PATREONItems tagged with Hacker
It’s great that there are folks out there who look for exploits and vulnerabilities and then let companies know about them before ne’er-do-wells have a chance to perform malicious actions, but one hacker made himself something of a nuisance early this week by doing just that. According to CNN Money, Turkish hacker Ibrahim Balic was testing a vulnerability he discovered on Google’s Developer Console when he crashed Google Play. Developers were unable to post new apps and updates. The crash occurred on Sunday and extended into Monday. After Google fixed the problem, Balic tested the vulnerability again--and crashed Google Play again. He told CNN Money that he expected the exploit...
Read more...
We've all fantasized at one point or another of standing in front of an ATM as it mistakenly shoots out cash, showering us in money. Famed computer hacker Barnaby Jack actually made it happen in 2010 during a demonstration at the Black Hat conference. Called "jackpotting," he demonstrated the vulnerability on two separate ATMs on stage, both spewing out cash at a rapid clip. It's what he'll perhaps be best remembered for, though Jack's contributions went beyond helping ATM makers secure their money dispensing boxes. More recently, he discovered vulnerabilities in medical devices, such as pacemakers and insulin pumps, and was scheduled to give a presentation at Black Hat next week on how it's...
Read more...
Pretty much everything that connects to the Internet is hackable--the exciting but vulnerable “Internet of Things”--but if we’re lucky, security researchers discover most of the vulnerabilities and exploits and help manufacturers patch them before cybercriminals make hay with them. Such is the case with Google Glass and Lookout Mobile Security. The Lookout Mobile Security folks identified a vulnerability in Google Glass wherein they could use a malicious QR code to hack the spectacles. Basically, as Google Glass “looked around” and took photographs, it scanned a QR code; however, that QR code was malicious and forced Google Glass to connect to a nearby WiFi hotspot...
Read more...
Two security researchers from iSEC, Tom Ritter and Doug DePerry, have demonstrated the ability to hack into Verizon Wireless’ femtocells and spy on Verizon users with a simple wireless antenna. They say that they can intercept people’s phone calls, text messages, picture messages, and even data. The team used a software vulnerability in the femtocells (which are readily available from Verizon) to perform the hack, although they have opted not to reveal how exactly how they did to prevent others from exploiting the same vulnerability. However, they will demonstrate the process at the Black Hat conference and Def Con conference in Las Vegas soon. For its part, Verizon says...
Read more...
Ubisoft announced that it was hacked, and some user account information including usernames, passwords (even encrypted ones), and email addresses were compromised. “We recently found that one of our Web sites was exploited to gain unauthorized access to some of our online systems,” wrote the company in a blog post. “We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems.” The company’s Uplay service was not hacked; rather, the attack targeted some if its online systems. Ubisoft says that despite the information...
Read more...
The Internet is an amazing place. But, increasingly, it's a place filled with peril and pitfalls, particularly if you're hosting something of value. International cybercrime has found itself in the spotlight of late, and now Microsoft is making a concerted effort to help curb it. Microsoft has just announced that it is working lockstep with leaders in the financial services industry, including the Financial Services – Information Sharing and Analysis Center (FS-ISAC), NACHA – The Electronic Payments Association, the American Bankers Association (ABA) – Agari, and other technology industry partners, as well as the Federal Bureau of Investigation. Why? Glad you asked. It has successfully...
Read more...
Speaking of Google Glass and hacking, the new $1,500 spectacles, which are as yet only available to a select group of “Explorers”, have already been hacked. Tweets from Liam McLoughlin (also known as Hexxeh), who works for Google on the Chrome side of things indicate that he found a way to do it, and although he doesn’t say for sure that he rooted the specs yet for fear of breaking them. He did, however, tweet that he found a debug mode that seems to give him ADB access, and a reboot-loader offers a way to root the device through fastboot OEM unlock. Jay Freeman (@saurik) doesn’t think that the fastboot OEM unlock necessarily offers root access, but he’s definitely...
Read more...
