TIME Security

Everything You Need to Know About the Massive Russian Hack

Internet hacking
Getty Images

Russian hackers have stolen 1.2 billion Internet user credentials. Here's what you need to know

News broke late Tuesday that Russian hackers have acquired over one billion username and password combinations, the largest known collection of stolen Internet credentials. It’s a massive number, when you consider that there are 2.9 billion Internet users in the world, and it’s highly likely that many of us have at least one affected account.

How many people have been affected?

It’s difficult to say. We know that a total of 1.2 billion unique username and passwords were stolen, but that doesn’t mean that 1.2 billion people were affected—that’s because many people may have each had multiple account credentials stolen.

We also know that the stolen credentials were linked to over 540 million email addresses, which might be a better measure of the number of people affected. However, some people use fake email addresses, and some email addresses may be out of service. So there’s still a fair amount of uncertainty in the number of people who may have an account or two that are hackable.

But the sheer number of credentials could open the door to many more attacks. And 1.2 billion accounts isn’t a number to sneeze at. It means 1.2 billion internet users’ accounts could theoretically be accessed by a hacker at any time.

Who stole all these usernames and passwords?

The group responsible is a crime ring based in a small city in south central Russia, the region between Kazakhstan and Mongolia, according to a New York Times report. The men who did the stealing are in their 20s, know each other personally (not just online) and there are fewer than a dozen of them. Security experts have dubbed the group “CyberVor,” with “vor” meaning “thief” in Russian.

Who finally figured out this was happening?

A cybersecurity firm called Hold Security discovered the hack. The company has a good track record discovering big data breaches, identifying a large data breach at Adobe Systems in October 2013, and tracking the Target breach in December.

How did the Russian hackers manage to get this much private information?

The hackers used networks of infected computers (known as a botnet) that had a computer virus to scour the Internet for vulnerable websites. Whenever a user on an infected computer visited a website, the computer tested the website to see if it was susceptible to hacking. If it was, the criminals flagged the website, and returned later with a hack called an SQL injection, which reproduces the website’s database contents.

“The botnet conducted possibly the largest security audit ever,” said Hold Security in its blog post.

Will you know if your passwords have been stolen?

There’s a good chance you won’t know if your passwords were taken as part of this heist. If you discover that someone has logged into your account, that’s not a good sign, but it’s unlikely that’d happen.

What are the hackers doing with the passwords?

As of now, the criminals have not sold many of the records online, and instead are giving the information to third parties to send spam on social networks like Twitter. They’re then collecting fees for their work. So far, it doesn’t appear to be a complete disaster for Internet users, but it leaves a lot of people very vulnerable.

What should you do now?

It’s probably a good idea to change your password now. And if you use the same passwords for multiple websites—don’t. Reusing passwords is not a good idea because it makes it that much easier for hackers to get into many of your accounts and access key information like your credit card data. Security experts recommend regularly changing your passwords anyway.

“Individuals should get in the habit of changing their passwords, sort of like doing taxes,” said Carl Herberger, vice president of the security firm Radware. “Time decays any security measure you have in place.”

TIME Video Games

Blizzard Admits World of Warcraft Lost 800,000 Subscribers Since March

Activision Blizzard

The most popular and profitable MMO in history continues its steady decline, but Blizzard president Mike Morhaime says the game's annual revenue is up, not down.

Activision Blizzard is doing very well, according to CEO Bobby Kotick, who trotted out glowing figures during the company’s second quarter earnings call Tuesday, going so far as to raise Activision Blizzard’s full-year outlook. But when Blizzard president Mike Morhaime took his turn on the call, he admitted the company’s juggernaut MMO, World of Warcraft, has continued to hemorrhage subscribers.

The franchise remains “healthy,” he said, according to Seeking Alpha’s transcript of the call, with year-on-year revenue up, but subscribers down sharply in recent months. Here’s Morhaime:

As we mentioned on the previous call, we anticipated fluctuation in subscribership due to seasonality and the fact that the current game content is at the end of its life cycle. And as expected, we did see a decline in subscribers, which mostly came out of the east.

WoW‘s current subscriber number stands at 6.8 million, according to Activision Blizzard. That’s down 800,000 from last quarter, when it stood at 7.6 million — itself a precipitously lower figure than the once-towering 12 million the game commanded at its subscription peak in October 2010. No surprise to anyone (including Activision Blizzard) given the game’s age and shifting platform as well as genre demographics, WoW‘s subscription figures have been dropping steadily since 2010’s close.

