of IoT devices to launch a massive distributed denial-of-service attack last year against Dyn’s domain name system infrastructure.

BrickerBot, however, appears to be the creation of a vigilante grey-hat who goes by the online handle of “Janit0r”. If his claims are to be believed, Janit0r wrote BrickerBot to firstly attempt to fix the security holes on vulnerable IoT devices and – if that fails – adopt what is euphemistically known as Plan B: Brick the devices.

The thinking? A broken device can’t be infected by further malware in the future, and effectively becomes the vendors’ problem to sort out.

You can’t deny that a non-working broadband router is more likely to get the attention of the typical internet user than the standard security advisory.

ICS-CERT warned organizations of the threat posed by Brickerbot earlier this month

Those of you with a long memory may recall that Zyxel broadband routers were also at the centre of an attack which knocked offline customers of the UK Post Office, TalkTalk, Deutsche Telekom, and Ireland’s biggest telcoms provider, Eir, offline last year.

Sierra Tel seems to have worked hard to retain the support of its customers, and to be transparent in its communications about what was going on. But you can’t help but feel that too many ISPs are foisting poorly protected routers onto the public, without properly considering the security implications.

Much of the malware that has been seen impacting IoT devices has relied upon default passwords, or functionality which allows service providers to manage customers’ hardware remotely without restricting such access to, say, the ISP’s own managed network.

My fear is that this won’t be the last time we see innocent people inconvenienced while malware battles for control over their poorly-secured IoT gear.

 

via:   tripwire

Air Force Issues Challenge to “Hack the Air Force”

The Air Force is inviting vetted computer security specialists from across the U.S. and select partner nations to do their best to hack some of its key public websites.

The initiative is part of the Cyber Secure campaign sponsored by the Air Force’s Chief Information Office as a measure to further operationalize the domain and leverage talent from both within and outside the Department of Defense.

The event expands on the DoD ‘Hack the Pentagon’ bug bounty program by broadening the participation pool from U.S. citizens to include “white hat” hackers from the United Kingdom, Canada, Australia and New Zealand.

“This outside approach–drawing on the talent and expertise of our citizens and partner-nation citizens–in identifying our security vulnerabilities will help bolster our cybersecurity. We already aggressively conduct exercises and ‘red team’ our public facing and critical websites. But this next step throws open the doors and brings additional talent onto our cyber team,” said Air Force Chief of Staff Gen. David Goldfein.

White hat hacking and crowdsourced security concepts are industry standards that are used by small businesses and large corporations alike to better secure their networks against malicious attacks. Bug bounty programs offer paid bounties for all legitimate vulnerabilities reported.

“This is the first time the AF has opened up our networks to such a broad scrutiny,” said Air Force Chief Information Security Officer Peter Kim.  “We have malicious hackers trying to get into our systems every day. It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture. The additional participation from our partner nations greatly widens the variety of experience available to find additional unique vulnerabilities.”

Kim made the announcement at a kick-off event held at the headquarters of HackerOne, the contracted security consulting firm running the contest.

“Every business or organization has a finite amount of time and specialized skills necessary to find vulnerabilities within their networks, but when you open them up to such a diverse group you get amazing results at low cost,” said Chris Lynch of the Defense Digital Service (DDS), an organization comprised of industry experts incorporating critical private sector experience across numerous digital challenges.

The competition for technical talent in both the public and private sectors is fiercer than it has ever been according to Kim. The Air Force must compete with companies like Facebook and Google for the best and brightest, particularly in the science, technology, engineering, and math fields.

Keen to leverage private sector talent, the Air Force partnered with DDS to launch the Air Force Digital Service team in January 2017, affording a creative solution that turns that competition for talent into a partnership.

In fact, Acting Secretary of the Air Force Lisa S. Disbrow and Gen. Goldfein visited the Defense Digital Service and Air Force Digital Service in early April to discuss a variety of initiatives the Air Force can benefit from.

“We’re mobilizing the best talent from across the nation and among partner nations to help strengthen the Air Force’s cyber defenses.  It’s an exciting venture, one that will make us better, and one that focuses an incredible pool of capabilities toward keeping our Air Force sites secure,” said Acting Secretary Disbrow.