Here’s one more thing you can fret about: Security evaluator ISE has discovered that a number of popular SOHO routers and WiFi access points are vulnerable to hacking. The firm calls the vulnerability a “critical security” problem, which is to say that a remote hacker could take over a router and change configuration settings or a local hacker could also skip the authentication process, and in both cases, the hacker would be able view and even change traffic on the network. The firm looked at 13 different off-the-shelf devices to evaluate them for security vulnerabilities. What they found is startling. “Our research indicates that a moderately skilled adversary with LAN...
Read more...
Yikes. In the past few months, the threat of hacks originating from high-up sources in China has gone from essentially nothing to nearly weekly. Regardless of whether nefarious Internet acts were coming from China in the past, it has only recently become a mainstream issue. With the U.S. and Chinese governments trading blows and exchanging blame, a new Forbes report suggests that Chinese government hackers could be responsible for spreading Android malware. It sounds like something that could only happen in an HBO plot, but it's seemingly realm. A report released Monday by the Citizen Lab, shows that "Tibetan activists are being targeted with sophisticated malware designed to infect Android phones,...
Read more...
In the immortal words of radiohead: “You do it to yourself...and that’s why it really hurts.” Security company Bit9 is surely feeling those words after being hacked late last week when attackers targeted computers within Bit9’s own network that weren’t protected by Bit9’s own software. In the aftermath, Bit9 CEO Patrick Morley wrote in a blog post: Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network. As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware. Ouch,...
Read more...
If you ever wondered what would happen if you started hacking the United States at large, here's a clue. A new report has stated that President Obama's administration is mulling "more assertive" action against China in order to put up an offensive attack against "a persistent cyber-espionage campaign it believes Chinese hackers are waging against U.S. companies and government agencies." What started out as reports that China may have hacked into a few U.S.-based news systems has spiraled completely out of control, and now there's something of a cold war brewing between the two nations when it comes to digital transmissions. The FBI was already looking into the reports from the WSJ and NYT, but...
Read more...
On Monday around mid-morning, a lone hacker claiming association to hacker collective Anonymous attacked GoDaddy.com, taking down many of the personal and small business websites that GoDaddy hosts. GoDaddy posted some vague Tweets throughout the day, assuring its customers that it was aware of and working on the problem, and the following was posted on the official company website: At 10:25 am PT, GoDaddy.com and associated customer services experienced intermittent outages. Services began to be restored for the bulk of affected customers at 2:43 pm PT. At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised. We will provide...
Read more...
In terms of security, it’s been an obscenely bad year for Sony. The company suffered a series of embarrassing and very public hacks and attacks on its various sites and systems at the hands of PS3 hacker George Hotz and then, far more maliciously, Anonymous and LulzSec. The whole bloodbath is both a testament to the disturbing power of hackers and a case study on some of the worst ways to deal with security breaches and associated litigation. Sony has taken at least one measure to shore up its badly compromised borders by hiring Philip R. Reitinger as its Senior Vice President and Chief Information Security Officer, Corporate Executive in charge of global information security and privacy,...
Read more...
Hacker group Anonymous promised a cyberattack on the website of San Francisco Bay Area transit agency BART (Bay Area Rapid Transit), starting at 12 noon PST on Sunday, Aug. 14, and they delivered, managing deface two related sites, as well leak user data from one of the sites. Both site defacements are related to Operation Bart (#OpBART on Twitter), the organization said, on the OpBART Facebook page. MyBART.org saw a cache of user data leaked, while the other site, californiaavoid.org, which is maintained by the California Office of Traffic Safety, said defacement on that site consisted as a rotating set of images. Almost all were related to Anonymous and featured the Guy Fawkes mask...
Read more...
After having its Google+ profile removed for community standards violations, hacker collective Anonymous has decided to try the social networking thing for itself. The site, currently running under the temporary name of AnonPlus, is only a splash page at this point, with a message explaining the intent and goals of the site. Primarily, Anonymous wants a site where there will be no fear of "censorship," "blackout," or "holding back." They also mention that the site will be open to anyone that wants to join and not just to members of Anonymous. "This project is not overnight and will take many of those out there who simply want a better internet," notes the message. "We will not be stopped by those...