The last time WoW‘s base was this low (or high, depending on your vantage): mid-2006, a year-and-a-half after the game’s launch in November 2004. Activision Blizzard expects to arrest that drop this fall, when it releases its fifth (and possibly final) expansion for the game, Warlords of Draenor. According to Morhaime:

This pattern is right in line, percentage-wise, with the drops that we saw at Cataclysm’s cycle in Q2 2012. That drop in 2012 was followed by an uptick in subscribers just ahead of Mists of Pandaria’s launch. So we’re hoping to see players return once we draw closer to the release of Warlords of Draenor later this year.

That uptick brought nearly a million users back to the fold in mid-2012, but the declines began shortly after the last expansion’s release, and by the close of 2012, WoW had lost several hundred thousand subscribers. The game leveled off through most of 2013 in the mid-7-million range, before the sharp drop from 7.6 million to 6.8 million this year.

Again, the claim to pay most attention to is Morhaime’s about year-on-year revenue being up. That’s what matters to investors, less so subscriber numbers. If Blizzard can keep WoW revenues up and deliver profits that surpass expectations, the game’s in no danger of disappearing anytime soon. That said, the clock is ticking for the company to unveil its long-rumored, still-running-silent Next Big Thing, be that a new MMO (the so-called new IP, once codenamed “Titan,” and as of August 2013 developmentally rebooted), or something else entirely.

We’ll know more about Warlords of Draenor next week, August 14 at 12:30 a.m. ET, when Blizzard reveals the expansion’s launch date and first cinematic trailer at the Ace Theatre in Los Angeles. Activision Blizzard says 1.5 million (of the game’s roughly 3 million Western) players have already preordered the expansion.

TIME Video Games

What in the World Is Sony’s PlayStation Gamescom Trailer About?

Sony's tongue-wagging engine ramps up with a mysterious snow-filled teaser trailer ahead of the Gamescom trade fair in Cologne, Germany next week.

Blood and snowflakes and cracked ice, that’s what Sony’s showing in its 10-second Gamescom teaser trailer. Oh, and there’s wind, or the sound of wind anyway, since you can’t actually see currents of air. I’ll make some guesses, then you can make some of your own.

We know it’s a Gamescom trailer because Sony’s hashtagged it #PlayStationGC (the trailer’s another way of getting that ball rolling, though as of this morning, it’s a pretty slow train, chugging along at a handful of tweets an hour). Gamescom takes place next week, August 13 to 17, in Cologne, Germany. Gamescom dwarfs E3, by the way, with hundreds of thousands of visitors annually, compared with less than 50,000 at this year’s E3.

Among the guesses (and mostly wishing thinking): a new God of War, developer Supermassive’s announced but undated horror/adventure Until Dawn, The Last Guardian (because that’s now mandatory in every guess lineup), the next PlayStation console (because people like to be silly), a new Shenmue, Guerrilla Games’ new IP, and last but not least, a port of Frozen: Olaf’s Quest. My money’s on Olaf.

It’s surely not Capcom’s Resident Evil (questionably necessary since it’s already been remade) remake: that game transpires during the summer, so unless Capcom’s ret-conning with a global cooling twist, that’s a nope). Resident Evil‘s also a multi-platform game, and why would Sony tout a non-exclusive? (Which is why the teaser’s probably not a closer look at Assassin’s Creed Rogue, which we’re bound to see at the show anyway.)

My money’s actually on Until Dawn, because unless it’s some totally new IP — and of course it could be that — what else? Until Dawn, whose plot about a bunch of teens spending a wintry night in a log cabin is intentionally B-movie cheese, is the only snow-riddled, sanguinary exclusive that comes to mind. I’m not jazzed about a game that requires use of the PlayStation Move controller to mimic a flashlight, but I’m curious, and it’s been two years since we’ve seen or heard much about Supermassive’s PS4 debut.

TIME Web

Wikimedia Foundation Releases Its First-Ever Transparency Report

The group that oversees Wikipedia received 304 non-copyright related requests to alter or remove content and rejected all of them.

Wikimedia Foundation, the non-profit responsible for Wikipedia, one of the most visited websites on the Internet, says that it received and rejected hundreds of general requests to alter or remove content over the previous two years.

According to the Foundation’s first-ever transparency report released on Wednesday, governments, organizations and individuals primarily in the United States, Germany and Britain made 304 general requests for alterations or removals from its various websites, which include Wikipedia. None of those requests were granted.

According to the report, between July 2012 and June 2014, the Foundation did grant 24 requests, or 41 percent, of the 58 requests to remove content cited for copyright infringement that the Foundation deemed valid. The report also says that the Foundation granted 8 requests, or 14 percent, of the 56 requests for user data, compliant with the Foundation’s terms, which in most cases require a warrant or court order.

