Patrick Kennedy

A dump called "Collection #1" has been released by parties unknown, containing email addresses and cracked passwords: in its raw form, it contains 2.7 billion records, which Troy "Have I Been Pwned" Hunt (previously) de-duplicated to come up with 773 million unique records -- of those 140,000,000 email addresses and 10,000,000 passwords have never been seen in the HaveIBeenPwned database before.

Collection #1 appears to have been created by cracking lots of online services of every size and description and subjecting their passwords to guessing programs that undid the hashing of millions and millions of them. It's the kind of database that is of great use to "credential stuffers" who just throw known-good login/password combinations at services they want to attack until they get in.

The dump is on "a popular hacking forum" (having previously been available on Mega, the cloud service). It's a folder with 12,000 files totalling 87GB.

Hunt has ingested this dump into the Have I Been Pwned? database, and you can search it to see if your credentials appear in it.

Pretty darn serious! While it doesn't appear to include more sensitive information, like credit card or Social Security numbers, Collection #1 is historic for scale alone. A few elements also make it especially unnerving. First, around 140 million email accounts and over 10 million unique passwords in Collection #1 are new to Hunt’s database, meaning they’re not just duplicates from prior megabreaches.

Then there’s the way in which those passwords are saved in Collection #1. “These are all plain text passwords; if we take a breach like Dropbox, there may have been 68 million unique email addresses in there but the passwords were cryptographically hashes making them very difficult to use,” says Hunt. Instead, the only technical prowess someone with access to the folders needs to break into your accounts is the ability to scroll and click.

Hack Brief: An Astonishing 773 Million Records Exposed in Monster Breach [Brian Barrett/Wired]

(Image: Cjp24, CC-BY-SA)

As the about page says, "This website provides a beginner’s checklist for staying safe on the internet." It shows you how to use a password manager, create a strong device passcode, use two-factor authentication, set up a mobile carrier PIN, encrypt your devices, freeze Your credit, use 1.1.1.1 for DNS resolution, use a virtual private network, use a privacy-first web browser, use a privacy-first search engine, use a privacy-first email provider, review location, camera, and other sensitive device permissions, review and remove metadata attached to photos you share, review your social media privacy settings, use encrypted messaging apps when sharing sensitive information, and educate yourself about phishing attacks (because none of the above matters if you fall prey to phishing).

Image: KenoKickit/Shutterstock

Political pranksters extrodinaire the Yes Men (previously) have printed a satirical edition of the Washington Post announcing that Donald Trump has abdicated and volunteers have fanned out across DC (where Trump is universally loathed) to distribute copies to all and sundry: you can follow their adventures at the #ByeBye45 hashtag.

Documentarian Arlen Parsa had a key realization: slowing Trump down to half-speed "reveals how often times his logic is indistinguishable from that of a drunk person."

my favorite way to listen to the president is slowed down to 1/2 speed because it reveals how often times his logic is indistinguishable from that of a drunk person: pic.twitter.com/EJPy3t6Axv

— Arlen Parsa (@arlenparsa) January 4, 2019

JWZ adds: "As a bar owner, I can corroborate this."

(Image: Ad Meskens; Trump's Hair)

News alert from Promobot: "A self-driving Tesla Model S hit and destroyed an autonomous Promobot the robot model v4 in Las Vegas in a car accident. The incident took place at 3000 Paradise Rd, Las Vegas."

How we respond to the rules of the road offers insight into being human.

This year's hot -- and controversial -- holiday toys are Hasbro's Yellies, a line of plush spider-like ("Spooders) creatures that move faster when you scream at them.

The toys are creating quite a kerfuffle with parents who think the toys are a bad idea.

One mother shared that her son was scared of the toy and that it actually fed off her kid's "screams of terror":

...Being the mother of a naturally loud and boisterous kid, I thought it would be the perfect Christmas present... well I couldn’t wait for Christmas. So I crack it open tonight, and get a good look at it. I test it out. I’m amazed at how powerful the little motor is... how fast the little legs move... how its creepy little eyes glow a lovely shade of radioactive green. So I call Leo in. He looks at it, cocks his little head to the side. And then, obviously, I yelled at it. The spider ran for it. Leo starts screaming... the louder he screams, the faster the spider pursued him. He runs. And this is when we discovered the fun little feature in which the spider has a tendency to stop abruptly... pause for a couple seconds... spin in several erratic circles... and then turn towards wherever it senses sound... and take off in that direction. More screaming. Spider runs faster. Leo is backed into a corner as murder glows green in the eyes of little “Skadoodle.” So, in short, maybe a little electronic spider thats power source feeds off of screams of terror... is not the best Christmas gift for your small child. 10 years from now we’ll be discussing this in therapy.

