TweakTown
Tech content trusted by users in North America and around the world
6,135 Reviews & Articles | 39,410 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 88

iOS 5 contains Safari bug, opens users to malicious sites

This is a cautionary story for all of those iOS 5 users out there, including the new iPad 3 users. Germany security firm MajorSecurity discovered a bug earlier this month that can be used to trick you into visiting potentially malicious Web sites. The bug was first discovered in iOS 5 and was replicated in iOS 5.1. Apple was informed of the bug by MajorSecurity on March 3, but has not yet issued a patch.

 

[img]2[/img]

 

"The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method," explained David Vieira-Kurz of MajorSecurity. "This can be exploited to potentially trick users into supplying sensitive information to a malicious Web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site."

Continue reading 'iOS 5 contains Safari bug, opens users to malicious sites' (full post)

Is too much technology a bad thing?

We live in a modern age where technology seems to be taking over everything we do, from e-mails taking over for letters, to Turbo Tax taking over handwritten taxes. But, where do we draw the line? Can all of this technology be bad? Well, in one man's case, it is. A bug in the Norwegian's tax web portal has allowed anyone who went there to see his, his wife's, and his employer's information.

 

TweakTown image news/2/3/23139_1_is_too_much_technology_a_bad_thing.gif

 

Users hoping to get an early start on their taxes went to the site, which resulted in a crash. When the servers were brought back up, everybody was inexplicably logged in as Kennith, the man in question. It seems that his login details were stored in the server's cache when the system went down, and after it was brought back up, logged everyone in as him.

 

The bug lasted only 15 minutes because they brought the servers back down, however, during that time period, anyone was able to log on and see his very private tax information. This isn't the first time the service has had issues. In response to the recent issues, the managing company has admitted that there were bugs when the system first launched and that they lacked the expertise to properly manage it.

Microsoft may have leaked code capable of attacking critical Windows bug

No, I'm not trying to use scare tactics. No, I don't want you to rip out your link to the internet. I just want you to beware: Microsoft may have had a hand in leaking executable code that was used in a proof-of-concept (PoC). The data packet that was used was the same that Luigi Auriemma, an Italian security researcher, discovered and reported way back in May of 2011. Last Tuesday, Microsoft updated all flavors of Windows to patch the critical RDP vulnerability. Both Microsoft, and I, strongly recommend that you update and patch all of your machines running Windows.

 

TweakTown image news/2/3/23040_20_microsoft_may_have_leaked_code_capable_of_attacking_critical_windows_bug.jpg

 

Auriemma has stated:

 

In short it seems written by Microsoft for [its] internal tests and was leaked probably during its distribution to their 'partners' for the creation of antivirus signatures and so on. The other possible scenario is [that] a Microsoft employee was [the] direct or indirect source of the leak. [A] hacker intrusion looks the less probable scenario at the moment.

Continue reading 'Microsoft may have leaked code capable of attacking critical Windows bug' (full post)

More Sony hacking problems - Michael Jackson's back catalog reportedly stolen last year

Sony are having a bad time with this hacking news, it just feels like a bad smell that won't go away for them. The latest news is Michael Jackson's entire music catalog was stolen during the hack, which reportedly accounts for some 50,000 individual tracks and a wide variety of unreleased material.

 

TweakTown image news/2/2/22875_01_more_sony_hacking_problems_michael_jackson_s_back_catalog_reportedly_stolen_last_year.jpg

 

This was known in May of last year, in the aftermath of the hack which left the PlayStation Network and Qriocity (which is now known as Sony Entertainment Network Music Unlimited) users without a server for nearly an entire month. There were two men based in the UK who were arrested with the theft, and have appeared in court where they denied the charges.

 

The two men were released on bail and are now due to stand trial in January 2013. Sony had originally paid $250 million to the Jackson estate back in 2010 for the rights to literally everything that Michael had recorded, and whilst Sony haven't told us how widespread the theft is, multiple 'sources' have reported that the entire collection was taken.

 

Here's where I see a problem: what the hell were Sony thinking keeping $250 million worth of music on their online servers, just waiting to be hacked? One would think they'd have them offline, until they were ready to be released as tracks. Unless they want this issue to hit the hearts of fans worldwide, "oh noes, someone hacked the deceased, and much-loved Michael Jackson's unreleased songs".

Syrian President's e-mail password: 12345. How is this known? Anonymous, of course

12345. Such an amazingly hard password, something that no one else on Earth has probably ever used. Well, except for Syrian President Bashar al-Assad. Anonymous broke into the mail server of the Syrian Ministry of Presidential Affairs, where they gained access to 78 inboxes of Assad's staff, according to a report from Israeli daily Haaretz.

 

TweakTown image news/2/2/22566_05_syrian_president_s_e_mail_password_12345_how_is_this_known_anonymous_of_course.jpg

 

The password '12345' was associated with several of the e-mail accounts. Victims of Anonymous' latest attack were Mansour Fadlallah Azzam, who is the Minister of Presidential Affairs, as well as Bouthaina Shaaban, who is Assad's media adviser.

 

Haaretz obtained, and published one e-mail that included documents intended to prepare al-Assad for his December 2011 interview with Barbara Walters. In the interview, he said that the Syrian government was not killing its own people:

 

We don't kill our people. No government in the world kills its people, unless it's led by a crazy person.

