Articles about Hacking

When Google bought Nest Labs for $3.2 billion seven months ago, I described the move as the start of a home invasion. Google already knows a lot about you, including where you live, what your interests are, where you go on the Internet and in the real world (via Android), and its acquisition of Nest, which makes smart thermostats and (not so smart) smoke detectors, meant it would potentially also know what you get up to in your own home.

As it turns out, Google using Nest products to find out what customers are doing is just one worry. A team of researchers has discovered an easy hack that allows anyone to gain control of Nest’s smart thermostat and turn it into a spying device which can reveal when you’re at home or away, and even divulge your Wi-Fi credentials.

Continue reading →

A cyber security researcher has worked out ways to hack into passenger jets through the plane's Wi-Fi and inflight entertainment systems.

If confirmed, the claim could prompt a comprehensive restructure of aircraft security, and cast new scrutiny on the way aircraft electronic security has been managed in the past.

Continue reading →

All mobile apps can be hacked. A group of hackers with enough time and dedication can gain access to, and reverse engineer, even the most secure app environment.

Android represents 80 percent of the smartphone OS market, according to ABI research, and its open development environment exposes the platform to certain unique threats from hackers and malware.

Continue reading →

News and review website CNET has been targeted by a team of Russian hackers called W0rm. CNET's servers were hit over the weekend, but details have only just been released.

Although CNET has not given a concrete confirmation of exactly what happened, the site explains that a representative of W0rm claims to have stolen a database containing the usernames and passwords of over a million users. It seems a security hole in the Symfony PHP framework was exploited, and it is not yet clear what the fallout could be.

Continue reading →

It seems that not a week goes by these days without news of a security breach at some company. We've seen Target, Michaels and others fall victim, though the true victims are really the customers of these establishments.

Earlier this week we heard rumors that restaurant P.F. Chang's was the latest chain to suffer a data breach. The report first came from security researcher Brian Krebs, who stated "On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014".

Continue reading →

OpenSSL, which runs on the servers for many websites, has been having a rough time in recent weeks. We all learned of the near fatal flaw named Heartbleed, which affected quite a number companies and services on the web.

Now a new, albeit less severe, flaw has been discovered. Security researchers at AVG have unveiled what they are calling CCS Injection, which the company terms a vulnerability, but points out that it is not easily taken advantage of.

Continue reading →

Relying on passwords alone to keep your Internet accounts safe can get you in a lot of trouble. They may be comfortable to use, but hackers can easily bypass or crack them. Or, even worse in my opinion, steal personal information without you even knowing. A recommended method for minimizing such risks is to enable two-factor authentication.

Two-factor authentication is an added security layer that requires you to use a password and a security code, in order to log in. It is a feature available in the account's settings that is usually not enabled by default. The security code can be delivered via SMS, email or a dedicated app. I have it turned on for every Internet account that supports it.

Continue reading →

Working in the corporate world can be pretty soul-crushing. This is particularly true for engineers and programmers. You see, they all start out as young men and women with big ideas and ambition. However, office politics and bureaucracy can quickly destroy all promise. While this isn't true of all companies, let's face it, not everyone is going to be a hero -- the world needs grunts.

Wouldn't it be great if some companies could sponsor an outlet for creativity? Imagine, the minds of employees being free to create. Even if it is just one day, the fun and memories would make the rest of the year palpable. Well, Netflix has done just that, with what it calls, "Netflix Hack Day".

Continue reading →

Hackers get a bad rap, but that's usually down to a simple misunderstanding of the term. PayPal is doing what it can to set the record straight with its second annual Hackathon competition, Battle Hacks, where participants are invited to "become the ultimate hacker for good". This is not the type of hacking you see on TV and in movies -- there are no passwords to be broken, no encrypted files to crack. Instead, developers are invited to create something magical and useful based on the PayPal API, or the Braintree and Venmo SDKs, in just 24 hours.

The Hackathon takes place in eleven cities around the world, starting in Tel Aviv on 6 February, and ending in London on 11 October. The world finals take place in San Jose, CA over three days starting 14 November, and the winner will walk away $100,000 richer. Oh, and they get the chance to wield the axe trophy -- "good luck clearing customs," quips PayPal.

Continue reading →

When the Prism and NSA scandal was unearthed and brought to light by Edward Snowden, the internet died a little. I still remember reading the news and being heartbroken that my own government was spying on me by forcing companies to secretly disclose information.

In June of 2013, Microsoft and Google filed lawsuits to gain the ability to disclose the details of these information requests. Today the internet scores a victory -- the shackles have been loosened, and the gags removed from these companies and others like them.

Continue reading →

Apparently Adobe should not rest on its laurels, as Target reaches record-setting data losses. Over the past couple of weeks we have gradually learned of a security breach at the retailer that exposed customer data, including credit card information.

The whole thing seemed bad enough right off the bat, when we reported the number of affected customers at 40 million. It grew worse this week, when that total rose to 70 million. Now the retailer has truly hit the big time.

Continue reading →

Jerry Lee Lewis famously sang "there's a whole lotta shakin goin on". Lately, it feels like there is a whole lot of hacking going on. While the world is still reeling from the Target hack, it seems that Microsoft and Twitter have unwillingly joined the retailer as victims.

Today, one of Microsoft's Twitter accounts, @MSFTnews was infiltrated by The Syrian Electronic Army -- a group that claims to be supporters of Syrian president Bashar al-Assad. But who is at fault, Microsoft or Twitter?

Continue reading →

Recently, I was a guest on the CNBC program, Squawk on the Street. The discussion centered on the possible outcome of a limited strike by the US on Syria, and I had the opportunity to provide my opinion on the retaliatory cyber implications for US interests. During the program, I disagreed strongly with the position taken by McAfee Worldwide CTO, Mike Fey: that the Syrian Electronic Army is no more than a hacktivist group. In my opinion, this is a dangerous assertion based on industry group-think and marketing rhetoric.

Two books that I have co-authored have examined attack sophistication in terms of categorizing a threat actor. Ultimately, I am not concerned with which organization or entity carries out an attack. I am, however, concerned with identifying and stopping malicious activity. For example, were a nation-state to engage in industrial espionage against a defense industrial-based contracting firm or critical infrastructure, such as a power grid, this typically would be classified as advanced persistent threat (APT).

Continue reading →

There’s probably nothing worse for a major company than getting hacked. Just ask Adobe. But when the company in question is a provider of security software, well the embarrassment factor goes through the roof. And it’s definitely not good news for consumers who rely on the company’s software products to keep them safe online.

The website of AVG, makers of one of the world’s most popular free anti-virus products, was apparently hacked by a pro-Palestinian group earlier today, and fellow antivirus company Avira has also just suffered the exact same fate.

Continue reading →

When I receive an email asking to validate my account info, it is an obvious alert that something is amiss. These frequently come in the guise of PayPal and even banks where I have no account -- a no brainer to hit the delete button. However, as I browsed through my messages while preparing for bed, one caught my attention, not because of variance from other email scams, but because it simply attempted to lure me to a trap I had not encountered previously.

While the likes of PayPal and CitiBank may trade between targets number one and two, this was the first time I had been asked to validate my Apple account -- the one I have never had.

Continue reading →