Collect'em all!

(Business Insider)

image via Hasbro

Duke is cruising at home against Clemson tonight, and Zion Williamson is taking advantage of the blowout to test the more extreme possibilities that playing basketball holds. First, he attempted a three—he’s gone 4-for-21 from behind the arc over 13 games—and barely grazed the bottom of the net.

Read more...

A gentleman stylishly dressed from head to toe in identity-concealing attire found a bicycle parked at a police station. The bicycle did not belong to him, and it was locked, but the man wished to take the bike for himself so he went to work on the lock with a bolt cutter. A few seconds later, a police officer emerged from the station and arrested the chagrined lad.

Longtime pro wrestling interviewer “Mean” Gene Okerlund died today, WWE announced. He was 76.

Read more...

This is quite the feat. Twitter user @pilotviruet's mom crocheted them a playable Monopoly game blanket. Color me impressed!

The Trump administration is advising people who work for the federal government, who are not getting paid due to Trump's stupid government shutdown tantrum, to literally *barter with their landlords* and offer to paint or do labor in exchange for partial rent.

Yes, really.

OPM is the federal agency that oversees federal workers.

Their advice for the 800,000 furloughed workers who are on day 7 with no pay: Try bartering for your rent.

The link in the tweet above provides sample letters in *.doc form (super insecure!) that furloughed workers are advised to mail to their landlords, if they can't make their rent payments.

One of these sample letter templates suggests barting handyman services in exchange for rent money.

"I would like to discuss with you the possibility of trading my services to perform maintenance (e.g. painting, carpentry work) in exchange for partial rent payments," the letter states.

No word on whether trading sex or other illicit services is off the table, because honestly, we all gotta sleep somewhere right?

The letter also asks landlords if they would consider reducing rent because of the government shutdown.

OPM also tells furloughed workers to "consult with your personal attorney" if they need legal advice when dealing with creditors.

More at CBS News.

[IMAGE: Two men with children, being evicted, stand with their possessions on the sidewalk, circa 1910, on the Lower East Side of New York City. George Grantham Bain, BAIN NEWS SERVICE, via LOC. About]

Navigating the topic of death with a young child can be a difficult, traumatic experience for parents, especially if the topic is broached by the sudden loss of a loved one. Trying to explain death to a kid because they watched Santa Claus pass away right before their eyes? That's a higher level of awful.

According to The Moscow Times, a group of kindergarteners from Siberia were celebrating the season with a Christmas party, attended by Santa or rather, one of the jolly old fellow's Eastern European iterations, Ded Moroz. A bit of background: Ded Moroz, which translates as Father Frost, was originally celebrated/feared in pre-slavic lore as a wizard or a snow demon, and over the centuries became a central figure in the region's celebrations of the New Year and Christmas.

Anyway, back to the awful.

As part of a school play, Ded Moroz, played by 67-year-old Valery Titenko, danced his way across the stage, until he didn't. Dressed in Ded Moroz's long red, fur-fringed coat, Titenko suffered a heart attack and fell to the ground.

From the Moscow Times:

The group of kids apparently thought that Titenko’s fatal collapse was part of his skit and began giggling. A woman dressed as a clown who was also part of the skit noticed Titenko’s fall and rushed to help him.

Titenko was rushed to the hospital but died before he could get there.

According to The Moscow Times, Titenko was aware of his poor health and had been feeling dreadful earlier in the day. Despite this, he decided that showing up as Ded Moroz was the thing to do. If he'd canceled his appearance, the kids would have been disappointed.

Image via President of Russia Website

A New Jersey high school wrestler was reportedly told by a referee with a history of racist behavior to cut his dreadlocks or forfeit his match during a competition Thursday.

Read more...

The first time Diana Rowland decorated her lawn with inflatable dragons, a gift from her husband, it was on Halloween. The holiday decor was a success. But this year, when she dressed them up in garland and Santa hats and set them out as Christmas dragons, the holiday decor was suddenly offensive. She got a letter from an anonymous neighbor who wondered if Rowland was in a demonic cult, and asked Rowland to please take them down.

