Hasta La Gadget!

Security flaws are nothing new and the past few months has been a time of many security breaches and hacks into big company names. So, when you hear about a security flaw that’s been discovered on Twitter, it’s certainly alarming, but most people aren’t surprised by it. However, this story about one Twitter user is about as interesting as it gets.

Over the weekend, multimedia producer and Twitter user Daniel Dennis Jones (@blanket) received an email saying that his Twitter password had been changed. He quickly found out that he was not able to log into his account, but was still able to access it on his phone. To his surprise, his tweet and follow counts were at zero.

Jones was eventually able to log into the account, but found that his username was changed to @FuckMyAssHoleLO, with the name of the account being “Cracked by n0rth”. His Twitter profile was now being operated by someone else and was even put up for sale on an online message board called ForumKorner, a place where people buy and sell usernames for online gaming. The forum included other hacked single-word usernames that were inevitably created in Twitter’s early days and are now hard to get. And the selling prices for these usernames are surprisingly low, most of which sell for under $100.

So how are these hackers able to break into Twitter accounts so easily? In turns out that Twitter only prevents a large number of login attempts based on the IP address, rather than on a per-account basis. So, the hackers simply use a program that constantly attempts to log in with different common passwords using different IP addresses after every several attempts.

Obviously, changing your password to something more complex will definitely help to prevent this from happening to you. Even using a service like LastPass will help out a lot, but creating a long and random string of numbers and letters will do the trick. Just make sure you can remember it if you’re logging into a computer that doesn’t have your passwords saved.

We’ve heard other interesting stories of hacks and breaches in the past, like the iCloud fiasco that happened to technology writer Mat Honan, but this about the most interesting Twitter hack we’ve seen yet. Hopefully all goes well for Jones and that he gets his original username back. And hopefully Twitter responds to this security flaw and patches it up before even more usernames become victim.

[via BuzzFeed]

Security flaw allows hackers to steal Twitter accounts and sell them is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Mobile security company Intrepidus Group presented evidence during the EUSecWest security conference potentially identifying a major flaw in at least two US transit systems. Creating an Android app named “UltraReset” and using it in tandem with an NFC-enabled Android phone (a Nexus S, in this case), security researchers Corey Benninger and Max Sobell were able to reset and reuse — free of charge — transit access cards in both San Francisco’s MUNI system and New Jersey’s PATH system. Before you go getting any bad ideas, know that Benninger and Sobell haven’t released the app for public use, and warned both transit systems in late 2011 (though neither region has fixed the exploit, the duo claim). PATH and MUNI share a common chip access card — the Mifare Ultralight — which can apparently be reset for 10 extra rides (as demonstrated on video below) via Android phones with NFC, an OS newer than 2.3.3 (Gingerbread). Starting to sound familiar?

Intrepidus is, however, releasing a modified version of the app, named “UltraCardTester.” The modified app functions just like its nefarious progenitor, except it can’t add time to cards (see it in action below). The app can tell you how many rides you have left, and if a system is open to exploit, but it won’t assist you in the act of exploiting. We reached out to both New Jersey’s PATH and San Francisco MUNI on the issue, but have yet to hear back as of publishing.

Continue reading Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it

Filed under: Cellphones, Transportation, Wireless, Software, Mobile

Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it originally appeared on Engadget on Sun, 23 Sep 2012 19:48:00 EDT. Please see our terms for use of feeds.

Permalink   |  IDG News Service  | Email this | Comments

A group of hackers calling themselves Izz ad-din Al qassam have claimed responsibility for taking down Bank of America’s website today about 10am EST. More »

Today is not a good for those working behind the scenes at GoDaddy. TechCruch is reporting that an Anonymous member has brought GoDaddy down and, by extension, has brought down many of the sites GoDaddy hosts. Apparently, the attack was carried out by someone going by the name of “AnonymousOwn3r” on Twitter, and he says that he worked alone in bringing the website hosting service down.

Of course, this is causing a headache for more than just the folks at GoDaddy, as many business owners are seeing their sites go down as a result of the attack as well. Since the attack makes a number GoDaddy’s DNS servers inaccessible, many site owners who were using GoDaddy’s DNS service were affected by this breach. Customers are also saying that the company’s email and phone services are down as well.

GoDaddy itself has had to deal with a number of angry customers this afternoon, and at the time of this writing, the hosting service is still down for many. GoDaddy seems to be making progress, with one of its most recent tweets claiming that service has returned for some customers. With tens of millions of sites down, however, GoDaddy has its work cut out for it.

What’s interesting is that AnonymousOwn3r did this whole thing by himself. He hasn’t really given a reason for his attack on GoDaddy, saying in a tweet that the breach was meant to test GoDaddy’s “cyber security,” among other reasons that he can’t talk about now. A lot of GoDaddy customers are understandably calling him out on Twitter, so let’s just hope that the company can get everything back to normal soon. Stay tuned, as we’ll have more details for you as this story develops.

Anonymous attack brings down tons of GoDaddy sites is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Last night, several of the servers belonging to Bitcoin exchange Bitfloor were hacked, $250,000 in Bitcoins (24,000 coins) stolen. An open letter from the Bitfloor’s founder (reproduced below) explains what happened—and what action will be taken to compensate those whose accounts were compromised. For now, Bitfloor has been shut completely. More »