hackers

FBI: Hundreds Of Thousands May Lose Internet In July

Posted on


Cybersecurity

WASHINGTON (AP) — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they’re infected and explain how to fix the problem. After July 9, infected users won’t be able to connect to the Internet.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.MORE

Valve’s online game service Steam hit by hackers

Posted on


Artwork from Skyrim

The Steam video game service, used by 35 million people, has been compromised by hackers.

Its owner and operator, Valve, uncovered an intrusion into a user database while investigating a security breach of its discussion forums.

The attackers used login details from the forum hack to access a database that held ID and credit card data.

Valve said that, so far, it had no evidence that credit cards were being misused or Steam accounts abused. Read the rest of this entry »

Did Hackers Just Build a Brain-Powered iPhone? 2 days ago by Sarah Kessler

Posted on


VIDEO

 

if you believe this video — and that’s a big if — the era of thought-controlled phones has begun. A pair of hobbyist hackers claim to have taken Siri, the iPhone 4S feature that obeys voice commands, and turned it into an app that obeys brainwave patterns.

“It works! It really works! It’s so freaking amazing,” Josh Evans and Ollie Hayward announced Tuesday on the blog they created to chronicle what they call “Project Black Mirror.”

In the accompanying YouTube video, Evans wears EEG pads on his forehead and squints in concentration. A circuit board attached to an iPhone on the table beeps shortly later, and a mechanical voice says “calling Graham,” the third member of the project, whose phone then rings.

The hackers explain that they used the EEG pads to record the “signature brain patterns” of 25 Siri-based commands. By pairing the signatures with the commands, they effectively create a brain pattern-to-voice dictionary.MORE

Hackers Use Social Engineering to Obtain Facebook Security Tokens

Posted on


Fake Facebook verification window

The Anti-CSRF tokens generated by Facebook and other websites that want to keep their customers protected are being targeted by cybercriminals who can use them to temporarilytake over an account.

Symantec researchers did a little digging on the matter and found a few cunning plots in which attackers try to dupe users into providing the highly desired codes.

Cross-site request forgery (CSRF) is an attack in which basically the victim’s active session is borrowed by the cyber masterminds to perform illegal operations. Once the security token is obtained, the attacker can do whatever he wants as the website’s server detects him as being legitimate.more

Hackers add porn to Sesame Street YouTube channel

Posted on


Sesame Street’s YouTube channel was hacked today, leaving its normally family-friendly content replaced with pornographic content, according to a report on the tech blog The Next Web.

YouTube had the content removed in 22 minutes, according to the report, and as of this writing, the show’s channel has been replaced by a message saying it is unavailable.

YouTube representatives declined to comment on Sesame Street’s incident but said the removal of the content was in keeping with user guidelines.

“YouTube’s Community Guidelines prohibit graphic content,” a YouTube spokesperson said. “As always, we remove inappropriate material as soon as we are made aware of it.”

Hackers also altered the Sesame Street YouTube channel’s profile page to add the name MrEdxwx as the user, according to a screenshot posted by Naked Security. The profile also included the following message:MORE

Hackers break into Tony Blair’s webmail server, disclose former PM’s address book

Posted on


Tony Blair

A hacking group known as TeaMp0isoN have published private information belonging to former Prime Minister Tony Blair.

TeaMp0isoN have been in the news recently for allegedly hacking into a web site they claimed belonged to a member of LulzSec.

This time they targeted a webmail server used by Tony Blair in December of 2010. It is unclear why they waited for so long to disclose the breach and there is no evidence as of yet to confirm their story.

The information disclosed includes “Tony Blair Office Members Information, Tony Blair Address & Phone Book (Includes family, friends, MPs & lords) and Katie Kay Curriculum vitae (Tony Blairs special adviser).”

Screen capture of stolen Blair address book

Information on Mr. Blair’s friends and colleagues includes names, home addresses, home, work and cell phone numbers and email addresses. Additionally Mr. Blair’s National Insurance Number (NIN) and Ms. Kay’s CV (resume) are also included in the dump.

We don’t know what specific flaws were exploited in this attack, but seeing that it is a webmail server the most likely method was SQL injection. It is extremely important to keep web servers patched and up to date, especially if they are running Linux using commonly exploited CMSs, webmail solutions and blogging software.

TeaMp0isoN logo

This attack like many we have reported on this year appears to be politically motivated. The TeaMp0isoN attackers called Mr. Blair a war criminal in a Twitter post and much of the language used is derogatory.

Why Hackers Hate Sony

Posted on


It’s not such a happy time over at Sony these days thanks to the bull’s-eye on its back.

But why is Sony — a major player in the worlds of gaming, movies and music — suddenly in the crosshairs of hackers?

Sony’s reputation for aggressively trying to protect its intellectual property rights may provide some clues.

Purdue University security expert Gene Spafford, who testified before Congress about Sony’s security problems, said there are plenty of examples. He cited Sony banning users who modded their PlayStations, the infamous case of installing “rootkits” on PCs of users as copy control for CD, and lawsuits it has filed against the likes of George Hotz andJammie Thomas.

