hacked
Latest
Pentagon says cyber attacks are acts of war: send us a worm, get a missile in return?
Well, the Pentagon is finally fed up with hackers picking on its buddies and foreign intelligence taking shots at its computer systems, and has decided that such cyber attacks can constitute an act of war. Of course, the powers that be won't be bombing you for simply sending them some spyware, but attempts to sabotage US infrastructure (power grids, public transit, and the like) may be met with heavy artillery. It's unclear how our government will identify the origin of an attack or decide when it's serious enough to start shooting, but Uncle Sam is looking to its allies to help create a consensus answer for those questions. The retaliatory revelation is a part of the Pentagon's new cyber strategy that'll be made public in June -- so saboteurs beware, your next internet incursion might get you an ICBM in your backyard.
RSA SecureID hackers may have accessed Lockheed Martin trade secrets, cafeteria menus (update: no data compromised)
RSA SecureID dongles add a layer of protection to everything from office pilates class schedules to corporate email accounts, with banks, tech companies, and even U.S. defense contractors using hardware security tokens to protect their networks. Following a breach at RSA in March, however, the company urged clients to boost other security methods, such as passwords and PIN codes, theoretically protecting networks from hackers that may have gained the ability to duplicate those critical SecureIDs. Now, Lockheed Martin is claiming that its network has come under attack, prompting RSA to issue 90,000 replacement tokens to Lockheed employees. The DoD contractor isn't detailing what data hackers may have accessed, but a SecureID bypass should clearly be taken very seriously, especially when that little keychain dongle is helping to protect our national security. If last month's Sony breach didn't already convince you to beef up your own computer security, now might be a good time to swap in 'Pa55werD1' for the rather pathetic 'password' you've been using to protect your own company's trade secrets for the last decade. [Thanks to everyone who sent this in] Update: According to Reuters, Lockheed Martin sent out a statement to clarify that it promptly took action to thwart the attack one week ago, and consequently "no customer, program or employee personal data has been compromised." Phew! [Thanks, JD]
Sony makes good, doles out identity protection activation codes for PSN and Qriocity users
Still feeling burned by Sony's record-breaking PlayStation Network outage? Fret not, promised reparations have arrived: a short form on the PlayStation website is now distributing activation codes for a free year of Debix AllClear ID Plus identity theft protection. The offer is good for all US PSN and Qriocity account holders who activate before June 28th, netting users up to $1 million in identity theft insurance coverage. Feel better? Hit the source link below to get your redemption code.
Sony BMG Greece hacked, company's security woes continue
It's the security nightmare that just won't end, and right now there's got to be plenty of Sony executives beginning to wish someone would pinch them already. After taking quite a PR and financial beating over the PSN breach, now the Greek site of Sony BMG has been hacked and the account info of thousands of users has been posted online. According to the Sophos blog Naked Security, the attack does not appear to have been particularly sophisticated and was carried out using an automated SQL injection tool that demands more patience than skill. While the data dump reveals the usernames, real names, and email addresses of registered SonyMusic.gr customers, other fields (including passwords and telephone numbers) are either empty or contain fake data -- suggesting the hack was not entirely successful. Here's hoping Sony takes this as an opportunity to seriously baton down those security hatches.
PSN logins exploited again, Sony takes pages offline
This isn't as bad as it could have been -- Sony's PSN hasn't exactly been hacked again -- but what can only be described as a glaring oversight looks to have forced the company into hastily switching off PSN logins on its websites. The issue? If you legitimately forget your password and need to reset it, previously all you had to do was type in your e-mail address and date of birth, then choose a delightfully cunning new password. Sounds good? The problem is that if you were a PSN member before the hack then both your e-mail address and your date of birth (plus a lot of other frightening stuff) is known to the hackers. So, whoever has the millions of rows of data that were exposed could, in theory, re-exploit any account. Sony was made aware of the issue and those pages are now offline again, which should make the Japanese government feel just a little big smug. Update: Sony has confirmed that there was "a URL exploit that we have subsequently fixed." However, the company indicates there was "no hack involved." So, remember kiddies: exploits are not hacks -- not until someone starts having fun with them, anyway.
