Posts tagged Hack at Switched

Posts with tag hack

Hackers Increasingly Turning Computers Into 'Zombies'

by Tim Stevens, posted Sep 4th 2008 at 10:25AM

A plague of computers turned into zombies sounds like a plot for a techno-horror-thriller summer blockbuster film -- though it probably wouldn't be a very good one. This is no film, though, as it's happening for real: According to the Shadowserver Foundation, which tracks malicious software, computers worldwide are increasingly becoming infected with spyware and other covertly malicious software, enabling hackers to control these 'zombie' computers from afar.

About a half-million computers worldwide are estimated to be infected, and disconcertingly that number is accelerating, not slowing, as those who run these underground zombie networks seem to be consolidating their forces for greater harm. Computers are typically infected through browser exploits, such as the one recently uncovered in Google's Chrome. But the number one way many computers are infiltrated remains human gullibility -- hackers still do their best work when they trick people to download software they think is one thing but is actually something bogus.

Your best defense is to simply be careful where you surf and what you download -- and, of course, to install a virus scanner. [Source: BBC News]

British Hackers Using Stolen American Credit Cards

by Tim Stevens, posted Aug 31st 2008 at 4:12PM

If you've heard the news about the millions of credit cards stolen from supermarket chains over the past year or so, you've probably started to trust your little slabs of plastic a little less than you did before. You're liable to be even more wary now, as word is being spread that British hackers are planning a mass assault on U.S. credit card accounts using numbers snagged from hacked security systems.

The BBC reports that the thieves are planning to take the numbers stolen from American security lapses and attach them to fake credit cards. They'll then hit stores with self-checkout lanes (where they're less likely to be noticed) and "cash out" -- suck all the funds out of the accounts they possibly can. Hopefully, if your card was one of the ones intercepted by the much publicized security leaks, it's already been canceled and you've been issued a new number, and if so, you have nothing to worry about. But, if your card was snagged and neither your bank nor you were made aware, you might want to keep an eye out for a very large U.K. withdrawal on your statements! [Source: BBC News]

iPhone Security Hole Leaves Your Personal Info Vulnerable

by Terrence O'Brien, posted Aug 28th 2008 at 10:16AM

Well, a gaping security hole has been found in the iPhone that makes us wonder how much quality control this thing really went through. It looks like a would be data thief could get access to much of your personal information and many of the applications on your iPhone -- even if your device is locked with a passcode.

The trick is simple: The data thief slides to unlock the phone, and, when prompted for a passcode, hits the emergency call button. A quick double tap of the home button will bring up your 'Favorites' for anyone who knows this trick, which means potential thieves would then be able to access contact information for anyone in your favorites list. Worse still, all of that contact information is associated with applications that can be now be launched directly from the favorites window without a passcode. Double click on a contact's e-mail address and pull up the Mail application. Web site associated with the contact? Safari will launch. Click 'Send Text Message' to pull up the text message inbox.

Clearly, clicking 'emergency call' should not unlock any applications except the dialer. , Luckily, there is a simple fix for the hole -- change the behavior of the home button. If you go into your Settings menu and change a double click on the home button to bring up the home screen or iPod functions instead of your favorites list, you should be safe... for now. [From: TUAW]

Wii Balance Board Used to Control Roomba Vacuum

by Darren Murph, posted Aug 26th 2008 at 12:39PM

For Roomba hacking extraordinaire longjie0723, it's just another day in the office. Grasping for one more way to control the circular vacuum with something video game-related, he keyed in on the Wii Balance Board. Granted, he's already had success controlling the Roomba with a Wiimote, so we assume that whipping this one up was a lesson in simplicity. We still can't really understand why this here hack is necessary, but unlike decisions made by publicly traded companies, independent DIYers don't need no logic to get their mod on. Video after the cut. [From YouTube via Nintendo Wii Fanboy]

Continue reading Wii Balance Board Used to Control Roomba Vacuum

Hackers Figure Out How to Wirelessly Control Pacemakers

by Darren Murph, posted Aug 12th 2008 at 12:01PM

Defcon already delivered by exposing California's FasTrak toll system for the security hole that it is, but that's not nearly all that's emerging from the Las Vegas exploitation conference. For starters, a plethora of medical device security researchers have purportedly figured out a way to wirelessly control pacemakers, theoretically allowing those with the proper equipment to "induce the test mode, drain the device battery and turn off therapies." Of course, it's not (quite) as simple as just buzzing a remote and putting someone six feet under, but it's a threat worth paying attention to.

In related news, a trio of MIT students who were scheduled to give a speech on how to hack CharlieCards to get free rides on Boston's T subway were stifled by a temporary restraining order that the Massachusetts Bay Transit Authority snagged just before the expo. Don't lie, you're intrigued -- hit up the links below for all the nitty-gritty.

