Category Archives: Hacker

Is There a “WarKitteh” in Your Yard?



Not a WarKittehThe innocent looking cat that is wandering through your backyard might be up to something sneaky. Instead of hunting mice, he or she could be hunting for Wi-Fi networks. Of course, the cat probably just thinks it is out for its usual “wander around the neighborhood”.

Gene Bransfield gave a talk at DefCon titled “How to Weaponize Your Pets”. In it, he described how to turn your cat into a “WarKitteh”. Gene Bransfield works for the security company Tenacity, and he created the “WarKitteh” idea because it amused him. The “WarKitteh” name is a reference to an activity called “wardriving”. In short, it is an activity in which a person drives around looking for weak or unprotected Wi-Fi networks. Now, your cat can go do that all by itself, no driving required.

Bransfield put together a specialized collar that contained mini-computers and an antenna (which were sewn into a collar that could be worn by a pet).

The collar was placed on a Siamese cat named Coco, who belonged to Brandsfield’s wife’s grandmother. Coco turned out to be pretty good at wandering the neighborhood. Coco spent three hours exploring some of the backyards nearby.

At the same time, the cat was mapping out dozens of the neighbor’s Wi-Fi networks and was able to gather enough data to determine which would be easy to get into. The “WarKitteh” identified four routers that were using an old form of encryption that could be easily hacked into and four more routers that had no security protection on them at all.

The primary inspiration behind the “WarKitteh” was entertainment. The results, however, showed that the “WarKitteh” could be an effective way to teach people about how to better protect their Wi-Fi networks. The “internet” is in love with cats, so I can see where this has potential.

The photo you see at the top of this blog is one I took of a cat that was wandering through my backyard a few years ago. That was before “WarKitteh” technology existed. The next cat that wanders through your backyard could be a “WarKitteh”, and you would probably not even know it had been there!


Two Million Passwords Stolen by Hackers



Trustwave logoOn November 24, 2013, researchers at Trustwave discovered that hackers have obtained up to 2 million passwords for websites like Facebook, Google, Yahoo!, Twitter (and others). Researchers learned this after digging into source code from Pony bonnet. It appears that information about this has only been made public very recently.

Here’s some quick stats about some of the domains from which the passwords were stolen:

* Facebook – 318,121 (or 57%)
* Yahoo! – 60,000
* Google Accounts – 54,437
* Twitter – 21,708
* Google.com – 16,095
* LinkedIn – 8,490
* ADP (a payroll provider) – 7,978

In total, Pony botnet stole credentials for: 1.58 million websites, 320,000 email accounts, 41,000 FTB accounts, 3,000 remote desktops, and 3,000 secure shell accounts.

According to Trustwave, around 16,000 accounts used the password “123456”, 2,221 used “password” and 1,991 used “admin”. Now is a good time to go change your passwords into something strong and secure.

Doing so won’t make it entirely impossible for hackers to crack it, but it could make it more difficult. Trustwave noted that only 5% of the 2 million passwords that were stolen had excellent passwords (meaning the passwords had all four character types and were longer than 8 characters).


SIM Card Security Flaw Exposing 750 Million Cell Phones



SIM Card
SIM Card

Outdated encryption is to blame for a new risk on your cellular device. According to a report by SRLabs and research which will be presented at BlackHat on July 31st, the Subscriber Identity Module (SIM) card can be hacked in a few ways, including through SMS messages.

According to SRLabs, SIM cards use 56-bit DES encryption – a technology created in the 70s. Using what is called FPGA clusters, a SIM can be crackable. SRLabs is looking to make aware these issues, then recommend a better SIM card technology, SMS firewall and SMS filtering so simple hacking techniques cannot access SIM card data.

It is reported that over 750 million SIM cards are vulnerable to this hack. That is 1 in 8 SIM cards, according to Karsten Nohl of SRLabs. An improperly encrypted SMS message – along with use of a custom Java program – can open the SIM to the malware. A hacker can do anything from change your voicemail to access your personal information on the SIM card.

In some phones, most information is stored on the phone and not the SIM. In some phones, SIM data can also include bank information, passwords to websites and programs and more. However, as we move to mobile and wearable devices, more SIM cards will be used to connect people to cellular networks.

 

 

 


Twitter Adds Two Step Verification System



Twitter logoWhen Burger King got hacked, we all laughed at the idea McDonalds might have bought it. When the Associated Press got hacked, we noticed. But it took the Onion in getting hacked for Twitter to finally do something…

Twitter rolled out a two-step verification system for users to get extra protection against would-be hackers. The verification method includes a special code that is sent via phone when they try to log in. With this extra step using a cell phone, hackers can become thwarted in trying to access an account.

