Botnets used to be the exclusive domain of high-powered hackers looking to rake in cash from spam operations or to conduct highly effective DDoS attacks. But now Symantec has found that botnets are increasingly becoming available to less sophisticated hacker wannabes and are being sold for as little as $250. More →
The old phrase often credited to the late P.T. Barnum, “there’s a sucker born every minute,” can definitely be used to describe some aspects of the mobile industry. As smartphone and tablet adoption continues to increase, hackers and scammers are finding new ways to take advantage of unsuspecting consumers. Things aren’t expect to slow down, security firm BitDefender predicts malware will become so prevalent in 2013 that it has dubbed it “the year of mobile malware.” More →
It was bound to happen. Nokia (NOK) engineer Justin Angel outlined on his blog various tactics that can be used to pirate Windows 8 games distributed through Microsoft (MSFT) Windows Store. While Angel doesn’t condone the circumvention, he points out that Windows 8 game developers stand to lose a large chunk of revenue because games account for over “51% of developer revenue on every mobile developer platform.” We won’t detail them here, but Angel essentially posts a step-by-step guide on how to compromise games to unlock in-app purchases, crack trial versions to full paid versions, remove in-app ads and reduce cost of in-app purchases. Angel concludes that Windows 8 games and apps can easily be cracked and Microsoft should be on alert to issue patch. It looks like Microsoft’s Windows team is headed for some sleepless nights.
When Apple (AAPL) needs talent, it knows exactly where to look first: the sea of hackers. Kristin Paget, a former Microsoft (MSFT) hacker now officially works for Apple, reports Wired. Paget, now a core operating system security researcher at Apple, was once responsible for discovering bugs in Windows Vista before Microsoft shipped it in 2007. Paget helped prevent “a lot of bugs from shipping on Vista” and we kid you not, was awarded with a T-shirt signed by Microsoft Vice President of Windows Development Brian Valentine that read: “I delayed Windows Vista.” Wired writes Paget’s Vista bugs literally saved the OS from being a complete disaster. More →
In October, SplashData revealed the 25 worst passwords of 2012 and to nobody’s surprise, “password” and “123456″ took the top two slots. In a rather smart move, RIM (RIMM) is taking extra precautions to make sure nobody is foolish enough to use such weak passwords in its upcoming BlackBerry 10 operating system. According to RapidBerry, there are 106 common passwords that BlackBerry 10 just won’t allow you use. Words such as “blackberry,” “computer” and “qwerty” are banned. At this point, we’re not sure what’s more sad, the fact that RIM has decided to block certain words from being accepted as passwords or that people still don’t know how to choose proper passwords. The full list of 106 forbidden passwords follows below. More →
You don’t need an Internet-connected smartphone to send out a tweet. In fact, very few people know that tweets can be sent out through a text message. However, users who do tweet from their cellphones via SMS could have their accounts easily hacked. An exploit detailed by researcher Jonathan Rudenberg reveals “Twitter users with SMS enabled are vulnerable to an attack that allows anyone to post to their account” by spoofing the phone number associated with the account. Rudenberg reports that unless a PIN number is set up (not available in the U.S.) to authorize tweets, users are vulnerable. Although the exploit was reported to Twitter’s security team in August, Rudenberg says the social network still hasn’t closed the hole, despite asking him to refrain from publishing his finding. Rudenberg also said in his blog post that he found similar SMS-related exploits with Facebook (FB) and Venmo that have since been patched. More →
Back in 2010, a pair of hackers from Goatse Security found a simple way to harvest user emails and other data from the Apple (AAPL) iPad using a gaping security flaw on AT&T’s (T) website. The hackers didn’t publish the emails or use them for financial gain, however — instead, they went public with their exploits to warn iPad users about the dangers posed by AT&T’s website. But now LiveScience.com reports that one of the hackers, Andrew Auernheimer, may still face jail time. More →
Microsoft (MSFT) isn’t taking any chances when it comes to reports that Skype users are having their accounts hijacked. Ars Technica reports that Microsoft has “temporarily suspended password-resetting capabilities for its Skype service” while it investigates reports that its users’ accounts are “vulnerable to account-takeover attacks that are trivial to carry out.” Microsoft’s Skype blog says that users who have multiple accounts linked to the same email address are vulnerable to hacking and that it is “reaching out to a small number of users who may have been impacted to assist as necessary.”
Twitter users are reporting everywhere that their accounts have been compromised, reports TechCrunch. The tech blog says many users have received emails telling them to change their passwords because their accounts might have been hacked. Although the source of the widespread account hacks is unknown, NPR reports that “several China-based foreign journalists and analysts are reporting an attempted hacking of their Twitter accounts, as China’s Communist Party begins a sensitive meeting that will set in motion a once-a-decade leadership transition.” While it might be a stretch to make a connection to China’s political transition, Twitter hasn’t provided any formal statement as to what caused the widespread Twitter breaches. As a safety precaution, it may be wise to change your Twitter account password. More →
Hackers were able to breach more than 60 Barnes & Noble (BKS) stores, including locations in New York City, Miami, San Diego and Chicago, and obtain credit card information, according to a report from The New York Times. The information is believed to have been stolen from keypads at store registers where customers swipe their cards and enter their pin numbers. Customers who have used the company’s website, mobile application and college bookstores were not affected by the breach, though. Barnes & Noble discovered that information had been stolen around September 14th, however the company has reportedly kept the matter under wraps at the request of the Justice Department so the FBI could investigate the attacks. More →
Mozilla messed up last week when it released Firefox 16 with what it described as a “serious security flaw.” But quick action on the organization’s part and effective patching have helped Firefox 16 gain rapid adoption among Firefox users, according to new data from Chitika. Overall, Chitika found that “Mozilla caught the issue before a large portion of their users had updated to the new version, limiting the number of individuals who were operating with security vulnerabilities.” As a result, Chitka says that “Firefox 16 is on track to be just as successful as previous versions in terms of adoption rate.”
Former iPhone hacker extraordinaire Nicholas Allegra, better known as “Comex,” is no longer an Apple (AAPL) intern. After leaving the jailbreak scene a year ago to pursue an internship at Apple, Allegra tweeted on Thursday: “As of last week, after about a year, I’m no longer associated with Apple.” Allegra told Forbes his internship with Apple was terminated because he forgot to reply to a company email that requested his continued employment. Having not received an email response from Allegra, Apple proceeded to end their relationship. Allegra says he was “unable to fix it” and that “it wasn’t a bad ending.” Does this mean Allegra is back to his old jailbreaking ways? Not exactly. The 20-year-old hacker says he will continue his studies at Brown University for the time being.
