In-depth pieces in Vanity Fair and Wired detail the structure and impact of the Stuxnet worm, and what it means for the future of cybersecurity. (Previously)
not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities
"Hackers of the world are uniting and taking direct action against our common oppressors - the government, corporations, police, and militaries of the world" says LulzSec (previously) in their latest release, Chinga La Migra. "We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 (previously) and the racial profiling anti-immigrant police state that is Arizona."
#antisec is a new track from nerdcore rapper ytcracker (previously)
#antisec is a new track from nerdcore rapper ytcracker (previously)
People who use Sony don't make very good passwords. "None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems." [more inside]
'The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.'
Over the weekend, PBS' website was hacked by a group calling itself "The Lulz Boat", or "LulzSec". The PBS site displayed a story claiming that rapper Tupac Shakur was alive and well in New Zealand. (He's not). The hack was apparently over the Frontline program that aired last week, 'Wikisecrets', which Julian Assange called "hostile". This follows a separate, unrelated breach at Lockheed Martin, also publicized over the weekend. (Previously)
Last night at midnight, more than a gigabyte of internal memos from the US Chamber of Commerce and two other conservative think-tanks were leaked to the Internet. Although no announcement has been posted to the semi-official Anonymous web site, the archive contains a README file crediting the hacker/cracker/griefer collective. [more inside]
Sony's PlayStation Network and Qriocity have been down since April 20 2011 due to an illegal intrusion. Today Sony announced that user data - birthdate, user name, password, e-mail address, possibly credit card information, and more - has been compromised for its 69 million users, exposing them to identify theft amongst other things. [more inside]
Engineer-turn-blogger Scott Whitlock offers some insight into the limitation of free markets. [more inside]
Computer security vendor RSA, maker of two-factor authentication SecurID, has been hacked by unknown parties. In an open letter to it customers RSA Executive Chairman Arthur W. Coviello, Jr. calls the attack the work of an Advanced Persistent Threat, meaning a highly skilled, well-funded group acting deliberately & precisely to achieve a specific goal. RSA's clients include many Fortune 100 companies, US Government, Military & Intelligence Community organizations.
Using honeypots and logging tools, some server admins have logged actual server break-in attempts by nincompoop crackers. [more inside]
"I almost can't believe I'm witnessing this. We're inside the fortress of terror, our very own Mordor..." [more inside]
Aaron Barr, of security company HBGary, claimed in the Financial Times to have infiltrated Anonymous and to be collecting information on members of the group. Predictably, Anonymous responded by hacking HBGary's website and replacing its front page, as well as by stealing Barr's research documents on Anonymous (and social networking accounts) and releasing them to the public, along with thousands of internal HBGary emails.
UK cosmetics company Lush cultivates an image of quirky naiveté in its marketing, even when it loses the credit card details of thousands of customers. [more inside]
Adachi Tomomi, Alex Baker, Ian Baxter, Ithai Benjamin, Lesley Flanigan, Lorin Edwin Parker, Peter Blasser, Phil Archer, Todd Bailey, Tommy Stephenson & Patrick McCarthy, Tuomao Tammenpaa, and Vasco Alvo are all featured in Nicolas Collins' extraordinarily good book Handmade Electronic Music.
"I was daydreaming in class about who knows what, when I thought of my fire poofer project...I tried to think of ways I could apply a fireball shooter to things in ways that would be pretty awesome. I thought of using a microcontroller to sync the fire to the beat of music - now that would be pretty cool, and the patterns would always be different, so it wouldn't get as boring as fast. Then I thought of the game Guitar Hero." High school student Chris Marion hacks a guitar controller and builds FireHero. Facemelting ensues.
In late December 2010, fail0verflow, a team of European hackers, demonstrated that the Playstation 3's security was fundamentally flawed and managed to obtain the encryption key used by the device (see previous discussion). Utilizing the techniques developed by the fail0verflow team, iPhone hacker George Hotz released the encryption key publically, which enables the execution of arbitrary code on the console. Now Sony is suing both George Hotz and members of the fail0verflow team. [more inside]
Oakland County man faces 5 years in prison for hacking his wife's email. So, is email snooping a crime?
The Wikileaks Cablegate scandal is the most exciting and interesting hacker scandal ever. I rather commonly write about such things, and I’m surrounded by online acquaintances who take a burning interest in every little jot and tittle of this ongoing saga. So it’s going to take me a while to explain why this highly newsworthy event fills me with such a chilly, deadening sense of Edgar Allen Poe melancholia.
But it sure does.
Bruce Sterling on the world of post-Wikileaks diplomacy.
But it sure does.
Bruce Sterling on the world of post-Wikileaks diplomacy.
