Cryptocurrency Theft, Spyware in Android Apps, and Dreamhost vs. DOJ – Threat Wire Video Tutorial DreamHost

Sign up DreamHost
Cryptocurrency Theft, Spyware in Android Apps, and Dreamhost vs. DOJ – Threat Wire Video Tutorial DreamHost

Cryptocurrency Theft, Spyware in Android Apps, and Dreamhost vs. DOJ – Threat Wire

Tutorial Hosting
Cryptocurrency is Being stolen With Phone Numbers Dreamhost was Compelled to turn over Data and Android had a slew of Spyware Apps all that Coming up now on threat wire Greetings I am Shannon Morse and This Is threat wire for August 24th 2017

Your Summary of The Threats To our Security Privacy and Internet Freedom i’m Officially Back After A really Quick Trip to Oregon for The Eclipse I am two Days Late I know This I realize this but I have got your Weekly Security News if you

Have not, Checked out our Patreon yet Please do so we have tons that, We want to do for this Show but? We can’t do it Without your support patreon.com slash Threat wire is the place to support the Show and now Onto the News?

So first off Crypto Currency Big Thanks to Deci Matrix for Setting in Two Stories for Today’s Show Remember Patrons You Can Post your Favorite Stories on the Community Tab on our Patreon Page to be Featured

We tell Time and Time Again using TWo-Factor Authentication for your online Accounts Specifically Calling on users to use? Applications Wherever Possible Instead of Phone Numbers due To not Only TWo-Factor Authentication but Also Account Recovery tools Commonly using SMS and Phone Calls to verify your Identity

It’s Probably Worth noting that a Phone Number Is not Necessarily secure in 2013 1038 Incidents Occurred and Were Reported Where an Attacker was able to gain Control of a person’s Online Accounts by Calling Their users Cell Phone Carrier and

Transferring Control of the Phone Number To a new Phone and Since then This is increased in 2016 to two Thousand Six Hundred and Fifty-Eight and will Probably Continue To climb Recently Attackers Have Started using This Technique to steal Money from Virtual Currency Wallets the New York Times Reported on A Virtual Currency

Customer Named Mr Burniske who had The equivalent of One Hundred and Fifty Thousand Dollars stolen from his online Virtual Currency Account Attackers Can Call Verizon At&T T-Mobile Whoever and Use social Engineering plus a little bit of personal

Information on the Customer to get the Carrier to transfer the Phone Number on an account to a new Device and sim card And by doing so the Attacker Can then use Account recovery tools online on some Websites to get Verification

Code Sent to Their new Device Instead of the Customers and the Customer Would no longer Have Access to any Verification Codes They Would Normally Receive Via Text Or Phone Call Cell Phone Providers Need To Train Employees on Better Security Protocols to verify users and Add Stricter

Implementations on Accounts Such as pin Codes or Phone Passwords and Make Sure That They Train Their Employees to Make Sure They have Those Phone Passwords Any Time They Call in Some Virtual Currency Sites Such as, Coinbase has Recommended That users Delete Their Phone Number from Their Account. Virtual Currencies

Unfortunately do not have the Same insurance or coverage that Banks do and your Once your money Is stolen from an Account it Cannot Be Reversed About 10 Days ago Dreamhost Which Is an La-Based Website Hosting Provider Posted A blog Regarding A search Warrant that they Had Received from the department of Justice

Requesting Information About Visitors To disruptj20.org Which Is a Website Created to organize Political protests against the current us government Administration The Search Warrant Requests Information on the Website the Owner The Visitors Information Includes Messages Records Files Logs Database Records Subscriber Information Such as Names and Addresses and Telephone Numbers and Email Addresses

Any Kind of Business Information any Kind of Payment Information Session Information and Any other Information Dreamhost May have on Hand About Individuals that were Part of a july 20th protest and Orb riots The search warrants vague Requests Amounts to over 1.3 Million Visitors to the site in Question

Dreamhouse Ended Up Challenging The Request and They, were First turned Down With the doj Filing Motion in Washington Dc To Compel the Company to Comply Dreamhouse Work, Closely with, the e ff to Keep, individuals Privacy Just that

Private About A week later Dreamhost Worked in Washington with the doj to Narrow the Scope of Information Requested To Exclude Any Kind, of http Access like Visitor ips and Any unpublished Media From the Site Dreamhouse biggest Concern With the Case

Was that The Government Would be Data on Thousands of Users who Simply Visited the site? Using the Fourth and First Amendment rights as Backing Judge Morin of the superior court of Washington Dc Is Enforcing the doj Motion to Compel Dreamhost to Comply With Turning, over Data but that

Also Amended the request to the much Narrower Scope of Information per Dreamhost demand now While dream House Does have to give up some Information The Court Is also forcing the doj to Comply With Including Names of Government officials who will have Access to

Data The Data Must be Overseen by the court it must be Justifiable as A part of the warrant and the doj cannot Share Info With Any other Agency and Any extra Information that is Deemed Unnecessary to the warrant will

Also be sealed Now of Course the government Could Still issue A warrant on the sealed Data as Well According to a legal Brief by the us attorney 4Dc Channing Phillips The government Had No Interest in The ip Addresses of 1.3 Million Visitors According to the Document as

Well The government Didn’t even Know when it got the Warrant what it was Asking for? How did They not know After Being Alerted by Researchers at lookout Google Pulled over 500 Applications from its Google Play Store for Potentially Having Spyware Installed Via A Backdoor in total the Apps were downloaded, over

