Geek News: Latest Technology, Product Reviews, Gadgets and Tech Podcast News for Geeks

Twitter Adds Two Step Verification System

Posted by J Powers at 10:50 AM on May 23, 2013

Twitter logoWhen Burger King got hacked, we all laughed at the idea McDonalds might have bought it. When the Associated Press got hacked, we noticed. But it took the Onion in getting hacked for Twitter to finally do something…

Twitter rolled out a two-step verification system for users to get extra protection against would-be hackers. The verification method includes a special code that is sent via phone when they try to log in. With this extra step using a cell phone, hackers can become thwarted in trying to access an account.

This is not a new process – Facebook and Google both give this second verification step in your security features. Its better than a password because you don’t need to remember one. Its also better than a “name your pet” verification because in some cases (like Sarah Palin) people know that information.

“Today we’re introducing a new security feature to better protect your Twitter account: login verification,” says Jimio from the Twitter Product Security Team on the Twitter blog. “With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application.

If you choose not to opt in you run risk of getting hacked. Of course, you also need to keep your phone numbers up-to-date. If that changes, you might have problems getting into your accounts.

If your Twitter Gets Hacked

First, attempt to change your password. If you still can’t log in, contact Twitter through a Support request. (choosing “Hacked account” from the list of options).

Tags: , , , , , ,

Posted in Hacker, Twitter

Comments 1 Comment

LivingSocial has been Hacked

Posted by JenThorpe at 4:26 PM on April 26, 2013

LivingSocialAre you using LivingSocial? At the top of their website today is an important notice for customers that says “if you haven’t already updated your LivingSocial password, please update it now”. According to CNN the LivingSocial website, which people use to get daily deals, suffered a cyberattack on some of its servers. Data for more than 50 million users may have been accessed. LivingSocial says that credit card data was not affected by the cyberattack.

AllThingsD has posted the entire email from CEO Tim O’Shaughnessy that was sent to employees of LivingSocial. The email states:

The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords – technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The same paragraph was in an email sent to users of LivingSocial, along with instructions about how to change their password. Users are encouraged to also change passwords on any other sites in which they used the same, or similar, password as the one they were using on LivingSocial.

I am not a user of LivingSocial, but I know that it is a website that offers people daily deals on a variety of things. There are many other websites, and apps, that also offer special deals to users. When people sign up for these types of things, they are doing it because they want to save money.

Nobody thinks about the potential for their favorite deals website to get hacked. It makes me wonder if the ability to get good deals through services like LivingSocial is really worth the risk of having your personal information out there (potentially accessible to hackers).

Tags:

Posted in Hacker, Security

Comments 5 Comments

55,000 Twitter Accounts Have Been Hacked

Posted by JenThorpe at 6:02 PM on May 8, 2012

An anonymous source, (but not the hacker group that goes by the name “Anonymous”) has hacked more than 55,000 Twitter accounts. This includes the username and password of each of the compromised Twitter accounts.

Was yours one of the thousands that were hacked? There is a huge list of the Twitter accounts that were affected that you can sort through. Someone put them onto Pastebin. There are so many of them that the list had to be split into five separate lists.

They are: Page One, Page Two, Page Three, Page Four, and Page Five. According to AirDemon.net You can find your account by using the find feature in your browser (CTRL + F) and typing in your email ID.

At this time, it appears that Twitter has disabled many of the accounts that were hacked. A spokesperson from Twitter said:

“We’ve discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked – that is, the password and username are not actually associated with each other”.

It sounds to me like perhaps, some anonymous hacker decided to take action against the plethora of spam accounts that keep popping up on Twitter, (since Twitter doesn’t seem to do a whole lot to get rid of them or prevent new spammers from appearing). We are all tired of being followed by spam Twitter accounts. Perhaps the anonymous hacker is sort of acting like a modern day “Robin Hood”, only, instead of taking money from the rich and redistributing it to the poor, he or she is taking spam accounts from Twitter, and making Twitter do something about them.

If you are concerned that your Twitter account is among the thousands that were hacked, you might want to go ahead and change your password. Those of you that connected your Twitter account to your Facebook account, or other forms of social media, might want to check to see if those connected accounts have been affected as a result of the hacked Twitter accounts.