“The Wikimedia Foundation is deeply committed to supporting an open and neutral space, where the users themselves decide what belongs on the Wikimedia projects,” the Foundation said in a blog post announcing the release of the report.

The report’s release coincided with the opening of the first stage of Wikimania, the annual conference of more than 2,000 Wikimedia fans and volunteer editors that is taking place in London this week. It also comes as other web giants, including Facebook, Twitter and Google, are increasingly releasing information about their interactions with governments around the world.

“Transparency is a tenet of the Wikimedia movement,” the Foundation said in its blog post. “The transparency report we share today is in furtherance of our commitment to such openness.”

One of the highest profile cases of a request to remove content came last year when a French intelligence agency asked the Wikimedia Foundation to remove an article about a French military base that it said contained classified military information. The Foundation, noting the information was openly available elsewhere, rejected the request and issued a statement about the incident here.

TIME Tablets

These Are the 10 Best Android Tablets of 2014

Samsung

Here's how to choose the best tablet for you

Screen Shot 2014-08-02 at 9.42.33 AM

This post is in partnership with Trusted Reviews. The article below was originally published at Trusted Reviews.com.

By

Are you on the lookout for an Android tablet? The range is vast and varied so we understand it can be a nightmare finding the right one for your needs. So to help you in your search we’ve selected some of the best Android tablets for a number of different scenarios, whether you want the best for a specific budget or you want a tablet that is perfect for your kids or for work.

If you’d like even more advance on what to look for when buying for a new tablet, you should read our Tablet Buyer’s Guide which explains the strengths and weaknesses of each type of tablet and anything else you may need to consider.

If, on the other hand, you know that the iPad Air or a Windows tablet isn’t for you then here’s the place to be.

One of the golden rules when looking at Android tablets is that you should steer clear of cheap no-name models. There are countless of them and they’re almost never worth the money or the effort of using such inferior products.

As for the “best” Android tablet, well there isn’t really one at the moment. What you have is a number of great Android tablets that do some things better than others. What is best for you may be very different from what the person next to you might need.

Click the next arrow to go through and read a bit more about each tablet to find your perfect Android tablet partner.

Samsung Galaxy Tab S 8.4

Originally reviewed by 09 July 2014

Best Android Tablet Overall

Key features:

  • 8.4-inch Super AMOLED screen
  • 16GB storage
  • MicroSD slot

It’s taken some time, but we finally have a tablet to knock the Nexus 7 (2013 edition) off its lofty perch. The 2,560 x 1,600 display on the Samsung Galaxy Tab S 8.4 is fantastic, making it a great place to watch Netflix or BBC iPlayer. The battery life is great and the slim design means it’ll slip nicely into your bag. As we’ve come to expect from Samsung tablets, it still has some not so great software quirks and the fingerprint scanner is not very useful. But if you are looking for an iPad Mini 2 alternative, then this is currently your best option.

Nexus 7 2013

Originally reviewed by 12 August 2013

Best 7-inch Android Tablet

Key features:

  • 7-inch, 1920 x 1200 IPS screen
  • Powered by a reasonably nippy Snapdragon S4Pro quad-core processor
  • Features a 5-megapixel rear camera
  • 16GB/32GB non-expandable

The successor to the brilliant Nexus 7, Google teamed up with Asus once again for the Nexus 7 2 and it’s still one of the best portable Android tablets to own. So, what’s new? Well, the screen resolution has been bumped up to 1,920 x 1,200, the Tegra 3 processor has been replaced with a Qualcomm snapdragon S4 Pro CPU and there’s now a 5-megapixel main camera. It’s more expensive than the original at £199 but it still looks great and offers a zippy performance. The new camera addition is no different from the average rear-facing snappers we’ve seen on other tablets, though.

TIME Google

These Are the 7 Deadly Sins of Googling

Google
Michael Gottschalk/Photothek/Getty Images

Search at your own peril

fortunelogo-blue
This post is in partnership with Fortune, which offers the latest business and finance news. Read the article below originally published at Fortune.com.

By Shalene Gupta and Jake Turtel

Google is a godsend for all of us, from those who stutter and stumble through life to even the most knowledgeable of folks looking to confirm their facts and figures.

A well-placed nugget of information courtesy of Google (or Yahoo, sure, or Bing, but come on—you use Google) can prepare you for a challenging conversation or nervy meeting, and it can display for you, stripped bare, any person’s minor errors and major accomplishments.

