Articles about Hacking

When Google released Android 4.0 (Ice Cream Sandwich) back in 2011, it introduced a new data scrambling system designed to protect sensitive user information from snoopers who successfully managed to bypass the lock screen.

It’s strong security, but a team of German researchers have managed to crack the encryption by freezing a Galaxy Nexus and using a toolset called FROST (Forensic Recovery Of Scrambled Telephones) to retrieve contact lists, browser histories, and photos (basically everything you’d want to keep private).

Continue reading →

Burger King’s Twitter account was just hacked and has been turned into an amusing (and rather crude) advert for fast food rival McDonald’s, complete with the Chicken McNuggets header and golden arches logo as the avatar.

No one is entirely sure who is behind the action at the moment, although there’s a shout out to DFNCTSC, the Defonic Team Screen Name Club, a loosely organized collective responsible for hacking Paris Hilton’s mobile phone and posting her address book a while back.

Continue reading →

The anti-virus and security business is a tough one, fraught with competition and cutting-edge technology designed to not only stop current threats, but predict future ones via heuristics. It is also a place where minor errors can become high-profile issues. Like last year when Sophos detected its own files as a virus and began systematically deleting them, rendering its software useless to customers.

The latest blow below the waist for a security firm involves Bit9. In what can only be termed as "embarrassing", the company failed to install its very own security software on computers within its corporate network. The vulnerable systems were soon compromised.

Continue reading →

The lack of an untethered jailbreak for iOS 6.x has been frustrating for many iPhone/iPod touch/and iPad users desperate to liberate their devices, install all their beloved jailbreak apps, and apply their favorite tweaks. A friend of mine is keen to buy an iPhone 5, but hasn’t purely because he’s been waiting to make sure of an iOS 6 jailbreak.

Well the good news for him, and other users keen to remove the limitations on their Apple devices, is the evad3rs team has rolled out its highly anticipated evasi0n hack for all Apple hardware running iOS6-iOS6.1.

Continue reading →

If you've just received an email from Twitter warning that as a precautionary security measure the micro-blogging site has reset your Twitter account password, and inviting you to create a new one, you should take it seriously. Very seriously.

According to Twitter the service recently "detected an attack on our systems in which the attackers may have had access to limited user information -- specifically, your username, email address and an encrypted/salted version of your password (not the actual letters and numbers in your password)".

Continue reading →

Mega has come in for some criticism since it launched, with the likes of Ars Technica, among others, questioning exactly how secure Kim Dotcom’s new file storage and sharing service actually is. Cryptography researcher Steve Thomas even created a tool designed to reveal passwords stored in confirmation emails.

But despite all this, Mega has so far proven to be a sturdy ship. Although it has had a few (quickly plugged) leaky holes, which is to be expected considering it’s still very new, nothing’s come along so far to sink it. And Kim Dotcom is so sure Mega’s security is uncrackable, he’s prepared to put his money where his mouth is.

Continue reading →

I am not a geek, hacker or programmer but simple storyteller. Some stories are unbearable to write, such as this one -- about an amazing geek and hacker who died suddenly, sadly on January 11. The world lost someone special two days ago. As you prepared for your weekend fun, he contemplated the last moments of life before taking it. You can blame the US government, as his family does and I do. A bright star has gone dark on the Internet firmament, and we'll never know what won't be seen because of it.

I didn't know Aaron Swartz, just of him. I followed some of his accomplishments and legal woes, which surely were catalyst for his final decision. Around the InterWebs, the 26 year old is described in many ways: "programmer"; "hacker"; "activist"; "advocate". His work almost certainly touches your daily life. Swartz co-authored RSS 1.0; he helped architect Creative Commons; he was serendipitous Reddit cofounder via acquisition of his company Infogami; and he was one of the most vocal, active and successful SOPA (Stop Online Piracy Act) opponents.