The DoD’s ‘Hack the Pentagon’ initiative was launched by the Defense Digital Service in April 2016 as the first bug bounty program employed by the federal government. More than 1,400 hackers registered to participate in the program. Nearly 200 reports were received within the first six hours of the program’s launch, and $75,000 in total bounties was paid out to participating hackers.

Registration for the ‘Hack the Air Force’ event opens on May 15th on the HackerOne website. The contest opens on May 30thand ends on June 23rd. Military members and government civilians are not eligible for compensation, but can participate on-duty with supervisor approval.

MasterCard trials biometric bankcard with embedded fingerprint reader

MasterCard is trialling a Chip and PIN bankcard that includes an embedded fingerprint reader, introducing a biometric authentication layer for card payments — and taking a leaf out of the book of Apple Pay et al in the process. The thinking here being: why pay by entering a four-digit PIN when you can stick your thumb on it?

So far the biometric card has been trialled at two locations in South Africa, with additional trials planned over the next few months in Europe and Asia Pacific, according to a spokeswoman, and a full rollout expected later this year.

“We are targeting consumer rollout by end of 2017 through issuers that choose to offer biometric cards,” she told us.

MasterCard is touting convenience and security as the drivers for embedding a fingerprint sensor in plastic bankcards — after all, you can’t shoulder-surf a fingerprint as you can a PIN number. Although the use of contactless payment technology in bankcards (a tech that’s widespread in Europe) already offers a faster (and usually PIN-less) way to make card payments.

That said, there are some security risks with contactless payments, given there’s usually no authentication performed — so there could be an advantage to combining a contactless bankcard with a biometric one that also contains a fingerprint sensor in order to get speedy payments with at least a layer of security. (Although mobile fingerprint sensors have been shown to be spoofable. So the size of the sensor and the process for capturing a user’s print during enrollment are key considerations here.)

In this instance the MasterCard trial bankcard does not include contactless payment technology — but the spokeswoman told us that a future version will include contactless “adding to the simplicity, and convenience at checkout”.

For now, testers are required to insert the card into the POS terminal and then place their finger/thumb on the reader to authenticate the payment, as pictured above (vs entering a PIN into the keypad in the usual way).

The spokeswoman said the card is configured to expect the fingerprint for authenticating a purchase but does still have a PIN as a fall-back. “If the finger is too greasy or sweaty and the biometric doesn’t go through, the cardholder would experience a small delay and then asked to put in their PIN to complete the transaction,” she added. “The PIN also allows cardholders to use the card at ATMs globally.”

One relatively large drawback for the convenience of the biometric card is that the spokeswoman confirmed users are currently required to go to a bank branch in order to register and enroll their fingerprint. (Which is then converted into an encrypted digital template that is stored on the card.) Whereas bankcard users are normally mailed both their card and its PIN through the post so there’s no need to go to a branch to register before being able to use the card.

When asked about this the spokeswoman said MasterCard is “exploring ways to make remote registration possible”. Although again, while remote registration would be more convenient it could also open up the possibility for vulnerabilities with the implementation of the biometric technology — depending on how the fingerprint enrollment is performed.

One thing is clear, global payments giants are taking plenty of inspiration from mobile tech.

“Consumers are increasingly experiencing the convenience and security of biometrics,” said Ajay Bhalla, president, enterprise risk and security, MasterCard, in a supporting statement. “Whether unlocking a smartphone or shopping online, the fingerprint is helping to deliver additional convenience and security. It’s not something that can be taken or replicated and will help our cardholders get on with their lives knowing their payments are protected.”

MasterCard has also previously trialled facial biometrics for payments — launching a so-called ‘selfie pay’ app last October which lets people authenticate an online payment by showing their face to their phone’s camera.

 

via:  techcrunch

Security certificates gone wrong

Some websites, including one secured by the U.S. Department of Homeland Security, fail in their use of security certificates and break the chains of trust.

Security certificates are designed to authenticate hosts. Browsers have become pretty good about understanding chains of authorities, and making users accept the risk when websites can’t prove the chain of authorities needed to verify they are who they say they are.

