OT: Target got got (de facto Bad Cyber Stuff thread)

[dash]

I got scared when I saw the Tiger.

I like how they spelt heinous correctly and misspelt violation.

 

[Comeds]

I like how they spelt heinous correctly and misspelt violation.

Isn't violatuion the English/Canadian spelling?

 

[dash]

Isn't violatuion the English/Canadian spelling?

Good point - How are things in Baltimoure?

 

[Comeds]

Good point - How are things in Baltimoure?

Really bad stourms here earlier but nothing too bad in my immediate area.

 

[dash]

Really bad stourms here earlier but nothing too bad in my immediate area.

Be sure to take care and seek safe harbour my friend.

 

[Comeds]

Be sure to take care and seek safe harbour my friend.

I will, thanks. I think the wourst is over. Hopefully.

 

[forty_three]

Really bad stourms here earlier but nothing too bad in my immediate area.

A friend of mine who is still in Joppatowne (why, I have no idea) posted a photo of where their shed used to be.

Looked like a doozy.


Note: shed is technically still there, just under a tree

 

[puckhead]

Didi got caught

MSN

www.msn.com

 

[forty_three]

Yandex Taxi hack creates huge traffic jam in Moscow | Cybernews

Hackers meddled with ride-hailing service Yandex Taxi to create a two-hour-long traffic jam in the Russian capital.

cybernews.com

lol

 

[forty_three]

Uber investigating 'cybersecurity incident' after hacker claims to access internal systems | CNN Business

Uber said Thursday that it was investigating a "cybersecurity incident" after a hacker shared evidence that they had breached the ride-hailing giant's computer systems with journalists and security researchers.

www.cnn.com

 

[forty_three]

Weird. I have had 2 different recruiters reach out to me about opportunities at Uber.

Sounds like they should have called me 2 years ago.

 

[forty_three]

 

[Comeds]

So you're handing out the fun size?

 

[puckhead]

border got got.
I'm OK with license plate, but wonder what "associated information" would be

MSN

www.msn.com

edit - I'm ok with the associated info as well.
Don't really care if people know that I get my hebrew nationals and bag of gas at 10PM on a tuesday at Point Roberts (lane 1)

It also found the image files included metadata containing the relevant province or state associated with the licence plate, the date and time the image was taken, and the numerical code representing the border crossing site along with lane number.

 

[forty_three]

COTA goes offline after ‘cyber security incident,’ but plans to run buses as normal

COLUMBUS, Ohio (WCMH) — The Central Ohio Transit Authority’s buses are running, but its website is not after its information technology network experienced a cyber security breach. COTA…

www.nbc4i.com

Who hacks a bus? Honestly?


This one caught my attention as well:

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked – Krebs on Security

krebsonsecurity.com

So some hacker decided to breach and attempt to sell the personal information of members of the group where cybersecurity professionals in the private sector share information with the FBI, DHS, Secret Service and law enforcement across the country.

 

[elocomotive]

Who hacks a bus? Honestly?

 

[sbb122]

 

[forty_three]

Researchers Hacked California's Digital License Plates, Gaining Access to GPS Location and User Info (Update)

Just months after release, cybersecurity researchers have hacked Reviver Rplates and gained access to GPS location and sensitive user data.

jalopnik.com

By the way something... who the fuck would buy a digital license plate that gives a third party access to your GPS info in the first place?

 

[puckhead]

Researchers Hacked California's Digital License Plates, Gaining Access to GPS Location and User Info (Update)

Just months after release, cybersecurity researchers have hacked Reviver Rplates and gained access to GPS location and sensitive user data.

jalopnik.com

By the way something... who the fuck would buy a digital license plate that gives a third party access to your GPS info in the first place?

NFT license plates, only $999. a once in a lifetime opportunity.
send paypal to [email protected]



/holy shit, i need to grab that domain.

 

[forty_three]

Not sure if I should put this here or the drives you nuts thread. Playstation players - I have reason to believe the Playstation Network authentication mechanism -INCLUDING TWO FACTOR AUTHENTICATION- has been hacked. You should immediately check:

- The email account you signed up for PSN with and look for password reset emails and requests for codes.
- Your PSN account login attempt locations for anything out of the ordinary. Log out every Playstation and then change your password
- If you use send me a code as your two factor auth method, change it. If you have to use it, (after you change your password and log every console out) disable it and re-enable it. This will give you new offline recovery codes. This is what I think was pwned. Use something PSN doesn't own like Google or Microsoft Authenticator as your 2FA
- Whatever payment method you have linked to PSN, check that account closely for charges for PSN games.

Today, I tried to log in to my Playstation to play a game a bit, I couldn't and noticed I had been logged out of my console. Which I never do. So I went to a web browser to log in, again was said invalid info. I went to reset my password and they said they would text me a code. It never arrived, and I thought that was weird because I defaulted to email and don't think I ever gave them a phone number. So I said to send the code to my email and logged into that email account and saw that my PSN ID had been changed last night around 11:30 AND They disabled and re-enabled my 2 factor auth. I also saw 3-4 requests for second factor code prior to them gaining access to my account. By this morning, they had bought themselves FIFA and Call of Duty.

I know they did not compromise the email account because the auth code emails had not been read, there were no strange login attempts at all. So that means that they somehow guessed the login auth code when sent or brute forced one of the static recovery codes and used that to reset my password. Once in my account they disabled the PIN I had set for all purchases and then locked me out.

I have seen several people complaining about their accounts getting busted even though they use 2FA, and when I contacted Playstation they said their call volume was 4x normal the last few days. They will give me back access to my account as I proved it was mine but the department that does it is backlogged by 48 hours. So the only natural conclusion is those offline codes can be guessed or brute forced.

If it happens to you, save time when you call by having:
- The Serial # of your PS Device
- An order number or a recent transaction, as well as date and amount
- The first 4 and last 4 digits of the payment card you used on your account.

They will temp ban your account and email the email address you specify to regain access to your account.


Also - Playstation doesn't find it odd when after 10 years of logging in from one location, you suddenly login from Algeria.