Update: MIT published the Defcon presentation in a PDF.

Read - Pacemaker hack
Read - Massachusetts Bay Transit Authority sues MIT hackers
Read - Restraining order on said hackers

Celebrity Bait-and-Switch Twitter Post Leads to Hacker Takeover

by Tim Stevens, posted Aug 12th 2008 at 7:15AM

Thought Twitter was just innocent (and frequently inane) updates about what your friends and associates? Think again. Enterprising online criminals have apparently started to zero in on the service as a way to distribute their bogus wares.

In this case, an apparently Brazilian Twitterer posted a link to a video purporting to be of a celebrity caught in a private moment. Naturally there was no video, only malicious software to take over your computer.

Clicking on the link prompted you to install what was supposed to be a version of Adobe's Flash, said to be required before you could view the video. The app was actually a fake, turning your machine into a zombie and letting those hackers take it over, use it as part of a distributed denial of service attack. That's a rather less enticing prospect than what was promised, so aren't you glad you don't install whatever websites tell you to? [Source: BBC News]

Hackers Using Facebook Wall to Spread Viruses

by Tim Stevens, posted Aug 8th 2008 at 5:17PM

Usually walls are used to keep things out, you know, like the wind, or bugs, or barbarian invaders. Ironic, then, that Facebook's iconic Wall, the thing that helped to set it apart from MySpace and grab a huge share of the online social networking space, is actually being used by some to spread malicious software capable of turning your machine into a zombie, so that others with bad intents can control it and make it do their bidding online.

The "attack" is actually rather unsophisticated -- just a link posted to the wall to a site that supposedly has a video of, what else, a celebrity caught in a private moment doing naughty things with a special someone. Naturally the site doesn't have any such video, just a fake version of the Flash plugin that is actually the malware itself. You're prompted to install it to view the video and, once installed, your machine is theirs for the taking.

So, as always, be careful where you click, keep your virus scanner up to date, and only install plug-ins like that from official sources, like Adobe.com. [Source: PC World]

Losing Face on Facebook: Five True Stories

Hacked Electronic Toll Booths Could Steal Your Personal Information

by Darren Murph, posted Aug 7th 2008 at 12:24PM

Ah, Black Hat. How we adore you. Each year there's always one speaker who shows up and completely undermines something that most people assume is rock solid. This year, our pals at Hack-A-Day were in attendance to hear Nate Lawson expose California's FasTrak toll system for the security hole that it is.

Essentially, toll transponders that are purchased and slapped onto vehicles offer up exactly no authentication, meaning that anyone with an ill will and an RFID reader could wander through a parking lot and lift all sorts of useful information.

Think it can't get worse? The transponders reportedly support "unauthenticated over the air upgrading," which means that each tag could be forced to take on a new ID if the right equipment was present. We don't have to spell out "potential disaster" for you, now do we?

[Image courtesy of Mindfully]

'A-Z' and Other Celebrity Hackers (Gallery)

by Terrence O'Brien, posted Aug 6th 2008 at 7:12PM

You've probably never heard of A-Z, but you probably have heard of some of his handiwork. A-Z is a world-renowned hacker (profiled here in USA Today), who became rich and infamous by producing software for cyber-criminals. These applications allow the hackers to steal data and money, as well as hijack target computers.

In his early career, A-Z spent time developing and spreading viruses around the Internet primarily for bragging rights, much like other young hackers. By 2007, however, he became a celebrity in the world of cyber-crime for creating ZeuS, a program that is quite adept at sneaking past security measures such as firewalls and anti-virus scanners. ZeuS has been used to steal log-on information for a Russian stock trading site, hold personal files for ransom, and steal sensitive information from online employment site Monster Jobs.

In 2007, A-Z partnered with a German gang on a heist of Hollywood proportions. A complex two phase scheme -- involving a customized version of ZeuS and thousands of infected PCs working in unison -- netted the unholy cyber-alliance an estimated $6 million.

A-Z is far from the first hacker to make himself famous (or, more accurately, infamous). It's an increasingly popular job, according to Nick Newman, a computer crime specialist, who told USA Today: "All you need is a computer, Internet access and programming skills, and now you have a viable career path in front of you."

