If you visit shady internet sites from an Apple Macintosh computer, you may have already seen an add from a product called MacKeeper. The researcher in question said:

"I have recently downloaded over 13 million sensitive account details related to MacKeeper, Zeobit, and/or Cromlech." Reddit

He said the information collected includes "names, email addresses, usernames, password hashes, computer name, ip address, software license and activation codes, type of hardware (ex: "macbook pro"), and type of subscriptions."

And he provides this screenshot as proof of his claim :

The sites used encryption but used it badly... The researcher says:

"MD5 with no salt… so very weak hashing"

The moral of the story is be careful what you believe on the internet and where you buy your software from.

Skype disables password reset function

November 14, 2012InfoSecEdward Kiledjian

The interwebs are buzzing about a Skype vulnerability that anyone can use to access your account using only your email address. In response, skype has disabled with password reset page (to protect against the exploit).

The vulnerability is simple and doesnt require any special skills or tools.

You can follow their updates on the Skype heartbeat page.

Security Researcher claims to have downloaded 13M accounts from MAC Scamware apps

Skype disables password reset function

A Little About Me —

Vulnerability