Join 3,553 readers in helping fund MetaFilter (Hide)

43 posts tagged with security and hacking. (View popular tags)
Displaying 1 through 43 of 43. Subscribe:

18 million reasons to go to two-factor authentication

German authorities have discovered yet another giant database of hacked passwords. The German Federal Office for Information Security says it will have a website allowing people to check if their accounts are affected up and running by Monday. Some 3 million Germans are believed affected; there is no indication that the impact is limited to Germans or Germany. A link to an ARD article on the case is here, in German.
posted by rhombus on Apr 4, 2014 - 26 comments

Being the nerd that I am, I was itching to crunch some badass numbers

Debarghya Das, an Indian student at Cornell, wanted to impress his friends by obtaining their examination marks for the Indian Certificate of Secondary Examination and the Indian School Certificate and, thanks to some poorly written javascript, discovers the entire database containing the grades for 200,000 Indian students, as well as potential evidence of widespread tampering.
posted by elgilito on Jun 7, 2013 - 36 comments

the ultimate in spyware

Meet the men who spy on women through their webcams - "If you are unlucky enough to have your computer infected with a RAT, prepare to be sold or traded to the kind of person who enters forums to ask, "Can I get some slaves for my rat please? I got 2 bucks lol I will give it to you :b" At that point, the indignities you will suffer—and the horrific website images you may see—will be limited only by the imagination of that most terrifying person: a 14-year-old boy with an unsupervised Internet connection."
posted by madamjujujive on Mar 10, 2013 - 172 comments

NSF/smashthestate

Password Security in Deus Ex
posted by Zarkonnen on Jan 5, 2013 - 61 comments

Green Dam Youth Escort

"During his civil lawsuit against the People's Republic of China, Brian Milburn says he never once saw one of the country's lawyers. He read no court documents from China's attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed. That doesn't mean Milburn's adversary had no contact with him." [China Mafia-Style Hack Attack Drives California Firm to Brink]
posted by vidur on Nov 28, 2012 - 12 comments

The threat won't be understood until a Cyberdisaster

The Frightening Things You Hear at a Black Hat Conference. (Previously-ish).
posted by MattMangels on Nov 23, 2012 - 49 comments

The age of the password has come to an end...

Mat Honan of Wired has a covetableTwitter username (@mat). Recently hackers tore his digital world apart in an attempt to commandeer it. Now he reflects: The age of the password has come to an end; we just haven’t realized it yet. And no one has figured out what will take its place. What we can say for sure is this: Access to our data can no longer hinge on secrets—a string of characters, 10 strings of characters, the answers to 50 questions—that only we’re supposed to know. The Internet doesn’t do secrets. Everyone is a few clicks away from knowing everything.
posted by rongorongo on Nov 16, 2012 - 75 comments

Do you want to see something scary?

GQ reports on paraplegic web cam hacker Luis Mijangos [more inside]
posted by Potomac Avenue on Jan 25, 2012 - 20 comments

So, would your holiness care to change her password?

The holiday season isn't always relaxing for those in the computing security field. 2011's Chaos Communication Congress brought many gifts in the form of vulnerability disclosures, including: malicious documents that infect HP printers, remote control vulnerabilities in prison lock systems, and denial-of-service attacks against Web servers written in just about every scripting language.
posted by spitefulcrow on Jan 1, 2012 - 32 comments

Why the world is scared of hacktivists

They’re watching. And they can bring you down: Why the world is scared of hacktivists. [Via]
posted by homunculus on Sep 25, 2011 - 94 comments

not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities

"Hackers of the world are uniting and taking direct action against our common oppressors - the government, corporations, police, and militaries of the world" says LulzSec (previously) in their latest release, Chinga La Migra. "We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 (previously) and the racial profiling anti-immigrant police state that is Arizona."

#antisec is a new track from nerdcore rapper ytcracker (previously)
posted by finite on Jun 23, 2011 - 47 comments

The only secure password is the one you can’t remember.