Hotz, a hacker known for unlocking the iPhone, riled up Sony when he started a blog to document his progress hacking the PlayStation 3, which was regarded as being a locked and secure system. Thomas got caught up in a music piracy case, accused by the recording industry of sharing songs on the file-sharing site Kazaa.

“The image that has emerged from all this is that Sony is a rapacious corporation with no heart,” Spafford said. “Thus, it is not surprising that they might be a target for hackers.”

Fast-forward and you have the malicious attack on the PlayStation Network that compromised millions of user accounts and identities. And once word got out that Sony was not doing as good a job on the security side as it should be, the sharks could smell blood in the water.

Sony became snarled in almost constant attacks on all fronts, from phishing sites running on the servers of its Thai website to the most recent breaches by the merry hacksters known as LulzSec.

Here’s a quick timeline of the attacks:

*June 2 — Lulzsec attacks Sonypictures.com, gains access to user information.

*May 24 — Sony confirms hackers stole 2,000 records from Sony’s Canadian site.

*May 23 — Sony BMG server in Greece hacked, user account info stolen.

*May 19-20 — $1200 worth of virtual tokens stolen from So-Net, a Sony subsidiary; phishing site found on Thai Sony server.

*May 2 — Sony acknowledges over 12,000 credit card numbers were stolen during initial PSN attacks.

*April 17 — PlayStation Network hacked, hackers gain access to personal info of over 77 million users.

Computer security expert and former hacker Gregory Evans said Sony would be well-served to hire ex-hackers instead of IT managers to help secure its networks.

“Anyone can configure a firewall, but (it) does not mean you are a security expert,” he said.

Contact me at : contactme.bijay@gmail.com

https://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

 

Sony Pictures attacked again, 4.5 million records exposed

Posted on


Sony Pictures Website Hacked, 1 Million Accounts Exposed

The same hackers who recently attacked PBS.org have turned their attention back to Sony by releasing the latest dump of information stolen from Sony’s websites.

While the information disclosed includes approximately 150,000 records, the hackers claim the databases exposed contain over 4.5 million records, at least a million of which include user information.

The data stolen includes:

  • A link to a vulnerable sonypictures.com webpage. 
  • 12,500 users related to Auto Trader (Contest entrants?) including birth dates, addresses, email addresses, full names, plain text passwords, user IDs and phone numbers.
     
  • 21,000 IDs associated with a DB table labeled “BEAUTY_USERS” including email addresses and plain text passwords.
     
  • ~20,000 Sony Music coupons (out of 3.5 million in the DB).
     
  • Just under 18,000 emails and plain text passwords from a Seinfeld “Del Boca” sweepstakes.
     
  • Over 65,000 Sony Music codes.
     
  • Several other tables including those from Sony BMG in The Netherlands and Belgium.

The attackers, LulzSec, stated in their file titled “PRETENTIOUS PRESS STATEMENT.txt”:

“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”

This sounds like a broken record… Passwords and sensitive user details stored in plain text… Attackers using “a very simple SQL injection” to compromise a major media conglomerate.

Worst of all the hackers are exposing over a million people to having their accounts compromised and identities stolen simply to make a political point.

Sony passwords leakedThe take away for the average internet users is clear. Don’t trust that your password is being securely stored and be sure to use a unique password for every website to limit your exposure if hacks like these occur.

I took a brief look at some of the information disclosed and many passwords used were things like “faithful”, “hockey”, “123456″, “freddie”, “123qaz” and “michael”.

Companies collecting information from their customers have a duty to protect that information as well.

In addition to employing proper encryption to protect against theft or loss, companies should work with reputable penetration testers to validate their security plans.

Interested in some practical help with data security? Download our Data Security Toolkit.

Interested in encrypting your own personal files? Try out Sophos Free Encryption.

Contact me at : contactme.bijay@gmail.com

https://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

Sony can not guarantee the PSN will not be hacked again.

Posted on


Sony can not guarantee the PSN will not be hacked again

In a open letter sent to members of Congress this week, Sony Computer Entertainment boss Kaz Hirai has said that he cannot guarantee the PlayStation Network will not be hacked again despite new policy changes and added security measures.
Last month, Sony took down the PSN following multiple security breaches that left 101 million gamers with their personal data stolen including addresses, phone numbers and even credit cards.

Wrote Hirai:

No security system is absolutely foolproof, and changing conditions in the future can make a currently secure environment less secure.

These gaps in what we know are not for lack of trying by experts, but rather an unfortunate testament to the skill of those who perpetrated the attacks. Some aspects of the intrusion may never be known.

Sony has still not found the identities of the hackers except to subtly accuse the hacking group “Anonymous.”

FindFriendz.com, Dating Website Hacked!

Posted on Updated on


Dating Website FindFriendz hacked by an indian hacker, lionaneesh and 45,000 users data got compromised.

Proof:


Source THN.

Contact me at : contactme.bijay@gmail.com

https://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/