recentpopularlog in

mcherm : hacking   128

« earlier  
Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot Machines | WIRED
Wired claims this man can reverse engineer the PRNGs in slot machines and make a profit. It's illegal in the US, but not everywhere.
hacking  via:HackerNews  random  math 
11 weeks ago by mcherm
Graphing Calculator Story
The story of a couple of developers who built an entire product for Apple by sneaking into the building.
history  apple  via:reddit  hacking  culture  startup  security 
may 2019 by mcherm
The Linux Backdoor Attempt of 2003
Someone attempted to put a backdoor into the Linux kernel through subtly malicious C code. They were caught and it didn't work.
security  bug  hacking  opensource  via:reddit 
february 2019 by mcherm
A timing attack with CSS selectors and Javascript
A way to use JQuery to execute a timing attack that can extract fields from another webpage running in the same browser.
security  browsers  internet  javascript  hacking  via:HackerNews 
october 2018 by mcherm
Teen charged in Nova Scotia government breach says he had 'no malicious intent' | CBC News
Even in Canada, even in 2018, governments are still prosecuting people for "hacking" when all they do is increment the number on the end of a URL.
security  overprosecution  law  via:HackerNews  hacking 
april 2018 by mcherm
How Mark Zuckerberg Hacked The Harvard Crimson
Claim: early in the history of Facebook, Mark Zuckerberg used failed login attempts to deduce user's passwords to a separate email system in order to access their accounts.
facebook  security  MarkZuckerberg  hacking 
april 2018 by mcherm
The world's first cyber-attack (1834)
The mechanical telegraph was reserved for government use only, but some enterprising bankers bribed an operator to send messages (disguised as errors) so they could get a financial advantage.
history  security  hacking 
october 2017 by mcherm
A typo costs bank hackers nearly $1B | Ars Technica
Electronic bank heist could have netted $1B but was caught after only $81M -- caught because a person investigated a typo in the payment instructions.
banking  hacking  cracking  ArsTechnica  via:ArsTechnica  security 
march 2016 by mcherm
Even the LastPass Will be Stolen Deal with It!
This researcher found some really terrible security practices at LastPass allowing them to steal all the passwords. I would rail about LastPass but they also say LastPass was good about fixing stuff.
security  hacking  via:HackerNews 
november 2015 by mcherm
Norse Attack Map
A dynamic map of cyber attacks occurring in real time.
security  hacking  datavisualization  via:reddit 
august 2015 by mcherm
Mailinator(tm) Blog: How to get banned - not that I did this
He got sites trying to ban mailinator to ban gmail and others too.
hacking  email  via:reddit 
august 2015 by mcherm
Prosecutors suspect man hacked lottery computers to score winning ticket | Ars Technica
Prosecutors allege that the head of security for the lottery snuck into the room where the lotery computer is and planted a rootkit on it ensuring that he would win.
security  hacking  ArsTechnica  via:HackerNews 
april 2015 by mcherm
Cutting-edge hack gives super user status by exploiting DRAM weakness | Ars Technica
This is both exciting and terrifying. Like timing attacks, this promises to be a whole new TYPE of attack that is nearly impossible to defend against. It takes advantages of flaws in the physical construction of memory chips to allow changes in one area of memory to flip bits in another and thereby create a hack.
security  hacking  ArsTechnica  via:ArsTechnica 
march 2015 by mcherm
Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy | WIRED
He claims (but has no proof) that the FBI asked him to help them spy on people. What is clear is that prosecutors charged him with 44 felonies, nearly all bogus. He wound up taking a plea deal.
law  overprosecution  via:HackerNews  wired  hacking 
february 2015 by mcherm
Windows security
How to break into Windows 7 (and some about earlier versions.
hacking  windows  useful  via:reddit 
february 2015 by mcherm
Oops: After Threatening Hacker With 440 Years, Prosecutors Settle for a Misdemeanor | WIRED
Prosecutors can easily overreach with the vague overpowerfull computer fraud laws. Like multiple counts for hundreds of years for filling out a form with junk data and hitting submit.
law  hacking  overprosecution  via:HackerNews 
november 2014 by mcherm
The poisoned NUL byte, 2014 edition
A specific example of how to escalate an exploit into machine takeover. Great cleverness was required. This sounds like fiction, but it isn't.
via:HackerNews  hacking  programming 
august 2014 by mcherm
14-year-old code crackers hack Winnipeg ATM | Canada | News | Toronto Sun
A 14 yr old kid reads the manual on an ATM and then he discovers that the ATM at his bank is vulnerable. He reports it.
banking  security  hacking  via:HackerNews 
june 2014 by mcherm
Gaming the system: Edward Thorp and the wearable computer that beat Vegas
He built the first wearable computer to try to beat the game of roulette.
gambling  hacking 
april 2014 by mcherm
Errata Security: We may have witnessed a NSA "Shotgiant" TAO-like action
They watched as someone entered their system and extracted data using the support contract for their network switch. They suspect the americans (NSA or CIA).
