We Should All Step Back from Security Journalism. I’ll Go First. Quinn Norton (previously) responds to the sentencing of Barrett Brown (previously.) [Via]
Redditor CSMastermind composes an epic timeline of the Sony information breach. Well sourced, and in laymans terms. [more inside]
How secure is public wi-fi? A lot less than you probably imagine.
Sentenced in a Swedish court, Gottfrid Svartholm Warg gets extradited to Denmark to stand trial for another case of system intrusion.
Mefi's Own, Jacob Applebaum has some choice words after his testimony in the Danish court. [more inside]
Mefi's Own, Jacob Applebaum has some choice words after his testimony in the Danish court. [more inside]
Last night, a hacker posted a text file on a cryptocurrency forum in Russia which contained 5 million Gmail accounts and associated passwords. It's probably time to change yours again.
How does a Dell laptop know what kind of power adapter is connected? The adapter tells it. Reverse-engineering: Hacking the Dell laptop power adapter 1, 2, 3, 4.
Who's hacking whom? U.S.-based computer security firm Norse has released a real-time animated map that illustrates ongoing cyberattacks around the world.
German authorities have discovered yet another giant database of hacked passwords. The German Federal Office for Information Security says it will have a website allowing people to check if their accounts are affected up and running by Monday. Some 3 million Germans are believed affected; there is no indication that the impact is limited to Germans or Germany. A link to an ARD article on the case is here, in German.
The inside story of MIT and Aaron Swartz. The Boston Globe reviews over 7,000 pages of discovery documents in the Aaron Swartz case (previously): Most vividly, the e-mails underscore the dissonant instincts the university grappled with. There was the eagerness of some MIT employees to help investigators and prosecutors with the case, and then there was, by contrast, the glacial pace of the institution’s early reaction to the intruder’s provocation.... MIT never encouraged Swartz’s prosecution, and once told his prosecutor they had no interest in jail time. However, e-mails illustrate how MIT energetically assisted authorities in capturing him and gathering evidence — even prodding JSTOR to get answers for prosecutors more quickly — before a subpoena had been issued.... Yet if MIT eventually adopted a relatively hard line on Swartz, the university had also helped to make his misdeeds possible, the Globe review found. Numerous e-mails make it clear that the unusually easy access to the campus computer network, which Swartz took advantage of, had long been a concern to some of the university’s information technology staff.
From a small town in Romania, Guccifer skewered and glorified the power elite.
If Snowden perfectly fit the profile of geek crusader, Lehel, a stone-faced, disheveled man in a tight leather jacket, seemed an odd candidate for one of the world’s most notorious hackers. But Guccifer is to hacking what the Beatles are to rock and roll. He had predecessors, 4Chan cowboys like Anonymous and Sabu of LulzSec, but he’s changed the nature of hacking fame. Guccifer rose by exploiting the connections people make online to infiltrate the private lives of some of the most powerful people on Earth. He served up the results to the media, irresistible high-low raw material for an online news cycle driven by leaks and voyeurism and racked by anxiety over privacy.What Is A Guccifer? [more inside]
Losing Aaron. "After his son was arrested for downloading files at MIT, Bob Swartz did everything in his power to save him. He couldn’t. Now he wants the institute to own up to its part in Aaron’s death." [Via]
The alien cult that hacked British TV: In 1977 a British television channel was hijacked by someone claiming to be a space alien called ‘Vrillon’. [Via]
The Limits of Computer Trespass Law (Lengthy video with audio available) "Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law!" Legal and internet thinkers (including Ed Felten, Jennifer Granick, Dan Auerbach, & others) talk about vagueness in the Computer Fraud and Abuse Act, chilling effects, and the prosecution of Aaron Swartz in a panel discussion at Stanford's Center for Internet and Society. [more inside]
Create a high-powered microscope from a cheap webcam by following Mark's simple step-by-step instructions. Because your microscope is connected to your computer, you can save and share your images easily.
