Everything is broken Next time you think your grandma is uncool, give her credit for her time helping dangerous Russian criminals extort money from offshore casinos with DDoS attacks.
] breaks down the reasons why computers are so hackable by exploring the realities of how software is made and used.
posted by dobie
on May 21, 2014 -
“The good news is that there are solutions. The weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards: pervasive end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost-effective basis. The result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion. Governments cannot risk the discovery of their exploits by simply throwing attacks at every “endpoint,” or computer processor on the end of a network connection, in the world. Mass surveillance, passive surveillance, relies upon unencrypted or weakly encrypted communications at the global network level.
Edward Snowden submits written testimony to an EU committee investigating mass surveillance, and answers questions.
The testimony takes place 3 days ahead of his highly anticipated SXSW appearance, to take place later today. Snowden is expected to speak about privacy, security, mass surveillance programs, free speech and whistle-blowing in a rare remote video appearance before a live audience.
Kansas Congressman Mike Pompeo finds this “deeply troubling” in a letter he's sent to the organizers of the conference.
Meanwhile, people who wish to #asksnowden questions can use the hashtag on Twitter. The talk is to take place at 12pm PT, today.
posted by fantodstic
on Mar 10, 2014 -
In a survey performed in 2012, Incapsula found that 49% of the visitors to 1,000 selected sites were human
, compared to a growing percentage of "good bots" like search engines, and "bad bots" including hackers, scrapers, spammers and spies of all sorts. Last year, human web visitors accounted for 38.5% of site visitors
, with an increased percentage of search engines and other good bots, and similar ratios for the "shady non-human visitors." [more inside]
posted by filthy light thief
on Feb 27, 2014 -
"During his civil lawsuit against the People's Republic of China, Brian Milburn
says he never once saw one of the country's lawyers. He read no court documents from China's attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed. That doesn't mean
Milburn's adversary had no contact with him." [China Mafia-Style Hack Attack Drives California Firm to Brink
posted by vidur
on Nov 28, 2012 -
In 1984, Congress passed a law called the Computer Fraud and Abuse Act
, in the wake of some high profile incidents of hacking
. Designed to prosecute hackers, the law is written vaguely enough that it has, in recent years, been used (with varying degrees of success) to prosecute people violating terms of an employer's computer usage policies
, or in the infamous case of Lori Drew
, a Terms of Service agreement.
But today, the 9th circuit court of appeals ruled that employees can not be prosecuted under the CFAA for violating an employer's computer use policies, dealing a blow to the Obama administration’s Justice Department, which is trying to use the same theory to prosecute alleged WikiLeaks leaker Bradley Manning
posted by to sir with millipedes
on Apr 10, 2012 -
"Hackers of the world are uniting and taking direct action against our common oppressors - the government, corporations, police, and militaries of the world
" says LulzSec (previously)
in their latest release, Chinga La Migra
. "We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 (previously) and the racial profiling anti-immigrant police state that is Arizona.
is a new track from nerdcore rapper ytcracker (previously)
posted by finite
on Jun 23, 2011 -
People who use Sony don't make very good passwords
. "None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems." [more inside]
posted by -->NMN.80.418
on Jun 7, 2011 -
Sony's PlayStation Network and Qriocity have been down since April 20 2011 due to an illegal intrusion. Today Sony announced
that user data - birthdate, user name, password, e-mail address, possibly credit card information, and more - has been compromised for its 69
million users, exposing them to identify theft amongst other things. [more inside]
posted by Foci for Analysis
on Apr 26, 2011 -
An anonymous hacking outfit called "Gnosis" has infiltrated Gawker Media
, hijacking the front page
and leaking the company's internal chat logs, source code, and content databases along with the usernames, email addresses, and passwords of over 1.3 million users
(including Gawker staff). The attack, which was motivated by what the group describes as the "outright arrogance"
with which the company's bloggers taunted anonymous imageboard 4chan (semi-previously)
, affects every site in the Gawker network, including Gizmodo, Kotaku, Lifehacker, Jezebel, Deadspin, Jalopnik, and io9. While most of the leaked passwords are encrypted, more than 200,000 of the simpler ones in the torrent file have been cracked, and the links between account names and email addresses are in plaintext for all to see. Since the integrity of Gawker's encryption methods remains in doubt
, it is recommended that anyone who has ever registered an account on any Gawker property change their passwords immediately, especially if the same log-in information is used for other services.
posted by Rhaomi
on Dec 12, 2010 -
The University of East Anglia's Climatic Research Unit
suffered a security breach
this week. Hackers made off with thousands of email correspondences between some of the world's top climate scientists, and posted them to the Internet1
Tony Hake has posted an article
at The Examiner, highlighting what he feels are the most egregious examples of scientists manipulating and hiding data to support the established theories about Climate Change. Some of the scientists involved counter
that the quotes are taken out of context, and that "People are using language used in science and interpreting it in a completely different way".