“YOUR DRAGON DISPLAY IS ONLY MARGINALLY ACCEPTABLE AT HALLOWEEN. IT IS TOTALLY INAPPROPRIATE AT CHRISTMAS. IT MAKES YOUR NEIGHBORS WONDER IF YOU ARE INVOLVED IN A DEMONIC CULT. PLEASE CONSIDER REMOVING THE DRAGONS. MAY GOD BLESS YOU AND HELP YOU TO KNOW THE TRUE MEANING OF CHRISTMAS.”

Our dragon holiday display got fan mail! (And apparently the "true meaning of Christmas" involves judgmental bullshit?) pic.twitter.com/7NLZKkEW2x

— Diana Rowland (@dianarowland) December 15, 2018

So, rather than get bullied by a judgmental neighbor who is too cowardly to state who they are, Rowland did what any happy mutant would do: she added more dragons to her holiday collection.

An update to yesterday's tweet re the letter I received from an anonymous, judgy-mcjudgyface neighbor who disapproved of my dragon display and asked me to consider removing them: I have added more dragons. pic.twitter.com/OxsFQs5yQ1

— Diana Rowland (@dianarowland) December 16, 2018

According to The Washington Post:

The story of Rowland’s decision — admirable defiance to some, pettiness to others — has apparently struck a nerve.

The tweet was viewed millions of times, retweeted and commented on until it drew headlines as far away as countries like Germany, France, and Mexico. It made a roundup of news on The Wild Hunt, which bills itself as a website about “modern pagan news & commentary.”

“Apparently this resonates with a lot of people, having a weird, judgy neighbor,” Rowland said in a phone interview with The Washington Post. “Everyone has that story of the crazy neighbor or the pushy neighbor, the one who sends passive-aggressive notes about where you should put your garbage. And yes, now I have stood up to that person.”

Making the move from “He’ll flip ya; he’ll flip ya for real” to “Swiper, no swiping,” THR confirmed today that Benicio del Toro, of all people, has signed on for a starring role in James Bobin’s Dora The Explorer movie. Fresh off murdering the shit out of a whole bunch of people in the latest Sicario film, del Toro…

Read more...

Russell Walks' astounding and vast collection of licensed, retro-styled Star Wars propaganda posters are also available in postcard form.

A gentleman arriving from Guyana was caught at JFK Airport attempting to smuggle 70 live finches hidden inside hair rollers. He was sent home without his birds, which he was planning to enter in a high-stakes underground singing contest.

From the New York Times:

On Saturday, 70 live finches were discovered in the black duffel bag of a Guyanese citizen who, like the other smugglers, was believed to be bringing them to the United States to participate in underground singing contests. Gamblers set the birds against each other and place bets on their chirping skills.

A winning male finch with a good pedigree and track record can sell for up to $10,000, according to a United States Fish and Wildlife Service investigation nicknamed Operation G-Bird.

“They bet on how many times the finches will chirp in a minute, which finch chirps the most,” Anthony Bucci, a spokesman for United States Customs and Border Protection in New York, said on Wednesday.

Image: United States Fish and Wildlife Service / US Customs and Border Protection

State-owned TV network Russia-24 ran a story about an impressive humanoid robot named Boris that wowed attendees at a youth technology conference. Turns out, Boris the Robot was actually a man inside a commercially-available, high-end robot costume. From The Guardian:

A photograph published by MBKh Media, the news agency founded by the Vladimir Putin opponent Mikhail Khodorkovsky, appeared to show the actor in the robot suit ahead of the forum on Tuesday in Yaroslavl, a city about 150 miles north-east of Moscow.

The organisers of the Proyektoria technology forum, held each year for the “future intellectual leaders of Russia”, did not try to pass off the robot as real, the website reported.

But whether by mistake or design, the state television footage did just that. “It’s entirely possible one of these [students] could dedicate himself to robotics,” an anchor reported. “Especially as at the forum they have the opportunity to look at the most modern robots.”

"Katamari" is the Japanese word for "clod" or "lump," and people familiar with the Katamari Damacy video game franchise know that the object is to created a giant clod of stuff by rolling it around like a snowball, picking up increasingly larger objects over time.

Reroll is a new Katamari Damacy game for the Nintendo Switch and it looks like fun. I'm going to get it and I'll let you know what I think.

Image: Nintendo

Movie premieres are typically boring, stuffy things. While it’s no doubt exciting for the cast and crew of a new film to celebrate the public unveiling of their hard work, the press coverage of famous people getting their pictures taken in nice clothes is usually pretty boring.

Read more...

Taylor Swift used facial recognition technology at her live performances so that technicians running the system could then check those face scans against a private database of her stalkers.