Talking Sony and identity protection with LifeLock
As Sony continues to struggle to restore service to both the PlayStation Network and Sony Online Entertainment's MMOs following a hacking intrusion that resulted in millions of customer identities being compromised, players are understandably concerned about how secure their information is with similar companies. Even though Sony promised to provide a year's worth of identity theft protection for affected customers, part of the responsibility for safeguarding against such theft lies with us. As such, we spoke with Mike Prusinski, the Senior Vice President of Corporate Communications for LifeLock, an identity theft protection service. We asked him about what we should be doing to protect our identities online -- and what Sony could have done better in the first place. Massively: What are the most common ways that people have their identities stolen? Mike Prusinski: Though there are no statistics that point to one way over another, consumers get their personal information lost through stolen laptops, hackers, stolen mail, trash, skimming devices, scams (email, phone calls and personal visits), peer-to-peer networks and public websites.
GameCube Fusion portable brings Wii aesthetics, GBA design to Nintendo's boxiest console (video)
It seems like there was a time, not that long ago, where we saw another new hand-crafted portable console every week, each one smaller and more impressive than those before. Those days are, sadly, gone and, whether you want to blame the short attention span of today's youth or simply conclude that everyone's too busy playing Angry Birds, it's a sad fact. Modder Ashen is bucking the trend, creating what he calls the GameCube Fusion. It's a hand-built portable GameCube that plays (hopefully legally acquired) titles from SD card via both WiiKey and Gecko, offering full controls on-board plus an external controller port, all kept cool by a laptop-sourced fan that sounds powerful enough to make the thing hover, F-Zero-style. It's far smaller than 2009's NCube, but the omission of a battery pack means it won't be traveling far. For those who want to know more, every detail will be revealed in the 12 minute video embedded just below -- if you can keep focused that long.
Modder miniaturizes 5.25-inch disk drive, brings microSD support to Atari 400
You aren't looking at a retro microSD card reader, you're looking at an Atari-compatible serial disk drive that just happens to use microSD in lieu of 5.25-inch floppies. In a Zork inspired fit of nostalgia (we've all been there), hardware modder Rossum paired up an Atari connector with a LPC1114 microcontroller, capable of emulating up to eight Atari drives, managed by a custom, auto-booting app. The whole package is neatly packed in to a tiny 3D printed replica of the original Atari 810 disk drive, and is available for sale never -- but don't let that stop you: Rossum's schematics are free for the taking. The word's biggest little Atari drive is just a DIY away. [Thanks, Francesco F.]
Sony misses promised PlayStation Network and Qriocity restoration date, begs for more patience
Whoops. If you'll recall, Sony held what can only be described as an emergency press event in Japan a week ago in order to issue a number of assurances about the resumption of service as it relates to the PlayStation Network and Qriocity. Seven days later, things are still as dead as they were pre-Cinco de Mayo. This evening, the company's Senior Director of Corporate Communications Patrick Seybold punched out a quick update to let the world know that they could actually leave the house and find something else to entertain 'em -- like it or not, PSN isn't coming back online today. The reason? On May 1st, Sony was apparently "unaware of the extent of the attack on Sony Online Entertainment servers," and now, it's spinning its wheels in order to restore security on the network and "ensure" that user data is safe. Mr. Seybold seems to understand that you're overly anxious about getting back into the swing of things, and he's even going so far as to ask your trust that Sony's doing "everything [it] can" to get the lights blinking once more. Oh, and if you were planning on visiting that source link just to find the new ETA... don't. Sony's planning to update you "as soon as it can." [Thanks, Alex]
Sony offers free Debix identify theft protection for PSN and Qriocity hack victims in US
Sony's "Welcome Back" package of free software and PlayStation Plus subscriptions was a nice gesture, but it won't help you if your credit card gets fraudulently charged in the aftermath of the PlayStation Network debacle. That, however, is exactly what Debix is for. Sony's announced that it will provide a complimentary one-year subscription to Debix's "AllClear ID Plus" identity theft protection service to all PlayStation Network and Qriocity account holders in the United States, which will attempt to protect your personal data from harm, by both monitoring known criminal activity for your private digits and providing up to $1 million in ID theft insurance coverage. We've never used Debix, so we can't vouch for its reliability, and this particular plan admittedly doesn't look quite as comprehensive as the one Debix offers regular customers for $10 a month. Still, some peace of mind is a heck of a lot better than none, so we think we might take Sony up on its offer and sign up by the June 18th deadline. If you'd like to join us, you should find an activation code in your inbox before long.
