Snapchat Vulnerable to Data Hack

From ZDNET:
Hackers have made sure that popular photo sharing app Snapchat got a hearty lump of coal for Christmas.  After having its security disclosure go ignored since August, Gibson Security has published Snapchat's previously undocumented developer hooks (API) and code for two exploits that allow mass matching of phone numbers with names and mass creation of bogus accounts.  on the GibSec Twitter account on Christmas Eve — which by time difference is Christmas Day in Australia.
The Australian hackers announced its publication of Snapchat's API and the two exploits 
Posted by on 1 comment:
Labels:

Target Data Hack Worse than Initially Reported

It's almost like they painted a target on themselves.  Oh wait . . . from the NYT:
After hackers stole credit and debit card records for 40 million Target store customers, the retailer said customers’ personal identification numbers, or PINs, had not been breached. Not so. On Friday, a Target spokeswoman backtracked from previous statements and said criminals had made off with customers’ encrypted PIN information as well.
Posted by on No comments:
Labels:

Two Apps to Ring in the New Year

New York City's Times Square Alliance is has released a free app that will provide a commercial-free live stream of the Times Square New Year's Eve webcast.  You can check it out on iTunes here.

AgupieWare's exclusive New Year's Eve Nosie Maker app is also available from the App Store for just $0.99.  Bring the noise!
Posted by on No comments:
Labels:

How to Scrub Your Online Presence . . .

It is by now common wisdom that once you put something up on the internet, it is there forever, or at least as long as the internet still exists.  However, it is possible to change your digital footprint enough to hide your tracks.  A small primer on doing so from Make Use Of:
If you’re looking to drop from the Webosphere completely in an attempt to remain anonymous, we can help. The process is arduous and there are several key steps you’ll need to take along the way. But in the end, if you value your online privacy, it’ll be worth it . . .

Posted by on No comments:
Labels:

Glenn Greenwald to Speak at Chaos Communication Conference

From ZDNet:
The world's oldest and largest global hacker organization The Chaos Computer Club (CCC) has announced it will open next week's conference, the 30th Chaos Communication Congress (30c3), with a December 27 opening keynote by Glenn Greenwald.

Glenn Greenwald's keynote tops our list of must-see talks at the legendary event. 30C3's schedule shows that the compelling keynote won't be the only explosive presentation at 30C3.

Mr. Greenwald's keynote will be webcast live on this page. If you miss it, all of 30C3's talks will be archived on the offical CCC media website. CCC's archives go online astonishingly fast.
Posted by on No comments:
Labels:

Researchers Hack RSA with Acoustic Cryptanalysis

From CS.tau.ac:
Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer and, in particular, leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was the very low bandwidth of the acoustic side channel (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts . . .
Posted by on No comments:
Labels:

Tens of Millions of Credit and Debit Cards Compromised in Target Hack

If only there were an alternative global payment processing system, one that did not rely on the shady practices of banks and corporations.  From the Chicago Tribune:
Target Corp said data from about 40 million credit and debit cards might have been stolen from shoppers at its stores during the first three weeks of the holiday shopping season.
The data theft, unprecedented in its ferocity, took place over a 19-day period that began the day before Thanksgiving. Target confirmed on Thursday that it identified and resolved the issue on Dec. 15 . . .

Target said the breach, second-largest hack at a U.S. retailer, might have compromised accounts between Nov. 27 and Dec. 15, a period of nearly three weeks.
Posted by on No comments:
Labels:
Subscribe to: Posts (Atom)