1 I'm not going to link to them, but the Examiner article mentions where to get them.
posted by Who_Am_I
on Nov 20, 2009 -
Sunday night 60 Minutes
aired a segment on the state of cyber crime & cyber terror which included the extraordinary claim that unknown hackers were behind massive power outages in Brazil in 2005 & 2007. Now Wired Magazine's Threat Level
blog says that's just not true. According to two studies
(PDF, Portuguese) by the Brazilian government it was buildup of soot on insulators that caused the blackouts, not super-hackers demonstrating their abilities. Is the US Intelligence Community passing around false information
to justify its relevance?
posted by scalefree
on Nov 10, 2009 -
Neurosecurity: security and privacy for neural devices.
"An increasing number of neural implantable devices will become available in the near future due to advances in neural engineering. This discipline holds the potential to improve many patients' lives dramatically by offering improved—and in some cases entirely new—forms of rehabilitation for conditions ranging from missing limbs to degenerative cognitive diseases. The use of standard engineering practices, medical trials, and neuroethical evaluations during the design process can create systems that are safe and that follow ethical guidelines; unfortunately, none of these disciplines currently ensure that neural devices are robust against adversarial entities trying to exploit these devices to alter, block, or eavesdrop on neural signals. The authors define 'neurosecurity'—a version of computer science security principles and methods applied to neural engineering—and discuss why neurosecurity should be a critical consideration in the design of future neural devices." [Via Mind Hacks]
posted by homunculus
on Jul 8, 2009 -
Online communities to become more 'all-encompassing.'
If you join the SHC community on Sears.com, all web traffic to and from your computer thereafter will be copied and sent to a third party marketing research firm - including, for example, your secure sessions with your bank! The Sears.com proxy will send your logins and passwords along with a cleartext copy of all the supposedly secure data. But wait, it gets better
: you can only view the true TOS once the proxy has already been installed. [more inside]
posted by ikkyu2
on Jan 3, 2008 -
Ever admired those hard-working hackers, toiling away to get you the programs you've always loathed to have? Have you ever dreamt of exploring the innards of someone else's computer but have held back due to those pesky legalities? If you said yes to either of the above questions or just want to play an online hacking simulation, then SlaveHack
is the website for you. [more inside]
posted by flatluigi
on Dec 23, 2007 -
The organisers of New Zealand hacking convention Kiwicon
have created some PR the only way they know how, l33t h4x0ring. Using a XSS
bug in NZ's largest newspaper the NZ Herald
there. The URL got passed around and soon ended up with genuine media coverage
in NZ Herald's biggest competitor Stuff
. An earlier effort on the NZ Computerworld site was quickly fixed and got no media coverage.
posted by sycophant
on Aug 28, 2007 -
Interesting "New Yorker" article
about online extortion via DDoS attacks. Call me naive and underinformed, but I had little understanding of how this works.
"In the most common scenario, the bots surreptitiously connect hundreds, or thousands, of zombies to a channel in a chat room. The process is called “herding,” and a herd of zombies is called a botnet."
posted by dersins
on Oct 7, 2005 -
Republican Dirty Tricks
"From the spring of 2002 until at least April 2003, members of the GOP committee staff exploited a computer glitch that allowed them to access restricted Democratic communications without a password. Trolling through hundreds of memos, they were able to read talking points and accounts of private meetings discussing which judicial nominees Democrats would fight -- and with what tactics.
The office of Senate Sergeant-at-Arms William Pickle has already launched an investigation into how excerpts from 15 Democratic memos showed up in the pages of the conservative-leaning newspapers and were posted to a website last November." They just can't get Nixon out of their system, huh?
posted by owillis
on Jan 22, 2004 -
"Then we realized that somehow an insane god had taken control of our world and was out to kill us all."
Subscribers of the multiplayer online game "Shadowbane" were in for a shock Tuesday evening when they realized the game system had been hacked, and the rules fundamentally altered, and not in a good way (unless you happen to like mayhem). While this ended up being a "no harm, no foul" scenario, as everything was eventually set right, it was breaking new ground in terms of the uses of hacking. In a world where characters in these games are sold via EBay, and nearly half a million people subscribe to Everquest, how long before legitimate (non "fun and games") version of what just happened occurs?
posted by jonson
on Jun 1, 2003 -
Kevin Mitnick, a hacker who went without trial in the US for years, has finally been freed from his computer-free probation today. Buy his stuff on ebay
, or buy his book
. Or don't, it's really up to you.
posted by shepd
on Jan 21, 2003 -
The FBI on hacking vs. The Russians
That is crazy! 100 hundred years for hacking computers when there are people that actually hurt other people - maliciously...rapists, murderers, US politicians...
"If Russian hackers can be convicted on evidence obtained by the Americans through hacking, it means the U.S. secret services may use further illegal means of obtaining information in Russia and in other countries," an FSB spokesman told Interfax on Thursday.
Not only that, but the seriously...can this sort of thing just slide by?
posted by Kodel
on Aug 17, 2002 -
Congress is about to consider an entertainment industry proposal that would authorize copyright holders to disable PCs used for illicit file trading
. "The measure would permit copyright holders to perform nearly unchecked electronic hacking if they have a "reasonable basis" to believe that piracy is taking place."
posted by mathowie
on Jul 23, 2002 -