Search the Community

Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet after NICE Systems, a third-party vendor, mistakenly left the sensitive users’ details open on a server. Chris Vickery, researcher and director of cyber risk research at security firm UpGuard, discovered the exposed data on an unprotected Amazon S3 cloud server that was fully downloadable and configured to allow public access. The exposed data includes sensitive information of millions of customers, including their names, phone numbers, and account PINs (personal identification numbers), which is enough for anyone to access an individual's account, even if the account is protected by two-factor authentication. NICE Systems is an Israel-based company that is known for offering wide-range of solutions for intelligence agencies, including telephone voice recording, data security, and surveillance. According to the researcher, it is unknown that why Verizon has allowed a 3rd party company to collect call details of its users, however, it appears that NICE Systems monitors the efficiency of its call-center operators for Verizon. The exposed data contained records of customers who called the Verizon's customer services in the past 6 months, which are recorded, obtained and analyzed by NICE. Interestingly, the leaked data on the server also indicates that NICE Systems has a partnership with Paris-based popular telecommunication company "Orange," for which it also collects customer details across Europe and Africa. Vickery had privately informed Verizon team about the exposure in late June, and the data was then secured within a week. Vickery is a reputed researcher, who has previously tracked down many exposed datasets on the Internet. Just last month, he discovered an unsecured Amazon S3 server owned by data analytics firm Deep Root Analytics (DRA), which exposed information of more than 198 Million United States citizens, that's over 60% of the US population. In March this year, Vickery discovered a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) which was also left unsecured on Amazon cloud storage server for anyone to access. In the same month, the researcher also discovered an unsecured and publicly exposed database, containing nearly 1.4 Billion user records, linked to River City Media (RCM). In 2015, Vickery also reported a huge cache of more than 191 Million US voter records and details of as many as 13 Million MacKeeper users. Via thehackernews.com

Pack contine mailuri din: - Australia - Bellsouth.net - Bigpond.com - Games - Gmail - Italy - Latvia - Luxembourg - Malaysia - Marketing - Mexico - Music - Netherland - New Zealand - Norway - Pakistan - Paraguay - Peru - Poland - Portugal - Retele sociale - Rusia - Singapore - Spain - Sport - SUA - Sweden - Switerland - Taiwan - Tanzania - Telstra.com.au - Tonga - Turkey - UK - United Arab Emirates - Venezuela - Verizon - Vietnam Download: https://www.sendspace.com/file/dtbvbp PS: Cine vrea site-ul de unde sunt luate sa ma contacteze, nu las numele site-ului ca se considera reclama

Microsoft files lawsuit against Verizon IP seeks damages for hundreds of suspicious Windows 7 activations from a Verizon IP address Verizon has incurred the wrath of Microsoft for allegedly activating hundreds of copies of Windows 7 illegally. In a lawsuit filed at a Washington court, the Seattle-based company has asked the court to let it serve a subpoena on Verizon to force the Internet provider to identify those behind a two-year scheme that supposedly logged hundreds of suspicious product activations from a Verizon IP address and is now seeking damages. In its 29 year history, Microsoft’s Windows operating systems have been pirated millions number of times. On some levels, it is a practice that Microsoft has accepted with regular consumers largely trying to keep away from the company’s aggression. However, the same cannot be said of those pirating the company’s products on a commercial scale. According to documents filed with a U.S. District Court in Seattle last week, Microsoft targets individuals behind a single IP address 74.111.202.30, which was the origin of the Windows 7 product activations. Microsoft will not be able to find who are responsible for this serious Windows pirating, unless Verizon provides the subscriber name or names for that address. Microsoft said “Microsoft seeks leave to serve a Rule 45 subpoena on Verizon Online to obtain subscriber information associated with the infringing IP address at the time of the alleged acts of infringement.” “As part of its cyberforensic methods, Microsoft analyzes product key activation data voluntarily provided by users when they activate Microsoft software, including the IP address from which a given product key is activated,” the lawsuit reads. Microsoft says that its forensic tools lets the company to examine billions of activations of Microsoft software and identify patterns “that make it more likely than not” that an IP address connected with activations is the one through which pirated software is being activated. Currently, the address is established with Verizon FIOS, the Internet provider’s broadband service. These activations have features that on facts and belief, indicate that Defendants are using the IP address to activate pirated software. In a complaint filed on April 28, Microsoft laid out its case, naming a series of “John Does”, as it had not been able to find the real names of the alleged culprits. Microsoft said “The infringing IP address has been used to activate hundreds of copies of Windows 7,” using stolen or illegal activation keys. Some of the keys had been stolen from its supply chain, others were keys appointed for OEMs but instead used by an unauthorized party, and still more were legit keys that were used more than it was allowed for. One of Microsoft’s primary anti-piracy technologies is Product activation and it depends on the unique 25-character code allocated to each copy of the operating system. Customers and OEMs activate Windows by connecting to Microsoft’s servers. “Based on the volume and pattern of their activation activity, on information and belief, defendants appear to consist of one or more commercial entities that subsequently distributed those systems to customers who, on information and belief, were unaware they were receiving pirated software,” the complaint read. Microsoft examined the incoming product activations from the single source, and deduced that the “activation patterns and characteristics … make it more likely than not that the IP address associated with the activations is an address through which pirated software is being activated.” Senior Paralegal at Microsoft in an affidavit asserted that the pirates had been operational for “at least the past two years.” Once Microsoft is able to identify the people responsible for the IP address, it plans to sue them for copyright and trademark infringement, deceptive practices, treble damages and attorney fees or, alternatively, statutory damages. Sursa: http://www.techworm.net/2015/05/microsoft-wants-verizon-to-hand-over-names-of-suspected-windows-pirates.html

