Items tagged with Hacking
Tired of changing passwords yet? Well, if you're a member of the NASDAQ OMX Group forums, your wish is still pending. The forum, where users can discuss stock happenings throughout the day, has been revealed to have been exploited, with an unknown number of usernames and passwords at risk. NASDAQ's OMX Group has said that it's reset all user passwords, and if you're a member of that forum, you're likely to have received a related email already. It hasn't been made clear whether or not user passwords were stored securely or not, and while it'd be easy to assume that they were, history has proven that not all companies take such things as seriously as they should. Hopefully more information regarding...
Read more...
Things are getting a little hairy on the wild, wild Internet. With privacy fears at an all-time high and the whole Snowden episode stirring up worries that governments can easily convince companies to hand out just about any digital information in the world, the mere notion of whimsically cruising the Internet is becoming a little frightening for some. Now, a NYT report is shedding light on two Italian hackers who spend their days sifting through code in software used by hundreds of millions of people. Why? Because governments all over the globe are evidently willing to pay top-dollar to know about exploits, in order to attack and sift through databases on enemy soil. Image credit: Flickr / timonoko...
Read more...
It's not all too often that an MMO developer is forced to issue a warning about hacked accounts - much less take certain services offline as a result - so if you play World of Warcraft, take note. Blizzard yesterday posted a statement to its Battle.net site stating that there's been an increase in unauthorized account login attempts via the official website and also the mobile armory app. According to WoW Insider, the issue lays entirely with the armory app, where compromised accounts are used to spend obscene amounts of gold on ridiculously-priced white items (in effect, transferring the gold without actually logging into the game client). As a result, Blizzard has gone ahead and disabled the...
Read more...
The swashbucklers who founded and ran The Pirate Bay (TPB), an online torrent site notorious for turning a blind eye to illegal file downloads, are no strangers to the legal system in Sweden. More recently, TPB co-founder Gottfrid Svartholm Warg received a two-year prison sentence by a District Court in Sweden for hacking into computers and making illegal online money transfers. "The hacking has been very extensive and technically advanced," the court said in a statement. "The attacker has affected very sensitive systems." One of several attempts to transfer over $900,000 was successful, and that one only resulted in the transfer of $4,300. Warg and his cohorts maintained their innocence throughout...
Read more...
The Internet is an amazing place. But, increasingly, it's a place filled with peril and pitfalls, particularly if you're hosting something of value. International cybercrime has found itself in the spotlight of late, and now Microsoft is making a concerted effort to help curb it. Microsoft has just announced that it is working lockstep with leaders in the financial services industry, including the Financial Services – Information Sharing and Analysis Center (FS-ISAC), NACHA – The Electronic Payments Association, the American Bankers Association (ABA) – Agari, and other technology industry partners, as well as the Federal Bureau of Investigation. Why? Glad you asked. It has successfully...
Read more...
A compromised password for your social network account can quickly jump from an inconvenience to a nightmare, so services like Google have long offered two-step verification features to help you prove you’re, well, you. LinkedIn is finally getting in on the game with its own verification program, which sends you a text message when someone accesses your account from a new computer. If that someone is you, you enter a code and you’re on your way. If that’s not you, whoever has your password is stopped in his tracks. Two-step verification on LinkedIn from LinkedIn LinkedIn only makes you go through the two-factor authentication process when you access the service from a device...
Read more...
It's another day, so that means only one thing: another Twitter account hijack. This latest incident comes courtesy of the "Syrian Electronic Army", a group that actively hijacks websites and accounts of entities that produce Syrian-related news that it deems hostile or inaccurate. Not one, but two accounts have been affected; @60Minutes, which has over 300,000 followers, and @CBSDenver, one with close to 25,000. As of the time of writing, @60Minutes remains inaccessible, with Twitter citing an account suspension. Twitter itself hasn't disclosed any information regarding the hijacking, and for that reason, I don't think calling it a "hacking", as the BBC calls it, is appropriate. It's unlikely...
Read more...