Sony woes continue as SOE confirms data breach (update: 24.6 million accounts affected)
Are you starting to feel bad for Sony yet? No? Maybe this will change your mind. Sony Online Entertainment has, apparently, been the victim of another breach that has, according to Nikkei.com, resulted in the release of 12,700 credit card numbers -- and presumably some other information as well. 4,300 of those credit card numbers are said to be Japanese, but no saying how many are American. Thankfully, data is said to be from 2007, minimizing the number of still-valid credit cards exposed making us wonder if perhaps this wasn't some sort of backup that was exposed. Regardless, SOE's online services were taken offline earlier today and, well, now we know why. We're presently expecting further information from the company but, until then, feel free to continue cowering in the corner and quietly sobbing onto your compromised credit cards. [Warning: subscription required] Update: According to the Wall Street Journal, Sony has also confirmed that the latest attack accessed personal information for a staggering 24.6 million accounts. Such info includes names, addresses, telephone numbers, email addresses, gender, date of birth, login ID, and hashed passwords. Ruh roh. Full press release after the break.
SOE takes services offline due to serious issue
This Monday morning, Sony Online Entertainment customers are waking up to discover that all of their games' services are down. Apparently, the company has discovered a serious issue while following up with the previous weeks' hacker intrusion and is taking steps to rectify it. The Station.com posted the following notice: Dear valued SOE Customers, We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday). We'll update this story as it develops.
Sony's Kaz Hirai addresses PlayStation Network hack, we're liveblogging
Sony's PlayStation Network has been down for over a week, and it's a royal mess for all involved -- as you've no doubt heard, an external intrusion by unknown hackers compromised the personal information (supposedly including everything but credit card numbers) of potentially millions of users. This morning, Sony VP Kaz Hirai (formerly of the PlayStation division) will address the world from the company's headquarters in Japan, and our friends at Engadget Japanese are on the scene to bring us first-hand details in just a few minutes. Additionally, there appears to be an official livestream that will begin at 1AM ET, so keep it locked right here and potentially find some video at our source link. Update: We're hearing that Sony's "goodwill gesture" may not be an incredibly significant one -- affected users can expect a free 30-day subscription to PlayStation Plus and a free software download of some sort, while Qriocity customers will get an extra 30 days of service on the house. Update 2: As many as 10 million credit card numbers may have been exposed, though Sony says it has no proof that any actually have been compromised, and claims that it's received no reports of credit card fraud thus far. It is, however, working with the FBI to investigate the hack. 2:00 JST: The show's begun -- following a little bit of Mozart, Sony has trotted out three solemn-looking executives. More updates after the break.
PlayStation Network credit card info appears to be safe: 'No unauthorized activity relating to Sony'
It looks like the beleaguered Sony finally caught a break. The company, which has struggled for over a week following a hacker attack that stole massive amounts of player information, says that it looks as though user credit card information remains secure and encrypted. It turns out that Sony had encrypted some personal info but not all of it. Gamespot also reports that several financial companies, including MasterCard, WellsFargo and American Express, have witnessed "no unauthorized activity relating to Sony." Sony's Patrick Seybold passed along the positive news: "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack." Sony's PlayStation Network is still offline while it's rebuilt with a higher level of security. The company saw its shares drop 4.5% today on the Tokyo exchange to $27.71.
The Daily Grind: Do you trust MMO companies after the Sony debacle?