Sites masquerading as legitimate sites, however, employ sad little tricks, such as “punycode”—URL links embedded in otherwise official-looking phishing emails. These tricks are malicious. There are also sites that should be well-administrated but are not.

Then there are sites, important sites, that botch their own security with certificates ostensibly granted by places such as the U.S. Department of Homeland Security (DHS).

My case in point is a website that explains the U.S. Safety Act. The Act speaks to the practice of offering legal liability protection for products or services that have been certified for anti-terrorism protection.

Any legitimate browser at the moment of this writing, will block you from that site and warn you that the chain of authorities needed to vet the site as protected by SSL/TLS does not exist. The site is untrusted.

safety act security certificate warning

As of this writing, this is the security certificate warning you receive when you go to the U.S. Safety Act website.

A quick trip to DigiCert’s SSL testing site currently reveals that the certificate isn’t signed by a trusted authority despite the fact that the rest of the certificate, which is managed by the DHS, is correct in its implementation.

I do not know if DHS or a contractor enabled the site. I do not know who wrote the site or negotiated its DNS listing. I do not know the authors of the site’s content.

I do know that if someone tested it, they should know instantly that there’s a trust problem with the site and to report it to the salient fixer of such a problem. And if it wasn’t tested, I would not be surprised.

I would be embarrassed to be a security researcher in a country that doesn’t automatically test the veracity of their security infrastructure so frequently that this would appear as a super-red flag.

And I would be embarrassed that after the first time I found this, three weeks ago, that it still wasn’t fixed today.

Is there anybody awake at the guardhouse?

 

via:  networkworld

HipChat Prompts Password Resets Following Server Hack

Group messaging platform HipChat this week prompted users to reset their passwords following a security incident involving one of its servers.

Atlassian-owned HipChat claims that a vulnerability in a popular third-party library used by HipChat.com was at fault, and that the incident affected only a server in the HipChat Cloud web tier. No other Atlassian systems or products appear to have been affected, the company says.

However, to ensure that users’ data remains secure, the company decided to invalidate passwords on all HipChat-connected user accounts. It also sent notifications to those users and provided them with details on how to reset their passwords.

The incident, HipChat Chief Security Officer Ganesh Krishnan reveals, resulted in attackers possibly accessing user account information such as name, email address and password (hashed using bcrypt with a random salt) for all instances (each of which is represented by a unique URL in the form company.hipchat.com). Room metadata such as room name and topic might have also been accessed.

In some cases, messages and content in rooms may have been accessed as well. The company says that, for more than 99.95% of instances, there was no evidence that messages or content in rooms have been accessed.

“Additionally, we have found no evidence of unauthorized access to financial and/or credit card information,” HipChat revealed.

HipChat Server uses the same third-party library, but it has been deployed in a manner that minimizes the risk of this type of attack, the company says, adding that an update will be shared to customers directly through the standard update channel.

“We are confident we have isolated the affected systems and closed any unauthorized access. To reiterate, we have found no evidence of other Atlassian systems or products being affected,” the company notes.

Atlassian continues to investigate the incident and says that it is actively working with law enforcement authorities on this matter.

Owned and operated by Atlassian Pty Ltd, HipChat is a chat platform that aims at providing business users with group chat, video chat, screen sharing and required security in a single app. It brings together services that teams might be using every day, features 256-bit SSL encryption, and also packs cloud integration and synchronization across devices.

In an emailed comment, Michael Patterson, CEO of Plixer International, pointed out to SecurityWeek that this incident once again proves that any tool a manufacturer uses can be abused for compromise.

“HipChat hashes passwords using bcrypt with a random salt, which adds a layer of security, and they reset the passwords associated with effected accounts. In this case the compromise came from a trusted 3rd party, which highlights that threat surfaces for any tool extend beyond the manufacturer themselves,” Patterson said.

He also noted that the compromise of ChatOps tools like HipChat can do a lot of harm within an organization: “ChatOps tools are used to support a DevOps and collaboration culture, meaning that teams of people as well as technology systems are dynamically connected and critical business processes can be automated. When a ChatOps tool becomes compromised, there is a high likelihood that the attacker can suddenly gain access across the most trusted and an important system a company has.”