And, if you check out our gallery of other notorious electronic criminal masterminds, you'll see that many of them parlayed their hacking experience into some pretty decent legit jobs when they got out of prison! [From: USA Today]

Click Here for the World's Most Famous Hackers

Worst Web Threats of 2008 (So Far)

by Terrence O'Brien, posted Jul 24th 2008 at 3:05PM

Web security firm Sophos just published its study of security threats for the first six months of 2008, and you'd be wise to take heed of its findings. The Internet is a dangerous place, and every year it becomes more and more perilous for you and your personal data. The study is long and dull, so we put together some quick bullet points to save you some time and head scratching:

2008 has seen an explosion in malicious software, three times more than in 2007.
Google-owned Blogger (which helps create those blogs with 'blogspot' in the address bar) is the most common host for malicious software.
Hackers and spammers use social sites like Facebook and MySpace with increasing frequency to spread spyware and viruses.
Attacks against Macs, iPhones and Linux machines have increased dramatically.
SMS spam messages (text messages) are an emerging front and is of particular concern in China.
Although still common, attacks via e-mail have decreased in the first half of 2008.

As usual, there are ways to defend yourself against such attacks. Getting yourself a firewall program is a good start, but don't forget about anti-virus and anti-spyware tools as well. Still, the best defense is caution and diligence. Don't follow suspicious links or open e-mails if you don't know the sender.

It's a dangerous world out there on the Web, but with a little smarts and the right tools you and your data will be safe. [Source: Business Wire]

Guy Stuffs Entire Video Game System Into Retro Controller

by Darren Murph, posted Jul 21st 2008 at 4:55PM

This one has been around the block a time or two, but considering you have absolutely nothing else to do on a Sunday, you might as well dust off that DIY kit and get to work. What you're looking at above is a genuine (albeit modified) NES controller playing a bona fide classic on a laptop.

Amazingly, all of the software required for such a marvelously good time is stuffed tight within the controller itself. Take a step back and digest that -- your very own NES emulator (with ROMs), shoved inside a Nintendo Entertainment System controller. Does it get any more awesome than that? Hit the read link to start building your own and let us know. Video of the action after the jump. [Source: Ed's How-To's Via Hack-A-Day]

Continue reading Guy Stuffs Entire Video Game System Into Retro Controller

Citibank/7-Eleven ATMs Infiltrated, PINs Stolen

by Tim Stevens, posted Jul 3rd 2008 at 10:35AM

So you follow your bank's advice to the letter when it comes to ATM security: You don't let someone snoop over your shoulder why you're using it, you don't stand there to count your cash immediately after withdrawal, and, most importantly, you've chosen a PIN that isn't "1234."

Good for you, you're doing your part. Sadly, though, it seems that Citibank, and two companies that operate thousands of its ATMs, are not doing their's. Somehow hackers have found a way to infiltrate those ATMs and steal the PIN numbers of anyone who used them.

The automatic tellers affected are the Citi-branded ones found at 7-Eleven stores. These machines -- of which there are 5,700 in total -- are operated by Cardtronics Inc. and Fiserv Inc. The machines themselves were not affected, but it seems that both companies failed to encrypt PINs that were transmitted from the ATM to their central computers, so once the hackers were able to access those central servers, they were able to grab numbers without any hassle.

It's unclear just how they gained access to those supposedly secure central computers or how many bank accounts were compromised, but Citibank is taking steps to send new debit cards to those whose PINs, regardless of how complex, were stolen. Maybe it's time for you to ask your bank just how secure their ATM interactions are. [Source: AP]

Hackers Post Flashing Animations on Epilepsy Support Forum

by Terrence O'Brien, posted Mar 31st 2008 at 12:04PM

Hackers Post Flashing Animations on Epilepsy Forum

People are just plain cruel sometimes. Take, for instance, a group of hackers who thought it would be freakin' hilarious to break into a support forum for epileptics and post flashing animations all over the page.

The Epilepsy Foundation found out about the attack with in 12 hours and closed down the forums, but not before people, like RyAnne Fultz (pictured), suffered headaches and seizures. Hopefully someone will find out who these people are, and we'd like to volunteer to lead the vigilante mob to their doorstep.

From Engadget

Related links:

Thieves Snag 4.2 Million Credit Card Numbers from Supermarket Chain

by Terrence O'Brien, posted Mar 18th 2008 at 11:12AM

Since December of 2007, the massive grocery store chains Hannaford Brothers and Sweetbay were hit by one of the largest incidents of credit and debit card data theft the U.S. has ever seen. Hannaford Bros., which owns the supermarket chains in the Northeast United States and Florida, announced on Monday that thieves had snagged an estimated 4.2 million card numbers and expiration dates, though not names or addresses. The thefts occurred during the authorization process that takes place when users are buying groceries at the the checkout counter with a credit or debit card.

The Associated Press reports that 1,800 incidences of fraud have been associated with the theft, as well as some occurrences of identity theft. Hannaford doesn't associate credit card numbers with names and addresses, which has lessened the impact of the data theft, but it has also made it impossible for the company to identify and contact those affected. Customers seeking help or information are encouraged to call the company at 1-866-591-4580.

