Twitter Texting Hack

Research shows tweeting through text message is a surefire way to get your account hijacked [updated]

By on December 4, 2012 at 11:59 PM.

Research shows tweeting through text message is a surefire way to get your account hijacked [updated]

You don’t need an Internet-connected smartphone to send out a tweet. In fact, very few people know that tweets can be sent out through a text message. However, users who do tweet from their cellphones via SMS could have their accounts easily hacked. An exploit detailed by researcher Jonathan Rudenberg reveals “Twitter users with SMS enabled are vulnerable to an attack that allows anyone to post to their account” by spoofing the phone number associated with the account. Rudenberg reports that unless a PIN number is set up (not available in the U.S.) to authorize tweets, users are vulnerable. Although the exploit was reported to Twitter’s security team in August, Rudenberg says the social network still hasn’t closed the hole, despite asking him to refrain from publishing his finding. Rudenberg also said in his blog post that he found similar SMS-related exploits with Facebook (FB) and Venmo that have since been patched. More →

No Comments
James Bond Skyfall Plot

How a real-life computer virus inspired the latest James Bond film ‘Skyfall’

By on November 8, 2012 at 8:35 AM.

How a real-life computer virus inspired the latest James Bond film ‘Skyfall’

A computer virus known as “Stuxnet” was released into the wild in 2010 and crippled Iran’s nuclear program. The sophisticated attack, which has been described as the atom bomb of cyberwarfare, is widely believed to have been the result of a joint project from Israel and the United States. This is just one of several attacks that have taken place around the world over the last decade. The filmmakers behind Skyfall, the latest James Bond movie, acknowledged the growing number of cyberattacks and inserted the title character into a realistic world where he faces off against a high-tech villain. This isn’t your grandfather’s James Bond, and while the film still features near-endless action, high-class equipment and beautiful women, Skyfall is also stark reminder of the growing number of problems we face in a high-tech society.

More →

No Comments

Scientists getting ever-closer to developing mind-hacking tech

By on August 31, 2012 at 8:40 PM.

Scientists getting ever-closer to developing mind-hacking tech

Brain Wave Hacking Technology

The lesson here seems to be, “don’t wear an EEG headset while using the ATM.” Wired reports that researchers at Oxford, UC Berkeley and the University of Geneva were able to decipher their test subjects’ “PIN numbers, birth months, areas of residence and other personal information” just by presenting them with associative pictures while hooked up to EEG headsets. For instance, researchers said they were able to successfully mind-hack some users’ PIN numbers just by showing them pictures of ATMs, debit cards and all digits 0 through 9 in a quick sequence. More →

No Comments

Feds bust another LulzSec hacker

By on August 29, 2012 at 4:35 PM.

Feds bust another LulzSec hacker

LulzSec member arrested

Having some lulz at the expense of another company’s security probably seemed like a better idea before it resulted in a possible 15-year jail sentence. Per the Telegraph, U.S. authorities on Tuesday arrested 20-year-old Raynaldo Rivera of Tempe, Arizona on conspiracy and hacking charges related to a hack of Sony (SNE) Pictures’ computer systems. Authorities allege that Rivera and fellow members of the LulzSec hacking collective raided the Sony systems to obtain the names, email addresses, passwords and phone numbers of thousands of people who had registered for various Sony contests. One of Rivera’s alleged co-conspirators, 24-year-old Cody Kretsinger, pleaded guilty to hacking charges related to the Sony attack earlier this year. More →

No Comments

Android is under attack: New malware threats tripled in Q2

By on August 17, 2012 at 12:45 PM.

Android is under attack: New malware threats tripled in Q2

Android Malware Q2 2012

According to security research firm Kaspersky Labs, the volume of new malware targeting Android devices nearly tripled in the second quarter of 2012. Over the three-month period, the company found more than 14,900 new malicious programs targeting the platform. Nearly half of the malicious files were classified as multi-functional Trojans that were programmed to steal data from smartphones and could also download and install programs from remote servers. A quarter of the malware was made up of SMS Trojans, which are capable of sending text message to premium-rate numbers without the owner’s consent, and 18% were considered backdoor threats that can give hackers full control over an infected device. More →

No Comments

Meet a malicious hacker making $10,000 a week by stealing your credit cards

By on August 17, 2012 at 10:30 AM.

Meet a malicious hacker making $10,000 a week by stealing your credit cards

Hacker Stolen Credit Cards Interview

The fact that stealing credit cards or even identities is a huge problem in the digital age is hardly a surprise, but the to learn just how easy it is for people to secure stolen data for pennies and turn it into a big score is indeed shocking. Freelance technology writer Patrick Lambert recently connected with a malicious hacker known only as “d0g,” and through a series of interviews, Lambert sheds light on a massive underground community that pulls in millions by making the rest of our lives a nightmare. More →

No Comments

Blizzard hack exposes millions of accounts

By on August 10, 2012 at 5:15 PM.