In an interview with Hong Kong's South China Morning Post, NSA leaker, Edward Snowden, claims that the US is "trying to bully the Hong Kong government" into extraditing him, and provides new documents which describe the NSA's routine hacking of targets in Hong Kong and mainland China since 2009, including regular access of large backbone networks. [more inside]
Police are stumped as to how thieves are breaking into cars holding small unknown devices, even when they are caught on video doing it.
What's in the database? Roughly 1,000 records of documents related to phone phreaking history. It includes newspaper and magazine articles, letters, memos, FBI memos, audio recordings, you name it.. Extra Goodies! [more inside]
A DOS attack on Sunday, 3 June caused the moderators of the MMORPGs EVE Online and Dust 514 to shut down the server cluster that hosted both games. The games were offline for most of the day and into the following morning, having just recently been restored. The COO of EVE's parent company, CCP, described the situation this way:
What we can now confirm is that a person was able to utilize a vulnerability in one of the back-end services that support the operation of the Tranquility server. This vulnerability has now been secured and thoroughly tested. We would like to stress that at no time was customer data compromised or accessible in any way. The effort of returning the complex server structure of the EVE Universe and associated websites to service in a methodical and highly-scrutinized fashion began hours ago and Tranquility has now been brought online (at 10:13 UTC). Our teams will monitor the situation carefully in the coming hours to ensure that our services are accessible and that all customer data remains secure.CCP also took the precaution of shutting down the games' websites, and so communicated with players via Twitter ("Your patience has been legendary and appreciated.") and its Facebook page. [more inside]
Security alert: notes from the frontline of the war in cyberspace Jon Ronson interviews Andrew Auernheimer aka weev, Kim Dotcom, 'Troy' from Anonymous and Mercedes Haefer
We all know that E.T. for the Atari 2600 was a terrible no-good awful game (previously, previously-er). But could it be that our received wisdom about the cartridge is just wrong? Yeah, probably not ... But to be fair, follow this in-depth guide to hacking the ET ROM and you, too, can transform the game into something far more play-worthy (and don't worry, you can still turn ET into its ninja form).
How a buccaneering young engineer built the little blue box that broke into the biggest network in the world
Meet the men who spy on women through their webcams - "If you are unlucky enough to have your computer infected with a RAT, prepare to be sold or traded to the kind of person who enters forums to ask, "Can I get some slaves for my rat please? I got 2 bucks lol I will give it to you :b" At that point, the indignities you will suffer—and the horrific website images you may see—will be limited only by the imagination of that most terrifying person: a 14-year-old boy with an unsupervised Internet connection."
The Mandiant security firm has released a report attributing a number of hacking events to Advanced Persistent Threat (APT) activity perpetrated by China's 2nd Bureau of the People's Liberation Army General Staff Deparment's 3rd Department. They have also released an appendix containing multiple artifacts that can be used to detect intrusions on networks.
A new report, the National Intelligence Estimate, released by the US Office of the Director of National Intelligence "represents the consensus view of the U.S. intelligence community, describes a wide range of sectors that have been the focus of [China-based] hacking over the past five years, including energy, finance, information technology, aerospace and automotive." One face of Chinese state-sponsored hackers profiled by Bloomberg Business Week is Zhang Changhe, an instructor at the People's Liberation Army Information Engineering University in Zhengzhou. [more inside]
“On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices,” says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects’ computers or mobile phones.
A card game to teach computer security. [d0x3d!] is the creation of some Naval Postgraduate School computer scientists, designed to help players learn digital security concepts. Playtested with middle school students.
The New York Times has detailed a successful 4-month hacking campaign by China, infiltrating its computer systems and acquiring passwords for reporters/employees. The campaign was likely in retaliation for the NYT investigation of the wealth amassed by relatives of Chinese Prime Minister Wen Jiabao. Following the NYT announcement, the Wall Street Journal announced that it too was hacked last year. The Washington Post may also have been infiltrated. Slate asks if this could have a chilling effect on journalists writing about China. [more inside]
If special hardware can crack all your passwords, if people have a hard time remembering them anyway, if people don't implement them in the first place, it is no wonder Google (with Yubico) is "declar[ing] war on the password." [more inside]
An advanced and well-orchestrated computer spy operation that targeted diplomats, governments and research institutions for at least five years has been uncovered by security researchers in Russia.
