What looks to the layman like a chunky under-the-desk computer power strip is actually a full-fledged hacking tool designed to let white hat hackers (aka the ‘good’ guys) test the security level of a given computer network, wired or wireless. More »
If there’s one thing my mother never did for me (thankfully) it would be hack into my school’s computers to change my grades – and getting caught in the process. Well, the children of Catherine Venusto had a chance to experience that. According to reports, Venusto, a former employee of the Northwestern Lehigh School District in New Tripoli, Pennsylvania, was charged on three counts of unlawful use of a computer and computer trespassing.
The lady was said to have used the passwords of the superintendent and 9 other employees to access the system’s student records to change the grades of her children. For her daughter – a failing grade turned into a medial exception, while her son’s grade was bumped up from 98% to 99% (why she even bothered, I have no idea). She’s probably never allowed near a school computer again, but after a $30,000 fee to be bailed out, I guess she probably learnt her lesson. I wonder how the kids felt about it. What’s the most outrageous thing your mother has ever done for you?
By Ubergizmo. Related articles: Apple investigates in-app purchase exploit, NVIDIA forums hacked,
Salutations, My Dearest One: I am writing to you this blog post with joy and happy feelings in my heart, bringing news that will be of great interest and benefit to you. Oh, beloved, there is indeed a special reason for why I have chosen to contact you in this moment of your day, I write to you now because of the urgency of our situation: the world’s third-largest spam botnet was knocked offline, today—for good. More »
Remember the in-app purchase exploit that allowed people to make in-app purchases without paying for them? Well, it looks like Apple has caught wind of the story and is currently investigating the problem. No word on how such an exploit managed to get under the noses of Apple security, but I guess it’s a good thing they’re looking into the problem and not ignoring it or pretending it wasn’t a huge concern – according to reports online, over 30,000 in-app purchases have already been made using the service.
(more…)
By Ubergizmo. Related articles: App Store in-app purchases circumvented by hacker, Apple fixes iOS 6 App Store bug,
If you’ve got an account on the NVIDIA forums, you probably noticed an announcement about the forums being hacked recently. NVIDIA took the forums offline last week to investigate the breach – it turns out that hackers managed to gain access to user’s usernames, email addresses, hashed passwords with random salt value, and public-facing “About Me” profile information. While most of the information was already available online anyway, users have been encouraged to change their passwords for accounts on other websites if they used the same password for their NVIDIA forum account.
Users are also warned not to provide any personal, financial or sensitive information in response to any email purporting to be sent by an NVIDIA employee or representative. All user passwords will be reset when the system comes back online, though it wasn’t mentioned when that was going to be.
By Ubergizmo. Related articles: NVIDIA behind digital dashboard in Tesla Motors electric sedan, NVIDIA addresses Linus Torvalds’ “Fuck You NVIDIA” remark,
Yesterday Yahoo! suffered a major security breach as it saw over 400,000 passwords leak out. The group responsible for the hack claimed it was to expose the shoddy security methods employed by the company, and wasn’t intended as a malicious attack. It looks like Yahoo! wasn’t the only victim, as several other companies have had their databases exposed and pasted onto the internet due to similar security lapses.
ZDNet reports that Phandroid suffered from a hack on its Android Forums, which exposed usernames, email addresses, and hashed passwords. Its not known how many users have been affected by the hack, although the forum has over a million registered users. The administrators of the site say the exploit has been found and fixed, with the hack most likely an attempt to harvest email addresses.
Last night, Billabong and NVIDIA also suffered from hacks. Around 35,000 plaintext passwords are said to have been extracted from Billabong’s database, but only 1,435 were located in a CodePaste.net post. Like the Yahoo! hack, it looks like the hackers took advantage of a MySQL injection exploit to get at the data.
NVIDIA also shut down its Developer Zone last night after in response to a hacking attack on the website. In a statement, NVIDIA says that it shut down the site “in response to attacks on the site by unauthorized third parties who may have gained access to hashed passwords.” There’s no word on how many passwords were taken as a result of the hack, but unlike Billabong, all of the passwords are hashed.
Billabong, NVIDIA, and Android Forums all affected by hacks is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Online account security breaches are seemingly commonplace these days — just ask LinkedIn or Sony — and now we can add Yahoo’s name to the list of hacking victims. The company’s confirmed that it had the usernames and passwords of over 400,000 accounts stolen from its servers earlier this week and the data was briefly posted online. The credentials have since been pulled from the web, but it turns out they weren’t just for Yahoo accounts, as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login info was also pilfered and placed on display. The good news? Those responsible for the breach said that the deed was done to simply show Yahoo the weaknesses in its software security. To wit:
We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.
In response, Yahoo’s saying that a fix for the vulnerability is in the works, but the investigation is ongoing and its system has yet to be fully secured. In the meantime, the company apologized for the breach and is advising users to change their passwords accordingly. You can read the official party line below.
At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.
Filed under: Internet
Yahoo confirms server breach, over 400k accounts compromised originally appeared on Engadget on Thu, 12 Jul 2012 14:41:00 EDT. Please see our terms for use of feeds.
Permalink | 
TechCrunch, New York Times | Email this | Comments
Kevin Mitnick was one of the first internationally known hackers, one of the early wizards who struck the fear of the gods in the machine into regular people. He hacked Los Angeles, Motorola, Nokia, Sun Microsystems, and Fujitsu Siemens before finally being caught by the FBI. More »
Almost a year ago today, Anonymous hacked one of Australian super villain Rupert Murdoch’s crown jewels: The Times. Why? To spread a false report of his death. A year later, he’s shutting them up like rowdy children. Times have changed. More »
Kim Dotcom may be the king of bad taste, but the Feds’ handling of his criminal case is pretty bad, according to Apple co-founder—and Gizmodo hero/friend—Steve Wozniak: More »
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
