Hackers publish stolen PayPal login credentials
Posted on 28 June 2011.
LulzSec has been assimilated back into Anonymous, but their AntiSec campaign keeps going.

It seems that their final wish has been granted for now, and other hacking groups continued the work they have started.

If you take a look at the AnonymousIRC Twitter feed, you can see a number of links offering data dumps from Anguilla, Brazil, Zimbabwe and Australian government servers and a couple of links to "wild leaks". Among all of them is a link to Pastebin posts containing more than 150 MySpace and fifty PayPal login credentials.

SC Magazine Australia reports that they have contacted the group behind those data dumps and that they claim they have harvested that information by sniffing it out from insecure wireless networks set up in US restaurants and stores.

The group calls itself D3V29, and they say that they manage to do this by using a sniffer software they built themselves. But Lucian Constantin points out that it is doubtful they gathered the credentials in this way - especially when it comes to PayPal credentials.

"There is one problem with this theory though — PayPal uses HTTPS for login, and so do most modern websites. This ensures that passwords are not transmitted in plaintext form," he says. "It is more likely that these hackers used phishing or a trojan to steal the login credentials than a WiFi-based attack."

The group has confirmed that their action was a way to join the Operation AntiSec. In the meantime, their Twitter feed has been downed and they have been asking for Bitcoin donations. Somehow it doesn't strike me as an auspicious beginning.


DMARC: The time is right for email authentication

Posted on 23 January 2015.  |  The DMARC specification has emerged in the last couple years to pull together all the threads of email authentication technology under one roof—to standardize the method in which email is authenticated, and the manner in which reporting and policy enforcement is implemented.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Jan 26th