Anonymous threatens Facebook, again, this time they'll take it down on January 28

[Updated] Here we go again. Anonymous plan to take Facebook down on January 28 as part of what they are calling Operation Global Blackout Part 2. The voiceover on the video claims responsibility for the recent attacks on CBS, Warner Brothers and the FBI.

 

 

In the video, viewers are encouraged to be part of the "first official cyber war and help bring Facebook down". Why is Facebook being targeted? Your guess is as good as mine. Maybe because taking down Facebook would get everybody to stand up and listen.

 

Anonymous are recruiting people to download their "Low Orbit Ion Cannon" (LOIC), which is an open source network stress testing and denial-of-service attack application. The video goes on to explain how to use the app to attack Facebook but points out that if done randomly, it won't work as Facebook has over 60,000 servers across the world.

Continue reading 'Anonymous threatens Facebook, again, this time they'll take it down on January 28' (full post)

Hackers continue attacking Israel, begins to get serious

Last Friday, a group of purportedly Gazan hackers defaced Israel's Fire and Rescue Services website. They didn't just do any old hack, but added a "death to Israel" message on the website and a tweaked picture of Israel's Deputy Foreign Minister, Danny Ayalon, where they superimposed foot prints over his face.

 

TweakTown image news/2/2/22289_04_hackers_continue_attacking_israel_begins_to_get_serious.jpg

 

Ayalon is the public official responsible for a strongly worded statement denouncing hacking, likening it to terrorism and threatening (bad move) that:

 

Israel has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action.

 

Now, I'm sure you can imagine that the hackers were not happy with Ayalon's choice of words. The statement was made as a response to a cyber attack against Israel where hackers claimed to have taken 400,000 "Zionist" credit cards, including addresses, names and Israeli ID numbers (like Social Security). It has been reported that at least several thousand of those credit card numbers were verified as legitimate cards.

Continue reading 'Hackers continue attacking Israel, begins to get serious' (full post)

Apple, Nokia and RIM supply backdoors for government intercept, according to hacked memo

First up - this does not surprise me. I've thought for a very long time that this happens, as with most things, right under our noses and no one even knows. I'm sure it goes much deeper than this, and we'll never find out just how deep the rabbit hole goes, but on with the news. A group of Indian hackers known as "The Lords of Dharmaraja" had posted documents that were pillaged during the hack of an Indian military network. It was removed, but thanks to Google Cache, you can see an image of it below, and if that's not good enough, click here to read it directly.

 

TweakTown image news/2/2/22177_12_apple_nokia_and_rim_supply_backdoors_for_government_intercept_according_to_hacked_memo.jpg

 

Slashdot had reported on it too, and unveils some more info:

 

The memo suggests that, "in exchange for the Indian market presence" mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as "RINOA") have agreed to provide backdoor access on their devices. The Indian government then "utilized backdoors provided by RINOA" to intercept internal emails of the U.S.-China Economic and Security Review Commission, a U.S. government body with a mandate to monitor, investigate and report to Congress on 'the national security implications of the bilateral trade and economic relationship' between the U.S. and China.

Continue reading 'Apple, Nokia and RIM supply backdoors for government intercept, according to hacked memo' (full post)

Anonymous hack US think tank, use stolen credit cards to make Christmas donations

Anonymous don't rest during the holidays like most people, they've donned their Santa hats and hacked their way into thousands of credit card numbers and other personal information belonging to clients of a U.S.-based security think tank, Stratfor.

 

TweakTown image news/2/2/22022_02_anonymous_hack_us_think_tank_use_stolen_credit_cards_to_make_christmas_donations.jpg

 

One of the hackers said their goal was to take the funds from individuals' accounts to give away as Christmas donations. Anonymous boasted of stealing Stratfor's confidential client list, which includes entities including Apple, the U.S. Air Force, to where Dexter Morgan works, the Miami Police Department. They mined it for more than 4,000 credit card numbers, passwords and home addresses.

 

Stratfor is an Austin, Texas-based company which provides political, economic and military analysis to help clients reduce risk, according to their YouTube page. They charge subscribers for its reports and analysis, which are delivered through the web, e-mail and videos.

Continue reading 'Anonymous hack US think tank, use stolen credit cards to make Christmas donations' (full post)

Just a handful Chinese hacking groups responsible for most US attacks

U.S. cyber security analysts and experts are reporting that fewer than 12 different Chinese groups are responsible for most of the China-based cyber attacks that have resulted in critical data being stolen from U.S. companies and government agencies. The analysts spoke to The Associated press where they've said the intrusions have resulted in the loss of billions of dollars of intellectual property and other critical data.

 

TweakTown image news/2/1/21881_11_just_a_handful_chinese_hacking_groups_responsible_for_most_us_attacks.jpg

 

The attacks may have been stealthy, agressive and somewhat ninja, but the distinct signatures the hackers leave behind make it possible for U.S. cyber security investigators to more or less accurately identify which teams were responsible for the attacks. According to the report, the U.S. gives unique names or numbers to the attackers, and at times can tell where the hackers are and even who they may be.

Continue reading 'Just a handful Chinese hacking groups responsible for most US attacks' (full post)

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases