Weekly News Roundup 23/5/2016

Using flash? STOP IT NOW because hackers love Flash! LinkedIn 2012 breach data is up for sale and some Telstra subscribers are still struggling to get back online.

Zero-day exploit in Flash is “weaponised” within 9 days of discovery.

Patch flash now!

Apple has not supported Adobe Flash for years and the tech community has been advising everyone that listens to drop the aging player. Youtube has even stopped using Flash all together in favour of the new HTML5 web programming language. Why? Because Adobe Flash is constantly exposing users to security exploits and it is such a well known platform that hackers are packaging hacking tools within 9 days of a zero-day exploit being made public.
There are very few remaining (good) reasons that anyone should still be using Flash anywhere so the best form of defence in this case is to simply remove Adobe Flash player from your computer, phone, tablet whatever as soon as possible.

Find the original story on Softpedia here.


LinkedIn 2012 breach goes on sale to hacker community.

linklockYep, it took a while but the user database breach back in 2012 has hit the hacker black market. The breach containing usernames/emails and hashed passwords is up for sale and it has been verified as authentic by LinkedIn themselves. In a recent blog post, LinkedIn advised users to reset passwords and consider using 2 factor authentication.

The breach has exposed well over 100 millon accounts and has also exposed some of the worst passwords (click this link with caution) you could imagine used by professionals.

The passwords were hashed or encrypted using an old SHA-1 algorithm which was dropped because it was discovered that it could be reversed.

In short, if you are using LinkedIn, you should change your LinkedIn password and if you use your LinkedIn password in other places, you should change the password for all those other places too.

Bonus : If you want to check to see if your information has been disclosed in a major breach of other sites, you should go over to https://haveibeenpwned.com/ to see if you need to update passwords for other services.

Aaand some Telstra subscribers are still without internet services after 4 days.

unnamedIf you have been living under a rock, let me bring you up to speed.
Around 19/5/2016 Telstra experienced an outage for NBN and ADSL terrestrial broadband services forcing many customers to wait or find alternative methods for going online. Even after Telstra seemed to have resolved the issue within it’s own network, a large number of subscribers we still having issues with their routers restarting or not being able to connect. Of course, being the largest ISP in Australia having dealt with 3 other outages earlier this year, the Telco had a significant event to deal with. Lots of vocal users and the outage seeming to have an impact on some routers now unable to connect to the internet even after the customary power cycle (turn it of and on again) which usually works.

In some posts in the Whirlpool Forums, some users had success by performing a factory reset on the affected modems others had to go as far as to perform the factory reset via methods usually reserved to field engineers and other technically-minded people.

I have been watching this closely and reporting on the situation while also providing technical comments for various news organisations.

After experiencing iiNet’s great disconnected Christmas, I can feel for Telstra subscribers and let them know that they are not alone and I also recommend businesses to learn from this event and plan for future outages (regardless of who your ISP is, there WILL be more outages) by having a backup plan ready to go.

Here is the latest from WA Today on the outage and here is the latest statement from Telstra.