 

via:  securityweek

Chipotle Reports Suspicious Actvity on POS System

Restaurant chain Chipotle has detected “unauthorized activity” on a network that supports its payment processing for purchases made at its restaurants.

According to Fortune, CFO Jack Hartung told Wall Street analysts during an investor presentation that the company’s payment processing system was hacked. He said: “We want to make our customers and investors aware we recently detected unauthorized activity on a network that supports payment processing for purchases made in our restaurants.

“We will refrain from providing additional commentary now or in the Q&A. We anticipate notifying any affected customers as we get further clarity about the time frames and the restaurant locations that might have been affected.”

He said that Chipotle had implemented additional security measures and were working with a cybersecurity firm, law enforcement and the payment processor to address the matter. It estimated that the incident occurred between March 24 and April 18.

Raj Samani, chief scientist at McAfee, said that whilst it is still unclear how many customers and restaurants were affected, it is imperative that businesses take control of their cybersecurity and introduce efficient security measures long before these hacks actually happen.

“Many customers across the US, Canada and UK will be left wondering today if they have been caught up in this hack and whether or not they have purchased a very expensive burrito,” he said.

“Until Chipotle release additional information, customers will be unsure whether they have been targeted and if their data or money is in the hands of criminals.”

Tim Erlin, Tripwire vice-president, added that while we may have become numb to breaches, criminals continue to target point of sale terminals.

“As long as compromised credit card data continues to be a valuable commodity on the black market, any company collecting or processing valid credit card information will continue to be a high value target,” he said.

“The best advice for companies running point of sale systems is to isolate and lock down the devices as much as possible. Point of sale terminals are typically low change environment; implementing security configurations and closely monitoring for any change can both prevent and detect any potential attacks. These systems should talk to predictable destinations both internally on the network as well as externally on the internet. Carefully monitoring communications for anomalies can help identify successful attacks.”

Javvad Malik, security advocate at AlienVault, said: “The attack against the payment systems highlights that even with PCI DSS controls in place to segment and protect payment networks, companies need to remain vigilant against attacks and have broad monitoring and threat detection capabilities in place that can alert to an attack in a timely manner so that the appropriate response may be taken.”

 

via:  infosecurity-magazine

Apple will return heat generated by data center to warm up homes

A new Apple data center being built in Denmark is focused on returning to the community.

Apple is building a new data center in Denmark, and it has some interesting ideas on how to power the data center with renewable energy, while also giving back to the community.

Excess heat generated by the data center will be captured and returned to the local district’s heating system, which will warm up homes in the community.

The data center in the Jutland region will be partly powered by recycling waste products from farms. Apple is working with Aarhus University on a system that passes agricultural waste through a digester to generate methane, which is then used to power the data center.

The digester reaction turns some of the waste into nutrient-rich fertilizer, which Apple returns to local farmers to use on their fields. It’s a “mutually beneficial relationship,” Apple said in its environment report for 2016, released this week.

The data center in Denmark will be fully powered by renewable energy and won’t put stress on the local grid, Apple said.

Apple is also building a data center in Athenry, Ireland, that will be powered by energy generated by ocean waves. The iPhone maker is supporting the Sustainable Energy Authority of Ireland to develop the new source of energy, the company said.

Apple’s making a major push to be one of the greenest companies on the planet. It’s new corporate headquarters in Cupertino, called Apple Park, will run on renewable energy. The company has cut its use of toxic materials and is also using more recycled materials in its products and packaging.

Apple’s commitment to renewable energy was applauded by activist organization Greenpeace. Samsung, Huawei, and Microsoft now need to catch up, the organization said.

Siri, iMessage and other cloud-based applications are processed at Apple’s data centers. The company has five data centers in the U.S., which are all powered by renewable energy.

The two new data centers in Europe are expected to come online this year. The company is spending about US$1.8 billion to build the two data centers.

Apple also uses colocation facilities worldwide depending on the capacity it needs.