nsa  security  hacking  via:HackerNews  snowden 
march 2014 by mcherm
Auernheimer Amended Reply Brief Final (HF) - AmendedReplyBrief.pdf
A well-written appeal motion in the case of the guy who "hacked" AT&T by changing the number at the end of a URL.
law  hacking  via:VolokhConspiracy 
december 2013 by mcherm
Defcon 21: The White Hat's Dilemma - Google Drive
Ethics of computer security: better think it through before it happens.
programming  softwaredevelopment  ethics  hacking  security  via:HackerNews 
august 2013 by mcherm
An update on our war against account hijackers | Official Google Blog
Google shares some information about attacks on Gmail accounts. Apparently they're filtering ~99% of spam. Attacks on accounts by guessing passwords used elsewhere is rampant and organized... a few organizations do 100s of attacks per second. They combat this with extra authentication for suspicious login attempts and 2-factor authentication.
google  security  spam  hacking  phishing  gmail  blogworthy  via:boingboing 
february 2013 by mcherm
China’s Army Is Seen as Tied to Hacking Against U.S. -
Chinese government sponsored hacking against US corporations and infrastructure.
via:reddit  security  hacking 
february 2013 by mcherm
Henry Schwarz's ATM & EFT-POS Security Blog: Black Hatted
The story of a hacker who figured out an ATM vulnerability, then disclosed it in a very ethical fashion (including waiting a year for a patch to be deployed!), as told from the point of view of the programmer at the ATM company.
banking  security  hacking 
june 2012 by mcherm
Confirmed: US and Israel created Stuxnet, lost control of it | Ars Technica
Stuxnet was written by the US and Israeli governments. It escaping to the wild was NOT intentional.
security  politics  law  hacking  via:ArsTechnica  ArsTechnica 
june 2012 by mcherm
The Google attack: How I attacked myself using Google Spreadsheets and I ramped up a $1000 bandwidth bill
He accidentally downloaded $1000 worth of data from his own Amazon account using Google.
security  amazon  hacking  ddos  google 
april 2012 by mcherm
Hackers politely deface security firm website, suggest fixes
A very polite approach: they found a vulnerability on a security company website and replaced the front page with a "here's how to fix your vulnerability" note.
security  hacking  via:ArsTechnica  ArsTechnica 
april 2012 by mcherm
geekchick77 | What she Really said: Fighting Sexist Jokes the Geeky Way
She was sick of a sexist joke... and folks had even written a bot to automatically spam this joke to the chat server. So she wrote a bot that replied to the joke with a random feminist joke. Lots of people became uncomfortable then. A BRILLIANT HACK!
sexism  gender  programming  socialcomputing  hacking 
march 2012 by mcherm
Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits - Forbes
A broker who sells zero day exploits for hundreds of thousands of dollars each. He has a brisk market.
via:ChristopherSoghoian  security  hacking 
march 2012 by mcherm
Bitcoin War: The First Real Threat to Bitcoin? | Privacy Online News
If someone controlled 51% of bitcoin they could break it. Someone owns 15%.
bitcoin  cryptography  hacking 
march 2012 by mcherm
Paswords - You Can't Do It Right
Why passwords are no longer an acceptable security mechanism. (1) people are dumb with them, (2) people who TRY to be smart with them fail, (3) cracking is amazingly fast. My current scheme takes only 4 yrs to crack w/ just one machine.
security  programming  hacking  encryption  cryptography  via:JamesIry  blogworthy 
december 2011 by mcherm
Unicode’s “right-to-left” override obfuscates malware’s filenames – Boing Boing
Include a unicode Ux202e (begin left-to-right text) to disguise a malicious filename by, for example, ending it with "txt.exe" which executes like .exe but displays like ".txt".
security  via:boingboing  hacking  unicode 
october 2011 by mcherm
The Inside Story of the Kelihos Botnet Takedown | threatpost
Story of how Kapersky (with help from Microsoft) took control of a big botnet.
hacking  botnet  kapersky  via:slashdot 
september 2011 by mcherm
How we found the file that was used to Hack RSA - F-Secure Weblog : News from the Lab
How RSA was hacked to gain access to a defense company that used them for security.
via:HackerNews  hacking  flash  virus  security 
august 2011 by mcherm
Spy vs. Spy: Casinos Can't See The Cameras Hidden Up Gamblers' Sleeves | Popular Science
Casinos having trouble dealing with cheaters who use micro-sized cameras and off-site confederates.
security  hacking  via:boingboing 
august 2011 by mcherm
Hacking Smart Batteries
Apple's smart batteries can be hacked.
security  apple  hardware  hacking  via:boingboing 
july 2011 by mcherm
Richard Clarke: China's Cyberassault on America -
Claims are made that China is systematically hacking US computer systems.
