Posts Tagged with "news"

HipChat was attacked, some data may have been leaked

Posted by Stanislav Furman on April 23, 2017

On Monday April 24, 2017 the HipChat Security team has advised their users that there was a security incident detected which affected a server in the HipChat Cloud. The incident lead to a leak of some account information such as names, email addresses and hashed passwords. For a small number of instances (less than 0.05% according to HipChat), messages and content in rooms may have been accessed too. 

HipChat automatically reset user passwords for those accouts that they believe were affected and some users were asked to update their passwords manually.

In their statement the HipChat team assured that no other of Atlassian services were affected:

Continue reading

Worst passwords ever

Posted by Stanislav Furman on February 14, 2017

In 2016-2017 pretty much all media were talking about hacking that happened during the US presidential campaign (did it actually happened or not - that's a different story). You can see many articles in the Internet and in paper books about how it is important to have a strong password. Seems like everybody should know this now. However, security professionals regularly meet passwords that are ridiculously unsafe.

Guys from Keeper Security, authors of the Keeper Password Manager, have compiled a list of the most commonly used passwords involved in data breaches in 2016. According to this blog post, these unsafe passwords are using in about 50% of 10 million password that were analyzed! Mostly, there are no surprises. People still use passwords like "password", "123456", "qwerty", etc.  Nevertheless, there are some interesting examples such as  “18atcskd2w” and “3rjs1la7qe”. Those passwords seem relatively strong, right? It seems like those passwords were created by bots for spam or flood activities and those passwords were used over and over in different sites.

Continue reading

Gitlab has lost it's database and realised they have no backups

Posted by Stanislav Furman on February 9, 2017

There was an interesting news just in the end of January 2017.

On January 31th, 2017 Gitlab accidentally deleted their production database (git repositories were not affected though). 

What happened. For some reason, replicatation started lagging (PostgreSQL). One of the Gitlab employee some tried to fix the problem by playing with different settings but it did not help. Then, at some point, that employee decided to delete everything and rebuld the replica again. He (or she) tried to delete the folder with the replica data, but mixed up servers and removed the folder on the master (rm -rf on did instead

It could have been not as bad but they realised they had no backups:

Continue reading

Russian hackers steal 1.2 billion user credentials. Is this true?

Posted by Stanislav Furman on August 6, 2014

News agencies reported yesterday and today that a group of Russian hackers has stolen a huge number (1.2 billion!) of usernames and passwords using a botnet. This is apparently could be the largest collection of stolen user credentials in the history (if this fact is actually truth).

According to the news, the theft was discovered by an american security company called Hold Security. They did not disclose exactly what web sites have been attacked, but it was mentioned that it is a number of websites from small to big ones.

I am scratching my head trying to understand two things: 1) How did they discover this theft? 2) How do they know that it was Russian group of hackers?

Continue reading

Ebay asks its users to change passwords

Posted by Stanislav Furman on May 21, 2014

Ebay asks its users to change passwordseBay Inc., the world's largest Internet auction site, just reported a successful attempt of a hacking attack on its servers. Hackers gained access to that part of the eBay database, where website users store their password hashes. The company's specialists claimed that personal data and financial information remains inaccessible to hackers - that type of data is kept separate and well encrypted.

According to the preliminary investigation, the results of which were published on the corporate blog, the attack happened in late February / early March of this year. Hackers gained access to stored user names, password hashes, emails, home address and phone numbers, as well as dates of birth. 

It's been reported that within next 24 hours eBay users should receive an official notification with information about the attack and recommendations on how to reset password on all eBay websites where the user has used the same password.

PHP NG, significant speed-up features coming in PHP 6

Posted by Stanislav Furman on May 15, 2014

Some exciting and promising coming changes in PHP 6 or 7 have been anounced recently by Dmitry Stogov from Zend. A detailed article has been postd here

Briefly, Zend is working on PHP NG (next generation) which will bring better performance and better memory management. According to Dmitry, the PHP application execution typically takes a significant part of the execution time dealing with memory allocations, and that affects PHP performance significantly as well.

I spent a significant amount of time experimenting with JIT, and even created a PoC of transparent LLVM based JIT compiler embedded into OPCache. The results on bench.php was just amazing – (0.219 seconds against 2.175 – *10 times speedup of PHP 5.5*), but on real-life apps we got just few percent speedup., - says Dmitry in his report.

According to his tests PHP developers can gain up to 20% more requests per second (in case with Wordpress for example).

So far it looks like upgrading to PHP NG should be painless (that's the idea). However, some of PHP extensions wil might require some "massage".

Looking forward to test the new PHP 6. Or maybe 7? ;)

Huawei introduces the Ascend P7, its new flagship Android phone

Posted by Stanislav Furman on May 7, 2014
The Ascend P7 from Huawei is going to compete with its rivals from Samsung and Apple.

Apple has iWatch already in production, report says

Posted by Stanislav Furman on April 30, 2014
Sources claim that Apple has already start production on iWatch

RIP Nokia? Microsoft renames Nokia to Microsoft Mobile

Posted by Stanislav Furman on April 21, 2014
Bye-bye, Nokia! Hello, Microsoft Mobile! The end of Nokia?

Next generation USB plug will finally be smaller and reversible

Posted by Stanislav Furman on December 5, 2013
USB 3.0 plug will be smaller and reversible. Finally!