All of Apple’s data centers are operated on renewable energy, and that’s a goal Apple is chasing for all its facilities. About 96 percent of Apple’s facilities worldwide are now run on renewable energy, the company said.

Data centers tend to be the most power hungry tech facilities, and electricity requirements go up as computing moves into the cloud. As servers are saddled with more tasks, the processing requirements go up. As a result, more heat is generated, and Apple has found an innovative way to recycle heat.

Many data centers find ways to recycle heat, while others let the resource go waste. Amazon recycles heat to warm up offices nearby, and other companies recycle the heat to generate hot water.

Iceland and the Scandinavian countries are hot spots to establish data centers because of naturally cool weather and easy availability of hydropower.

 

via:  cio

R2Games compromised again, over one million accounts exposed

Hacker targeted the U.S., France, German, and Russian forums.

Online gaming company Reality Squared Games (R2Games) has been compromised for the second time in two years, according to records obtained by the for-profit notification service LeakBase. The hacker who shared the data with LeakBase says the attack happened earlier this month.

Headquartered in Shenzhen, China, R2Games operates a number of free-to-play, micropayment-driven games on iOS and Android, as well as modern browsers. The company currently supports 19 online games, and claims over 52 million players.

In December of 2015, stretching into July of 2016, more than 22 million R2Games accounts were compromised, exposing IP addresses, easily cracked passwords, email addresses, and usernames.

The company denied the breach reports, telling one customer that “R2Games is safe and secured, and far from being hacked.”

How the data involved with this most recent breach was compromised isn’t exactly clear. The forums impacted (including the U.S., France, German, and Russian variants) are all operating on different versions of vBulletin. Some of these older versions contain known vulnerabilities, based on a passive search of Exploit Database.

The hacker claims all forums were compromised, in addition to the Russian version of r2games.com.

The latest record set includes usernames, passwords, email addresses, IP addresses, and other optional record fields, such as instant messenger IDs, birthday, and Facebook related details (ID, name, access token).

LeakBase shared the most recent records with Troy Hunt, a security researcher and owner of the non-profit breach notification website “Have I Been Pwned?” (HIBP).

Hunt checked the data by testing a small sample of email addresses and usernames against the password reset function on R2Games. Every address checked was confirmed as an existing account. From there, Hunt did some number crunching.

There were 5,191,898 unique email addresses in the data shared by LeakBase. However, 3,379,071 of those email addresses were using mail.ar.r2games.comor mail.r2games.com; and another 789,361 looked generated, as they were all [number]@vk.com addresses.

LeakBase speculates that the r2games.com addresses are the result of registrations from third-party services.

After stripping the questionable addresses Hunt was left with 1,023,466 unique email addresses to load into HIBP. Of this set, 482,074 have been seen before in other breaches, leaving 541,392 new entries for his index – and new notifications for 1,105 subscribers.

When asked about the passwords, Hunt told Salted Hash many of them are MD5 with no salt, but a large number of them have a hash corresponding to the password “admin” and a few hundred thousand others are using the plain text word “sync”.

“The observation I’d make here is that clearly, they don’t seem to be learning from previous failures. The prior incident should really have been a wake-up call and to see a subsequent breach not that long after is worrying. Perhaps the prior denials are evidence that they just don’t see the seriousness in security,” Hunt said, when asked his opinion about the latest R2Games data breach.

Salted Hash reached out to R2Games, but the company didn’t respond to questions. Emails were sent to support, as well as recruiting and sales, on the off chance someone could direct them to the proper resources.

For their part, LeakBase said since this data breach isn’t in the public domain, they will not add the records to their service and it will not be searchable. However, they do plan to email impacted users and inform them of the incident.

HIBP has been updated, and those changes are live now.

If you’re an R2Games player, it might be wise to change your password and make sure the old password isn’t used on any other websites.

Also, keep an eye out for gaming related offers and emails, as well as “notifications” from domains that aren’t related to R2Games itself – as those could be scammers looking to cash-in on the breach. While the hacked data isn’t public yet, there’s nothing preventing the person who shared it with LeakBase from selling it or trading it.

 

via:  csoonline