100 Million Times and all of them used the Same Software development kit I’m Probably Going to Pronounce This Wrong but I’m going to call it Igexin. The Apps Would connect to an ad Network that Would serve up targeted Ads to

Individual users Based on Their interests it’s pretty Common and it’s great Revenue for Applications Unfortunately The Chinese Firm Igexin SdK could, also Upload Spyware Through A Backdoor at any Time Without Notifying the user Spyware Installed Could Steal Call Information Gps Locations Wi-Fi Network Information and Even More

Applications included Games Weather Apps Internet Radio Photo Editing tools and Camera Applications Now Look out does Believe that publishers at the Application Did not know of the SdK Problems and as Such Is not Publishing A list not all of The 500 Applications Had, Installed Spyware but They

Did Have the Potential to do so via the SdK while Application developers May not know of the Issue Any Application using the Igexin Advertising development kit as Part of Their Code Could be Susceptible as Spyware was Loaded from any Jackson Controlled Server this Is not the first

Savvy Spyware That We have Seen on Android and it Is not going to be the last Google is working to protect Customers Better Via Google Play Protect and users Can, also Consider using A

Mobile Antivirus Application to Detect Issues Thank you again to all the fine and Wonderful People out There who Contributes patreon.com slash Threat wire you are the Reason that We can Keep on Bringing you News every Single week Any Little bit Helps us Grow

The Show and of Course in Return You get Access to a bunch of extras on Patreon including The RsS for The Audio Feed as Well as Behind the Scenes extras We might even Feature your Adorable Fur Baby in an Upcoming Episode?

Just Like These Ones Check out the Perk Levels on Patreon and Thank you so much again for Helping us keep this Show Completely Independent and Ad Free it’s Really Appreciated and it does Help Us fund the

Incomplete Project of this Show and of Course if You cannot Donate you can hit that subscribe Button you can Share This Episode on your Favorite social Media Page and use the hashtag threat wires so that We can See it and With that I’m Shannon Morse I will see you on the Internet?
Hak5 – Cybersecurity Education, Inspiration, News and Community since 2005: ____________________________________________ Cryptocurrency is stolen with phone numbers, Dreamhost was forced to hand over data, and Android had a ton of spyware apps. It's all coming to ThreatWire now. —————- Shop: http://www.hakshop.com Support: http://www. patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our website: http://www.hak5.org Contact us: http://www.twitter.com/hak5 Threat Wire RSS: https : //shannonmorse.podbean.com/feed/ Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999 Help us with translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ ——————————– Links: https ://www.nytimes.com/2017/08/21/business/dealbook/phone-hack-bitcoin-virtual-currency.html http://nationalpost.com/news/world/how-hackers-are-hijacking- mobile-phone-numbers-to-grab-wallets http://thehill.com/policy/cybersecurity/346544-dreamhost-claims-doj-requesting-info-on-visitors-to-anti-trump-website https:// www.dreamhost.com/blog/we-fight-for-the-users/ https://www.dreamhost.com/blog/narrowing-the-scope/ https://www.dreamhost.com/blog/a- win-for-the-web/ https://www.dreamhost.com/blog/wp-content/uploads/2017/08/DH-Search-Warrant.pdf https://www.dreamhost.com/blog/wp -content/uploads/2017/08/DH-DOJMotiontoShowCause.pdf https://assets.documentcloud.org/documents/3939670/8-22-17-US-Reply-Brief-DreamHost.pdf https://www.cnet .com/news/feds-pare-back-demands-for-data-from-anti-trump-protest-site/ https://arstechnica.com/tech-policy/2017/08/feds-drop-demand-for -1-3-million-ip-addresses-that-visited-anti-trump-site/ https://thehackernews.com/2017/08/android-spyware-malware.html https://www.android.com/ play-protect/ https://arstechnica.com/information-technology/2017/08/500-google-play-apps-with-100-million-downloads-had-spyware-backdoor/ https://blog.lookout. com/igexin-malicious-sdk Youtube thumbnail source: http://maxpixel.freegreatpicture.com/static/photo/1x/Bitcoin-Crypto-Currency-Electronic-Cyber-Finance-2057405.jpg -~-~~- ~~ ~-~~-~- Please watch: “Bash Bunny Primer – Hak5 2225” https://www.youtube.com/watch?v=8j6hrjSrJaM -~-~~-~~~-~~ -~- ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We achieve this through our award-winning educational podcasts, leading pentesting equipment, and an inclusive community – where all hackers belong.
#Cryptocurrency #Theft #Spyware #Android #Apps #Dreamhost #DOJ #Threat #Wire


https://i.ytimg.com/vi/Zeq35AKFh3I/hqdefault.jpg

Related Items

How to Set Up Email on Your iPhone (IMAP and SMTP over SSL) Video Tutorial DreamHost
How to Set Up Email on Your iPhone (IMAP and SMTP over SSL) Video Tutorial DreamHost
DreamHost Tutorial – How to Add a Domain Name on DreamHost (Tamil) – Part 3 Video Tutorial DreamHost
DreamHost Tutorial – How to Add a Domain Name on DreamHost (Tamil) – Part 3 Video Tutorial DreamHost
How to use the Filezilla FTP client to upload your website files Video Tutorial DreamHost
How to use the Filezilla FTP client to upload your website files Video Tutorial DreamHost
How to Create a Professional Landing Page in WordPress for FREE ✅ Effective Landing Page 👌 Video Tutorial DreamHost
How to Create a Professional Landing Page in WordPress for FREE ✅ Effective Landing Page 👌 Video Tutorial DreamHost

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

Lost Password