This is an ironic tale of the consequences of inept application of cryptographic tools. Or is it? Dan Egerstad, a Swedish hacker, gained access to hundreds of computer network accounts around the world, belonging to various embassies, corporations and other organizations. How did he do it? Very easily: by sniffing exit traffic on his Tor nodes.
posted on Dec 4, 2007 - View this thread

How secure is your password? If you're like some people, it's probably not secure enough. When did you last change yours?
posted on Jun 13, 2007 - View this thread

Klaatu barada...Jikto? First there was Nikto. Then along came Wikto. Last Saturday at Shmoocon Billy Hoffman introduced the world to Jitko, a client-side vulnerability scanner that exploits your browser & turns your PC into a platform for finding holes in computers across the Internet (or behind your firewall). Reactions were mixed. Does Jikto go too far?
posted on Mar 28, 2007 - View this thread

"To tell the truth ... I'm sorta surprised they haven't caught me yet," The Washington Post ran an interesting interview with a botmaster, a young man who made serveral thousands of dollars a month installing XXX spyware on machines that he controlled. He installed the software on the machines of people he did not know by hacking into them remotely. The lenghty article included a partial photo of the botmaster along with vauge descriptions of the small midwestern town where the man lives, and was published with the understanding that the man's identity would be kept secret. Someone should have told that to the person that manages photos at the Washington Post. An estute reader over at Slashdot was able to locate some extra information stored in the picture's metadata including the photographer and the location the picture was taken, Roland, Oklahoma, a town of less than 3000 people. Whoops.
posted on Feb 21, 2006 - View this thread

"Hacker" discovers backdoor to Harvard Business School admissions decisions.
Harvard rejects all applicants who used the "hack."
posted on Mar 8, 2005 - View this thread

GMail not-so-safe Mail. So apparentley GMail has a major exploit that's been discovered by an Israeli hacker. "Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed." And so the fun with GMail begins..
posted on Oct 29, 2004 - View this thread

Know what time it is, Kidz? It's U.S. Department of Justice Time!

On today's show, we'll learn why Hacking is REAL BAD, and give you a chance to find out if you are a good cybercitizen. Next, we'll meet Axel, the talking drug dog, and his friends the Bomb Dog Bunch! Then, we'll check in on the ATF, for some cool science fair ideas.

And finally, just for you kids with crooks or international terrorists for parents, here's a nifty PDF coloring book (Native American version also available).
posted on Feb 25, 2003 - View this thread

This is some scary stuff. Life in prison for malicious hacking? We can't keep rapists and murderers away from society for very long but now hackers & crackers could be jailed for life? And on top of that the FBI can monitor internet packets without a warrant? If you enjoy your freedom from gov't surveillance, it looks like it's time to start using PGP.
posted on Jul 16, 2002 - View this thread

Competition to "reverse engineer" mystery program.
Another cool thingy from the HoneyNet Project; they're inviting people to convert a binary file into its original source. So, who's participating?
posted on May 3, 2002 - View this thread

Hackers target Cell Phones With the connectivity of cell phones to the internet, hackers have begun to target cell phones, programming prank calls, placing calls to wherever and erasing the software in the phone.
posted on Mar 11, 2002 - View this thread

Hackers: Computer Outlaws A TLC show(that I'm 3/4 through) that seems to actually use reliable sources to discuss not just cracker behavior, but also the creative side of hackers, pointing out the developments attributed to some hackers. Now Markoff and Mitnick. Not a bad little show....
posted on Jan 9, 2002 - View this thread

Microsoft's newest version of Windows.... billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The company released a free fix Thursday.

A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.
posted on Dec 20, 2001 - View this thread

Silicon Valley backs Senate bill that would allow companies to report computer network attacks to the government without having to worry about the public finding out. The reasoning: it would encourage more companies to report the problems and help the government track down the culprits. A similar bill is in the House.
posted on Sep 25, 2001 - View this thread

You too can be a felon! Last year, the SDMI Foundation made a public challenge to see if anyone could crack 6 proposed protection mechanisms for digitally-encoded music. All six turned out to be feeble and all six fell. Since then, the SDMI Foundation has been relying on lawyers to cover up for the incompetence of their engineers. They're trying to suppress this article, so everyone reading this has a duty to make and store a copy of it. (Everyone should also own at least one copy of DeCSS. I have the 442-character C version printed on the back of my personal card.)
posted on Apr 21, 2001 - View this thread

Vulnerabiity in OpenPGP You don't even need to crack the key, just get hold of it, modify a few bytes, and presto, sign away from other persona. The issue here is signing, not encrypting. The implications are evident when you think of internet voting, tax filing, etc., but it is still a victory for open cryptography, where peer review can find serious flaws.
posted on Mar 22, 2001 - View this thread

One million credit card numbers stolen! News at 11! The FBI has gone public with a rather dry account of a huge organized attack on ecommerce sites, exploiting security flaws in NT which Microsoft fixed and offered patches for nearly two years ago.
posted on Mar 9, 2001 - View this thread

The SDMI Hack challenge seems to have gone down in flames. And apparently it wasn't even very difficult to break into it. This article goes into it in some detail. [more]
posted on Oct 17, 2000 - View this thread

They bagged the kid who was responsible for all those Denial-of-Service attacks a couple of months ago. He's Canadian.

Here's an interesting legal question: could the US extradite him? The crimes were committed in the US, but he was in Canada at the time he did it, since he worked through the Internet. Whose laws apply?

(By the way, I've seen no indication that the US is considering extradition; I was just curious whether they could extradite him.)
posted on Apr 19, 2000 - View this thread

The Discovery Channel has a pretty good "Hackers Hall of Fame" but of course they get hacking/phreaking/cracking all munged up. There's a brief bio and short synopsis of activities for each person.
posted on Feb 12, 2000 - View this thread

Last night Kevin Mitnick was on 60 minutes (the gist of the interview is quoted here), and I have to say he came off as an utterly harmless geek. He was an information junkie that enjoyed the challenge of cracking firewalls. He never profited from his activities and the affected companies made up their monetary losses. It's a shame he was forced to waste away in prison instead of offer his security expertise to the affected companies.
posted on Jan 24, 2000 - View this thread