via:reddit  hacking 
june 2011 by mcherm
$500,000 in bitcoins stolen
$500,000 in bitcoins stolen; someone hacked his PC.
banking  hacking  bitcoin  via:reddit 
june 2011 by mcherm
RSA finally comes clean: SecurID is compromised
RSA hardware tokens were ALL compromised because someone managed to steal the seeds.
security  ArsTechnica  hacking  encryption  via:HackerNews 
june 2011 by mcherm
Cheap GPUs are rendering strong passwords useless | ZDNet
GPU (a highly parallel computer) allows incredibly rapid brute-force attempts at cryptography. It's no longer safe to use 5, 6, even 7-character random-letter-and-digit strings. In fact, it's probably no longer safe to allow people access to the hashed (and salted) form of your password.
via:slashdot  security  cryptography  hacking 
june 2011 by mcherm
High-tech medical exam cheating alleged - British Columbia - CBC News
A very clever criminal hack, but it failed. He snuck a camera into the exam while his confederate told 3 smart guys they were taking a test to be tutors. They got suspicious, caught on, and informed security, who caught the perpetrators. Moral: fool DUMB guys, not smart ones.
cheating  hacking  via:slashdot 
june 2011 by mcherm
RSA 2011: Winning the War But Losing Our Soul | threatpost
Article (not BY Bruce) about how a computer security company moved from inventing cyber attack techniques for the DOD to selling those services to some conservative groups to use to attack liberal groups.
security  hacking  ethics  via:BruceSchneier  BruceSchneier 
march 2011 by mcherm
Keep Your 40 Acres, Just Send the Mules - Boing Boing
Virus programs like Zeus are specifically targeted at banking software on personal computers and they work REALLY well. The authorities can't prosecute the leaders because they are in Russia, Ukraine, etc. They're able to control more money then they can get transferred out of the country.
banking  security  hacking  via:boingboing 
november 2010 by mcherm
Hacking the D.C. Internet Voting Pilot | Freedom to Tinker
A good writeup of the totally awesome hack of the voting machine trial that DC put on. Kudos to DC for allowing the trial -- I hope they realize that discovering the vulnerability is a GOOD not a BAD thing.
voting  hacking  via:boingboing 
october 2010 by mcherm
SNOsoft Research Team: Hacking Your Bank
A security company tells how they (as part of an authorized test) took complete control of a bank starting with social engineering and moving on to custom-created exploits.
security  hacking 
april 2010 by mcherm
Legal spying via the cell phone system | InSecurity Complex - CNET News
Some ways you can track someone's cell phone WITHOUT having any access other than what's provided to the public. Also check their voicemail.
surveillance  privacy  hacking  telecom  via:slashdot 
april 2010 by mcherm incident report for 04/09/2010 : Apache Infrastructure Team
Detailed report of a (successful) hack attempt against Apache including what worked and what didn't.
security  hacking  via:NedBatchelder  apache  personal_net 
april 2010 by mcherm
Google Hack Attack Was Ultra Sophisticated, New Details Show | Threat Level |
Some (vague) details about the hack attack that caused Google to pull out of China.
security  google  wired  via:reddit  hacking 
january 2010 by mcherm
Good Guys Bring Down the Mega-D Botnet - PC World
Astonishing. I just cannot believe that we live in a world that actually has battles between criminals and heroic (but unsupported) security experts over control of 250,000 hacked computers.
security  hacking  spam  botnet  via:reddit 
january 2010 by mcherm
The Secure Goose: TLS renegotiation vulnerability (CVE-2009-3555)
A clever trick to exploit the SSL vulnerability recently discovered by sending the message to Twitter where the attacker can then read the first 140 characters of the otherwise encrypted data stream (because twitter publishes it, of course).
hacking  security  ssl  via:slashdot 
november 2009 by mcherm
Intelligence Analyst Says Hacking Charge Doesn’t Compute | Threat Level |
Intelligence analyst with security clearance receives an email with username and password to a non-classified computer system with data about a case being investigated. He logged on for a couple of hours. Now he's being charged with unauthorized access to a computer (hacking).
security  hacking  law  secrecy 
september 2009 by mcherm
A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals) |
A very readable, very clear and very scary explanation of timing attacks and why they are very, VERY bad. Also goes on to point out an extremely serious vulnerability in Java (based on timing attacks). Really.
security  hacking  cryptography 
august 2009 by mcherm
Exclusive Interview: Hacking The iPhone Through SMS : Introduction - Review Tom's Hardware
How he hacked the iPhone via SMS. Some sophisticated techniques were used to develop the hack.
security  via:slashdot  hacking  iphone 
august 2009 by mcherm
Use Your G1 As… A Metal Detector? (VIDEO) | AndroidGuys
Creative idea: build an app that uses the built-in compass in a phone as a (poor quality) metal detector!
via:boingboing  hacking  gadgets  personal_net 
may 2009 by mcherm
« earlier      
per page:    204080120160

Copy this bookmark:

to read