2019-04-19 Random Interesting Shit

Categories Hacker Shit, News Feed Stuff, Security, Security Stuff, Stuff To Learn

Facebook Stored Millions of Instagram Users’ Passwords in Plaintext
https://thehackernews.com/2019/04/instagram-password-plaintext.html
#hackerstuff #HackThePlanet


Unmasked: What 10 million passwords reveal about the people who choose them
https://wpengine.com/unmasked/
#hackerstuff #HackThePlanet


Osmedeus – Fully automated offensive security tool for reconnaissance and vulnerability scanning
https://github.com/j3ssie/Osmedeus
#hackerstuff #HackThePlanet


Hacker Breaks Into French Government’s New Secure Messaging App
https://thehackernews.com/2019/04/france-Tchap-secure-messenger.html
#hackerstuff #HackThePlanet


Apple Boots Developer for Shady App Store Dealings

Categories Apple Dev, Apple/Mac, Information Technology, iTunes, Programming, Security

via E-Commerce Times

An Apple App Store developer has been shown the door for allegedly scamming the system in order to propel his applications to the top of the store’s “Books” category. The operation may have also involved fraudulent charges placed on the accounts of hundreds of iTunes customers. Apple said iTunes’ main servers, where millions of customers’ credit card numbers are stored, were not compromised.

Security experts will tell you that cybercriminals like to hit online operations with large numbers of users. So it shouldn’t be surprising that an unscrupulous individual has apparently been caught lurking in the heavily trafficked Apple (Nasdaq: AAPL) iTunes App Store.

Clues that something was amiss in the App Store surfaced over the weekend when apps by a particular developer — with very few customer reviews or ratings — captured 42 of the top 50 spots in the App Store’s “Books” category. There were also reports of some App Store customers seeing hundreds of dollars in unauthorized charges to their accounts for the purchase of some of these apps. …

Hacking Network Printers

Categories Hacking, Information Technology, Programming, Security

via ironGeek.com

Hack a printer you say, what kind of toner have you been smoking, Irongeek? Well, I’m here to tell you, there’s more that can be done with a printer to compromise network security than one might realize. In the olden days a printer may not have been much of a concern other than the threat from folks dumpster diving for hard copies of the documents that were printed from it, but many modern printers come network aware with embedded Operating Systems, storage and full IP stacks. This article will attempt to point out some of the more interesting things that can be done with a network based printer to make it reveal information about its users, owners and the network it’s part of.

Some of this article may seem a little Black-hat as it concentrates more on the breaking-in than the keeping-out. However I feel this information will be useful to system administrators and auditors so that they know what sorts of things to look out for when it comes to network printers. If you want more advice on how to lock down your network printer visit your vendors web site. A guide from HP is linked at the bottom of this article for your convenience. If nothing else, this article may get you thinking in the right direction.

For my tests I will mostly be using a Hewlett-Packard LaserJet 4100 MFP (Fax/Printer/Copier/Scanner), an HP JetDirect 170x and a HP JetDirect 300X (J3263A) but I will also touch a bit on the Ricoh Savin series of printers lest you think HPs are the only network printers with security problems.

Much of this article will read like a huge brain dump, sort of disorganized and hazy like my mind. It all started as a project for Droop’s Infonomicon TV and it snowballed from there with no specific direction. Bear with me as I clean it up and other folks send me new additions and suggestions to make this article more useful.

The most recent version of this article can be found at: http://www.irongeek.com/i.php?page=security
/networkprinterhacking

FTC Puts Social Nets on Notice With Twitter Smackdown

Categories Information Technology, Security, Social Media, Twitter

via E-Commerce News

The FTC has settled its beef with Twitter over the service’s security practices. Twitter will go on a probation of sorts, and some conditions of the arrangement will remain in effect for 20 years. The charges originated when hackers took advantage of weak passwords the site had been using and gained administrative privileges that enabled them to control accounts and read private messages.

Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard users’ personal information, the FTC announced Thursday.

In what was the agency’s first such case against a social networking service, the FTC charged that serious lapses in Twitter’s data security Planning for the next peak season? Ensure your website is fast, secure and available 24/7. Click here to learn how. practices allowed hackers to obtain unauthorized administrative control of Twitter, including access to nonpublic user information, tweets that users had designated as private, and the ability to send out phony message from any account — including one belonging to Barack Obama, who at the time was the U.S. President-Elect…