People who use Sony don't make very good passwords. "None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems." [more inside]
posted by -->NMN.80.418 on Jun 7, 2011 - 142 comments

Tupac the Kiwi

Over the weekend, PBS' website was hacked by a group calling itself "The Lulz Boat", or "LulzSec". The PBS site displayed a story claiming that rapper Tupac Shakur was alive and well in New Zealand. (He's not). The hack was apparently over the Frontline program that aired last week, 'Wikisecrets', which Julian Assange called "hostile". This follows a separate, unrelated breach at Lockheed Martin, also publicized over the weekend. (Previously)
posted by IvoShandor on May 30, 2011 - 62 comments

PlayStation Network and Qriocity Security Breach

Sony's PlayStation Network and Qriocity have been down since April 20 2011 due to an illegal intrusion. Today Sony announced that user data - birthdate, user name, password, e-mail address, possibly credit card information, and more - has been compromised for its 69 million users, exposing them to identify theft amongst other things. [more inside]
posted by Foci for Analysis on Apr 26, 2011 - 285 comments

RSA has been hacked.

Computer security vendor RSA, maker of two-factor authentication SecurID, has been hacked by unknown parties. In an open letter to it customers RSA Executive Chairman Arthur W. Coviello, Jr. calls the attack the work of an Advanced Persistent Threat, meaning a highly skilled, well-funded group acting deliberately & precisely to achieve a specific goal. RSA's clients include many Fortune 100 companies, US Government, Military & Intelligence Community organizations.
posted by scalefree on Mar 17, 2011 - 118 comments

Cracking voyeurism

Using honeypots and logging tools, some server admins have logged actual server break-in attempts by nincompoop crackers. [more inside]
posted by Foci for Analysis on Mar 11, 2011 - 50 comments

Stasi, SSIS, ...

"I almost can't believe I'm witnessing this. We're inside the fortress of terror, our very own Mordor..." [more inside]
posted by jeffburdges on Mar 7, 2011 - 74 comments

Some people learn lessons the hard way.

Aaron Barr, of security company HBGary, claimed in the Financial Times to have infiltrated Anonymous and to be collecting information on members of the group. Predictably, Anonymous responded by hacking HBGary's website and replacing its front page, as well as by stealing Barr's research documents on Anonymous (and social networking accounts) and releasing them to the public, along with thousands of internal HBGary emails.
posted by Pope Guilty on Feb 7, 2011 - 199 comments

Bring It On.

An anonymous hacking outfit called "Gnosis" has infiltrated Gawker Media, hijacking the front page and leaking the company's internal chat logs, source code, and content databases along with the usernames, email addresses, and passwords of over 1.3 million users (including Gawker staff). The attack, which was motivated by what the group describes as the "outright arrogance" with which the company's bloggers taunted anonymous imageboard 4chan (semi-previously), affects every site in the Gawker network, including Gizmodo, Kotaku, Lifehacker, Jezebel, Deadspin, Jalopnik, and io9. While most of the leaked passwords are encrypted, more than 200,000 of the simpler ones in the torrent file have been cracked, and the links between account names and email addresses are in plaintext for all to see. Since the integrity of Gawker's encryption methods remains in doubt, it is recommended that anyone who has ever registered an account on any Gawker property change their passwords immediately, especially if the same log-in information is used for other services.
posted by Rhaomi on Dec 12, 2010 - 312 comments

*sigh* Sometimes I hate computers...

"Millions" Of Home Routers Vulnerable to a Web Hack At the upcoming Black Hat Conference, to be held on July 29th in Las Vegas this year, a security researcher and ethical hacker named Craig Heffner will reveal a software tool to exploit a large-scale vulnerability in most home routers that will give users outside of the network access to the device. [more inside]
posted by codacorolla on Jul 16, 2010 - 40 comments

Andrew "bunnie" Huang: taking it apart and making it better, then telling others how it's done

Andrew Shane Huang is a 35 year old hardware hacker, known to some as bunnie, and others as that guy who hacked the Xbox and went on to write a book about it. Finding the hidden key to the Xbox was an enjoyable distraction while he worked on getting his PhD in Electrical Engineering from MIT as part of Project Aries. Since then, he has written for (and been written about) in Make Magazine, has giving talks on the strategy of hardware openness and manufacturing practices in China, as experienced with the development of the opensource ambient "internet-based TV" called Chumby. When he's not busy on such excursions, bunnie writes about hacking (and more specifically, Chumby hacking), technology in China, and even biology in exquisite detail on the bunnie studios blog (previously). [more inside]
posted by filthy light thief on Jun 17, 2010 - 36 comments

