Items tagged with Hacking
The hacking group known as Antisec (Anti Security Movement), which has ties to LulzSec and Anonymous, claims that its latest data dump contains over a million Apple device identifiers that were stolen from an FBI laptop back in March. According to Antisec, federal agents were using the Unique Identifiers (UDIDs) to track Apple iOS users, and the data posted to Pastebin represents only a portion of the more than 12 million IDs that were contained in a file on the FBI's notebook. "We decided we'd help out Internet security by auditing FBI first," Antisec said in a long winded and foul language rant. "We all know by now they make Internet insecure on purpose to help their bottom line. But it's a...
Read more...
As you head into the weekend getting ready to party and celebrate the end of another long and grueling work week, take some time to keep tabs on your MasterCard and Visa accounts. If you don't, you could be in for a rude awakening when you go to pay for drinks and find out that your card has been declined. At issue here is a what's being described as a "massive" data breach at a U.S.-based credit card processor, according to KrebsOnSecurity.com.Visa and MasterCard have both been sending out non-public alerts giving banks a heads up that specific cards -- possibly more than 10 million -- may have been compromised recently. Image Source: Flickr (philcampbell) A spokesman for MasterCard told The...
Read more...
It may have taken forever and a day, but owners of iPhone 4S smartphones and iPad 2 tablet PCs running the latest stable build of iOS (5.0.1) can finally jailbreak their Apple gear. Don't take it for granted. The Chronic Dev Team, which unveiled the iOS jailbreak code on Green Poison, said hacking the A5 isn't exactly a walk in the park. "The ridiculously complex combination of exploits-within-exploits that make this iOS jailbreak possible have consumed thousands of hours of brain-power & effort from a legion of world-renowned hackers, several of whom have been working diligently on this project since the dual-core A5 processor was unveiled by Apple last March," the Chronic Dev Team said....
Read more...
Programmer/activist Aaron Swartz has been arrested for data theft in connection with an incident that occurred at MIT in late 2010. Swartz is accused of downloading nearly five million documents from JSTOR, an online, non-profit academic journal archive system. The particulars are as follows: Swartz, who has a history as a political advocate and founded the group Demand Progress, was granted access to JSTOR as part of a fellowship at Harvard University's Center for Ethics. He therefore had the undisputed right to access JSTOR content--though not, as the filing notes, the authority to download the database using automated tools, reproduce such articles, or download the entire contents of any journal...
Read more...
A federal court handed Barry Ardolf, a Minnesota resident initially accused of sending threatening emails to Vice President Joe Biden, a nearly twenty year prison sentence today based on multiple additional charges of identity theft, trafficking in child pornography, and generally being the kind of psychotic neighbor that only exists in horror films. In August 2008, Matt and Bethany Kostolnik moved in next door to Ardolf. The next day, their four-year-old son ran next door while in sight of the mother, who was occupied briefly with her 18 month-old child. Ardolf, who was also outside, brought the child home but allegedly kissed him on the lips while doing so. The Kostolnik's reported the incident...
Read more...
We've covered the legal case of George Hotz, the Playstation 3 modder, several times in the past year. Hotz recently reached a settlement with Sony and announced he was going on vacation. "It was never my intention to cause any users trouble or to make piracy easier," said Hotz in an interview a few weeks ago." I'm happy to have the litigation behind me.* A few days later, Hotz announced he was joining a Sony boycott: "As of 4/11/11, I am joining the SONY boycott," he wrote on his blog. "I will never purchase another SONY product. I encourage you to do the same. And if you bought something SONY recently, return it." Mild stuff, all things considered, which is why rumors that Hotz is somehow involved...
Read more...
The Internet has been grumbling over Sony's unexpected PlayStation Network shutdown for the past few days, but new information from the company will put the outrage into overdrive. According to Sony's official statement: we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for...
Read more...
One of Google's 2011 April Fools' Day pranks was the so-called Gmail Motion feature, whereby you could control Gmail using full-body gestures. Many noted at the time that this could probably be done using Kinect, and viola: it's done. Built by the In fact, it was done by the same crew that developed a way to control World of Warcraft using Kinect, the USC Institute for Creative Technologies. The group called their earlier development FAAST, for Flexible Action and Articulated Skeleton Toolkit, so naturally they called this one SLOOW for Software Library Optimizing Obligatory Waving. Perhaps the best gesture is "licking a stamp" to Send an email. They said: This morning, Google introduced Gmail...