This is not a new process – Facebook and Google both give this second verification step in your security features. Its better than a password because you don’t need to remember one. Its also better than a “name your pet” verification because in some cases (like Sarah Palin) people know that information.

“Today we’re introducing a new security feature to better protect your Twitter account: login verification,” says Jimio from the Twitter Product Security Team on the Twitter blog. “With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application.

If you choose not to opt in you run risk of getting hacked. Of course, you also need to keep your phone numbers up-to-date. If that changes, you might have problems getting into your accounts.

If your Twitter Gets Hacked

First, attempt to change your password. If you still can’t log in, contact Twitter through a Support request. (choosing “Hacked account” from the list of options).


LivingSocial has been Hacked



LivingSocialAre you using LivingSocial? At the top of their website today is an important notice for customers that says “if you haven’t already updated your LivingSocial password, please update it now”. According to CNN the LivingSocial website, which people use to get daily deals, suffered a cyberattack on some of its servers. Data for more than 50 million users may have been accessed. LivingSocial says that credit card data was not affected by the cyberattack.

AllThingsD has posted the entire email from CEO Tim O’Shaughnessy that was sent to employees of LivingSocial. The email states:

The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords – technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The same paragraph was in an email sent to users of LivingSocial, along with instructions about how to change their password. Users are encouraged to also change passwords on any other sites in which they used the same, or similar, password as the one they were using on LivingSocial.

I am not a user of LivingSocial, but I know that it is a website that offers people daily deals on a variety of things. There are many other websites, and apps, that also offer special deals to users. When people sign up for these types of things, they are doing it because they want to save money.

Nobody thinks about the potential for their favorite deals website to get hacked. It makes me wonder if the ability to get good deals through services like LivingSocial is really worth the risk of having your personal information out there (potentially accessible to hackers).


55,000 Twitter Accounts Have Been Hacked



An anonymous source, (but not the hacker group that goes by the name “Anonymous”) has hacked more than 55,000 Twitter accounts. This includes the username and password of each of the compromised Twitter accounts.

Was yours one of the thousands that were hacked? There is a huge list of the Twitter accounts that were affected that you can sort through. Someone put them onto Pastebin. There are so many of them that the list had to be split into five separate lists.

They are: Page One, Page Two, Page Three, Page Four, and Page Five. According to AirDemon.net You can find your account by using the find feature in your browser (CTRL + F) and typing in your email ID.

At this time, it appears that Twitter has disabled many of the accounts that were hacked. A spokesperson from Twitter said:

“We’ve discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked – that is, the password and username are not actually associated with each other”.

It sounds to me like perhaps, some anonymous hacker decided to take action against the plethora of spam accounts that keep popping up on Twitter, (since Twitter doesn’t seem to do a whole lot to get rid of them or prevent new spammers from appearing). We are all tired of being followed by spam Twitter accounts. Perhaps the anonymous hacker is sort of acting like a modern day “Robin Hood”, only, instead of taking money from the rich and redistributing it to the poor, he or she is taking spam accounts from Twitter, and making Twitter do something about them.

If you are concerned that your Twitter account is among the thousands that were hacked, you might want to go ahead and change your password. Those of you that connected your Twitter account to your Facebook account, or other forms of social media, might want to check to see if those connected accounts have been affected as a result of the hacked Twitter accounts.


YouTube Hackers Invade Sesame Street, Replace with Porn



Sesame Street
Sesame Street Logo

Sunny Day, but the streets look different…

Visitors to the iconic children’s show “Sesame Street” on YouTube got a rude awakening on Sunday. All videos were deleted, and replaced with pornographic material. The header on the front page said “Sesame Street: It’s Where Porn Lives”. YouTube took instant action and brought down the site within the hour. At this moment, the page is still offline.

The blame has been running around as Reddit has a thread, blaming a person titled “MrEdxwx” . MrEdxwx has responded with a video stating his case that he did not hack Sesame Street.

Their Facebook Page has a public apology:

We apologize for any inconvenience our audience may have experienced today on ourSesame Street YouTube channel.  Our channel was compromised and we are presently working with YouTube/Google to restore our original content. We always strive to provide age-appropriate content for our viewers and hope to resolve this problem quickly.

This article was brought to you by the letters and numbers – H4cK0r.