Guard The Cloud! (Dropbox 2-Step Verification)

About a month ago, Dropbox, one of the larger cloud storage companies, confirmed that it was indeed hacked. They've now deployed a 2-Step Verification process before allowing any new devices or sessions to access your account. I highly recommend you activate it ASAP if you use their service!

Simply log into your Dropbox web account online

Go to Settings by clicking on your Account name on the upper right hand side of the website

Click on the Security tab

Then scroll down and enable the Two-Step Verification.

Follow the instructions.

Make sure you have your mobile phone handy since Dropbox will send you a verification code. Or if you have an Android or iOS device, you may use an authenticator app and scan the QR Code instead.

This may be a bit of an inconvenience, but it's much better than having your data compromised.

The SOPA Drama Continues...

With the recent SOPA/PIPA debate that's hitting Internet freedom as we know it... Worlds collide as one of the largest cyber battles begins...

The website "Megaupload" was recently shut down by the Department of Justice & FBI. Four of its founders charged with piracy.

Hacker group Anonymous (ie: people you really shouldn't piss off) has just retaliated by launching their largest coordinated DDoS (Distributed Denial of Service, a cyber attack designed to bring down a website) Attack.

Targets: (All sites are down as of the writing of this article. The list will be updated as more reports come in)

1. US Department of Justice
2. RIAA
3. Universal Records
4. MPAA.org
5. US Copyright Office
6. EMI Records
7. HADOPI.FR (French Copyright Site)
8. US FBI site

Click to read Anonymous' statement on the attacks

For those that don't know what this whole SOPA thing is about, I think Jon Stewart can explain it better than I can...

The Daily Show with Jon Stewart
Get More: Daily Show Full Episodes,Political Humor & Satire Blog,The Daily Show on Facebook

iOS Virus

Hacker Charlie Miller has exposed a security flaw in Apple's App Store.  The flaw allows a LEGIT app to secretly download an unsigned, app without the knowledge of the user, or Apple through a backdoor entrance.

Remember, this is a signed, listed, inspected and fully authorized app from the App Store.  The malicious code was not detected by Apple, and the only reason the app was pulled and his dev account cancelled was because he himself announced the presence of his virus in the app that he wrote.

This not only reveals a huge potential security flaw in iOS, but in Apple's App Store model as well.  Any official app could potentially be a trojan horse carrying with it, full remote access to your iPhone/iPod Touch and its contents.

Currently, there is no way of protecting yourself from this type of threat... nor is there any way for the end user to know if any of their apps were actually made with this type of virus built in.

Although technical, this video is a proof of concept showing how he gains remote access into an iPhone that has downloaded the app.

Cupcakes, The New Anti-Terrorist Weapon

James Bond had a new secret weapon.  Cupcakes.  Cupcake recipes to be exact.  Apparently MI6 hacked the first English Al Qaeda website and replaced some of their bomb making instructions with cupcake recipes.  Some even rumored to have "Sugar-Rush Warnings" for those health conscious members.

It is yet unknown whether any member has actually attempted to use any of the recipes in a suicide icing attack.

Source : The Guardian UK

Pwn2Own 2011 : Blackberry 9800 and iOS Hacked

Pwn2own, an annual hacking contest conducted by TippingPoint as a challenge to hack into their newest systems.

Results for 2011 are in and the Blackberry 9800 and iOS 4.2.1 and the new 4.3 fell to hacking exploits via their respective browsers.

What this means is that a hacker can gain access to your address book if you simply visit a website (made by the hacker) designed to take advantage of the vulnerabilities found on the Blackberry 9800 and all iOS 4.2.1 and 4.3 devices.

Vulnerability reports are then given to their respective manufacturers that can use the information to patch and fix glitches in their security.

Although Windows Phone and Android devices were not compromised, it was only by disqualification as the teams that were supposed to hack them never showed up.