Read more...
Renowned jailbreaker George Hotz, AKA geohot, has fled to South America, according to court documents filed by SCEA in the matter. Hotz is well known for jailbreaking the iPhone, but his issues with Sony Computer Entertainment America stem from jailbreaking the PS3. Not only is Hotz in South America, according to the filing, although he has handed over the hard drives which a California court ordered him to, in order to have data collected from them, he removed "integral components" from them prior to delivering them to a third party analysis agency. The documents were filed on March 18, and say, in part: Though the evidence establishing personal jurisdiction is already overwhelming, SCEA...
Read more...
Security firm Imperva reports that a hacker is selling access to military, educational, and government websites for bargain basement prices ranging from $55-499. Imperva, which reported on the hacker on Friday, believes that he was able to gain access to the sites through a SQL injection technique. The priciest hack is access to the homepages of the U.S. Army, National Guard, and Army Forces, goes for $499 each. The Department of Defense, surprisingly, is lower-priced, and access only costs $399. In addition to these and other .mil, .edu, and .gov sites, the hacker is also selling personal data at the going rate of $20 for 1,000 names, addresses, and telephone numbers. As an example, Imperva...
Read more...
Google has served up noticed for malware-infested sites for years, but they've gone one better with their latest feature. The company has altered its search results notifications with a “This site may be compromised” link to help in safer searching. According to Google's blog post, the company uses "a variety of automated tools to detect common signs of a hacked site as quickly as possible." If they note something suspicion, they;ll add the new notification to our search results. If the site has a Webmaster Tools account, they'll be notified as well; additionally Google will use any contact email addresses found on the site. Naturally this will affect a site's traffic, and one problem...
Read more...
Ah, the more users play with Kinect, now that there is an open source driver, the better things become. Here we see a Jedi Knight in training who has used the OpenKinect drivers and OpenCV to make himself into a Jedi Academy cadet. Here's what he said on his YouTube post: Proof of concept of tracking and rendering a lightsaber in real time using a Kinect hooked up to a PC. Imagine the possibilities. Best viewed in fullscreen 480p. I track a wooden stick and I overlay the light glow on the computer. Drivers using OpenKinect, image processing, tracking, and rendering using OpenCV. Audio recorded and processed using Audacity and played using libao. Check it out....
Read more...
Adafruit, the folks behind the bounty for an open-source Kinect driver, one that would allow end users to use the Kinect with more than just the Xbox 360, have posted a how-to guide. It should be noted, however: it's not exactly drop-dead simple. The guide comes via an Adafruit employee with the handle Ladyada. You can see, in a video below, how she herself hacked the Kinect's motor and got the accelerometer data out. The actual winner of the bounty was declared to be Hector Martín Cantero, who took home the bounty after his hack was confirmed. Ladyada says: Everyone has seen the Xbox 360 Kinect hacked in a matter of days after our "open source driver" bounty - here's how we helped...
Read more...
You would have had to travel all the way to Budapest in order to attend "Hactivity 2010," the largest hackers' conference in Eastern and Central Europe. But for those of you who didn't make it -- which we're assuming is everyone reading this -- we've dug up one of the more interesting sound bites. "The Internet is the greatest generation gap since rock'n roll," Bruce Schneier, a respected U.S. cyber security expert, said during the two-day event. "The older of us need to be prepared for a younger generation that lives life on the Internet, doesn't understand where their computer or smartphone ends and the Internet begins, shares passwords with their friends as a sign of trust and deliberately...
Read more...
At the Usenix security conference, an "unusual" but still useful study was discussed. It involved using the smudges on touch screens to break into smartphones, among other devices. The study from researchers at the University of Pennsylvania focused on smartphone touch screens, but researchers added that such "smudge attacks" could be applied to "a significantly larger set of devices, ranging from touch screen ATMs and DRE voting machines to touch screen PIN entry systems in convenience stores." Indeed, while the idea of a "smudge attack" may first seem arcane, touching the screen with your finger leaves behind an oily residue that is pretty persistent, as those that have tried to rub it off...
Read more...