Silverpop Systems Inc, an email marketing firm with 105 customers has had its database systems hacked last week. [more inside]
An anonymous hacking outfit called "Gnosis" has infiltrated Gawker Media, hijacking the front page and leaking the company's internal chat logs, source code, and content databases along with the usernames, email addresses, and passwords of over 1.3 million users (including Gawker staff). The attack, which was motivated by what the group describes as the "outright arrogance" with which the company's bloggers taunted anonymous imageboard 4chan (semi-previously), affects every site in the Gawker network, including Gizmodo, Kotaku, Lifehacker, Jezebel, Deadspin, Jalopnik, and io9. While most of the leaked passwords are encrypted, more than 200,000 of the simpler ones in the torrent file have been cracked, and the links between account names and email addresses are in plaintext for all to see. Since the integrity of Gawker's encryption methods remains in doubt, it is recommended that anyone who has ever registered an account on any Gawker property change their passwords immediately, especially if the same log-in information is used for other services.
Music Hack Day heads back to Boston October 16 and 17. Music Hack Day is a free-to-attend 24-hour convergence over two calendar days designed to throw together programmers, musicians, artists, conceptualizers, and, of course, marketers and promoters. "Music + software + hardware + art + the web. Anything goes as long as it's music related." Music Hack Day London just ended (September 4, 5). My favorite (and the MHD-London winner!) was Speakatron, which is WebCam + Software = Goofy Fun! (related, previously) [more inside]
Last week, the New York Times magazine published an explosive article about the phone-hacking exploits at the Rupert Murdoch-owned British tabloid News Of The World under the then-editorship of Andy Coulson, now the the Government's chief of communications. Following the NYT's investigation, questions about the "unhealthy" relationship between the Metropolitan Police and the press (particularly Murdoch's News International, which also includes The Sun, The Times and the Sunday Times), and further claims that an independent inquiry was abandoned so as not to upset the Metropolitan Police, assistant Met Commissioner John Yates was questioned [video; 4 mins] on Tuesday by the Home Affairs select committee. Following an emergency debate in Parliament today, which concerned the fact that MPs of all parties may have had their phones hacked (and therefore had their Parliamentary Privilege breached), the Standards and Privileges Committee, the most powerful committee in Parliament, is to open an inquiry which will be able to compel witnesses to give evidence. Meanwhile, former News of the World reporters are coming out the woodwork, claiming that hacking at the paper was "rife", and the pressure is on Coulson to resign his £140,000 job at No. 10, with a poll [pdf] which says 52% of the public says he should go. [more inside]
"Millions" Of Home Routers Vulnerable to a Web Hack At the upcoming Black Hat Conference, to be held on July 29th in Las Vegas this year, a security researcher and ethical hacker named Craig Heffner will reveal a software tool to exploit a large-scale vulnerability in most home routers that will give users outside of the network access to the device. [more inside]
Andrew Shane Huang is a 35 year old hardware hacker, known to some as bunnie, and others as that guy who hacked the Xbox and went on to write a book about it. Finding the hidden key to the Xbox was an enjoyable distraction while he worked on getting his PhD in Electrical Engineering from MIT as part of Project Aries. Since then, he has written for (and been written about) in Make Magazine, has giving talks on the strategy of hardware openness and manufacturing practices in China, as experienced with the development of the opensource ambient "internet-based TV" called Chumby. When he's not busy on such excursions, bunnie writes about hacking (and more specifically, Chumby hacking), technology in China, and even biology in exquisite detail on the bunnie studios blog (previously). [more inside]
The first Global Hackathon organized by Random Hacks of Kindness has begun. Satellite-linked hackers are attending events in Washington DC, Sydney, Nairobi, Jakarta, and Sao Paulo. Some of the projects being coded right now: Near-Realtime UAV (unmanned aerial vehicle) image processing; BushFire Connect Project; Person finder [more inside]
The North Skirt. You need never be fashionably lost in the woods again.
Citing security concerns, Sony has decided to release a firmware update that will disable the "OtherOS" feature on its older (non-slim) PlayStation 3 systems. This is almost certainly a response to the system finally being hacked two months ago by George "GeoHot" Hotz. To counter Sony's disabling of the feature, Hotz, who previously stated that he would not be releasing custom firmware for the PS3, now plans to do so: "The PlayStation 3 is the only product I know that loses features throughout its lifecycle. Software PS2 emulation, SACD playback, and OtherOS support are all just software switches you can flip. It's unbelievable you would go and flip one, not just on new boxes you are shipping, but on tens of millions already in the field."
Korean cyber attack on 2-channel An army of Korean netizens apparently attacked the Japanese Internet forum 2chan for their anti-Korean postings, including those targeting Korea’s Olympic gold-medal-winning figure skater Kim Yu-na, causing the site to shut down on Monday (March 1). [more inside]
The Google/China hacking case, or "How many news outlets do the original reporting on a big story?"
Ghost shift ghost chips. A tale about a Chumby hardware developer with a keen investigative eye noticing some oddities about microSD FLASH cards from supposedly reputable suppliers.
Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. Realistic training missions included!
Insurgents Hack U.S. Drones. "Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations." [Via]
The public's opinion of the field of climatology has been shaken by the leaked CRU emails. While it's arguable that the messages show any wrongdoing, many pundits have now reached the conclusion that global warming is a hoax, coverup and conspiracy, years in the making with millions of faked datapoints. Sarah Palin has written an editorial saying Obama should boycott the Copenhagen COP15 summit.
Hacking is a Baltimore phenomenon that allows citizens to get cheap "illegal" rides across town. A hack indicates they want a ride by motioning their pointer finger towards the ground as they walk along the street. Inevitably a driver will stop, the two parties will negotiate a price and a ride will be given. It is both a dangerous and necessary part of the blighted Baltimore economy.
Neurosecurity: security and privacy for neural devices. "An increasing number of neural implantable devices will become available in the near future due to advances in neural engineering. This discipline holds the potential to improve many patients' lives dramatically by offering improved—and in some cases entirely new—forms of rehabilitation for conditions ranging from missing limbs to degenerative cognitive diseases. The use of standard engineering practices, medical trials, and neuroethical evaluations during the design process can create systems that are safe and that follow ethical guidelines; unfortunately, none of these disciplines currently ensure that neural devices are robust against adversarial entities trying to exploit these devices to alter, block, or eavesdrop on neural signals. The authors define 'neurosecurity'—a version of computer science security principles and methods applied to neural engineering—and discuss why neurosecurity should be a critical consideration in the design of future neural devices." [Via Mind Hacks]
You are Medeco, one of the world's premier lock companies. And you think your super-secure locks are tight. Until, that is, some upstart troublemaker comes along, reverse engineers them and shows the world (via Wired magazine--with video, natch) showing just how (supposedly) insecure they are. Then this same troublemaker releases a book giving all your secrets away. [more inside]
NPR Backstory is an automated Twitter feed providing helpful links to news items from the past 14 years that might be relevant to current events. For example, when masses of people started googling medical information after a news item about 200,000 patients' medical histories being accidentally exposed, NPRbackstory linked to an April 2008 analysis of the advantages and disadvantages of storing patient records online. [more inside]
Voting for the Time 100, Time Magazine's list of the world's most influential people in government, science, technology and the arts, has taken a bizarre turn. Rather than the expected dance-off between Stephen Colbert and Korean pop star Rain, the top spot is currently occupied by moot, the owner and operator of 4chan. Hear Time's own take on it, and then, learn who hacked the vote.
Tracking GhostNet: Investigating a Cyber Espionage Network. "A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved." [more inside]
What real-life bad habits has programming given you? "This has actually really happened to me. I was trying to hang a glass picture frame on the wall and accidentally dropped it. And in the shock of the moment, I loudly yelled 'Control Z!' Then the glass hit the floor and smashed."
The Mother of all Wii Hacks: Early on in the life of the Wii, hackers discovered a bug in "Zelda: Twilight Princess" and exploited it to create the Twilight Hack. From that came the Homebrew Channel, a software browser, and even DVD capability. [more inside]
The best criminal hacker is the one that isn't caught — or even identified. These are 10 of the most infamous unsolved computer crimes as selected by PC Magazine. However, some do get caught. Here are nine of the most infamous criminal hackers to ever see the inside of a jail cell. PCMag also reached back into the early days of computing and dredged up the most inspiring examples of hacker brilliance they could find. [more inside]
Sarah Palin's email gets hacked by Anonymous (right, that Anonymous). And given the legal controversy surrounding her email, one wonders if the fact that her yahoo email accounts are now deleted constitutes destruction of evidence or violations of public-records laws. Its hit Wikileaks too, but, I'm not sure they have more then what's already released (rapidshare).
Your Gmail account isn't secure. Announced at Defcon 16, Jay Beale's tool, The Middler (man-in-the-middle) to steal session ID from not only Gmail users, but LinkedIn, LiveJournal, Facebook, and presumably any site that uses a session-based cookie. Enable https permanently. (previously)
Serious as a heart attack: A collaboration of various medical researchers in the academic field has led to proof that pacemakers can be remotely hacked with simple and accessible equipment. This is a proof of concept, but the real question is: How many other pacemakers and medical devices are similarly vulnerable? (Writers may note a new twist available for the assassination of characters in their novels and screenplays.)
Decker isn't quite a roguelike about hacking in the world of Shadowrun with Windows 3.1-era graphics, but it's as close as you're ever gonna come.
Worried about the state of biodiversity? Why not make some of your own? Moore’s law is all over biotechnology right now. Can the hackers be far behind? MIT's Drew Endy doesn’t think so. Ready to get started? You might already have some of the tools that you will need. Plans for others are available on the web. All you need now are some parts.