Displaying items by tag: Hacking

It looks like Google is finally stepping up to the plate when it comes to security in their Android Smartphone OS. For a number of years now opponents of Google’s desert themed mobile OS have complained Android does not have sufficient security. This makes it an unsuitable operating system. The fact that a large portion of these complaints come from the competition (Apple and Microsoft) meant that they were ignored by the large majority of people. It is also noteworthy that the openness of Android has allowed for mobile phone makers to highly individualize their Android offerings instead of relying on the stock version. Consumers have eaten this up and now you can see people defending their favorite version (HTC’s Sense UI over Samsung etc.) It is a great feature to the OS and one that has helped in in the market.

One of the biggest items we have talked about is the mentality of companies when it comes to protecting their customers. Sure, they will spend a little money to offer some rudimentary protection, but in the end if they can get away with not spending money to keep things safe, well they will. This pattern has been shown time and time again with multiple services online, at banks (think ATM hacks) and pretty much anywhere there is a way to talk to the computer systems in question. Now, a pair of researchers has found that Time Warner, Comcast, Cox and probably many more are barely providing security for their customers who use their recommended hardware.

As we have told all of you before no system is secure. We have watched now as Android malware writers are using social engineering to mass-market spam and now we are seeing the first proof of concept of a method to “hack” Apple’s In-App purchase feature. We mentioned in our recent coverage of the Anrdoid.Dialup malware that this feature was not only vulnerable, but also could be used as a vector for attack and the installation of other malware.

We have two additional hacks to report this morning. The first was a little shocking as it has been learned that nVidia’s Developer Zone form was under attack. Although details of this attack are small it does appear that nVidia recognized that there was an attack on the forum and shut it down to prevent additional attack. However nVidia warns that the hashed passwords for the forum may have been accessed. Right now the forum is still down with only a canned message in its place warning users about the attack and advising them to change their passwords especially any passwords that might be identical across multiple sites.

We have said this once and we will say it again; 2012 will be remembered as the year of the breach. This year alone we have seen a significant number of services penetrated with relative ease and user account information pulled out at an alarming rate. So far this year we have watched as Linkedin, eHarmony, Last.fm, Formspring, League of Legends and more have been compromised and literally Millions of user account details have been posted to the Internet. It is a very disturbing trend considering the rather big push to the cloud for so many critical services (like hosting our personal records).

Anonymous is back in the headlines; this time it is not for doxing a large and corrupt corporation or a DDoS attack on a government website. This time it is all about the kids. In what certain members of the collective are calling OpPedoChat the activist movement it targeting websites and forums that cater to pedophiles. The group has vowed to wipe them from the internet and expose anyone that uses these sites.

Although the media world seems shocked by the news that the unmanned drones in use by the military are vulnerable to cyber-attacks we wonder exactly why. I mean come on how many security breaches of high-level “secured” sites have to happen before someone gets it? There really is no such thing as a secure system. This has been shown time and again going back to the first encryption methods. If you have some access to the system you can get in.

There is an interesting habit in the world of science; when you cannot explain or categorize something add “dark” to the front of the regular word and that makes it all ok. We have seen this in astrophysics, particle physics, theoretical physics, and now to IT. With this maxim we get Dark Matter, Dark Energy and my favorite “Darknet” It just sounds cool right?

I am not even sure how many times I have said this, but here it is again; what man can lock (encrypt etc) man can unlock. This has been proven again as Fujitsu has announced a world record breaking event in crypto cracking. The electronics company’s research and development arm has successfully cracked and cypher that was 278 digits long (this equates to 923 bit). The feat surpasses a breakthrough in 2009 by 74 digits.

About five days ago a hacker that goes by the name of Reckz0r kicked off a new group called SpexSec which created quite a stir. We talked about the group’s appearance and just as sudden disappearance. They showed up made three dumps of data and after a short exchange with someone on Twitter all three of the SpexSec members announced their retirements.