Posted in Hacker, Twitter

Comments 1 Comment

YouTube Hackers Invade Sesame Street, Replace with Porn

Posted by J Powers at 7:34 AM on October 17, 2011
Sesame Street

Sesame Street Logo

Sunny Day, but the streets look different…

Visitors to the iconic children’s show “Sesame Street” on YouTube got a rude awakening on Sunday. All videos were deleted, and replaced with pornographic material. The header on the front page said “Sesame Street: It’s Where Porn Lives”. YouTube took instant action and brought down the site within the hour. At this moment, the page is still offline.

The blame has been running around as Reddit has a thread, blaming a person titled “MrEdxwx” . MrEdxwx has responded with a video stating his case that he did not hack Sesame Street.

Their Facebook Page has a public apology:

We apologize for any inconvenience our audience may have experienced today on ourSesame Street YouTube channel.  Our channel was compromised and we are presently working with YouTube/Google to restore our original content. We always strive to provide age-appropriate content for our viewers and hope to resolve this problem quickly.

This article was brought to you by the letters and numbers – H4cK0r.

 

Tags: , , , , ,

Posted in Hacker

Comments Comments Off

Sony Issues Statement About the PlayStation Network

Posted by Alan Buckingham at 3:27 PM on October 12, 2011

playstation network

2010 and 2011 have been rough years for Sony and for PS3 owners who use the popular PlayStation Network for online gaming.  The service has come under attack, and been taken down, on more than one occasion, and for extended time periods.  The latest attack began to hit the news yesterday, when it was learned that the service was again under attack.

Reports have ranged from DDOS attack to user account hacking, but earlier today Sony finally set the record straight about what is going on, how extensive the attack is, and what steps they are taking fix the problem.

According to Sony, the attack spanned three of their networks – the PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment.  A total of approximately 93,000 users have been affected, and those accounts have now been locked by Sony.  It appears to have been a hacking attack – the perpetrators attempted to gain log-in access to accounts, and succeeded on 93,000 of them, which is actually a relatively small percentage.  At this time, Sony says that those users’ credit card data is still safe.

If you have a PSN account, even if you don’t think you were affected, I would still recommend changing your password.  Use a long password that incorporates letters, numbers, and symbols.  Although, Sony says credit information wasn’t gained, it would still be prudent to monitor you account closely and report anything that seems suspicious.

Below is full text of Sony’s announcement.

“12 October 2011

Tokyo, October 12 – Sony Network Entertainment International LLC and Sony Online Entertainment (SOE) have detected a large amount of unauthorized sign-in attempts on PlayStation®Network (PSN), Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) services. We discovered these attempts and have taken steps to mitigate the activity.

Less than one tenth of one percent of our PSN, SEN and SOE consumers may have been affected. There were approximately 93,000 accounts (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. As a preventative measure, we will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures.

Credit card numbers associated with these accounts are not at risk as a result of these unauthorized attempts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are continuing to investigate the extent of unauthorized activity on any of these accounts.

These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or sources. These were unauthorized attempts to verify valid user accounts on our services using very large sets of sign-in IDs and passwords. Between October 7 – 10 US Pacific Daylight Time, we confirmed that these were unauthorized attempts, and took steps to thwart this activity.

For the latest updates please visit http://blog.eu.playstation.com/

Tags: , , , ,

Posted in Hacker, Sony

Comments 1 Comment

How To Hack Mobile Phone Voicemail

Posted by Andrew at 2:44 PM on July 11, 2011

As the fall-out from the News of the World scandal continues, many sources continue to inaccurately refer to “mobile phone hacking”. The truth (as far as is known) was that it was the voicemail of the mobile phone that was hacked rather than the phone itself. There are two ways to do this – the first is to simply guess the PIN of the voicemail and the second is to use Caller ID spoofing.

In the mid-2000s, most mobile phone voicemail systems were poorly protected as they typically came with a default PIN which was often easily guessed and only varied  according to the mobile phone company. Most users didn’t bother to change the PIN. Say the phone was on Orange, then the default PIN was 1234. If it was Vodafone, then 0000.  Typically, the villain then makes two simultaneous calls to the victim. One will be picked up, the other will go to voicemail.   By then pressing “*” or “#” while listening to the voicemail prompts, the individual can gain access to the voicemail system using the default PIN. Computeractive has article covering this scenario and how, in theory, it would be harder (but not impossible) to take this approach today.

