Current headlines would have you believe that the hacking community is a seedy world full of anonymous, government-hating hooligans and lulz-seeking havoc-wreaking chuckleheads. That is a part of it, but for every jerk who steals credit card numbers, there's a hard-working hacker helping to identify weaknesses in networks and shore up corporate defenses. Hoping to inspire a new generation of white-hat hackers, DEFCON's hosting their first ever event targeting techie children, the aptly named DEFCON Kids.
With leftover egg still dripping from its face, Sony today said it provided notice to around 37,500 people whose accounts may have been compromised in the recent hacker attack against Sony Pictures Entertainment (SPE). While hackers made off with personally identifiable information, Sony insists that stolen information did not include any credit card numbers, social security numbers, or drivers license numbers.
Make strong passwords. Make strong passwords. Our high school computer teacher beat the mantra into our heads, at least until the day we forgot our log on, a non-dictionary jumble that consisted of 39 upper- and lower-case letters, numbers, ampersands, exclamation points and any other special characters we could jam in there. After restoring our account, Mr. O'Donnell changed the mantra to, "Make kinda strong passwords." Microsoft MVP Troy Hunt analyzed the user information leaked in the recent LulzSec hack of Sony Pictures, and discovered that most people's passwords not only aren't kinda strong, but usually down-right crappy.
If you were expecting a knock-down, drag-out fight between Sony and PS3 jailbreaker George "Geohot" Hotz, you'll have to settle for an anticlimactic ending instead. As our own Nathan Grayson reported yesterday, Hotz agreed to never again spread any technology that "circumvents any of the TPMs in any Sony product" and is forever banned from assisting in such activities. That's not exactly the end result Hotz's supporters were hoping for, and now the former PS3 hacker is taking heat for running from the fire.
Online dating site eHarmony revealed that a hacker made off with some user info, including user names, email addresses, and hashed passwords, but said the site itself was not hacked. Even with the information obtained, eHarmony said it has a number of safeguards in place -- like state-of-the-art firewalls, load balancers, SSL, and other sophisticated security approaches -- that make it difficult for hackers to actually break into the site. It's a point eHarmony seemed intent to drive home.
An odd message on Mark Zuckerberg's fan page racked up over 1,800 likes and over 400 comments before the hacked post was removed, TechCrunch reports. Here's what it said:
"Let the hacking begin: i facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a 'social business' the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011"
Assuming Zuckerberg didn't fall down a flight of steps head first in a drunken stupor as he made his way to his PC, it's pretty evident his fan page was hacked and the above message came from someone else. The post has since been removed, though not before raising questions about Facebook's security if it can't even keep its founder's fan page free from intrusion.
There's no such reality show called "When Gamers Attack," but if there was to be one, Frogster's Runes of Magic game would take center stage.
Here's the deal. A user who goes by the nick "augustus87" is pretty pissed off with how the German outfit is running its game. Taking matters into his own hands, augustus87 hacked the game's database, posted the details of more than 2,000 accounts on the forum, and threatened to reveal names and passwords of 1,000 Runes of Magic players every day until his demands are met, GameSpy reports. Those demands?
No more closing or deleting threads, better treatment of Frogster employees worldwide, more transparency with customers, secure game clients against cheating and modding, protect personal info, and "stop spying on your employees."
"At Frogster we are constantly analyzing all IT and security-related systems with the goal of improving them continuously," Frogster's Axel Schmidt told Edge Magazine. "We have increased these efforts even more over the last week. Immediately after we noticed the attack, all systems were double-checked and secured by new firewalls, configured with new user permits and passwords and several other protection measures right away."
According to Frogster, the disgruntled hacker got his hands on "outdated log-in data from 2007," so there isn't a whole to worry abuot. Nevertheless, Frogster deemed the attack a "serious criminal offense" and is working with German law enforcement.
Russia may be popular for its Vodka and caviar, but its stock among the tech savvy has been going down rapidly ever since it was revealed that they are also the No. 1 source of spam in the world. Interestingly enough however this might be set to change with the apprehension of 23-year-old Oleg Nikolaenko who has been accused of spearheading operations responsible for sending over 10 billion spam emails per day.
Nikolaenko’s botnet has been referred to in legal documents as Mega-D, a network of computers that is estimated to be composed of over half a million machines. His advertising efforts have primarily been focused on Rolex counterfeits and herbal remedies, but the true scope of his operations likely won’t be fully understood until the authorities have time to review all the evidence.
According to Valleywag Nikolaenko is facing a fine of up to $250,000 and three years in prison, though a careful examination of the facts would suggest that this might be little more than a slap on the wrist. According to one of Nikolaenko’s clients he alone spent more than 2 million on spam advertising, an admission that would suggest to us that Oleg might just have a cozy little nest egg to retire on when he emerges from prison.
Officials believe they caught the man responsible for hacking into the Federal Reserve Bank's computers in Cleveland and who also separately had more than 400,000 stolen credit card numbers, NBC New York reports.
Secret Service agents caught Lin Mun Poo at John F. Kennedy airport a month ago as he was traveling to meet with other hackers to allegedly sell his stolen information, authorities say. But how exactly he hacked into the supposedly tightly secured computer systems in the first place is still unknown.
If convicted, the Malaysian man faces up to 10 years in prison on identity theft and fraud charges. According to authorities, he has already admitted to some of the crimes during questioning.
Noted White Hat hacker and security expert Moxie Marlinspike (not his real name) was recently detained at New York's JFK airport as he returned from a trip to the Dominican Republic, Wired reports. Marlinspike says he was met at the plane's gate by agents with U.S. Customs and Border Protection. He was led to a detention room, where an investigator confiscated his computer and cell phones.
After trying to access the devices to copy the data, Marlinspike was instructed to give up his encryption keys. He refused and was eventually allowed to leave with his property about four and a half hours later. Marlinspike does not plan to use the devices again saying, "They could have modified the hardware or installed new keyboard firmware.”
Marlinspike gained notoriety in hacking circles last year when, at the Black Hat security conference, he disclosed a serious web vulnerability that allows attackers to fake security certificates. Marlinspike has been experiencing increased scrutiny for months. Ticketing agents can only issue him tickets after calling a Department of Homeland Security phone line. He has also been told by airline personnel that he is on a federal watchlist. Feel safer yet?