Neurosecurity

Neurosecurity: security and privacy for neural devices. "An increasing number of neural implantable devices will become available in the near future due to advances in neural engineering. This discipline holds the potential to improve many patients' lives dramatically by offering improved—and in some cases entirely new—forms of rehabilitation for conditions ranging from missing limbs to degenerative cognitive diseases. The use of standard engineering practices, medical trials, and neuroethical evaluations during the design process can create systems that are safe and that follow ethical guidelines; unfortunately, none of these disciplines currently ensure that neural devices are robust against adversarial entities trying to exploit these devices to alter, block, or eavesdrop on neural signals. The authors define 'neurosecurity'—a version of computer science security principles and methods applied to neural engineering—and discuss why neurosecurity should be a critical consideration in the design of future neural devices." [Via Mind Hacks]
posted by homunculus on Jul 8, 2009 - 22 comments

High Security? Maybe.

You are Medeco, one of the world's premier lock companies. And you think your super-secure locks are tight. Until, that is, some upstart troublemaker comes along, reverse engineers them and shows the world (via Wired magazine--with video, natch) showing just how (supposedly) insecure they are. Then this same troublemaker releases a book giving all your secrets away. [more inside]
posted by ostranenie on May 28, 2009 - 75 comments

Amazing discoveries in plain-text Tor exit traffic.

This is an ironic tale of the consequences of inept application of cryptographic tools. Or is it? Dan Egerstad, a Swedish hacker, gained access to hundreds of computer network accounts around the world, belonging to various embassies, corporations and other organizations. How did he do it? Very easily: by sniffing exit traffic on his Tor nodes. [more inside]
posted by Anything on Dec 4, 2007 - 27 comments

I'm in ur address book, callin ur peeps

How secure is your password? If you're like some people, it's probably not secure enough. When did you last change yours?
posted by chuckdarwin on Jun 13, 2007 - 66 comments

Introducing Jikto

Klaatu barada...Jikto? First there was Nikto. Then along came Wikto. Last Saturday at Shmoocon Billy Hoffman introduced the world to Jitko, a client-side vulnerability scanner that exploits your browser & turns your PC into a platform for finding holes in computers across the Internet (or behind your firewall). Reactions were mixed. Does Jikto go too far?
posted by scalefree on Mar 28, 2007 - 11 comments

There's some sort of karmic justice here.

"To tell the truth ... I'm sorta surprised they haven't caught me yet," The Washington Post ran an interesting interview with a botmaster, a young man who made serveral thousands of dollars a month installing XXX spyware on machines that he controlled. He installed the software on the machines of people he did not know by hacking into them remotely. The lenghty article included a partial photo of the botmaster along with vauge descriptions of the small midwestern town where the man lives, and was published with the understanding that the man's identity would be kept secret. Someone should have told that to the person that manages photos at the Washington Post. An estute reader over at Slashdot was able to locate some extra information stored in the picture's metadata including the photographer and the location the picture was taken, Roland, Oklahoma, a town of less than 3000 people. Whoops.
posted by daHIFI on Feb 21, 2006 - 56 comments

Harvard rejects

"Hacker" discovers backdoor to Harvard Business School admissions decisions.
Harvard rejects all applicants who used the "hack."
posted by trharlan on Mar 8, 2005 - 68 comments

Google falters? Can't be!

GMail not-so-safe Mail. So apparentley GMail has a major exploit that's been discovered by an Israeli hacker. "Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed." And so the fun with GMail begins..
posted by mrplab on Oct 29, 2004 - 9 comments

It's Justice Time!

Know what time it is, Kidz? It's U.S. Department of Justice Time!

On today's show, we'll learn why Hacking is REAL BAD, and give you a chance to find out if you are a good cybercitizen. Next, we'll meet Axel, the talking drug dog, and his friends the Bomb Dog Bunch! Then, we'll check in on the ATF, for some cool science fair ideas.

And finally, just for you kids with crooks or international terrorists for parents, here's a nifty PDF coloring book (Native American version also available).
posted by eatitlive on Feb 25, 2003 - 11 comments

This is some scary stuff. Life in prison for malicious hacking? We can't keep rapists and murderers away from society for very long but now hackers & crackers could be jailed for life? And on top of that the FBI can monitor internet packets without a warrant? If you enjoy your freedom from gov't surveillance, it looks like it's time to start using PGP.
posted by mathowie on Jul 16, 2002 - 21 comments

Competition to "reverse engineer" mystery program.