But with great power comes great responsibility, and sometimes Google leads us astray. Just this week, New Yorkmagazine wrote that resisting from Googling a potential date is “the new abstinence.” Here are the seven deadly sins that come along with relying too heavily on the G-force.

Greed: When your thirst for knowledge leads to errors

They say fortune favors the well prepared, but when Fortune managing editor Andy Serwer sat down to dinner with Chevron CEO John Watson, preparation backfired. Serwer asked Watson about his position on the board of the San Diego Padres, a factoid he’d picked up doing pre-dinner research on Wikipedia, a page he had been directed to through The Big G. Turns out that’s another John Watson. Oops.

Watson’s team at Chevron has hunted down the original source and the Wiki entry has since been changed, but here atFortune, a vague feeling of betrayal lingers in the air. After all, where would reporters be without Google? But Google gives preference to Wikipedia, and Wiki now hath poisoned our trust. Or at least Serwer’s.

For the rest of the story, please go to Fortune.com.

 

TIME productivity

The Little-Known Trick That Will Transform Your Life

Photo: Shutterstock

Some might call it the ultimate life hack

themuselogo
This post is in partnership with The Muse. The article below was originally published on The Muse.

By Lily Herman

For most of us, our inboxes are the enemy—a bottomless black hole of pain, despair, and sales coupons we can never crawl out of.

And while you can try to auto-file and unsubscribe your heart out, there are just some emails you can’t avoid. You won’t be able to stop your company from sending you all those team reports or keep that annoying publicist from chucking press release after press release at you.

But there’s one type of email you can stop: Follow-up emails.

Think about it: The more emails you accumulate, the longer it takes you to respond to all of them. The longer it takes you to respond, the more follow-up emails people decide to send just to make sure that you have received their messages. Before long, you’re stuck in a vicious, perpetual cycle. If a plethora of people are sending you “Hey, did you get the message I sent yesterday?” emails, could you imagine how much extra space and time is being wasted?

Luckily, there’s a super easy way to cut down on the number of follow-up messages (and potentially just messages in general) you receive: Put an email auto-responder in place—not just when you’re on vacation, but all the time.

Your auto-response doesn’t have to be long or detailed, but a quick “Hi, I’ve received your email and will get back to you when I can!” message may keep the eager beavers at bay.

Need a little guidance for how to format your auto-response? Try out this template to start:


Hi there! This is just a message to confirm that I’ve received your email. It might take me a little while to follow up, but I will in fact get back to you, so hang tight and don’t worry about sending me a follow-up!

Thanks, and have a great day.


Also keep in mind that being more specific with your auto-responder is best. Give people a general timeline of when you’ll get back to them (“I’ll try to reply to business inquiries within three days”), so they know the difference between you being busy and you using an auto-responder as a way to completely avoid your inbox (we don’t recommend doing this, obviously).

In addition, auto-responders are a great way to direct work to other people who may be better suited (“If you’re contacting me about a marketing opportunity, feel free to email [name], our marketing associate, at [email address]”).

Your auto-responder can also be a more unconventional opportunity to engage people. Feeling a little self-promotional? Add a link to one of your social media pages. Want to preemtively answer some questions? Include a fun FAQ of handling some of the things that people most often come to you for. Interested in getting creative? Link to a recent article you found interesting.

Above all though, make sure you’re using your auto-responder as a way to buy time and not an alternative to answering emails (because, surprise: Auto-responders don’t answer messages for you no matter how long you wait).

But by using this approach, you’ll keep unnecessary emails at bay. You’ll keep your contacts happy. And, best of all, you’ll keep inbox dread from creeping into your day.

TIME Apple

Here’s the Secret Nobody Understands About Apple

Apple
Michael Nagle--Bloomberg/Getty Images

Here's what you need to know about the company's amazing new headquarters

fortunelogo-blue
This post is in partnership with Fortune, which offers the latest business and finance news. Read the article below originally published at Fortune.com.

For reasons that would take too long to explain I find myself in Durban, South Africa, this week at a gathering of 6,000 architects from around the world. I haven’t yet found one who likes Steve Jobs’ design for the new Apple headquarters — the Pentagon-sized edifice, now under construction in Cupertino, Calif., that Jobs described as looking a little like a spaceship had landed.

“Does it have to be a spaceship?” asked an official at the American Institute of Architects.

Jobs is not here to answer for his design, but Ed Catmull is.

Catmull, who worked with Steve Jobs for 26 years as president of Pixar and Walt Disney Animation, has written a terrific book called Creativity Inc. that ends with a long chapter about what that collaboration was like.