As for Caller ID spoofing, this technique makes a call look like it’s coming from a different number than it actually is. It can be used legally to make someone calling from a mobile to actually appear to be coming from a company office, so that the person’s mobile number is not divulged. However, in some instances it has been used to gain access to voicemail boxes as many voicemail systems do not ask for further identification if the system recognises the inbound Caller ID as one of its own. PC Mag and c|net have short articles on how this is done and worryingly, this is still a threat. The Wall Street Journal covered the problem in 2010 before the current scandal broke.

It would appear that the best protection to both these attacks is (a) to change your PIN on your voicemail and (b) require your PIN even when calling from your own mobile phone. That way, even if your Caller ID is spoofed, the caller can’t get in without knowing your PIN.

Tags: , , , ,

Posted in Crime, Hacker, mobile, Security

Comments Comments Off

“News of the World” Phone Hacking Scandal

Posted by Andrew at 3:45 AM on July 7, 2011

News International today announced that this Sunday’s edition of the News of the World newspaper would be the last edition and that the newspaper was closing down. Ostensibly the reason is that a phone hacking scandal had a irretrievably stained the name of the newspaper but the suspicion is that there’s far more to the closure.

For non-UK residents, it’s an astonishing story that involves several alleged crimes and some disgraceful behaviour. First of all, News of the World (NOTW) is one of the biggest selling Sunday newspapers with around 40% of the market and 2.8 million readers. It’s been going for 168 years and while considered a tabloid paper, it has been instrumental in revealing other scandals involving politicians and other well-known figures.

The scandal itself is that around six years ago, a private investigator used by the newspaper is alleged to have hacked into the voice mailboxes of over 4,000 people, including royal aides, sports stars, celebrities and politicians. Even worse, it is further alleged that the mailboxes of soldiers killed in Iraq and murder victims were hacked into. In particular, the alleged deletion of messages on Milly Dowler’s phone is suggested to have given hope to her parents that she was still alive when she had been killed.

Rumours of the hacking arose when the newspaper published stories that could only have been discovered from personal messages. The private investigator and the journalist involved were sent to prison back in 2007 and at the time, a police investigation suggested that the two individuals involved acted alone. In 2009, the Guardian newspaper claimed that thousands of mailboxes had been hacked and that the practice was well known and routine. The Metropolitan Police refused to re-open the investigation. It has also now been alleged that NOTW made payments to the police in return for information. The hacking of the mobile phone’s voice mail was not sophisticated. The private investigator simply relied on the fact that most people did not bother changing the default PIN on their voice mailbox.

Over the past week, as the revelations of the alleged hacking continued, public opinion turned against NOTW. Major advertisers in the paper withdrew their contracts, unwilling to be associated with the unfolding scandal. It was perhaps inevitable that the NOTW would have to close but it seems harsh to punish the current staff for the activities of their predecessors.

The intrigue continues as the parent company, News International, is keen to buy out the remaining shares in BSkyB. However, this had raised concerns that one single company would own too much of the UK media – News International owns the The Times too. The suggestion has been made that by closing one newspaper, NOTW, this will reassure the regulatory authorities but there are also now questions about whether News International is fit and proper to take over BSkyB. It is rumoured that News International will launch a Sunday edition of a sister newspaper The Sun. The domains “TheSunOnSunday.co.uk” and “TheSunOnSunday.com” were registered two days ago, though it’s not clear by who registered them

It’s an amazing scandal and totally despicable – some of the stuff you couldn’t make up. If there’s one thing to be learnt from the scandal, it’s make sure you change the default PIN on your mobile phone’s voice mailbox.

 

Tags: , , , ,

Posted in Hacker, Media, news

Comments 2 Comments

Is it the Browser, or the People Using the Browser?

Posted by susabelle at 5:39 PM on June 2, 2011

Another breach of security, at another big name.  Or is it?  The recent announced breach of email and personal information comes to us from Google and those with Gmail accounts.  The “attacks” have come from China, and affected “top U.S. officials.”  But reading the fine print in all of the articles out there about this latest “breach,” brings up the same cause:

targeted attacks…duped victims into revealing their Gmail passwords through e-mails that pose as people or companies known to end user.”

In other words, phishing.  The users themselves were to blame for letting the hackers into their accounts.