I'm sure it comes as a surprise to no one that Google is a great place to find some questionable items online, whether it's malware, exploits, someone belly-flopping a pool of ice - whatever. However, even with as much as what Google offers, there are many things that the company doesn't track and publish online. For those things, you need to go to Shodan, a newish search-engine designed for hackers and experimenters. CNN Money calls Shodan "the scariest search engine on the Internet", and once you understand what it can do, you might just agree. In today's technologically-rich world, it seems that everything is online - even things you might not immediately expect. While it might take some time...
Read more...
Yikes. In the past few months, the threat of hacks originating from high-up sources in China has gone from essentially nothing to nearly weekly. Regardless of whether nefarious Internet acts were coming from China in the past, it has only recently become a mainstream issue. With the U.S. and Chinese governments trading blows and exchanging blame, a new Forbes report suggests that Chinese government hackers could be responsible for spreading Android malware. It sounds like something that could only happen in an HBO plot, but it's seemingly realm. A report released Monday by the Citizen Lab, shows that "Tibetan activists are being targeted with sophisticated malware designed to infect Android phones,...
Read more...
We hear about "open" software all the time, but what about "open" hardware? Not so much. The organization behind the Software Freedom Day, Digital Freedom International, would like to change that, and it's starting by launching - you guessed it - "Hardware Freedom Day. If you love open hardware or belong to a hackerspace, this is definitely something you'll want to pay attention to. Hardware Freedom Day isn't a conference, so it's not held in a single location. Instead, it requires those interested to create their own events and then register them through the main website so that others can discover them and find out how to attend. What you could expect from such an event is a collection of brilliant...
Read more...
We talked earlier this week about all of the software that lost their battles against the hackers at the Pwn2Own competition in Vancouver, Canada, but lest we forget about the sister competition, Pwnium 3. This particular competition was heavily sponsored by Google, with the company paying well more than $100,000 per exploit discovered against its Chrome browser. Examples would be a system compromise delivered via a webpage while in guest mode or even better - an exploit that results in device persistence (lasting through the reboots). Well, while Chrome fell at Pwn2Own - despite Google patching 6 severe bugs prior to the event - it remained strong at Pwnium 3. Equipped with Samsung Series 5...
Read more...
The folks at Pwnie Express make some of the coolest penetration-testing products on the planet. Its most-popular offering has been the "Pwn Plug", an inconspicuous mini-PC that plugs into a wall socket and looks little different than a large power adapter. Then there's the "Power Pwn", a product sharing a similar idea, but offers additional functionality and AC power sockets to take advantage of. While the company doesn't condone unethical hacking, its products are designed in such a way that it allows those wanting to potentially breach security to do so easier. Few people are going to walk by a Pwn Plug or Power Pwn and think too much of it, as they do look like normal adapters. But to those...
Read more...
Chinese authorities are none too happy with a recent report by a U.S. cyber security company highlighting suspicious hacking activities in China. According to the 60-page study released by Mandiant, the Chinese government is sponsoring a massive hacking effort against foreign companies and organizations. The report focused on the activities of just one of what is believed to be many "Advanced Persistent Threat" (APT) hacking groups, providing evidence that it's stolen hundreds of terabytes of data from at least 141 organizations since 2006. China, naturally, is denying the charge. "Chinese military forces have never supported any hacking activities," Geng Yangsheng, a spokesman for China's Ministry...
Read more...
A 60-page study released today by Mandiant, an American cyber security company, is garnering lots of attention on the web today. The detailed report provides evidence of Chinese government-sponsored "Advanced Persistent Threat" (APT) hacking groups and highlights the activities of one group in particular. Referred to in the report as APT1, it is one of more than 20 APT groups with origins in China, Mandiant says, and it has been conducting a cyber espionage campaign against a broad range of victims since at least 2006. "The activity we have directly observed likely represents only a small fraction of the cyber espionage that APT1 has conducted," Mandiant states in its report. "Though our visibility...
Read more...
The researchers at Erlangen University in Germany would like to offer some advice: don't put that Android 4.0+ phone in the freezer. It's been discovered that even on a phone with PIN security and encryption, data can be retrieved from the device via a cold boot attack - that is, the process of turning on the desktop, notebook, smartphone or et cetera and then sucking down the data stored in RAM before it's wiped clean during the boot process. Normally, a "cold boot" attack doesn't actually refer to cold temperatures, but in this case it does. With the help of its "FROST" tool-set, the researchers found that when the Android phone is tossed into a -15°C freezer for up to an hour, it...