Jobs famously took a hands off approach to Pixar, sensing that the people there knew more about computer filmmaking and storytelling than he ever would.

For the rest of the story, please go to Fortune.com.

TIME India

In Unpredictable India, Security Services Embrace the Drone Revolution

Members of Sikh community stage a protest demonstration in Jammu against Uttar Pradesh government
Members of the Sikh community shout slogans as they burn tires during a protest in the Indian state of Uttar Pradesh on July 27, 2014. Jaipal Singh—EPA

South Asia's diverse topography, chaotic overpopulation and vast, unplanned cities make drones especially useful

Late last month, a land dispute in Saharanpur, in north India’s Uttar Pradesh state, snowballed into a riot between the local Sikh and Muslim communities, leaving three people dead and injuring over a dozen. Sadly, such clashes are nothing new in this highly polarized state of 200 million. Just last year, communal violence in nearby Muzaffarnagar district claimed 62 lives.

Nevertheless, there was something novel about how this latest bout of violence was addressed. The state’s police called upon a young entrepreneur to help monitor and advise security operations using unmanned aerial vehicles (UAVs), more popularly known as drones.

Within hours, drone cameras were up and running in Saharanpur town, keeping close tabs on the volatile and unfolding situation, even in areas security personnel couldn’t reach by car or foot. This helped direct resources to where they were needed most.

“Some of the roads and streets in Saharanpur — and this is pretty typical of most Indian towns — are so narrow that the forces cannot enter there,” says Ankit Mehta, co-founder and CEO of IdeaForge, which manufactures UAVs in India. “But a drone-assisted camera can easily fly in and monitor the situation for the cops.”

In India, drone entrepreneurs like Mehta have been quick to realize that the nation’s diverse topography, chaotic overpopulation and vast, unplanned cities severely hobble traditional security operations, making airborne technology particularly advantageous.

Drones are now being used for monitoring large public gatherings — such as Ramadan processions in Lucknow, also in Uttar Pradesh, where sectarian clashes last year claimed three lives — which frequently spiral out of control due to large, unwieldy crowds. (India regularly suffers stampede-related tragedies.)

More conventionally, drones have also been used in disaster management. Last year, they played a low-key but invaluable role in relief operations in Uttarakhand, a hilly and inhospitable terrain where flash floods killed thousands and displaced many more.

Another Mumbai-based drone company called Airpix partnered with NGOs to carry out aerial surveillance of the flood-hit areas for rebuilding purposes, better planning and enhanced communications. Airpix also helps the Mumbai police monitor major gatherings including Ganesh Chaturthi, an Indian festival that culminates with hundreds of thousands of devotees ferrying idols to be immersed in the sea, creating traffic gridlock all over the city.

But despite a bevy of humanitarian and public-safety work, the image of drones as instruments of war remains hard to shake off. “The misconception that drones are meant more for destructive purposes seems to still linger around,” says Shinil Shekar, head of sales and marketing at Airpix. “And it is important that people be more educated about their potential civilian applications.”

Even so, India is tipped to be “booming” for micro and mini-unmanned aerial vehicles for both civilian and military use by the U.S.-based Advanced Defense Technologies Inc., which calls the market a “multimillion-dollar business that will grow steadily.”

Certainly, Mehta is confident about the future; IdeaForge currently boasts an annual turnover in excess of $1 million, and Mehta expects this to increase by five or six times this year. “It is a scalable opportunity for indigenous entrepreneurs,” he says.

TIME Security

Russian Crime Ring Said to Steal More Than a Billion Internet Passwords

It's the largest known collection of stolen Internet credentials, according to a New York Times report

A ring of Russian criminals has acquired 1.2 billion username and password combinations, as well as credentials for more than 500 million email addresses, amassing the largest known collection of stolen Internet credentials.

Cybersecurity firm Hold Security discovered that the group gathered confidential material from 420,000 websites, including household names and small Internet sites, the firm said in a blog post. The crime ring, based in a small city in south central Russia, hacked websites inside Russia as well as major Fortune 500 companies abroad, the New York Times reports.

An independent security expert analyzed the database of stolen credentials at the request of the Times and confirmed Hold Security’s claims were authentic.

The Russian crime ring found hundreds of thousands of vulnerable websites and attacked their coding to steal credentials from their databases, Hold Security said.

“[The] hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the chief information security officer of Hold Security told the Times. “And most of these sites are still vulnerable.”

The criminals have been using the stolen information to send spam on social networks like Twitter, collecting fees for their work. However, it has yet to sell many of the records on the potentially lucrative black market.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser