Author: Zack Whittaker

Hackers failed to hack into DNC voter database, says security firm

The Democratic National Committee has prevented an attempt to hack into its database of tens of millions of voters. CNN and the Associated Press reported on Wednesday, citing an unnamed party official, that the political organization was warned Tuesday of the attempt. DNC officials reportedly contacted the FBI. A spokesperson for the FBI didn’t immediately return a request for comment. Lookout, a security firm, told TechCrunch that its staff detected a phishing page hosted on DigitalOcean, a cloud computing and hosting giant, which replicated a login page for NGP VAN, a technology provider for Democratic campaigns. In the case of...

Read More

‘Legacy system’ exposed Black Hat 2018 attendees’ contact information

A “legacy system” was to blame for exposing the contact information of attendees of this year’s Black Hat security conference. Colorado-based pen tester and security researcher who goes by the handle NinjaStyle said it would have taken about six hours to collect all the registered attendees’ names, email and home addresses, company names, and phone numbers from anyone who registered for the 2018 conference. In a blog post, he explained that he used a reader to access the data on his NFC-enabled conference badge, which stored his name in plaintext and other scrambled data. The badge also contained a...

Read More

UK phone giant EE fixes bug that let customers gift data for free

EE, the largest phone network in the UK, has fixed a website bug that allowed customers to add an unlimited amount of plan data to their accounts for free. The bug allowed any customer to modify code on the customer’s account page that allows users to “gift” data to linked accounts. Using man-in-the-middle tools like Burp Suite, it was possible to intercept the server request and swap out the recipient’s phone number with their own. By making the phone numbers the same, the system could be tricked into duplicating the data allowance without incurring any costs. It was also possible to gift data to other connected accounts for free. A pseudonymous security researcher who goes by The Infosec Spider contacted TechCrunch with details of the bug, which we reported to EE. The company said in a statement that it fixed the bug within two days, and thanked the researcher. “Our customer data was never at risk as users could only increase the data on their own plan, or another number associated with their account, after they successfully logged into their account,” said an EE spokesperson. But the researcher said that the bug could have been exploited to defraud the phone giant. It’s the second bug affecting EE the security researcher found this year. In May, the researcher found a company code repository online with a default password. In a...

Read More

Animoto hack exposes personal information, geolocation data

Animoto, a cloud-based video maker service for social media sites, has revealed a data breach. The breach occurred on July 10 but was confirmed by the company in early August, and later reported to the California attorney general. Names, dates of birth, and user email addresses were accessed by hackers, but the company said it wasn’t known if data had been exfiltrated. The company also said that users’ scrambled passwords were exposed in the breach, but it wasn’t clear if the hackers gained the private key, which could be used to reveal the passwords in plain-text. The company also...

Read More

Right Now in Politics and Business