In the US a 19-year-old phreaker (or phone phreak) has been sentenced to more than eleven years in prison because he placed numerous emergency calls resulting in the dispatch of special police units or SWAT teams (Special Weapons and Tactics). The SWAT teams arrived at the locations from which the calls were placed only to find sleeping families. Such incidents are increasingly common in the US, giving rise to the term swatting.
A Pennsylvania man has been charged with allegedly launching distributed denial-of-service (DDoS) attacks against at least nine Web sites, including Rolling Stone magazine's site, which was attacked multiple times for nearly a year.
In a move to close the door on the largest reported retail data breach in history, TJX announced Tuesday that it has settled with 41 states who were probing the discount merchant's data security practices.
TJX, which operates more than 2,500 outlets nationwide, agreed to pay $9.75 million to settle investigations by 41 state attorneys general, who were looking into the monster breach, announced in January 2007, that exposed as many as 94 million credit and debit card numbers.
It has just become apparent that, on June 16, attackers hacked into the web server of the SquirrelMail open source project. The operators have suspended all accounts and reset all crucial passwords. Access to the original server and to all the available plug-ins has also been disabled. The operators believe that none of the plug-ins has been compromised, but investigations are still in progress. Third party plug-ins can be used to add features to SquirrelMail.
In the third of a three-part Q&A series with hackers, Lamo, now 28, talks about his "hack value," his remorse for the trouble he caused network administrators, and how he hopes to make people smile.
Q: How did you get started hacking?
I was around computers as a very young child. I had a Commodore 64 when I was like 6 or so. And my first interest in seeing how things worked behind the scenes wasn't all about technology necessarily, and my interest in what you might call hacking isn't really primarily about technology...It's not sexy when I'm exploring less obvious aspects of the world that don't involve multibillion-dollar corporations. There's a certain amount of tunnel vision there.
Writing buggy applications is a cinch--for decades, the world's software developers have been proving that with just about every program they release. Truly interesting bugs, however, are a relatively rare breed. I'm talking about the kind that cause technology products and services to stop working for extended periods, or that prompt them to behave as if they were possessed or harbored grudges against the humans who use them. And even though the bugs themselves usually stem from mundane errors such as typos or faulty math, their symptoms are anything but boring.
There is no question who the most famous hacker is. One of the first computer hackers prosecuted, Kevin Mitnick was labeled a "computer terrorist" after leading the FBI on a three-year manhunt for breaking into computer networks and stealing software at Sun, Novell, and Motorola.
In the first in a three-part Q&A series with hackers, CNET News talked to Mitnick, now 45, about what got him interested in computers in the first place, the differences between hacking today and three decades ago, and whether it's wise to hire a former black hat hacker to do security work.
Hackers love a challenge. And more than that, they love cash.
That's what Telesign found out this week. A provider of voice-based authentication software, the company challenged hackers to break into its StrongWebmail.com Web site late last week. The prize? US$10,000.
On Thursday, a group of security researchers claimed to have won the contest, which challenged hackers to break into the Web mail account of StrongWebmail CEO Darren Berkovitz and report back details from his June 26 calendar entry.
Looks like a combination of easily avoidable attack vectors and uninformed users clicking on things they shouldn't.As many as 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense.
The affected sites have been hacked to host JavaScript code that directs people to a fake Google Analytics Web site, which provides data for Web site owners on a site's usage, then to another bad site, said Carl Leonard, threat research manager for Websense.
Another article discussing the legendary l0phtcrack password cracking and auditing tool. Works on crypt, NTLM Windows passwords, and many other types. Great stuff.
It's official: The famous password-cracking tool L0phtCrack is back, and its creators plan to keep it that way.
L0phtCrack 6 tool, released Wednesday, was developed in 1997 by Christien Rioux, Chris Wysopal, and Peiter "Mudge" Zatko from the former L0pht Heavy Industries -- the hacker think tank best known for testifying before Congress that it could shut down the Internet in 30 minutes. In January of this year, Rioux, Wysopal, and Zatko bought back L0phtCrack from Symantec, and later announced they would build a new version of the tool with support for 64-bit Windows platforms and other new features.
