Pretty much spot-on, this. There’s an op-ed in The Wall Street Journal that argues that Americans should badger Congress and the president, asking them to hold off on doling out stimulus dollars to electronic medical record systems that don’t have appropriate privacy safeguards in place. As it stands, electronic medial records aren’t exactly sealed—insurance companies can peek at them, as can pharmaceutical companies. So, let’s instead focus on creating an electronic medical record system that’s as foolproof as possible. Slight issue: when is your data, medical or otherwise, ever truly secure? → Read More
At what point do you stop trying to track and prosecute cyber-criminals? Obviously, you can’t let criminals run around willy-nilly, but when you look at the resources involved in bringing those guys to justice—and are you really nabbing the right guys in the first place?—it’s worth at least talking about. Is fighting cyber-crime about as futile as fighting the war on drugs? → Read More
Google was attacked by hackers in China. Microsoft reports that they’re the target of hackers all day, every day. Now Intel is stepping forward, and admitting in their annual 10-K filing that they were the target of a sophisticated attack. Intel observes that it might be industrial espionage, or it might be “hackers seeking to harm the company.” It makes you wonder how many attacks on smaller organizations go un-reported, or indeed even un-noticed. → Read More
The Chinese hacker saga continues, with some pretty huge news having emerged in the past few hours. U.S. authorities have identified, so they think, the sole person responsible for the underlying code used on attacks on Google and others. He’s a “freelance security consultant” in his 30s, and he was able to take down almighty Google by exploiting a previously unknown hole in Internet Explorer. Being an Internet Explorer public relations guy must be pretty difficult. → Read More
Last week I met Gever Tulley, author of the provocatively-titled “Fifty Dangerous Things You Should Let Your Kids Do.” The book grew out of a 2007 TED talk about why embracing and exploring danger ultimately lessens it. (See! Good things do come out of TED. Let the TED-TechCrunch healing begin!) The book doesn’t advocate playing in traffic, but it does extol the virtues of things like super-gluing your fingers together, boiling water on the stove in a paper cup, and putting metal in the microwave.
He talked about the decrease in “tinkering” in America and linked it to Americans seeking an appearance of affluence, i.e. only poor people would try to fix their own sink, anyone else would call a plumber. Tulley is a big believer that this is bad for kids and by extension the country. I’ll take it a step further—I think it’s bad for American entrepreneurship. → Read More
I’ve been led to believe that Club Mate (pronounced: ma-tay) is the drink in the international hacker community. Being a fan of the international hacker community—and by “hacker” I don’t mean stupid idiots who DDOS Web sites for lulz, but rather people who enjoy tinkering with the world around them—I decided to buy a case. → Read More
Please turn your attention to Rolling Stone, where an article about a blind, lonely phreaker is currently tearing up the charts. That is to say, it’s an article worth your time, certainly better than refreshing drudgereport.com for the thousandth time in a day. → Read More
Here’s an updated statement that T-Mobile just released regarding the possible breach of servers that may or may not have occurred over the weekend. “Following a recent online posting that an alleged hacker apparently accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers’ information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible.” → Read More
Researchers from the University of California, Santa Barbara, have published a report after taking over a massive botnet called Torpig aka Sinowal. The malware network was able to collect 56,000 passwords and hour as well as 70GB of financial and personal data.
The researchers found that most users reused passwords for multiple sites and that the malware was able to steal credit card numbers and bank logins. They were able to control the system for ten days before the malware was updated. → Read More
Pwn2Own, a sort of Gray Hat extravaganza, is going to be cracking browsers and phones for the third year in a row this March. It’ll go from the 18th to the 20th and thousands of dollars in prizes. Many will enter, few will pwn. → Read More
Wired’s Brian X. Chen twittered to the world that Apple was suing his publication over his video tutorial teaching us Luddites how to hack netbooks to run Mac OS X. As Giz points out, Apple isn’t likely to sue them, but, rather, send over a cease and desist order. It’s all pretty trivial if you ask me. → Read More
Datel and Sony Computer Entertainment Europe clearly don’t like each other very much. How do we know this? SCEE has taken Datel to court over its as yet unreleased “Lite Blue Tool,” which has been renamed the Max Power Digital. The device would let users hack, in a sense, the PSP. Sony didn’t care for this very much, and is now in lawsuit mode. → Read More