Competition to "reverse engineer" mystery program.
Another cool thingy from the HoneyNet Project; they're inviting people to convert a binary file into its original source. So, who's participating?
posted by arnab on May 3, 2002 - 2 comments

Hackers target Cell Phones

Hackers target Cell Phones With the connectivity of cell phones to the internet, hackers have begun to target cell phones, programming prank calls, placing calls to wherever and erasing the software in the phone.
posted by Lanternjmk on Mar 11, 2002 - 7 comments

Hackers: Computer Outlaws

Hackers: Computer Outlaws A TLC show(that I'm 3/4 through) that seems to actually use reliable sources to discuss not just cracker behavior, but also the creative side of hackers, pointing out the developments attributed to some hackers. Now Markoff and Mitnick. Not a bad little show....
posted by dglynn on Jan 9, 2002 - 7 comments

Microsoft's newest version of Windows....

Microsoft's newest version of Windows.... billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The company released a free fix Thursday.

A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.
posted by bkdelong on Dec 20, 2001 - 60 comments

Silicon Valley backs Senate bill

Silicon Valley backs Senate bill that would allow companies to report computer network attacks to the government without having to worry about the public finding out. The reasoning: it would encourage more companies to report the problems and help the government track down the culprits. A similar bill is in the House.
posted by thescoop on Sep 25, 2001 - 3 comments

You too can be a felon!

You too can be a felon! Last year, the SDMI Foundation made a public challenge to see if anyone could crack 6 proposed protection mechanisms for digitally-encoded music. All six turned out to be feeble and all six fell. Since then, the SDMI Foundation has been relying on lawyers to cover up for the incompetence of their engineers. They're trying to suppress this article, so everyone reading this has a duty to make and store a copy of it. (Everyone should also own at least one copy of DeCSS. I have the 442-character C version printed on the back of my personal card.)
posted by Steven Den Beste on Apr 21, 2001 - 15 comments

Vulnerabiity in OpenPGP

Vulnerabiity in OpenPGP You don't even need to crack the key, just get hold of it, modify a few bytes, and presto, sign away from other persona. The issue here is signing, not encrypting. The implications are evident when you think of internet voting, tax filing, etc., but it is still a victory for open cryptography, where peer review can find serious flaws.
posted by pecus on Mar 22, 2001 - 2 comments

One million credit card numbers stolen! News at 11!

One million credit card numbers stolen! News at 11! The FBI has gone public with a rather dry account of a huge organized attack on ecommerce sites, exploiting security flaws in NT which Microsoft fixed and offered patches for nearly two years ago.
posted by Steven Den Beste on Mar 9, 2001 - 5 comments

The SDMI Hack challenge seems to have gone down in flames.

The SDMI Hack challenge seems to have gone down in flames. And apparently it wasn't even very difficult to break into it. This article goes into it in some detail. [more]
posted by Steven Den Beste on Oct 17, 2000 - 5 comments

They bagged the kid who was responsible

They bagged the kid who was responsible for all those Denial-of-Service attacks a couple of months ago. He's Canadian.

Here's an interesting legal question: could the US extradite him? The crimes were committed in the US, but he was in Canada at the time he did it, since he worked through the Internet. Whose laws apply?

(By the way, I've seen no indication that the US is considering extradition; I was just curious whether they could extradite him.)
posted by Steven Den Beste on Apr 19, 2000 - 18 comments

The Discovery Channel has a pretty good "Hackers Hall of Fame"

The Discovery Channel has a pretty good "Hackers Hall of Fame" but of course they get hacking/phreaking/cracking all munged up. There's a brief bio and short synopsis of activities for each person.
posted by mathowie on Feb 12, 2000 - 0 comments

Last night Kevin Mitnick was on 60 minutes (the gist of the interview is quoted here), and I have to say he came off as an utterly harmless geek. He was an information junkie that enjoyed the challenge of cracking firewalls. He never profited from his activities and the affected companies made up their monetary losses. It's a shame he was forced to waste away in prison instead of offer his security expertise to the affected companies.
posted by mathowie on Jan 24, 2000 - 1 comment

Page: 1