It's hard to believe that it's been over a week after a major intrusion into the PlayStation network, and Sony is still trying to put the pieces back together. Many customers were dismayed to hear that their private information was compromised by the attack. Free Realms and DC Universe Online players are among those who have to feel shaken up at the revelation that Sony wasn't the impregnable fortress they perhaps hoped. It's unsettling to realize just how much personal info you hand over to these companies -- your name, address, birthday, credit card information, passwords -- when that info could be grabbed by hackers. In light of the Sony debacle, do you still trust MMO companies with this information, or has it made you think twice about the corporations to which you're handing the keys to your life? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
Sony provides PSN update, confirms a 'compromise of personal information' (updated)
It's looking like things are just as bad as we feared and that "external intrusion" got a little deeper than we might have liked. In an update on its PlayStation.Blog, Sony just confirmed that the ongoing PSN outage was caused by "malicious actions," which we already knew, but continues by indicating that there has also been "a compromise of personal information." Exactly what that means Sony isn't saying, and it stops short of saying that credit card data for PSN and Qriocity users has been exposed, but the company does say "your credit card number (excluding security code) and expiration date may have been obtained." Yes, it may have been obtained -- even Sony isn't sure. There's no further ETA for when PSN may be back up online or when you might be able to finally sample Portal 2's delicious online co-op mode, but at least you can still watch Netflix. Update: Our friends at Joystiq are reporting that Connecticut Senator Blumenthal is rip roarin' mad about the situation, "demanding answers" from SCEA president Jack Tretton. Right now, we're more curious what Kevin Butler has to say about things. Update 2: Sony UK is shedding more light on just what data has been exposed, and frankly we were happier when it was dark. By the sound of things, everything Sony had about you has been accessed. There's a full list after the break, so only click on through if you dare. Update 3: Sony's just posted a clarification regarding the delay of their response: in a nutshell, PSN was shut down after the intrusion on April 19th, and the company needed to work with outside experts to "understand the scope of the breach" before posting the full lowdown earlier today. For those interested, Sony has a lengthy FAQ page regarding this incident. [Thanks to everyone who sent this in]
PlayStation Network outage caused by 'external intrusion,' continues for third day
It started on a quiet Wednesday night, with PlayStation gamers finding their Network unresponsive to their login attempts, and now continues well into its third day. Sony has now finally shed some light on the problems it's been having with PSN and, to nobody's surprise, the culprit for its troubles has been identified as "an external intrusion." The current downtime for PSN is the second of its kind this month, with the Anonymous group of online crusaders claiming responsibility for the first. Sony now intends to keep both PSN and its Qriocity music streaming service offline until it can pinpoint the vulnerability that has been exploited and put a stop to it. Skip past the break for the company's full statement. Update: The PlayStation Blog has added an update to its US portal this evening that suggests the service disruption may continue for a good while longer -- according to Sony's Patrick Seybold, the company is "rebuilding our system to further strengthen our network infrastructure," and working non-stop to do so. [Thanks, Christian and Joe]
Skype for Android update adds US 3G calling, fixes personal data hole
Verizon Android users have had 3G Skype calling since this time last year, but the latest app release -- v1.0.0.983 for those of you keeping tabs -- brings 3G calling to the masses, without the need for a VZW-sanctioned app. The update also patches a rather significant security hole discovered last week, which could let third-party apps get hold of your personal information. We're glad to see that's no longer the case, and who's going to object to free calling as part of the deal as well? Make sure your phone's running Android 2.1 (2.2 for Galaxy S devices) and head on over to the Android Market to get updated.
Breakfast Topic: Has your account ever been compromised?
This Breakfast Topic has been brought to you by Seed, the AOL guest writer program that brings your words to WoW Insider's pages. Account security is a serious matter in Azeroth. If a player's account is ever compromised, it can be a devastating blow. You work hard to reach the level cap, run the dungeons and raids for the gear your character needs and level your chosen professions. Chances are, you also have a fair amount of gold from questing, dailies, and your professions. If hackers gain access to your account, they wreak havoc while inside, stripping your characters of everything they have, taking all your gold, and selling anything of value. My account has only been hacked into once, but it was more than enough for me to doublecheck my security settings, wipe my hard drive, and buy an authenticator. When my account was hacked, I was beyond devastated. All of the hard work I put into my characters was gone in an instant. Hackers move a lot like a fire.
Skype for Android vulnerable to hack that compromises personal info
If you didn't already have enough potential app privacy leaks to worry about, here's one more -- Android Police discovered that Skype's Android client leaves your personal data wide open to assault. The publication reports that the app has SQLite3 databases where all your info and chat logs are stored, and that Skype forgot to encrypt the files or enforce permissions, which seems to be a decision akin to leaving keys hanging out of the door. Basically, that means a rogue app could grab all your data and phone home -- an app much like Skypwned. That's a test program Android Police built to prove the vulnerability exists, and boy, oh boy does it work -- despite only asking for basic Android storage and phone permissions, it instantly displayed our full name, phone number, email addresses and a list of all our contacts without requiring so much as a username to figure it out. Android Police says Skype is investigating the issue now, but if you want to give the VoIP company an extra little push we're sure it couldn't hurt.
