Category Archives: Hacker

Clap for Kano’s Camera Kit at CES 2018



Kano‘s mission is to encourage people, particularly children, to see computers not as unchangeable appliances but as tools to be made, shaped, coded and shared. Their kits plug together bits, boards, buttons and cables to make individual and personalised computers. Bruno gives Todd a hand to develop a selfie camera from their new Camera Kit.

Kano’s approach is to challenge each young developer into programming simple apps that achieve technical goals. Using Kano’s development tools it’s really easy to build programs as the tools come with code building blocks for things like taking a picture or responding to noise via a microphone. Consequently, even Todd can code an app to take a picture when someone claps.

The Camera Kit‘s not expected until next year but you can sign up to hear the latest news. Expect the price to be around US$99.

Todd Cochrane is the host of the twice-weekly Geek News Central Podcast at GeekNewsCentral.com.

Become a GNC Insider today!

Support my CES 2018 Sponsor:
30% off on New GoDaddy Orders cjcgeek30
$.99 for a New or Transferred .com cjcgeek99 @ GoDaddy.com
$1.00 / mo Economy Hosting with a free domain. Promo Code: cjcgeek1h
$1.00 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgeek1w
Donate to the Show: Support this podcast

DDoS Attacks Shut Down Online Gaming Servers



Sony Playstation LogoWas your favorite online video game difficult to access over the weekend? There is a reason for that. A group decided to use a DDoS attack against several of the big gaming companies servers. I’ve no idea what the motivation of this group was, and choose not to speculate as to what they may have been thinking. If you were on Twitter this weekend you may have seen a lot of confused and frustrated tweets from gamers who were just trying to have fun playing some online video games.

The group targeted Blizzard Entertainment’s servers. This caused difficulties for those trying to access Battle Net, World of Warcraft, Diablo III, Hearthstone and other Blizzard games. Riot Games’ League of Legends was attacked and so was Grinding Gear Game’s Path of Exile.

Blizzard was keeping people informed about the outage through their @BlizzardCS account on Twitter. They did not directly mention a DDos attack, and instead tweeted things like “We’re investigating issues where players are unable to connect or log into their characters.” Updates about the situation were provided through that Twitter account.

Sony’s PlayStation Network (PSN) was attacked, too. The PlayStation Blog has a post that gives some details.

The original post started with Like other major networks around the world, the PlayStation Network and Sony Entertainment Network have been impacted by an attempt to overwhelm our network with artificially high traffic. The blog was later updated to say: The PlayStation Network and Sony Entertainment Network are back online and people can now enjoy the services on their PlayStation devices. The networks were taken offline due to a distributed denial of service attack.

Grinding Gear Games sent out a Tweet on their @PathofExile Twitter account about it.

From what I saw via Twitter, it appeared that some of these gaming companies had their servers go down more than once. I am of the impression that stability has been restored to the affected servers now. Hopefully, that is the end of the problem.


Is There a “WarKitteh” in Your Yard?



Not a WarKittehThe innocent looking cat that is wandering through your backyard might be up to something sneaky. Instead of hunting mice, he or she could be hunting for Wi-Fi networks. Of course, the cat probably just thinks it is out for its usual “wander around the neighborhood”.

Gene Bransfield gave a talk at DefCon titled “How to Weaponize Your Pets”. In it, he described how to turn your cat into a “WarKitteh”. Gene Bransfield works for the security company Tenacity, and he created the “WarKitteh” idea because it amused him. The “WarKitteh” name is a reference to an activity called “wardriving”. In short, it is an activity in which a person drives around looking for weak or unprotected Wi-Fi networks. Now, your cat can go do that all by itself, no driving required.

Bransfield put together a specialized collar that contained mini-computers and an antenna (which were sewn into a collar that could be worn by a pet).

The collar was placed on a Siamese cat named Coco, who belonged to Brandsfield’s wife’s grandmother. Coco turned out to be pretty good at wandering the neighborhood. Coco spent three hours exploring some of the backyards nearby.

At the same time, the cat was mapping out dozens of the neighbor’s Wi-Fi networks and was able to gather enough data to determine which would be easy to get into. The “WarKitteh” identified four routers that were using an old form of encryption that could be easily hacked into and four more routers that had no security protection on them at all.

The primary inspiration behind the “WarKitteh” was entertainment. The results, however, showed that the “WarKitteh” could be an effective way to teach people about how to better protect their Wi-Fi networks. The “internet” is in love with cats, so I can see where this has potential.

The photo you see at the top of this blog is one I took of a cat that was wandering through my backyard a few years ago. That was before “WarKitteh” technology existed. The next cat that wanders through your backyard could be a “WarKitteh”, and you would probably not even know it had been there!