Read more...
Sony Corporation's Executive Deputy President Kazuo Hirai held a press conference on Sunday to address the PlayStation Network (PSN) hacking. During the event, Hirai apologized to gamers worldwide, and detailed a "recovery plan" for both the PSN and Qriocity services, which have been offline since hackers attacked them on April 19. Coming in the same timeframe as the Amazon.com EC2 outage, could make consumers and businesses think twice about putting all their important information in the cloud, where hackers or outages could result in inaccessible or lost data. It comes at a time where consumers are being enticed to store their data in the cloud, with services such as Amazon.com's Cloud Drive...
Read more...
You would have had to travel all the way to Budapest in order to attend "Hactivity 2010," the largest hackers' conference in Eastern and Central Europe. But for those of you who didn't make it -- which we're assuming is everyone reading this -- we've dug up one of the more interesting sound bites. "The Internet is the greatest generation gap since rock'n roll," Bruce Schneier, a respected U.S. cyber security expert, said during the two-day event. "The older of us need to be prepared for a younger generation that lives life on the Internet, doesn't understand where their computer or smartphone ends and the Internet begins, shares passwords with their friends as a sign of trust and deliberately...
Read more...
In need of extra cash? Who isn't, right? If you're a smart hacker, you may be able to make a small fortune by simply tricking an ATM or two into spitting out money for you. We know that sounds crazy, and it certainly is, but it's true nonetheless. At the annual Black Hat conference -- where hackers and security experts gather to make public certain loopholes in order to encourage companies to fix them -- Barnaby Jack was able to demonstrate how he could trick an ATM into spitting out all of its cash, and more. The hacker spent two full years perfecting the ruse, which applied to the ATMs found often in front of convenience stores. The goal was to find a way to take control of the ATM by "exploiting...
Read more...
We had initially called the story about the school employee getting the boot for using school PCs to run SETI the weirdest tech story of 2009, but man, this one is giving the SETI one a run for its money at the tail end of the year. A former Massachusetts prison inmate has been nailed with an 18-month prison sentence for...get this..."hacking prison computers while he was incarcerated." We suspect things can get a bit boring behind bars, but hacking a computer system while you're already in jail for doing something illegal? Not exactly the brightest move. "Frank" Janosko is the guy at fault, and he was just sentenced on Tuesday in federal court in Boston for "abusing a computer provided by the...
Read more...
Thinking of using those newfound hacking skills to engage in nefarious behavior? Think again. Albert Gonzalez is a name that'll go down in hacking history, but it's not for anything positive. After being charged with stealing some 130 million credit and debit card numbers, Albert plead guilty to previous data-theft charges in New York and Massachusetts. His penalty? Aside from dealing with a stream of media coverage, he'll be forced to cough up $1.65 million in assets. Oh, and then there's a little thing called "jail time." He'll be dealing with 15 to 25 years of that, after Federal prosecutors in Boston charged Gonzalez and others with stealing credit and debit card numbers from companies including...
Read more...
Mac users who've been smug for years over how secure their OS is, could be in for a rude awakening if news out of the Black Hat Security Conference is true.As Macs have slowly gained market share on PCs — 9 percent of the market in the second quarter of 2009 and growing — the interest in hacking them has increased. The advances in security for the computers, however, has not kept pace, experts said at the Black Hat security conference in Vegas.Apparently, this time, what happens in Vegas is not staying there, and the 4,000 "security professionals" (including hackers) who are attending the conference discussed the hacks and viruses that could end up making Macs just as vulnerable as Windows-based...
Read more...
For the third time this year, Twitter was the victim of a security breach that stemmed from a simple attack. In the most recent case, a hacker simply guessed an employee’s personal email account password and then worked from there to steal confidential company documents. This most recent attack brings to light some of the problems associated with storing data online instead of on computers that are within your control. By stealing the password for someone’s Gmail account, for example, a hacker not only gains access to that person’s email, they also gain access to any of the Google applications (and documents associated with those applications) that person uses. This is apparently what happened...
Read more...