If I leave my car unlocked and full of things like GPS devices, iPods, digital cameras, backpacks, the purchases we just made at Macy’s and the Apple Store, we can’t complain that someone stole our stuff.  If you let the crook into your living room, you can’t complain that he stole your television!

The fact is, there are always going to be people trying to rip us off.  That’s the way the world is, whether we like it or not.  We lock our cars, and the doors to our houses, because that’s the best way to keep out the bad guys.  It’s not fool proof, of course, but it reduces the chances of a theft by a whole bunch.

The same needs to be the case for use when it comes to our computers.  Not taking an extra 30 seconds to check the legitimacy of an email from someone, and to be suspicious of anyone asking for my username or password, I have successfully avoided getting a virus, a trojan, malware, or worse yet, my personal information.  In other words, I’ve never been hacked.

I’m not smarter than anyone else, I’m sure of that.  What I am is skeptical, and cautious.  I still only read email in text form (not html).  I know what my friends sound like when they write to me in an email, and I will recognize when they don’t sound like themselves.  I use strong passwords, and answer my “challenge questions” with false information that I will easily remember but that no one else can figure out.

I don’t consider this recent “attack” as a hack, as much as it is a crook taking advantage of people who have left themselves open to theft.  That crook is always looking for a way to get what is yours.  It is up to me to make sure he doesn’t have an open door to walk through.  “Top government officials” should know enough not to be phished.  And if they don’t know enough, then why aren’t they being trained to be more cautious?

This alone amazes me. It’s not that hard to be cautious, to keep a suspicious mind, and to take a few extra minutes to verify that where you’re clicking, and what information you are entering, is really something you should be doing.

Is Google supposed to take responsibility for this recent attack?  I sure don’t think so.  Place the blame where it belongs:  on the user.

Posted in Hacker, phishing

Comments 1 Comment

Barnes & Noble Nook Color e-Reader

Posted by tomwiles at 10:03 PM on May 31, 2011

Over this past weekend I ended up purchasing a $250 dollar Barnes & Noble “Nook Color” e-reader from a Best Buy store. It has a very bright, clear 7” diagonally measured widescreen capacitive glass touch screen display.

Barnes & Noble ships the Nook Color with a specialized, tightly locked-down version of Android that promotes access to the Barnes & Noble store content. It includes the Android web browser, along with a couple of games and the Pandora music service app. With the latest 1.2 version of Barnes & Noble’s Nook Color Android, they also give access to email and currently about 170 or so apps that can be purchased from the Barnes & Noble app store.

I’ll be perfectly honest here. What persuaded me to buy the Nook Color was watching a number of different YouTube videos of Nook Color units that had been hacked to run different versions of Android. As it turns out, the Nook Color is a very hacker-friendly device. The Nook Color’s WiFi radio contains Bluetooth, which Barnes & Noble’s Android does not yet take advantage of, though alternative versions of Android can and do enable Bluetooth on the device.

The Nook Color is manufactured by Foxconn, the same Chinese manufacturers that make the iPad, iPod, and many other modern consumer electronics devices. The Nook Color is a very nice piece of hardware. It has a 1.1 gigahertz Atom processor that’s backed down to 800 megahertz in order to help conserve battery life. Also when the unit is asleep very little battery power seems to be consumed.

There are several different approaches to be taken from outright replacing the Barnes & Noble Android, rooting it to allow the full Android store, to running alternative versions of Android from the included Micro-SD card reader slot built-in to the unit, leaving the Barnes & Noble Android intact.

After a weekend of experimental hacking, here are my conclusions. Though the Barnes & Noble Android is fairly limited, it offers quite a nice experience. I’ve determined that I want to keep that Barnes & Noble Nook Color experience untouched. It is quite valuable as an e-reader that offers multimedia functionality.

I can, and am, experimenting with a couple of different versions of Android running directly from a couple of different Micro-SD cards. I have a Micro-SD version of Android 2.2, as well as a version of Android 3.0. The Nook will automatically attempt to boot first from the Micro-SD reader, so when I want to boot into the built-in Barnes & Noble Android, I simply turn the unit off, eject the Micro-SD chip, and turn the unit back on.

While searching the Internet for information, I came across a website (http://www.rootnookcolor.com/)that is selling pre-configured Micro-SD chips running either Android 2.2, or Android 3.0. I ended up ordering a 2.2 version, which I won’t receive for a few days. These pre-built versions contain a boot loader, which allows the user to select which operating system to load without having to eject or insert the Micro-SD chip each time.

I am perhaps more of a unique case, since I spend most of my time in my truck. I already have the latest version of the iPod Touch, which gives me 95% percent of iPad functionality in a smaller package. When my truck is parked, my MacBook Pro is almost always online. The only use I could come up with for a tablet would be for use as a nice screen to watch video on, or an e-reader, since other uses are already covered between my iPod Touch, my MacBook, and my Sprint Evo Android smartphone. At upwards of $1,000 for a fully-configured iPad 2.0, that’s a price that’s just too steep for these functions. However, at $250 dollars for a very capable piece of hardware that can easily be made to do other things, along with something to experiment with, it starts to really become interesting.

Barnes & Noble should be commended for the Nook Color. As stated before, it is an excellent piece of hardware. It’s been a long time since I was in a Barnes & Noble brick & mortar store, and until now I haven’t felt compelled to buy any e-books from them online. However, now that I have the Nook Color I’ve started out an experimental subscription to Popular Science magazine. So far I’m enjoying the experience. The Nook Color uses the ePub format, and also uses Adobe technology to display color magazine and newspaper publications.

My hope is that since the Nook Color is so hackable, it will act as a doorway to reward Barnes & Noble.

 

Tags: , , , , , , , ,

Posted in Android, Barnes & Noble, Bluetooth, google, Hacker, Information, tablet, wifi

Comments 1 Comment

Pursuit Of The Ultimate Media Extender

Posted by tomwiles at 5:05 PM on June 29, 2010

Hacked Apple TVFor some time now I’ve been experimenting with different ways of getting Internet-based video to my widescreen LCD HD televisions.

Often people think, why not simply hook up a regular desktop computer up to the TV. A desktop computer can be set up to play back virtually any video file type. The problem is, desktop and laptop computers are optimized for use on a desktop, not from a living room chair.

Is the ultimate media extender a set top box of some sort? The trouble with most set top boxes is that they are either walled gardens, or they miss the boat in very important ways.

A media extender should be able to play files stored on a home network, as well as be able to easily stream from services such as Netflix, Hulu, etc. Once set up, everything should be accessible through a simple remote control. Also, for my purposes, I’m willing to pay up to $250 for a box for each television in my house. It should also be able to play ripped DVD collection files that have been ripped to a central home server or network attached storage device.

I’ve hit on an interesting combination that seems to do everything I want it to that involves hacking a standard Apple TV and adding Playon TV server software to another computer on my home network. Playon TV software sells for $39.99.

Recently I purchased a commercial Apple TV hack called ATV Flash, which sells for $49.95. You download either the Windows or Mac version and install it on your computer. When you run the program it will ask you to insert an empty USB memory stick that it will write the installation files to. Then you plug the USB memory stick into your Apple TV and power it up. It will upgrade the Apple TV to be able to play a much wider variety of files, as well as adding Boxee and XMBC playback. It also retains all of the standard Apple TV functionality.

Next, I added the Playon TV software to my HP Windows Home Server. It could have easily been any other computer on my home network that meets the software’s minimum performance requirements. Once Playon TV was installed, I added my credentials for my Netflix account, as well as my Hulu account.

Finally, on my hacked Apple TV I simply start the XBMC application and navigate to UpNP devices on my home network, where Playon TV shows up. I now have access to Hulu and Netflix right on my Apple TV.

The Apple TV itself does not have enough processor horsepower to play back Netflix or Hulu Flash streaming without stuttering and freezing. However, playing it through the Playon TV software causes much of the processing to take place on my Windows Home Server machine, which has plenty of horsepower. Playon TV works by converting the Hulu and Netflix Flash streams into UpNP streams that the hacked Apple TV running XMBC can easily play without stuttering.

So, with this setup I’ve got access to all of my regular iTunes material, including HD and SD video podcasts, as well as a wide variety of streaming material from popular services such as Netflix and Hulu. It would be easy for me to buy additional Apple TV units, apply the ATV Flash hack to them, and attach them to other HDTV’s in my house.

Tags: , , , , , , , , ,

Posted in Apple, application, geek, Hacker, ipod, itunes, mac, Media Center, Microsoft, TV, videocast, Windows

Comments 1 Comment

« Older Entries