Security Alerts & News
by Tymoteusz A. Góral

History
#1420 Police seize two Perfect Privacy VPN servers
A few days ago the company informed its customers that two of its servers had been seized by the police in Rotterdam, Netherlands. The authorities went directly to the hosting company I3D and the VPN provider itself wasn’t contacted by law enforcement.

“Currently we have no further information since the responsible law enforcement agency did not get in touch with us directly, we were merely informed by our hoster,” Perfect Privacy says.

Despite losing control over two servers, Perfect Privacy assures its customers that no personally identifiable data is present on the seized hardware. Like many other VPNs, the company maintains a strict no-logging policy.

“Since we are not logging any data there is currently no reason to believe that any user data was compromised,” the VPN provider says.
#1419 US would be 28th In 'Hacking Olympics', China would take the gold
Which countries have the best programmers in the world?

Many would assume it’s the United States. After all, the United States is the home of programming luminaries such as Bill Gates, Ken Thompson, Dennis Ritchie, and Donald Knuth. But then again, India is known as the fastest growing concentration of programmers in the world and the hackers from Russia are apparently pretty effective. Is there any way to determine which country is best?

At HackerRank, we regularly post tens of thousands of new coding challenges for developers to improve their coding skills. Hundreds of thousands of developers from all over the world come to participate in challenges in a variety of languages and knowledge domains, from Python to algorithms to security to distributed systems. Our community is growing everyday, with over 1.5 million developers ranked.
Developers are scored and ranked based on a combination of their accuracy and speed.

According to our data, China and Russia score as the most talented developers. Chinese programmers outscore all other countries in mathematics, functional programming, and data structures challenges, while Russians dominate in algorithms, the most popular and most competitive arena. While the United States and India provide the majority of competitors on HackerRank, they only manage to rank 28th and 31st.
#1418 Kali Linux 2016.2 released as the most advanced penetration testing distribution
The Kali Linux (successor to BackTrack) developers are back from the DEF CON Vegas and Black Hat conferences for security professionals and ethical hackers, and as they promised earlier this year, they're now announcing the availability of Kali Linux 2016.2.

What's Kali Linux 2016.2? Well, it's an updated Live ISO image of the popular GNU/Linux distribution designed for ethical hackers and security professionals who want to harden the security of their networks, which contains the latest software versions and enhancements for those who want to deploy the OS on new systems.

It's been quite some time since the last update to the official Kali Linux Live ISOs, and new software releases are announced each day, which means that the packages included in the previous Kali Linux images are very old, and bugs and improvements are always implemented in the most recent versions of the respective security tools.
#1417 How spy tech firms let governments see everything on a smartphone
SAN FRANCISCO — Want to invisibly spy on 10 iPhone owners without their knowledge? Gather their every keystroke, sound, message and location? That will cost you $650,000, plus a $500,000 setup fee with an Israeli outfit called the NSO Group. You can spy on more people if you would like — just check out the company’s price list.

The NSO Group is one of a number of companies that sell surveillance tools that can capture all the activity on a smartphone, like a user’s location and personal contacts. These tools can even turn the phone into a secret recording device.

Since its founding six years ago, the NSO Group has kept a low profile. But last month, security researchers caught its spyware trying to gain access to the iPhone of a human rights activist in the United Arab Emirates. They also discovered a second target, a Mexican journalist who wrote about corruption in the Mexican government.
#1416 Android patch fixes Nexus 5X critical vulnerability
Google’s Android security team has patched a vulnerability that left Nexus 5X devices open to attack even if the phone’s screen was locked. The vulnerability in Google’s line of phones would have allowed an adversary to exfiltrate data from the targeted phone via a forced memory dump of the device.

Researchers at IBM’s X-Force Application Security Research Team discovered the flaw several months ago and worked with Google on a patch that was deployed recently. Disclosure of the vulnerability was shared by IBM’s X-Force team on Thursday.
#1415 Microsoft adds .NET core, ASP.NET to bug bounty program
Microsoft is stepping up its bug hunting efforts surrounding its Visual Studio development suite, adding Microsoft .NET Core and ASP.NET Core to its Bug Bounty program.

The bounties opened yesterday and will run “indefinitely,” according to Microsoft. The bounty program includes the Windows and Linux versions of .NET Core and ASP.NET Core.
#1414 And the worst passwords from the Last.fm hack are…
Apparently user passwords were stored using unsalted MD5 hashing, which LeakedSource says took two hours to convert into readable plaintext passwords.

While Last.fm’s password encryption left much to be desired, sadly the breached passwords themselves weren’t much better.

The most popular password by far? “123456” – yes, seriously.
#1413 Why identity protection is the next phase in security
Talk to any security expert, and sooner or later the line "It's not a case of if you are hacked, but when" will be trotted out. It's a good line because it is true and demonstrates how perimeter-style security has fallen by the wayside.

But consider the implicit implications of everyone eventually being breached, not as a sysadmin or security specialist, but as a user of services, and you will realise what it means for your personal information.

Whether today, tomorrow, or next year, eventually the personal information you have handed over to third parties is going to find its way online, and there is not a thing you can do to stop it.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12