My fellow Americans: tomorrow’s the big day, Election Day, wherein we are able to exercise our right to wait in line all day at a fire house or elementary school, rubbing shoulders with “neighbors” and trading pleasantries about what we think about that Obama fellow. It should be fun. Yet, our voting system stinks. Not only that, but our voting system could be vulnerable to fraud, and not that theoretical ACORN nonsense. We’re talking about rigging electronic voting machines to affect the tally, much like what Homer Simpson experienced. A compsci professor at Princetown has warned that electronic voting machines can be hacked in as little as six or seven minutes. (His name is Edward Felten, and he was on the D.L. Hughley show on CNN last night showing how the vote could be rigged.) The affected machines are made by Sequoia Voting Systems, which has threatened to sue the professor for besmirching their machines, violating license agreements, etc. That’s good—silence a whistleblower. Expect allegations of fraud all around in the next few days. → Read More
Dear school administrators, What’s the best way to ensure that your computer network remains riddled with security vulnerabilities that leave you, your personnel and [someone think of the] schoolchildren in danger? Why, to demonize the student who discovered the vulnerability and alerted you to it, of course. Have him charged with a felony while you’re at it. A student in a Saratoga County (New York) school alerted his principal to a computer security vulnerability that could expose the names, social security numbers and addresses of school employees. While the student tried to do it anonymously, he was eventually tracked down. Then the school threw the book at him. The student is now being charged with three felonies for his unauthorized use of the computer network. The best is this quote from a state trooper: The kid committed an intentional criminal act. He deceitfully used someone else’s name and password so he would not get caught and was looking to profit from his criminal act. The only thing we can take away from this is, even if you discover a security vulnerability, it’s completely in your best interest to keep it to yourself, otherwise you’ll be branded a criminal terrorist when you were merely trying to do a good deed. Or, if you insist on doing the right then, use Wikileaks. → Read More
http://vimeo.com/moogaloop.swf?clip_id=2069634&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=13G Baseband Tool from iphonedev on Vimeo. The wizards at the iPhone-Dev Team have just about cracked the iPhone baseband which means carrier unlock is almost upon us. What does this mean? Sadly, not much. The iPhone is still physically – at least in theory – locked to purchase and activation at AT&T and Apple stores so those heady days of buying an iPhone to crack at home are long gone. It is my suspicion that lots of 3Gs will soon be falling off the back of trucks around the world, especially in Russia and Asia, as folks dedicated to one G.S.M. carrier or the other decide they don’t want to switch. Baseband unlocks essentially cede control of the phone’s telecomm portions to hacked code. Usually it’s impossible to run hacked baseband code but the iPhone Dev folks have patched the baseband without alerting the phone itself, resulting in the Great iPhone Unlocking of 2007 and the future iPhone unlocking of 2008/2009. → Read More
http://vimeo.com/moogaloop.swf?clip_id=2007855&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1Compromising Electromagnetic Emanations of Keyboards Experiment 1/2 from Martin Vuagnoux on Vimeo. Two doctoral students have produced what is probably the most fascinating hack (or whatever you want to call it) of the year. Using custom equipment and software, Messrs Martin Vuagnoux and Sylvain Pasini of the Swiss Ecole Polytechnique Federale de Lausanne are able to detect shifts in the magnetic field surrounding keyboards. By measuring and interpreting these shifts, the students are able to figure out what has been typed. There’s four such “attacks,” once of which can work from as far as 20 meters (65 feet). While we’ll no doubt have to put up with ignorant “keyboard sniffers on the loose!” stories on your CNNs and whatnot, it’s important to understand what exactly this is. That is, research. These aren’t script kiddies looking to wreak havoc at a Starbucks or whatever, but scholars trying to figure out how things work. via BBC News → Read More
http://www.g4tv.com/lv3/29183 Yes, that evil “hacker” who broke into Sarah Palin’s e-mail account was indicted yesterday. Politics aside, it was a pretty dumb thing to do, especially posting the e-mails online after the fact. To that end, here’s renowned computer security consultant (and former HACKEROMG) Kevin Mitnick giving his opinion on the whole matter on G4′s Attack of the Show. Mitnick says he doesn’t think the kid should have his life ruined for what amounted to a harmless prank. That’s my opinion, the harmless prank part. You know, maybe spend a couple of weeks doing community service, picking up trash along the side of the road or something. The host, Kevin Pereira, brings up another good point: why haven’t we seen more “cyber attacks” on politicians this election year? → Read More
Hey script kiddies, next time you steal some unsuspecting person’s password, you’d better be prepared to do five years in prison. That’s what the kid who “hacked” Sarah Palin’s Yahoo e-mail account faces, now that he’s been indicted by a federal grand jury. The kid, now identified as David Kernell, a 20-year-old student at the University of Tennessee, has been accused of accessing Palin’s e-mail account without her authorization. The kid is screwed, in other words. If convicted, the kid faces five years in prison, a $250,000 and three years of “supervised release.” No Facebook for him, I’m guessing. So, kids, let this be a warning to you: don’t try to impress your friends by reading powerful people’s e-mails. To quote Denzel Washington from Training Day, this kid is federally f*cked now. → Read More
San Francisco, CA