Though this is one of the largest instances of data theft in the country, it pales in comparison to the largest which took place in 2005, when hackers gained access to the systems of TJX Companies, the owners of Marshall's, TJ Maxx, and Bob's. In that theft, over 94 million credit and debit card numbers were compromised.

The most unsettling detail is that Hannaford seems to have little indication as to when or how the theft occurred. The company became aware of the theft on February 27, after reports of suspicious credit activity. The numbers were stolen sometime between December and that date, but Hannaford was unable, or unwilling to divulge further details. If major companies can't even be sure when or how their systems are compromised truly secure Internet transactions may be nothing more than a pipe-dream.

From InfoWorld and AOL News/AP

Related Links:

Harvard Hacked, Student Data Made Public

by Tim Stevens, posted Mar 17th 2008 at 11:08AM

When applying to a prestigious establishment like Harvard, chances are you worry about a lot of things. You worry whether your essay used enough semicolons, whether that test score was high enough, and whether the recommendation from your favorite teacher didn't get lost in the mail. Chances are, though, you didn't spend much time worrying about someone hacking into Harvard's application database and stealing your private info, but that's exactly what happened to 10,000 of last year's applicants to Harvard's Graduate School of Arts and Sciences.

All in all, 6,600 records were stolen, including students' full names, mailing addresses, dates of birth, and Social Security numbers -- basically, everything an identity thief would ever need to pretend to be you. Even more frightening is that all that information is currently and freely downloadable via BitTorrent clients, a peer-to-peer distribution system that has no central servers. This means there's no real way to stop the spreading of this information by deleting it in one place, since files are hosted in bits and pieces across a vast network of computers.

The hack was supposedly done to show that the school's server administrator was inexperienced and unable to prevent such an infiltration. Okay, thanks, but since when did victimizing 6,000 innocent people by releasing their Social Security numbers into the wild -- to prove a point on staffing -- become even remotely considerable? Seems like these hackers have watched Live Free or Die Hard a few too many times.

From BetaNews

Related Links:

Older Posts →

X3F Week in Review: August 29, 2008 - September 4, 2008 WRUP: WRUP Edition First GameFly casting call in LA next Tuesday	5 Free Apps to Clone Your Hard Drive 4 "SpeedDial" Options for Firefox Joost to kill desktop client, provide browser-based video player?
2Chicks1Mac - Tip Applications: Hot? or Not? Take Control of Podcasting on the Mac: 2nd Edition Iconfactory releases Twitterrific 1.1 for iPhone	Will Fannie and Freddie shareholders be wiped out this weekend? 27,000 Boeing workers to strike Saturday morning Stocks have their worst week in six years
X3F TV -- XBLA in Brief: Gin Rummy, Shred Nebula, Pirates vs Ninjas Dodgeball All That Remains is new Rock Band DLC Video: the story behind Tomb Raider: Underworld	Duel: HSV GTS and FPV GT-P face off Down Under VIDEO: Dodge Viper ACR's record 'Ring lap (two views!) Spied: Mysterious "Project B" Mustang concept to debut at SEMA
Leaked Warhammer 40K action-shooter footage heads to YouTube Far Cry 2 gets final release date and Collector's Editon Most id Software games on Steam are 50 percent off this weekend	The 'Uneasy Truth' of NFL Injuries Around the Steelers Blogosphere: Texans Time Injuries To Watch: Week 1

Hackers Increasingly Turning Computers Into 'Zombies'

British Hackers Using Stolen American Credit Cards

iPhone Security Hole Leaves Your Personal Info Vulnerable

Wii Balance Board Used to Control Roomba Vacuum

Hackers Figure Out How to Wirelessly Control Pacemakers

Celebrity Bait-and-Switch Twitter Post Leads to Hacker Takeover

Hackers Using Facebook Wall to Spread Viruses

Hacked Electronic Toll Booths Could Steal Your Personal Information

'A-Z' and Other Celebrity Hackers (Gallery)

Worst Web Threats of 2008 (So Far)

Guy Stuffs Entire Video Game System Into Retro Controller

Citibank/7-Eleven ATMs Infiltrated, PINs Stolen

Hackers Post Flashing Animations on Epilepsy Support Forum

Thieves Snag 4.2 Million Credit Card Numbers from Supermarket Chain

Harvard Hacked, Student Data Made Public

Breaking news Feed

Featured stories Feed

AOL Tech Network

Resources

Categories

cnet reviews

downloads

Features

Hot Topics

Latest Reviews from CNET.com

Top Product Reviews