hacks
Latest
How to hack a government
Last month members of the Turkish military experienced an attempted coup to oust president Recep Tayyip Erdoğan. The overthrow attempt was quickly thwarted, but it might have succeeded if Chris Rock (the security researcher, not the comedian) had had a hand in it.
Apple announces $200,000 bug bounty program
Unlike many of the other major tech companies, Apple has never had a formal bug bounty program or corporate policy for welcoming outsiders who poke holes in their security features. However, as TechCrunch reports today, Apple's head of Security Engineering and Architecture Ivan Krstic announced at Black Hat that his company will now offer cash bounties of up to $200,000 for hackers and researchers who find and report security flaws in Apple products.
Clinton's campaign was also hacked in breach of Democratic Party
The most recent cyberattacks against the Democratic Party, revealed today, also included attacks on Hillary Clinton's presidential campaign, Reuters reports. Sources tell the news agency that the Justice Department's national security division is investigating all of the recent hacks against the Democratic Party, and they note that's a sign that the Obama administration believe the attacks are state sponsored.
Lastpass addresses two major vulnerabilities found by users
Bad news, LastPass users: bug bounty hunters found two major security exploits with the password manager's browser extensions. Good news? Both of them have already been patched. In a quick update to the company blog, LastPass commented on a pair of separate, unrelated bugs that opened its browser extension to attacks exploitable by phishing.
FBI to investigate Russia's involvement in DNC email leak
On Monday morning, the FBI confirmed it is investigating the Democratic party's email hack that made its way onto WikiLeaks in advance of the party's national convention in Philadelphia this week. Although WikiLeaks has not identified a source, previous reports claimed the emails to and from top DNC officials were leaked by Russian hackers to bolster Donald Trump's campaign.
The best way to play 'Splatoon' is with a hacked water gun
Researchers and makers over at Kougaku Navi in Japan have been working hard on a playable Splatoon gun since March, and the latest model really looks the part. It combines a Wii U GamePad, controls transplanted inside a Splatoon-themed water pistol and Sony's head-mounted display to give you at least a little bit of movement freedom. It's not perfect, but if you really want to play the game with a gun, it possibly the closest we'll get.
'Counter-Strike' player tricks cheaters into getting banned
Cheating has plagued the various incarnations of Counter-Strike practically since its servers went online in 1999 and one resourceful Redditor has had enough. User AndroidL created a trio of fake hacks for Counter-Strike: Global Offensive that promised everything from unlimited ammo and health to some exotic viewing angles that wouldn't otherwise be possible. Except instead of those exploits, the some 5,500 folks who downloaded them got a hell of a surprise: unwanted attention from Valve's Anti Cheat system on Steam.
VTech's data breach affected five million customers
Kiddie toymaker VTech tried to downplay the extent of last week's data breach, which affected its "Learning Lodge" app store, but now it's revealed that five million customer accounts were compromised. Vtech says it's alerted Learning Lodge customers of the hack, and if you've got one of its devices, you should change your password (and password retrieval info) immediately. While the attack didn't reveal credit card data or sensitive personal information (like Social Security numbers or driver license IDs), it gave hackers access to customer's names, addresses, encrypted passwords and even birthdays and genders for kids. VTech says it's still investigating the situation, and it'll look into ways to strengthen its security. Breaches like this aren't unusual (it's thought to be the result of a relatively easy SQL injection attack), but it's notable since it involves products aimed at kids, which normally don't get much attention when it comes to data security.
New Android exploit can hack any handset in one shot
Hackers have discovered a critical exploit in Chrome for Android reportedly capable of compromising virtually every version of Android running the latest Chrome. Quihoo 360 researcher Guang Gong demonstrated the vulnerability to the PSN2OWN panel at the PacSec conference in Tokyo yesterday. While the inner workings of the exploit are still largely under wraps, we do know that it leverages JavaScript v8 to gain full administrative access to the victim's phone.
Twitch rolls out two-factor to reduce profile hijinks
Twitch announced today that it is implementing optional two-factor authentication on its user profiles. The increased security measures, while "100 percent voluntary" according to the streaming site's release, are meant to improve user experiences while reducing the need for conventional, easily hackable passwords.
Department of Justice plans to crack down on counterfeits sold online
These days, people are resorting to the internet for most of their shopping. Who can blame them; the experience is far more convenient, and often cheaper, than going to traditional brick-and-mortar retail stores. One of the problems with this, however, is how easy it is to find and buy counterfeit goods online, and the US Department of Justice wants to put an end to that. Attorney General Loretta E. Lynch has announced a plan to fight intellectual property crimes in the country, which includes a grant funding of 3.2 million dollars for local and state law enforcement agencies. The idea behind the strategy, led by the FBI, is to work with third-party marketplaces (such as eBay or Amazon) to make sure they have "the right analytical tools and techniques to combat intellectual property concerns on their websites."
