AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – April 30, 2019

An unauthorized person gained access to a Docker Hub database that exposed sensitive information for approximately 190,000 users. This information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories. According to a security notice sent late Friday night, Docker became aware of unauthorized access to a Docker Hub database on April 25th, 2019. After performing an investigation it was determined that the database contained information for approximately 190,000 users. This information included access tokens for GitHub and Bitbucket repositories used for Docker autobuilds as well usernames and passwords for a small percentage of users.


2 Autonomous vehicles make congestion pricing even more critical

A new study by UC Santa Cruz Professor Adam Millard-Ball in the Journal of Transportation Policy makes a convincing case that self-driving cars will dramatically increase traffic further. Millard-Ball forecasts that the number of cars on the street could grow exponentially as more people are able to take their hands off the steering wheel and just sit back and ride. Furthermore, when not in use, autonomous vehicles need to go somewhere. There are three options: go back home, park somewhere, or circle around. Most likely, these cars will endlessly circle the streets rather than parking and paying fees. The rise in ride-hailing speaks to the need to think about congestion pricing — even more so in light of autonomous vehicles potentially circling the city aimlessly in the years to come — in more dynamic terms.


3 Mozilla: End of Firefox for Android slated for 2020 as Fenix rises

Firefox-maker Mozilla has outlined its transition plan for migrating existing Firefox for Android users across to the new Fenix mobile browser. Fenix has been under development for the past few months, with developers experimenting with a new mobile-friendly interface that is hoped will appeal to younger users. The new browser is also the reason Mozilla hasn't delivered many feature updates to the existing Firefox for Android. A recently published document, spotted by Ghacks, reveals Mozilla's plans for the co-existing Android browsers and how it intends to proceed.


4 Virtual dress-up website settles with the FTC following data breach

On Wednesday, the Federal Trade Commission settled a case with Onixiz, the owners of i-Dressup, an online flash game website dedicated to dressing up virtual dolls and designing clothes. According to the complaint, the website violated the Children’s Online Privacy Protection Act (COPPA) and risked its young users’ data security. i-Dressup operated pretty much like any flash game website you remember from the early 2000s. It featured timeless classics like “Sexed-Up Style,” “Floral Hats,” and the “Feminine Ruffle,” some of which you are still able to play on other dress-up sites that have apparently ripped the games and republished them. COPPA requires companies that provide online services or are targeted to children under 13 to maintain specific privacy standards, like receiving parental consent and providing “reasonable” data security for its young users. The FTC complaint claims that i-Dressup failed the test for compliance on both of those fronts.


5 Unprotected Database Stored Information on 80 Million U.S. Households

Researchers have stumbled upon an unprotected database storing information on the individuals living in roughly 80 million households in the United States. Noam Rotem and Ran Locar of vpnMentor came across the database as part of what the company calls a “huge web mapping project.” The database was 24 gigabytes in size and it was hosted on Microsoft cloud servers. The exposed information includes the number of individuals living in a household, address, geographical location, full name, marital status, age, date of birth, gender, income bracket, homeowner status, and dwelling type. Interestingly, the database only appeared to store data on individuals aged over 40. However, the researchers could not determine who the data belongs to and they have asked for help in identifying the owner. Fields named “member_code” and “score” suggest that it’s owned by a service provider.

Related Posts