Being tricked into submitting nude pictures of yourself online is a pretty disgusting crime, but to then use those photos to extort more nude photos from the same person is downright despicable. As outrageous as that story sounds, that is exactly what happened a few days ago according to a recent FBI release.
By Ubergizmo. Related articles: Eric Schmidt To Visit North Korea, Online retailers vary pricing based on user location and average income, 
A unidentified hacker in Japan is driving the state’s National Police Agency (NPA) crazy. Japanese policemen recently uncovered a memory card strapped into a cat’s collar. The cat was found wandering on an island in Toyko. Policemen believe the memory card held clues to the hacker’s notorious creation – a malware dubbed as the “Remote Control Virus,” which basically allowed the hacker to send out threats online while avoiding detection. On New Year’s day, messages were sent out to media outlets, inviting them to a new game which offered them the chance for a big scoop. It contained a number of complex puzzles, which eventually led the police to the cat. (more…)
By Ubergizmo. Related articles: Man Charged For Videotaping Deputy, Microsoft Uses Children To Do Windows 8 Product Demos,
Late last year, multiple US banks were attacked online by what was believed to be a hacker group. Now government officials are saying it was actually the work of Iran, possibly in response to cyberattacks it has suffered from the US. This was determined when an investigation revealed that the method used to attack the banks was too sophisticated to be the work a fringe group.
Recently, several banks across the nation have been hit with attacks that harmed them to various degrees for ten or so minutes before they recovered. This is due to extremely high amounts of that are being directed to the banks in the DDoS attacks, affecting the likes of Wells Fargo, HSBC, Bank of America, and Citigroup, among others.
According to a former state official, the United States government is 100-percent certain that Iran is the cause of the attacks. Likewise, security firm Radware’s Vice President Carl Herberger is quoted as saying, “The scale, the scope and the effectiveness of these attacks have been unprecedented. There have never been this many financial institutions under this much duress.”
Fortunately, none of the bank accounts have been violated, and no money has been taken. The attacks are being directed from data centers, which are said to have taken control of some small-time cloud services and used them as the powerhouse behind initiating the attacks. Two issues are making it difficult to resolve the problem, however: 1, the DDoS attacks are encrypted, and 2, how the data centers are being hijacked is unknown.
[via New York Times]
Iran cyberattacked US banks according to government officials is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Apple has hired Kristin Paget, a former Microsoft employee who worked as a hacker for the company, which used her and a few others to find security issues in Windows Vista. After working for Microsoft, Paget was employed by Recursion Ventures, a security firm. Now Apple has snapped her up to focus on security for OS X.
If her LinkedIn profile is anything to go by, Paget now works as Apple’s Core OS Security Researcher. She has long been known as an accomplished hacker, having set up a system to intercept cell phone calls during Defcon, among other things. There’s no official word on what her tasks are at Apple, aside from the fact that they’re security-related.
Rumor has it that Paget is tasked with responsibilities revolving around malware protection. This comes soon after Apple has been forced to deal with the Flashback trojan, something that infected over half a million Macs earlier this year. This is another indication that threats against Macs are growing, and Apple is getting a jump on the issue.
Paget confirmed to Wired that she has been hired by Apple, but declined to offer further comment. Apple likewise declined speaking on the issue. We’re not likely to hear much – if anything – on her activities at Apple. She did reveal not too long ago information about her days at Microsoft, however, stating that she and the team were responsible for uncovering so many bugs that Microsoft was forced to extend Vista’s shipping date.
[via Wired]
Former Windows hacker joins Apple, helps protect OS X from malware is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Hacker “TheHell” is selling an exploit that allows individuals to hijack a Yahoo! email account. The method is shown off in a video that was posted on Darkode, where the exploit is being sold for $700, and then reposted on YouTube. Yahoo! has been notified and is looking for the security hole, which it says can be fixed in a few hours once discovered.
The zero-day exploit takes advantage of a cross-site scripting vulnerability, allowing the hacker to steal a Yahoo! user’s cookies and take control of the account. In order to work, the victim must click on a malcious link. Upon doing so, the user’s cookies will be stolen and he or she will be redirected back to the Yahoo! email home page.
Said TheHell: “I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers. And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!”
Yahoo stated that while fixing the issue will be simple enough, that can’t happen until they actually find “the offending URL.” This isn’t the first time an XSS attack has been directed at Yahoo!, however, with some recent examples of vulnerable linkes including surveylink.yahoo.com and order.store.yahoo.com. You can see a full list of XSS vulnerabilities and whether they’ve been fixed over at XSSed.com.
[via Sophos]
Hacker selling $700 Yahoo! email exploit is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Adobe has stated that its user forum was breached, prompting the company to shut down its Connectusers.com website. The Connect conferencing service itself was not compromised, nor were any of Adobe’s other websites. The hacker claimed to have gotten ahold of 150,000 log in credentials from customers and partners.
The discovery was made after a hacker named ViruS_HimA posted a claim online that he had the log in info for 150,000 users. The attack was performed to make a point about Adobe’s slow process of correcting security issues, according to the hacker, who claims to be from Egypt. Out of the alleged compromised credentials, 664 records were released, which included emails.