Raspberry Pi transforms upright piano into a retro loop player
Upright piano's don't exactly scream "high-tech," since everyone's weird aunt has one. A pair of hackers from a company called MajorMega may change your mind, however as they've modified one to give you and your friends a fun way to create multi-part compositions. The "Quaver" upright piano is equipped with a Raspberry pie board that makes it act like a 4-track recorder and loop sampler. All you have to do is sit down, punch the big "record" button and bang out your part of the song. When you hit the button again, the piano will instantly play back your creation in a loop.
Ashley Madison leaked data is now searchable (but don't)
If you just returned from an isolated island vacation (or perhaps you live under a particularly sweet and naïve rock structure), you may not have heard that notorious "dating service" Ashley Madison was hacked. The controversial site is billed as a social network and dating service for married people looking for extramarital affairs. The hacked data has been publicly released, and services that search for the email addresses used on Ashley Madison's site immediately began to populate the web.
Researchers find major security flaw with ZigBee smart home devices
Manufacturers of smart home devices using the ZigBee standard are aiming for convenience at the expense of security, according to researchers from the Austrian security firm Cognosec. By making it easier to have smart home devices talk to each other, many companies also open up a major vulnerability with ZigBeee that could allow hackers to control your smart devices. And that could be a problem if you rely on things like smart locks or a connected alarm system for home security. Specifically, Cognosec found that ZigBee's reliance on an insecure key link with smart devices opens the door for hackers to spoof those devices and potentially gain control of your connected home.
Tesla's Model S hack still proves it's better than other car makers
In the run up to this year's DEF CON, major car hacks seem to be a recurring theme. A few weeks ago we saw how hackers were able to remotely take control and shut down Chrysler vehicles -- now Tesla's Model S is the latest target. Researchers have figured out a way to digitally "hot wire" a Model S, Wired reports. They can also plant a Trojan that allows them to remotely control the car, including shutting it down. It's a sign that even the most technologically advanced car in the world will never be fully safe from security vulnerabilities. But while Chrysler had to issue a "voluntary safety recall" (in the form of a software update on a USB stick) for 1.4 million affected vehicles, Tesla has already sent out a fix to all Model S owners with an over-the-air update. Look at it this way: In one day every Model S owner is protected against these hacks, whereas it'll take much longer for the majority of Chrysler owners to get their patch (and there's a good chance it'll never reach them all).
Hack makes playing 'Doom' on a computer inside 'Doom' a reality
You know, in case there isn't a printer, ATM or graphing calculator readily available.
More ingenious hacks for problems you didn't know you had
It's the Fourth of July and while that light show in the sky honors US independence, why not shine a little light on our DIY perseverance? To help celebrate this holiday, we've put together a collection of (even more) ingenious hacks that incorporate party essentials: lights, nighttime, fireworks, music, drinks and a bit of wild imagination. Want to watch the celebrations on TV like it's still the '80s? Will pumping up the volume help you fight fires? And just how do you innovate something as simple as sliced bread? DIY fanatics and gadget hacker extraordinaires have already done the legwork. All you need to do is sit back, relax and enjoy the (slide)show. [Image: Styropyro / YouTube]
China says 'absurd logic' is behind US hacking accusations
China isn't taking accusations that it's connected to the recent hack of US government employee data lying down. "We have noticed that the US is still investigating, but feels that China is responsible," Chinese foreign ministry spokesman Lu Kang said at a recent general briefing. "This is absurd logic." This wouldn't be the first time the US has pointed the finger at China -- it was also suspected to be behind last year's major USPS hack, among many other instances over the years. The most recent hack leaked information for more than four million federal employees, including incredibly detailed data from background checks. While that attack is still being investigated, the American government has said that it'll be making online records more secure. China, for its part, says it's also facing regular cyberattacks from the US. Meanwhile, the two frenemies are also trying to work together to take on cybercriminals. [Photo credit: Jewel Samad/AFP/Getty Images]
14 ingenious hacks for problems you didn't know you had
People can be crazy, yo. But where there's a will, there's a way that can lead to all sorts of fantastic oddities in the gadget world. Today's community of hackers, makers and DIY fanatics oftentimes work together to find solutions to problems we didn't know we had. They develop innovative products (without all that Kickstarter/Indiegogo hoopla) and often provide open-source instructions for anyone with more can-do attitude than cash. In honor of these ambitious gadget hackers, we've highlighted a few of the more interesting projects from over the years, ranging from the practical to the party starter. [Image: Ruiz Brothers via Adafruit]
UK arrests man over US Department of Defense hack
No matter how serious you are, you're going to draw a lot of attention if you hack the US military -- and one Brit may be learning this the hard way. The UK's National Crime Agency has arrested an unnamed young man over allegations that he breached the Department of Defense's network last June. He reportedly swiped little more than non-confidential contact and device information (the attack was largely for bragging rights), but that was enough to invoke an international collaboration that led to the bust. There's no conviction, but there's little doubt that the arrest was meant as a deterrent to cyberattackers and pranksters in either country. [Image credit: David B. Gleason, Flickr]
