Stolen Uber Customer Accounts Are for Sale on the Dark Web for $1 Each
A username and password is all you need to access a user's trip history, which may include personal details such as a home address. While full credit card information is not exposed, the last four digits and expiration date of the user's card are viewable in a user's account.
Motherboard received a sample of names and passwords available and verified that at least some of the accounts were active by contacting those users. The data includes names, usernames, passwords, partial credit card data, and telephone numbers for Uber customers. [...]
"Work[s] perfect," was the feedback left by one customer; "speedy delivery" was from another. [...]
It's unclear where the data came from or the scale of the breach. These logins may indicate that Uber's security was hacked or compromised somehow, although the company says it has found no evidence of a breach. [...]
This isn't the first time that Uber has had data leak in some form. As many as 50,000 of its drivers may have had personal details exposed. Uber said that in September 2014 one of the company databases "could potentially have been accessed by a third party," according to Slate, and Uber said that only the drivers' names and license plates could have been accessed in that breach. The twist is that Uber reportedly left the key for that database on a publicly accessible page on Github.
In another incident, Uber accidentally left part of its internal lost and found database -- which included driver and customer names and some numbers -- public on the open internet.
Editor's note: Our legal team asked us to advise you, dear reader, that buying stolen login info from the internet is illegal and you should definitely not do that, so don't.
It's ok, I'm sure The Market will take care of this.
Oh wait! The Market has taken care of this!
Previously, previously, previously, previously.
The Citizens' Committee To Preserve The San Francisco Municipal Pipe Organ
San Francisco's Exposition Organ is one of the last remaining vestiges from the Panama-Pacific International Exposition of 1915. Considered a prime example of the art of symphonic organ building, this 40-ton treasure has been heard by hundreds-of-thousands of people and has played a pivotal role in San Francisco's musical culture for almost 100 years. [...]
In 1989, the Loma-Prieta earthquake damaged the organ rendering it inoperable. The Exposition Organ was removed for repairs and now fully restored is ready to be erected and heard again by citizens and tourists alike. [...]
The near fully-restored Exposition Organ is a 40-ton instrument with an 800+ square foot footprint. It's sonic field needs a room with several million cubic feet of space as its soundboard. Finding a suitable location large enough and accessible for public enjoyment is a big challenge.
The Armory is a great choice for a location, just based on the opportunity for "pipe" and "organ" jokes alone...
Dear Lazyweb, is there a WordPress poll plugin that you like?
There are a bunch of them, but the thing I'm most worried about is, which one is least likely to open up a gaping security hole in my site?
The fact that there are a bunch of them makes me suspect that many folks have considered writing a poll plugin to be their "learning experience", and with PHP, that does not augur well for security.
Hoping for: polls are inline in a post (not a sidebar); questions are multiple choice, boolean, numeric-range; multiple questions in a single poll; authenticate in the same way as posting a comment (in other words, not overly concerned about ballot-box-stuffing).
Livejournal did this pretty well.