Two Million Passwords Stolen by Hackers



Trustwave logoOn November 24, 2013, researchers at Trustwave discovered that hackers have obtained up to 2 million passwords for websites like Facebook, Google, Yahoo!, Twitter (and others). Researchers learned this after digging into source code from Pony bonnet. It appears that information about this has only been made public very recently.

Here’s some quick stats about some of the domains from which the passwords were stolen:

* Facebook – 318,121 (or 57%)
* Yahoo! – 60,000
* Google Accounts – 54,437
* Twitter – 21,708
* Google.com – 16,095
* LinkedIn – 8,490
* ADP (a payroll provider) – 7,978

In total, Pony botnet stole credentials for: 1.58 million websites, 320,000 email accounts, 41,000 FTB accounts, 3,000 remote desktops, and 3,000 secure shell accounts.

According to Trustwave, around 16,000 accounts used the password “123456”, 2,221 used “password” and 1,991 used “admin”. Now is a good time to go change your passwords into something strong and secure.

Doing so won’t make it entirely impossible for hackers to crack it, but it could make it more difficult. Trustwave noted that only 5% of the 2 million passwords that were stolen had excellent passwords (meaning the passwords had all four character types and were longer than 8 characters).


SIM Card Security Flaw Exposing 750 Million Cell Phones



SIM Card
SIM Card

Outdated encryption is to blame for a new risk on your cellular device. According to a report by SRLabs and research which will be presented at BlackHat on July 31st, the Subscriber Identity Module (SIM) card can be hacked in a few ways, including through SMS messages.

According to SRLabs, SIM cards use 56-bit DES encryption – a technology created in the 70s. Using what is called FPGA clusters, a SIM can be crackable. SRLabs is looking to make aware these issues, then recommend a better SIM card technology, SMS firewall and SMS filtering so simple hacking techniques cannot access SIM card data.

It is reported that over 750 million SIM cards are vulnerable to this hack. That is 1 in 8 SIM cards, according to Karsten Nohl of SRLabs. An improperly encrypted SMS message – along with use of a custom Java program – can open the SIM to the malware. A hacker can do anything from change your voicemail to access your personal information on the SIM card.

In some phones, most information is stored on the phone and not the SIM. In some phones, SIM data can also include bank information, passwords to websites and programs and more. However, as we move to mobile and wearable devices, more SIM cards will be used to connect people to cellular networks.

 

 

 


Twitter Adds Two Step Verification System



Twitter logoWhen Burger King got hacked, we all laughed at the idea McDonalds might have bought it. When the Associated Press got hacked, we noticed. But it took the Onion in getting hacked for Twitter to finally do something…

Twitter rolled out a two-step verification system for users to get extra protection against would-be hackers. The verification method includes a special code that is sent via phone when they try to log in. With this extra step using a cell phone, hackers can become thwarted in trying to access an account.

This is not a new process – Facebook and Google both give this second verification step in your security features. Its better than a password because you don’t need to remember one. Its also better than a “name your pet” verification because in some cases (like Sarah Palin) people know that information.

“Today we’re introducing a new security feature to better protect your Twitter account: login verification,” says Jimio from the Twitter Product Security Team on the Twitter blog. “With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application.

If you choose not to opt in you run risk of getting hacked. Of course, you also need to keep your phone numbers up-to-date. If that changes, you might have problems getting into your accounts.

If your Twitter Gets Hacked

First, attempt to change your password. If you still can’t log in, contact Twitter through a Support request. (choosing “Hacked account” from the list of options).


LivingSocial has been Hacked



LivingSocialAre you using LivingSocial? At the top of their website today is an important notice for customers that says “if you haven’t already updated your LivingSocial password, please update it now”. According to CNN the LivingSocial website, which people use to get daily deals, suffered a cyberattack on some of its servers. Data for more than 50 million users may have been accessed. LivingSocial says that credit card data was not affected by the cyberattack.

AllThingsD has posted the entire email from CEO Tim O’Shaughnessy that was sent to employees of LivingSocial. The email states:

The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords – technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The same paragraph was in an email sent to users of LivingSocial, along with instructions about how to change their password. Users are encouraged to also change passwords on any other sites in which they used the same, or similar, password as the one they were using on LivingSocial.

I am not a user of LivingSocial, but I know that it is a website that offers people daily deals on a variety of things. There are many other websites, and apps, that also offer special deals to users. When people sign up for these types of things, they are doing it because they want to save money.

Nobody thinks about the potential for their favorite deals website to get hacked. It makes me wonder if the ability to get good deals through services like LivingSocial is really worth the risk of having your personal information out there (potentially accessible to hackers).