This past weekend, the internet shed a collective tear for tech writer Mat Honan as his entire digital identity was eviscerated by hackers for no particular reason (unless you consider the fact that they liked his short Twitter handle, @mat, as a legitimate reason). In the wake of this Epic Hack, nearly every tech blog has offered suggestions on how to secure your online identity; here is a rundown of some of the best advice:

Read More →

Sony’s PlayStation Network, which allows more than 75 million gamers worldwide to play interactively with one another, was breached last Wednesday, causing the network to crash completely. This Tuesday, it was revealed that personal information may have been compromised. Today, more information is surfacing to the vast scope and severity of what Sony is describing as a “network intrusion.”

Read More →

We all know that hacking into other people’s e-mail accounts is wrong; especially if you are planning on committing a crime like fraud or stealing personal details with the intention of blackmail. But what if you looked into your family member’s e-mail account, only because you were fearing for the safety of your own child?—from your own home computer. Should it be punishable on the same level of crime as identity fraud or stealing millions of dollars from giant corporations?

For Leon Walker, a Michigan man that looked into his wife’s e-mail address, it might just be. Walker was charged with unauthorized access to a computer in order to “acquire, alter, damage, delete or destroy property,” and will be going to trial on Feb. 7th. If found guilty he might face up to 5 years in prison.

But how exactly did Walker “hack” into his wife’s e-mail account, and why?

It wasn’t by using any technical or complex hacking process or tool. Instead, he used their home computer, which he had paid for, and looked up his wife’s e-mail password in an address book that she keept right next to the computer. And what he found he was rightly suspicious about.

His wife was having an affair with her second ex-husband, who  had previously been arrested for beating her in front of her son. Finding this out, Walker not only had reason to confront her, but he also brought up the e-mail in their divorce and child custody battle, which is when she reported him to the police.

But should Walker be found guilty of this crime? And should it even be considered a crime in a domestic case where the man was fearing for the safety of his own children? Widener University law professor Michael Dimino says even though generally these laws are applied to identity theft cases or stealing trade secrets, people could be rightfully prosecuted under these statutes if their interest is just curiosity.

We will find out on Feb 7th what the judges decide, but until then what do you think? Is it right to snoop on your significant other’s e-mail, or should it be a crime?

(Via NY Daily News) / (Graph taken from Today)  / (Image by Comedy_nose, licensed under Creative Commons)

Read More →

thinkYou know the text message you just sent using your new iPhone? That one about how much of a “power-hungry slave driver” your boss is?

Until Apple releases a patch to correct the issue, you better hope he doesn’t have the same skills as the two European researchers that recently discovered a way to hijack the iPhone.

Vincenzo Iozzo, 22, and Ralf Philipp Weinmann, 32, successfully broke into the iPhone and hacked into the SMS database in about 20 seconds during the Pwn2Own hacking contest. They were even able gain access to messages that had already been deleted. The hacking technique developed by the two researchers, known as an exploit, could have also extracted the phone contact list, the email database, photographs, and iTunes music files on any iPhone.

The iPhone’s sandbox, a security tool that protects the iPhone from being attacked, was able to keep the hackers from bypassing it. But the winning exploit was strong enough to operate without having to break free from the sandbox.

“Apple has pretty good counter-measures but they are clearly not enough,” said Halvar Flake, a security researcher that assisted with the exploit.

Weinmann said that they were able to hone in an a vulnerability in the iPhone’s design. By using the exploit, a hacker is able to have the same user privileges as a non-root user called mobile located in the iPhone sandbox.

“It was a real world exploit against a popular device, ” said Aaron Portnoy, a security researcher from the company sponsoring the Pwn2Own hacking contest, TippingPoint Zero Day Initiative. “They exfiltrated the entire SMS database in about 20 seconds. It was as if a webpage was loading.”

TippingPoint ZDI will report the issue to Apple and will withhold details until a patch to correct the vulnerability is released.

(Via ZDNet)

 

Read More →

tsaThe Department of Justice recently charged a former Transportation System Administrtaion (TSA) employee, Douglas James Duchak,  with trying to inject malicious code into TSA’s internal database, the implications of which could be disastrous to the safety of the United States.  Duchak worked in TSA’s Colorado Springs Operations Center from August 2004 to October 2009 where he was a data analyst in charge of

Read More →

power-plantMcAfee, a security software company, and the Center for Strategic and International Studies in Washington, recently surveyed 600 executives and technology managers from infrastructure operators in 14 countries and came up with a report that will shock the public. In the wake of the recent explosion at a power plant in Middletown, Connecticut, for which the cause has yet to be determined, this news is especially unsettling.

Read More →