In need of extra cash? Who isn't, right? If you're a smart hacker, you may be able to make a small fortune by simply tricking an ATM or two into spitting out money for you. We know that sounds crazy, and it certainly is, but it's true nonetheless. At the annual Black Hat conference -- where hackers and security experts gather to make public certain loopholes in order to encourage companies to fix them -- Barnaby Jack was able to demonstrate how he could trick an ATM into spitting out all of its cash, and more. The hacker spent two full years perfecting the ruse, which applied to the ATMs found often in front of convenience stores. The goal was to find a way to take control of the ATM by "exploiting...
Read more...
It is said that anything that can be hacked, will be hacked, and that pretty much anything can be hacked. In this case, the Wall Street Journal was the first to report the sad tale. It reported on Thursday that Iranian-backed insurgents in Iraq are using a software package, SkyGrabber, one that costs a mere $25.95, to download imagery from the much used Predator drones.Apparently, the reason SkyGrabber works on what one would think is a secure transmission is because the over-the-air transmission can't, quite obviously, be all that secure unless it is encrypted. Incredibly, it is not. Or at least, was not, as the U.S. is working on the issue, and have been for some time.In fact, the "hacking"...
Read more...
Thinking of using those newfound hacking skills to engage in nefarious behavior? Think again. Albert Gonzalez is a name that'll go down in hacking history, but it's not for anything positive. After being charged with stealing some 130 million credit and debit card numbers, Albert plead guilty to previous data-theft charges in New York and Massachusetts. His penalty? Aside from dealing with a stream of media coverage, he'll be forced to cough up $1.65 million in assets. Oh, and then there's a little thing called "jail time." He'll be dealing with 15 to 25 years of that, after Federal prosecutors in Boston charged Gonzalez and others with stealing credit and debit card numbers from companies including...
Read more...
In what some might consider the most visible Internet-based prank to date, frequenters of the 4chan image-based bulletin board site's "/b/ - Random" imageboard claim to have rigged Time Magazine's Top 100 online poll, so as to render 4chan's founder, "moot," the winner. And even though some fairly convincing circumstantial evidence points to a hack of epic proportions, Time Magazine is accepting the poll's results as official, and has declared moot as the "new owner of the title World's Most Influential Person." The message hidden in the first letter of the first 21 winnersis very strong proof that the poll was hacked.(Credit: Paul Lamere) This not the first time that 4chan's users have been...
Read more...
No less than three different browser platforms have succumbed to zero-day exploits by the end of the first day of the three-day long, third-annual Pwn2Own contest being held at the CanSecWest 2009 digital security conference in Vancouver, British Columbia. Safari on Mac OS X was the first to fall, followed by Internet Explorer 8 (IE8) on Windows 7, and then a second Mac OS X Safari exploit, and finally Firefox (the specific OS-version of Firefox was not supplied in the announcement). Making this even more impressive is that the first winner of the day, Charlie Miller, was the same guy who was the first winner in last year's contest; and the three additional exploits from day one were all cracked...
Read more...
Those white-hat-wearing, security-exploit-finding folks over at TippingPoint Digital Vaccine Laboratories are at it again. At the CanSecWest 2009, digital security conference to be held in Vancouver, British Columbia, next month, TippingPoint's Zero Day Initiative (ZDI) team will be sponsoring their third annual Pwn2Own contest. This time around, contestants will be attempting to demonstrate vulnerabilities of smartphones and browsers. At last year's Pwn2Own challenge, a team of three security researchers successfully exploited a vulnerability in the Mac OS version of the Safari browser, and they walked away with a $10,000 and the very MacBook Air they hacked. Also, security researcher, Shan...
Read more...
Crackulous is a one-click iPhone / iPod Touch app cracking tool. Previously it was only available to a select few, but it's now been released as a public beta. Obviously not good news for developers, it adds yet another reason to the list of reasons to jailbreak your iPhone or iPod Touch. Some of them are legitimate, such as being able to get functionality (such as Copy and Paste) or tethering that are not available on non-jailbroken iPhones. Being able to spread apps around after cracking isn't legit, of course. Here's the info: CRACKULOUS v.9 We at Hackulous have decided to open up the beta version of Crackulous for the entire community. If you haven't already heard about Crackulous, it's an...
Read more...