Read more...
If you ever wondered what would happen if you started hacking the United States at large, here's a clue. A new report has stated that President Obama's administration is mulling "more assertive" action against China in order to put up an offensive attack against "a persistent cyber-espionage campaign it believes Chinese hackers are waging against U.S. companies and government agencies." What started out as reports that China may have hacked into a few U.S.-based news systems has spiraled completely out of control, and now there's something of a cold war brewing between the two nations when it comes to digital transmissions. The FBI was already looking into the reports from the WSJ and NYT, but...
Read more...
Don't worry folks, the White House hasn't lost its marbles (well, not based on this, anyway) by encouraging citizens across the nation to start hacking. The U.S. government doesn't want you to break into banking systems, and after Matthew Broderick almost started World War III in the 1980s, we're pretty sure it doesn't want you messing around with any military computers, either. So what's going on? The White House is embracing Civic Hacking Day! "Civic Hacking Day is an opportunity for software developers, technologists, and entrepreneurs to unleash their can-do American spirit by collaboratively harnessing publicly-released data and code to create innovative solutions for problems that affect...
Read more...
The Northside Independent School District (NISD) in San Antonio sparked a controversy earlier this year when it rolled out its "Student Locator Project," an initiative that requires students to wear ID badges with embedded radio frequency identification (RFID) chips. NISD's website is down today, and a member of the hacking organization known as Anonymous reached out HotHardware to take credit for the outage. NISD said it wanted to expand the Student Locator Project to 112 Texas schools and around 100,000 students to curb truancy, apparently a major problem at the school district in question. It was reported that by improving attendance, NISD could receive as much as $20 million in additional...
Read more...
Today's Presidential election figures to be an extremely tight race between Barack Obama and Mitt Romney, and whoever wins -- Mitt Romney, according to AVAST Software's mega-poll -- will likely claim victory by a small margin. But will it be an honest election? We're not making a facetious statement about politics. What has us worried is an article in Popular Science that reveals just how incredibly easy and inexpensive it is to rig a voting machine. Let's backtrack a moment. Roger Johnston, head of the Vulnerability Assessment Team at Argonne National Laboratory, recently led a team of security researchers on a demonstration that involved hacking electronic voting machines. He wanted to show...
Read more...
In celebration of Guy Fawkes Day, members of Anonymous and many other hacker groups have taken to the Web to deface as many websites as possible, focusing on both big and small. At the time of writing, it's a little difficult to see exactly how each targeted website was defaced, but the numbers keep on rising. According to ZDNET, ImageShack, PayPal, NBC, Lady GaGa's official, Saturday Night Live, Jimmy Fallon and Jay Leno portals (related to NBC), Arcelor Mittal (mining company in Australia), GiftNow, the official Greek City site and the Ghana Consulate site have all been hacked and defaced in some way. Further, someone has leaked source for the kernel of VMware's ESX Server software. In itself,...
Read more...
It was only a matter of time before someone actually hacked the weather, but before you run outside in a panic and make a mad dash for your storm shelter, understand that your city's forecast remains unchanged, save for the typical unpredictability of it all. Hackers haven't gained control of the Sun or storm clouds, though they did break into the U.S. National Weather Service's website and steal sensitive information. A group identifying itself as Kosova's Hacker's Security is taking credit for the attack via a pastebin.com data dump. The organization pulled off the heist by exploiting a "local file inclusion vulnerability" on the weather.gov servers, supposedly in retaliation for American aggression...
Read more...
Think your week was rough? Trying running security for a U.S. bank, many of which were hammered with non-stop cyberattacks for more than seven days. According to reports, Bank of America, JPMorgan Chase, Citigroup, and around half a dozen banks in all saw significant traffic surges and suffered disruptions in service, which are typically telltale signs of denial-of-service (DoS) attacks. We noticed some downtime at PNC bank, which apparently was hit pretty hard. PNC spokesman Fred Solomon told Yahoo News in a telephone interview that the flow of data on the company's website peaked at 65 gigabits per second during the attacks, and that it's the strongest surge in traffic the bank has ever seen....
Read more...
