Microsoft Reads Your Skype Chat Messages
An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and fishing URLs."
Offshore 3D Printed Gun Blueprint Protector Kim Dotcom Reportedly Deleting Files
3D printed guns are reportedly even too scary for the infamous free-information hacker, Kim Dotcom. After the U.S. State Department demanded that the designer of the world’s first fully printable gun remove the files from his network, New Zealand-based Dotcom committed to keeping them safely online in his offshore legal safehaven. According to New Zealand’s Newstalk ZB website, “The plans were available on Dotcom’s Mega website, but the New Zealand-based entrepreneur asked his staff to delete the public files. Dotcom says he thinks they are a serious threat to security of the community.” We have reached out to Dotcom and will update readers with more information as we receive it. Last week, Texas law school graduate Cody Wilson made global headlines for freely distributing digital blueprints for manufacturing a lethal weapon with a 3D printer. In a mere week, Senator Chuck Schumer called for immediate regulation and the blueprints themselves had been downloaded over 100,000 times. ...
Name.com Resets All Passwords Following Security Breach
An anonymous reader writes "Internet registrar Name.com on Wednesday revealed it was hit by a security breach. The company sent an email to its customers informing them that their usernames, email addresses, passwords, and credit card account information "may have been accessed by unauthorized individuals.""
Honeywords — Honeypot Passwords
CowboyRobot writes "Businesses should seed their password databases with fake passwords and then monitor all login attempts for use of those credentials to detect if hackers have stolen stored user information. That's the thinking behind the 'honeywords' concept first proposed this month in 'Honeywords: Making Password-Cracking Detectable (PDF),' a paper written by Ari Juels, chief scientist at security firm RSA, and MIT professor Ronald L. Rivest (the 'R' in 'RSA'). Honeywords aren't meant to serve as a replacement for good password security practices. But as numerous breaches continue to demonstrate, regardless of the security that businesses have put in place, they often fail to detect when users' passwords have been compromised."
Syria Falls Off the Internet Again
New submitter briancox2 writes with news that all internet traffic from Syria has disappeared. Umbrella Security Labs explains: "Routing on the Internet relies on the Border Gateway Protocol (BGP). BGP distributes routing information and makes sure all routers on the Internet know how to get to a certain IP address. When an IP range becomes unreachable it will be withdrawn from BGP, this informs routers that the IP range is no longer reachable. For example, one of the name servers for the DNS zone .SY is ns1.tld.sy with IP address 184.108.40.206. Normally our routers would expect a BGP route for 220.127.116.11/18. Currently that route has disappeared and we no longer have a way to reach the nameservers for .SY that reside in Syria. ... Currently there are just three routes in the BGP routing tables for Syria, while normally it’s close to eighty. ... Effectively, the shutdown disconnects Syria from Internet communication with the rest of the world."