You are currently browsing the category archive for the ‘Hacking’ category.

According to the BBC [1] and ZDNet [2] three men are being charged with stealing 130 Million Credit Card numbers in the US. The reporting of this is a bit tainted by the inability of reports to explain SQL injection to the masses. For example the reports say that a ‘breach in the firewall’ resulted in SQL Injection, which does not make much sense as a firewall would not be able to tell a malformed URL from a valid one. Maybe the software companies who wrote the payment systems should also be help responsible for not writing secure code? Although to be fair this is impossible to 100% achieve. It depends what kind of SQL Injection was needed i guess.

The other interesting point raised from this story is that the American apparently worked with two Russians on this hack, but also has a history of working with the Secret Service. Doesn’t look good to me if ex SS employees are in collaboration with Russian criminals. Who else are/have they been in collaboration with i wonder?

[1] http://news.bbc.co.uk/1/hi/business/8206305.stm
[2] http://news.zdnet.co.uk/security/0,1000000189,39719220,00.htm

Advertisements

Palm Pre handsets are secretly sending data about users back to palm. They are sending GPS location data, usage data and crash reports. Its amazing to think they can get away with this. It doesn’t seem to have received a lot of press either which is unusual. Its on the BBC [1] and the original discovery, made by Joey Hess can be found easily enough also [2], but there is not as much outrage as i had thought. I wonder if the pre was as popular as the iPhone this would be more significant a event?

Either way, it will be interesting to see how this effects pre sales, if it does at all!

1. “BBC NEWS | Technology | Palm criticised over Pre privacy,” http://news.bbc.co.uk/1/hi/technology/8198921.stm.
2. “Palm Pre privacy,” http://kitenet.net/~joey/blog/entry/Palm_Pre_privacy/.

Well the story of the Facebook / Twitter DDoS has progressed from a rumour of a Russian involvement to mass media reporting claims of blame aimed directly at the Kremlin. [1]

It now appears Live Journal and Google Bloggs were attacked as part of a coordinated attack with the aim of silencing a Georgian critic of russia. The possibility of state involvement makes this story even more significant that it was, based on the fact it appears an attempt by one state to silence one person has resulted in millions being silenced. This really does highlight the possible lengths some states will go too, the resources they have, and the vulnerable state and importance of internet services to the internet these days.

1. “Georgian blogger Cyxymu blames Russia for cyber attack | World news | guardian.co.uk,” http://www.guardian.co.uk/world/2009/aug/07/georgian-blogger-accuses-russia.

Its been widely reported that a fake ATM machine was placed in the Riviera hotel during the Defcon 17 conference. (http://www.computerworld.com/s/article/9136179/Fake_ATM_doesn_t_last_long_at_hacker_meet)

There are some interesting points to take from this. The first one being that it was placed in a ‘cctv black spot’. I cant believe there are any black spots in a Casino like the Riviera, and even if there are there wouldnt of been a ‘black spot route’ that the perpetrators could of carried the large device alone to get it into place. So they must be on cctv at some point lugging it through the casino. Probably another case of ‘he looks like he is meant to be doing that, and he has a fluorescent jacket on, so lets leave him do it’.

The second point of interest is if this was aimed at the Defcon attendees. I thought at first it may have been linked to someones talk, and a new ‘wall of sheep’ would of been presented in a attempt to further the talks punch line. But no one has taken credit.

I find it hilarious that the ‘cyber criminal’s’ that installed this may have been completely unaware of the biggest hacking/security conference taking place there at that time… talk about bad timing.

You cant really blame people for falling for this through, here in the UK ATM machines come in so many different sizes, colours and locations (including pubs etc.) that anyone could easily fall for this. It makes you realise how we are completely reliant on our judgement based on the visual appearance of a ATM to decide if its safe to enter your bank account details and pin numbers into. Judgement based on appearance and location is as good as it gets, which is not good enough. Maybe its time some kind of authentication system for these machines is devised so you can guarantee the machines authenticity before you enter you card and pin.

December 2017
M T W T F S S
« Jul    
 123
45678910
11121314151617
18192021222324
25262728293031