Blizzard hack exposes millions of accounts

Blizzard Battle.net Hack

Anyone who plays Starcraft, World of Warcraft or Diablo online will likely need to change their passwords soon, as Blizzard (ATVI) on Thursday acknowledged that millions of its users’ Battle.net accounts have been hacked. In a question-and-answer session posted on its official website, Blizzard said that users’ email addresses, secret security question answers, cryptographically-scrambled passwords and other key information was stolen by an unidentified hacker. Blizzard said that it has seen no evidence yet to suggest that this information has been used by the hacker, or that the hacker had shared the information with any third parties. All the same, the company is encouraging its users to change their passwords as soon as possible. More →

No Comments

‘Anonymous’ hackers realize intellectual property rules may have value after all [video]

By on August 1, 2012 at 6:10 PM.

‘Anonymous’ hackers realize intellectual property rules may have value after all [video]

Anonymous Logo Trademark Dispute

Memo to foolhardy companies: Anonymous does not like having its Intellectual Property rights violated. The Register reports that the famed hacker collective is in a state of outrage because a French company called E-Flicker has filed a copyright application for Anonymous’s official headless-man logo and slogan. More →

No Comments

Hacker uses NFC to pwn Android phones

By on July 26, 2012 at 9:00 PM.

Hacker uses NFC to pwn Android phones

NFC Hack Android Beam

Esteemed hacker Charlie Miller, who made a name for himself embarrassing Apple engineers with his iOS hacks, has returned with a big, juicy target in his sites: the Near Field Communications technology used to send mobile payments over smartphones. Ars Technica reports that Miller showed off his latest smartphone hack at Black Hat USA on Wednesday that involved using NFC to force someone’s Android smartphone to go to a malicious website and download malware. And the scariest part about this is that all hackers have to do to compromise users’ phones is to walk right by them. More →

No Comments

iPhone hacker shows the world how to steal in-app purchases [updated]

By on July 13, 2012 at 10:30 AM.

iPhone hacker shows the world how to steal in-app purchases [updated]

App Store Hack In-App Purchases

In Russia, iPhone hacks you! Via 9to5Mac, it seems that a crafty Ruskie hacker who calls himself “ZonD80″ has concocted a method that lets even novice hackers get free in-app purchases from the Apple App Store without even having to jailbreak their iPhone. 9to5Mac says that the hacker’s content-stealing method has three steps: “The installation of CA certificate, the installation of in-appstore.com certificate, and the changing DNS record in wi-fi settings.” Once all these steps are complete, the hacker’s in-appstore.com interface takes over and lets users grab content from the App Store without paying.

UPDATE: Apple responded to the security flaw in a statement provided to The Loop. “The security of the App Store is incredibly important to us and the developer community,” an Apple spokeswoman said. “We take reports of fraudulent activity very seriously and we are investigating.” More →

No Comments

NFC mobile payment growth could be stunted by security flaws

By on July 13, 2012 at 7:45 AM.

NFC mobile payment growth could be stunted by security flaws

Charlie Miller NFC Hacking

Developers who work on mobile payment platforms should start hitting the panic button: Esteemed hacker Charlie Miller is about to mess them up. Dark Reading reports that Miller’s presentation at Black Hat USA this year “will show just how dangerous it can be to pay cabfare with your mobile device, as he demonstrates vulnerabilities he discovered in emerging near-field communications (NFC) technology.” More →

No Comments

450,000 Yahoo passwords just got hacked; find out if you might be affected [updated]

By on July 12, 2012 at 11:55 AM.

450,000 Yahoo passwords just got hacked; find out if you might be affected [updated]

Yahoo Voices Hacked

Security firm TrustedSec has found that more than 450,000 passwords have been exposed after a successful hack into Yahoo’s Voices website, the Guardian reports. Voices, formerly known as Associated Content before being purchased by Yahoo in 2010, is a news and analysis site that relies on user-generated content. The big problem with this particular hack, the Guardian says, is that “the passwords for the accounts were not encrypted — meaning that any hacker could scoop up the emails and immediately start using them against other services, including Yahoo Mail.” TrustedSec says the hack was executed using SQL injection attacks that are commonly used to hack into databases, and security expert Anders Nilsson has an analysis of the data that is linked below.

Update: Yahoo confirmed the breach and provided the following statement to TechCrunch: More →

No Comments

Two LulzSec hackers plead guilty to hacking charges

By on June 25, 2012 at 9:12 PM.

Two LulzSec hackers plead guilty to hacking charges

LulzSec hackers plead guilty

Two LulzSec hackers may soon learn that it’s easier to break into government databases than it is to break out of jail. Ryan Cleary, 19, and Jake Davis, 18, on Monday both pleaded guilty in a London court to charges that they attacked both government websites and major commercial websites, the BBC reports. The two men, both citizens of the United Kingdom, admitted to hacking into the Pentagon, the CIA, the U.K.’s National Health Service, News International, PBS, Sony, Nintendo and the 20th Century Fox film studio. Both men, however, pleaded not guilty to more serious charges that they “unlawfully obtained confidential computer data” and posted it on popular hacker hubs such as LulzSec.com and Pirate Bay. A trial for those charges has been set for April 2013, the BBC reports. More →

No Comments