The company that provided the scanning and analysis service appears to be this event counterterrorism division of Oak View Group, which has received a fair amount of press.

Part of the reason they've been in the press so much: all the deadly attacks at big entertainment events around the world lately.

There is now big demand for serious security at live events the size of a Taylor Swift concert. There have been so many bombings and mass shootings at music concerts over the past year to even remember without Googling. Fear of being killed at a music concert is something people factor in to the decision to buy tickets and go to live events. The demand for security is real.

So is the potential for misuse and abuse of the technology, including by third parties -- hackers, foreign enemies, who knows.

Steve Knopper at Rolling Stone:

Taylor Swift fans mesmerized by rehearsal clips on a kiosk at her May 18th Rose Bowl show were unaware of one crucial detail:

A facial-recognition camera inside the display was taking their photos.

The images were being transferred to a Nashville “command post,” where they were cross-referenced with a database of hundreds of the pop star’s known stalkers, according to Mike Downing, chief security officer of Oak View Group, an advisory board for concert venues including Madison Square Garden and the Forum in L.A.

“Everybody who went by would stop and stare at it, and the software would start working,” says Downing, who attended the concert to witness a demo of the system as a guest of the company that manufactures the kiosks. (Swift’s reps did not respond to requests for comment.)

Despite the obvious privacy concerns — for starters, who owns those pictures of concertgoers and how long can they be kept on file? — the use of facial-recognition technology is on the rise at stadiums and arenas, and security is not the only goal.

Read the rest.

Winnipeg-based artist and designer Rocky Bergen makes detailed papercraft of vintage computers, game systems, and electronics that you can print out, cut, and fold for yourself.

The most elaborate are his Commodore 64 models — complete with 1701 monitor, 1541 disk drive, VicModem, MPS 801 Printer. Upgrade it with some flashy cracktro screens and a couple bootleg floppies.

Not a Commodore fan? Rocky also recreated the Apple II, Amstrad CPC 464, GameCube, and Conion C-100F boombox.

With very slight alterations, these would make some pretty great Christmas ornaments. Print ’em out and get folding!

You can subscribe to Rocky’s blog, or follow him on Twitter or Instagram. Thanks, Rocky!

Following a unanimous vote from the league’s board of governors on Tuesday morning, the NHL has approved an expansion franchise for the city of Seattle, set to play in a renovated KeyArena. According to TSN, the team will begin play in the 2021-22 season.

Read more...

For just £2 you could own this remote-controlled boat sculpture that was once featured at Banksy's Dismaland. That is, if you guess its weight correctly. Banksy has donated the coin-op artwork to go into a raffle to benefit Choose Love, a store where you can buy gifts for refugees. An entry into the raffle is a £2 donation.

Here are the rules:

Your guess should be to the nearest gram (for example a guess of about 5 kilos could be 4800g). You can even specify milligrams if you're feeling confident. Closest guess wins the boat (the wooden plinth is not included in the weight guessing).

Competition closes 8pm GMT December 22nd 2018. At which time the boat will be weighed by specialist students from Kings College London. The winner will be notified by email. In the event of more than one correct guess the winner will be drawn by lot.

Guesses not limited per person. All money donated goes directly to supporting refugees and displaced people. The organisers reserve the right to small print etc.

Need a clue? The boat is constructed from a shop bought fibre glass hull customised with quick-cast resin figures which are foam filled and hand spray painted. Although the prize includes battery pack, that is not currently in the boat.

Boat dimensions: 90cm x 38cm x 42cm.

Enter here.

(Cool Hunting)

Genius.

“How to save your hair in the winter.” Original art by IMGURian shenanigansen.

Art: @shenanigansen

(via, Photograph: Shutterstock)

Stayed at a Starwood hotel in the last five years or so? Every one of you and more—as many as 500 million people, says owner Marriott—are implicated in what would be the second-largest hack of all time.

The company said Friday that credit card numbers and expirations dates of some guests may have been taken. For about 327 million people, the information exposed includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences. For some guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.

Yahoo holds the record, with 3bn accounts breached. The only other breach in the same league as these would be the 412m accounts dumped from Adult Friend Finder. Marriott and Starwood merged two years ago, but open season at Starwood's servers apparently continued until September this year.

Jurgen Klopp’s emotional sideline outbursts have almost become commonplace since he became Liverpool’s manager in 2015. But the German displayed a new level of excitement during his team’s 1-0 win over Everton. Divock Origi took advantage of a goalkeeping mistake from Jordan Pickford, and broke the 0-0 deadlock…

Read more...