In addition to the Adobe breach, the same hacker has threatened to publish stolen data from Yahoo, which declined comment. For Adobe’s part, the company will be resetting about 150,000 passwords on Connectusers.com, which accounts for most of its user base. In addition, Adobe’s Senior Manager of Corporate Communications Wiebke Lips offered a statement.
“As soon as we became aware of the hacker’s post, we launched our investigation, which led us to determine that the hacker appears to have compromised the Connectusers.com forum site. We are in the process of resetting the passwords of impacted Connectusers.com forum members and will reach out to those members with instructions on how to set up new passwords once the forum services are restored.” As of now, the website is still offline.
[via Reuters]
Adobe’s Connectusers.com shut down due to breach is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
The nation of Georgia discovered a botnet trying to steal sensitive government documents, and what did they do? They gave the cyber-spy a taste of his own medicine, infecting his computer with the very same software he was targeting governments with. His infected computer eventually captured a photo of the alleged cyberterrorist, as well as his IP address. Georgia’s Computer Emergency Response Team says the hacker is behind the “Georbot Botnet” which targeted major governments around the world, including Georgia, the US, and France. The botnet was pretty sophisticated, using 0-day vulnerabilities, embedding itself in links on major Georgian news sites, and turning on microphones and webcams to glean important government data from infected computers. According to CERT, they’ve hack is linked to “Russian Security,” but all we know about him is the photo they gave us.
If you’re interested, read the entire report from CERT here.
By Ubergizmo. Related articles: Google disputes claims of Android botnet , German Police monitor Gmail, Skype, and Facebook via snooping malware,
Over 60 Barnes & Noble stores have been used by hackers to gain the credit card data, including the PINs, of customers. The security breach was discovered in the middle of September, but was not revealed per request by government agencies so that the hackers could be identified. The data was gathered via compromised keypads, which recorded each swiped card’s information.
A total of 63 stores had the compromised keypads, and were located around the country, including Chicago, San Diego, New York City, and Miami. Barnes & Noble issued a statement saying that customers who shopped at any of the 63 stores should change their PINs as a precaution, as well as check out their recent bank statements for anything out of the ordinary.
As can be imagined, some customers aren’t terribly happy that they weren’t informed about the security breach. Barnes & Noble says that its decision to withhold the info from customers was due to “the direction of the U.S. government,” which instructed the company to keep quiet. Barnes & Noble says that it notified credit card companies of the breach, however.
It continued to say that the company received two letters from the South District of New York’s attorney’s office stating that it wasn’t obligated to share the security breach with customers while the investigation was ongoing. Barnes & Noble, in an effort to identify and eradicate the compromised hardware, sent all 7,000 of its keypads from every store to a company that checked them out. The result was that one keypad was compromised per store, for a total of 63 hacked devices.
[via New York Times]
Barnes & Noble hackers gain customers’ credit card information is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
After developing JailBreakMe, cracking such devices as the iPad 2 or iPhone 4 and finally scoring a paying intern gig with his nemesis, hacker Comex tweeted that he’s no longer working at Apple. Also known as Nicholas Allegra, the talented coder’s Cupertino situation apparently came asunder when he failed to respond to an email offer to re-up with the company, though he also told Forbes that the situation was more complicated than that. He added that “it wasn’t a bad ending,” and that he has fond memories of his Apple experience, but if you’re hoping the Brown University student will have an iOS 6 jailbreak soon, don’t hold your breath — he’s concentrating strictly on his studies, for now.
Filed under: Cellphones, Tablets, Software, Apple
JailbreakMe hacker Comex let go by Apple after failing to respond to offer letter originally appeared on Engadget on Fri, 19 Oct 2012 08:44:00 EDT. Please see our terms for use of feeds.
Permalink 
9 to 5 Mac | 
Forbes, Twitter | Email this | Comments
Nicholas Allegra’s launch to fame came from his unusual penchant for hunting down cracks in the iPhone’s source code. Known as the hacker Comex, he made himself a venerable thorn in Apple’s side after repeatedly releasing JailBreakMe, giving iPhone users worldwide the ability to jailbreak their Apple mobile devices. In a semi-surprising move, Apple gave Allegra an internship, which has come to a sudden end a year later.
Comex, from Chappaqua, New York, was a Brown University student on hiatus looking for an internship. He stayed under the radar for quite awhile, until Forbes fished around and discovered his name. To get an idea of hacking skills, former network exploitation analyst for the NSA told Forbes, “I didn’t think anyone would be able to do what he’s done for years…He’s totally blown me away.”
Apple offered Allegra an internship, which he accepted because he was on leave from school and bored with jailbreaking. According to a recent tweet he sent out, that internship has ended. The reason? Failure to respond to an offer to extend his employment, as well as other reasons which the hacker declined to discus.
The tweets read:
“So…no point in delaying. As of last week, after about a year, I’m no longer associated with Apple. As for why? Because I forgot to reply to an email.”
In a call with Forbes, Allegra stated that though his termination from Apple was for more reasons than failing to reply to the email, “it wasn’t a bad ending,” and that he enjoyed his time with the company. He wouldn’t say more on the subject, however. Mum’s the word on what he did for Apple during his stay.
[via Forbes]
Apple boots out iPhone super hacker Comex is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