A critical vulnerability discovered in Verizon's FiOS mobile application allowed an attacker to access the email account of any Verizon customer with relative ease, leaving almost five million user accounts of Verizon's FiOS application at risk. The FiOS API flaw was discovered by XDA senior software developer Randy Westergren on January 14, 2015, when he found that it was possible to not only read the contents of other users' inboxes, but also send message on their behalf. The issue was discovered while analyzing traffic generated by the Android version of My FiOS, which is used for account management, email and scheduling video recordings. Westergren took time to put together a proof-of-concept showing serious cause for concern, and then reported it to Verizon. The telecom giant acknowledged the researcher of the notification the same day and issued a fix on Friday, just two days after the vulnerability was disclosed. That's precisely how it should be done - quickly and efficiently. Microsoft could learn a lot more from Verizon, as Microsoft wasn't able to fix the security flaws in its software reported by Google’s Project Zero team even after a three-month-long time period provided to the company. One-after-one three serious zero-day vulnerabilities in Windows 7 and 8.1 were disclosed by Google’s security team before Microsoft planned to patch them. The FiOS API flaw, actually contained in the application’s API, allowed any account to be accessed by manipulating user identification numbers in web requests, giving attackers ability to read individual messages from a person’s Verizon inbox. According to the security researcher, the vulnerability even allowed attackers to send email messages from victims’ accounts and found and exploited further vulnerable API calls. "It was my suspicion that all of the API methods for this widget within the app were vulnerable. My last test was sending an outgoing message as another user [which was] also successful," Westergren wrote. The problem has been fixed by the telecom giant, so there is no need for users to worry about it. Verizon rewarded Westergren with a year's worth of free internet. "Version's (corporate) security group seemed to immediately realize the impact of this vulnerability and took it very seriously," Westergren said. Source

A critical vulnerability discovered in Verizon's FiOS mobile application allowed an attacker to access the email account of any Verizon customer with relative ease, leaving almost five million user accounts of Verizon's FiOS application at risk. The FiOS API flaw was discovered by XDA senior software developer Randy Westergren on January 14, 2015, when he found that it was possible to not only read the contents of other users' inboxes, but also send message on their behalf. The issue was discovered while analyzing traffic generated by the Android version of My FiOS, which is used for account management, email and scheduling video recordings. Westergren took time to put together a proof-of-concept showing serious cause for concern, and then reported it to Verizon. The telecom giant acknowledged the researcher of the notification the same day and issued a fix on Friday, just two days after the vulnerability was disclosed. That's precisely how it should be done - quickly and efficiently. Microsoft could learn a lot more from Verizon, as Microsoft wasn't able to fix the security flaws in its software reported by Google’s Project Zero team even after a three-month-long time period provided to the company. One-after-one three serious zero-day vulnerabilities in Windows 7 and 8.1 were disclosed by Google’s security team before Microsoft planned to patch them. The FiOS API flaw, actually contained in the application’s API, allowed any account to be accessed by manipulating user identification numbers in web requests, giving attackers ability to read individual messages from a person’s Verizon inbox. According to the security researcher, the vulnerability even allowed attackers to send email messages from victims’ accounts and found and exploited further vulnerable API calls. "It was my suspicion that all of the API methods for this widget within the app were vulnerable. My last test was sending an outgoing message as another user [which was] also successful," Westergren wrote. The problem has been fixed by the telecom giant, so there is no need for users to worry about it. Verizon rewarded Westergren with a year's worth of free internet. "Version's (corporate) security group seemed to immediately realize the impact of this vulnerability and took it very seriously," Westergren said. Source.

The number of subpoenas, total orders and warrants that the United States government delivered to Verizon all dropped in the second half of 2014, according to the company’s latest transparency report. The giant telecom provider released data on Thursday that showed a decrease in subpoenas of about 10 percent from the first half of last year to the second half. The volume of pen register and trap and trace orders fell by a little less than 10 percent, and the number of warrants served on Verizon by law enforcement also dropped from 14,977 to 13,050. Verizon officials said in the report that the company received between 0-999 National Security Letters during the second half of 2014, the same range it reported for the first half of the year. The government only allows companies to report the number of NSLs they receive in bands of 1,000. The volume of wiretap orders that Verizon receives remained virtually unchanged from 2013 to 2014, falling slightly from 1,496 in all of 2013 to 1,433. In addition to releasing the data on government orders, Verizon officials also said that the company has been working on privacy issues throughout the past year. “While much of our work to protect our customers’ privacy is done behind the scenes, in the past year we took public positions on issues of significance to our customers. We’ve opposed the United States government’s position that it could issue a search warrant to obtain customer emails stored in a Microsoft server in Ireland. We have a particular interest in this issue as we provide cloud computing and data storage services to business customers around the world, including many non-U.S. customers in data centers outside the United States,” said Craig Silliman, executive vice president and general counsel. “Although Verizon has not received any warrants from the U.S. government for our customers’ information stored in our overseas data centers, we filed briefs in courts and worked with Senators on a bill (The LEADS Act) to help defeat this overreach by the U.S. government. We also continue to support legislation that will add privacy protections to the Foreign Intelligence Surveillance Act (FISA) statute, including ending bulk collection of communications data.” In terms of secret orders from the Foreign Intelligence Surveillance Court, Verizon said it received between 0-999 FISA orders in the first half of 2014. Those orders targeted between 3,000-3,999 customer selectors, meaning that Verizon definitely received some non-zero number of FISA orders. The government makes companies wait six months before reporting FISA data, so the numbers from the first half of last year are the most recent information Verizon can publish. Source