The highly targeted campaign, which focuses primarily on victims in Eastern Europe and Central Asia based on existing data, is still live, harvesting documents and data from computers, smartphones and removable storage devices, such as USB sticks, according to Kaspersky Lab, the Moscow-based antivirus firm that uncovered the campaign. Kaspersky has dubbed the operation “Red October.”[more inside]
10 Raspberry Pi creations that show how amazing the tiny PC can be "The Raspberry Pi, the $35 credit card-sized computer, has lived an interesting life despite being less than a year old. It has been used to teach programming and host servers, but above all it has provided a near-perfect platform for some of the most fun and interesting hobbyist projects in the computing world. Arcade cabinets, computing clusters housed in LEGOs, musical instruments, robots, and wearable computers are just some of the uses Pi owners have found. It turns out you can do a lot with an ARM processor, GPU, a few ports and GPIO pins, and an operating system (typically Linux-based) loaded onto an SD card. Here are 10 of the coolest Raspberry Pi creations we've been able to find."
Hacker sets up SiriProxy and a Raspberry Pi-controlled relay to make his iPhone's Siri voice control open his garage door
"For the seventh time in less than 70 years, a report has been commissioned by the Government which has dealt with concerns about the press. It was sparked by public revulsion about a single action – the hacking of the mobile phone of a murdered teenager. From that beginning, the scope of the Inquiry was expanded to cover the culture, practices and ethics of the press in its relations with the public, with the police, with politicians and, as to the police and politicians, the conduct of each."The report, in four volumes of around 500 pages each, is available for download.
"During his civil lawsuit against the People's Republic of China, Brian Milburn says he never once saw one of the country's lawyers. He read no court documents from China's attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed. That doesn't mean Milburn's adversary had no contact with him." [China Mafia-Style Hack Attack Drives California Firm to Brink]
Mat Honan of Wired has a covetableTwitter username (@mat). Recently hackers tore his digital world apart in an attempt to commandeer it. Now he reflects: The age of the password has come to an end; we just haven’t realized it yet. And no one has figured out what will take its place. What we can say for sure is this: Access to our data can no longer hinge on secrets—a string of characters, 10 strings of characters, the answers to 50 questions—that only we’re supposed to know. The Internet doesn’t do secrets. Everyone is a few clicks away from knowing everything.
British computer hacker Gary McKinnon will not be extradited to the US, Home Secretary Theresa May has announced. [bbc]. She stated that "a decision to extradite would be incompatible with Mr McKinnon's human rights." on grounds of his mental illness(es) and propensity for suicidal thoughts. On a broader level she has also indicated that a forum bar will be available in future extraditions to the USA, meaning a court will be able to consider whether it would be more appropriate for a trial to be held in the UK. [more inside]
The AntiSec hacking group claims to have released a set of more than 1 million Apple Unique Device Identifiers (UDIDs) allegedly obtained from breaching an FBI agent's laptop via a Java vulnerability. The group claims to have over 12 million IDs, as well as personal information such as user names, device names, notification tokens, cell phone numbers and addresses. There's a tool to help you check if your device is in the list. [more inside]
Phone Trips - an audio archive of the Phone Phreaking community. Phone phreaking was the practice of hacking into phone systems and networks in order to explore these networks and their connections [1 2]. Many people first heard about the phenomenon in a 1971 Esquire article, Secrets of the Little Blue Box, which included input from Captain Crunch. Crunch discovered that you could access telephone networks by blowing a 2600 Hz tone, from a whistle given away free in cereal boxes, into telephone handsets. "Have you ever heard eight tandems stacked up?" asked Crunch in the interview. Well, now we can, thanks to a large audio archive of phone phreaking. [more inside]
"When Art, Apple and the Secret Service Collide: ‘People Staring at Computers’ ": A year ago (previously on MetaFilter), Kyle McDonald created an art project that landed him in some trouble with Apple and the attention of the US Secret Service. He writes about it for WIRED. [more inside]