Continue reading →

A Distributed Denial of Service attack is no different from someone repeatedly tapping F5 in their web browser, at least accordingly to loose hacktivist collective Anonymous. The group (or someone claiming to be affiliated with it at least) has added a petition to the White House's We the People website, asking the US government to recognize DDoS as a legal form of protesting, and comparing it to the international "occupy" movement.

The petition also calls for the immediate release of those who have been jailed for DDoS attacks, and for their records to be cleared.

Continue reading →

Over the long weekend I saw McAfee had predicted that the threat from Anonymous would decline in the new year. The group apparently disagrees and has posted a video boasting of its accomplishments in 2012 and stating emphatically: "We are still here".

The two minute and twenty second video, posted to YouTube, lays out a rather lengthy list of past endeavors including attacks on government websites in the United States, Syria and Israel, as well as on groups such as the Motion Picture Association of America and the infamous Westboro Baptist Church.

Continue reading →

A report surfaced today that Verizon Wireless, a premier mobile carrier in the United States has been breached, with a result of three million customers being compromised. The good news is that the compromise does not seem to be malicious. The bad news is that, as proof of this, 300,000 users' data was released.

While the number may seem large, it represents a small fraction of the company's user base. Still, any customer information released into the wild is bad. So how did this happen and how bad is it?

Continue reading →

Symantec asked hundreds of its experts for their thoughts and opinions on what the biggest security threats will be next year -- assuming we all survive the Mayan apocalypse on December 21, of course -- and boiled down the results into five predictions.

The first threat to make the list is cyber-conflict, which Symantec sees becoming the norm. "Conflicts between nations, organizations, and individuals will play a key role in the cyber world", it says, envisioning a lot of sabre rattling, and countries and hacktivist groups using cyber-tactics to make a point and "send a message".

Continue reading →

Yesterday registrar and web hoster GoDaddy went down for several hours, taking millions of websites along, too. Within an hour, Twitter accounts associated with hacktivist group Anonymous took credit. Today, GoDaddy blames "corrupted router data tables". Meanwhile AnonymousOwn3r claims denial of service attack and hack -- and within the hour publicly posted what supposedly is GoDaddy "source code and database".

Somebody's lying here. But whom?

Continue reading →

The list of more than a million unique device identifiers (UDIDs) which hacktivist collective #Antisec said it had stolen from the Federal Bureau of Investigation may have originated from publishing company BlueToad Inc., researcher David Schuetz found over the weekend. Following the FBI's initial denial of #Antisec's claims and Schuetz's research, BlueToad on Monday announced it believed its systems were the ones compromised. It is still unclear who compromised Blue Toad's system, and where #Antisec actually obtained the list.

"I’m still not completely clear on all the technical details," Schuetz wrote in his research blog. "Was BlueToad really the source of the breach? How did the data get to the FBI (if it really did at all)? Or is it possible this is just a secondary breach, not even related to the UDID leak, and it was just a coincidence that I noticed? Finally, why haven’t I noticed any of their applications in the (very few) lists of apps I’ve received?"

Continue reading →

#Antisec, The loosely-organized black hat security collective formerly known as Lulzsec has released a file containing a million and one (1,000,001) Apple Unique Device Identifications (UDIDs), and their related APNs (Apple Push Notification Service) tokens, as well as a certain amount of personal user information. The group claims the information was not taken from Apple directly, but rather though a vulnerability exploit on FBI Agent Christopher K. Stangl last March.

The group claims there were actually more than twelve million UDIDs on Stangl's Dell Vostro notebook, as well as an incomplete list of zip codes, mobile phone numbers, home addresses, and whatever personal detail fields could be obtained. Antisec said there were no other files in the same folder that mention the list or its purpose.

Continue reading →

This week, the loosely connected online activist and hacking community Anonymous began a new "operation": attacking the Ukrainian government.

In retaliation to Ukraine's take down of popular BitTorrent tracking site Demonoid, Anonymous is seeking "revenge against all criminals responsible" in the country's government.

Continue reading →