Unlike a smartphone, which stays in your pocket most of the time, a hacked Google Glass can give hackers access to everything you see and everything you hear. According to Freeman, “The only thing it doesn’t know are your thoughts.” All a hacker needs to do is grab an unattended Google Glass, hook it up to their computer via USB, and enable root access on the device. Freeman says,

“Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: They have control over a camera and microphone that are attached to your head.”

Not only will hackers be able to see and hear everything around you, they will be able to upload your files and recordings to remote servers. Freeman says that a hacked Google Glass “knows all your passwords” because it sees you typing them in. With a compromised Google Glass, “Nothing is safe.” However, chances are that Google will take note of these security flaws and issue fixes to them before the devices become available to consumers early next year.

On the bright side, the only way hackers can install surveillance malware onto your Google Glass device is if they have physical access to it, meaning it won’t be too common. But nonetheless, Google needs to step up the security on the device. The user’s privacy and security should always be the top priority for any company. Freeman issued a statement to Forbes regarding the entire situation. He says,

“It’s just kind of sloppy and negligent for Google to release a device to a bunch of early adopters that is missing a basic security function and even has a known bug on it that was disclosed eight months ago. Like someone could be inside of [tech pundit and blogger] Robert Scoble’s glass right now.”

[via Forbes]

Redditors had spent days trying to uncover just who was responsible for the tragic events at the Boston Marathon. Redditors began crowd sourcing photos from the Boston Marathon and were looking for individuals who looked suspicious. There were many people on the list, many of which were deemed innocent later on. In one unfortunate incident, the New York Post used one of the photos on Reddit of “two suspicious men” as their Thursday cover, two men who were later identified as a high school soccer player/track runner and his coach.

The manhunt for the Boston Marathon Manhunt generated a lot of traffic for Reddit, but was not enough to overload its servers. The hacker could have decided that while Redditors were working diligently on the Boston Marathon manhunt, it would be the best time to throw everyone off with his/her DDoS attack. Reddit was successful in mitigating the attack, however no one has yet stepped forward in claiming credit for it.

Reddit’s DDoS attack was just one of many that happened this year, and one of many that are yet to come. Bandwidth usage by DDoS attacks have skyrocketed by over 700% according to Prolexic Technologies. It discovered that 77% of DDoS attacks were aimed towards bandwidth capacity and routing infrastructure, while 23% of the attacks disrupted critical apps and processes running on a server. WordPress sites have also been under attack by hackers who want to gain access to the servers running the site and use them to create a huge botnet.

[via Huffington Post]

According to Tesco, an airplane could be hijacked because two aviation systems, the Automated Dependent Surveillance-Broadcast and the Aircraft Communications Addressing and Reporting System, are unauthenticated and unencrypted. He acquired flight code software off eBay and a radio transmitter, and got to work with creating his plane hijacking method.

Tesco used the code to find vulnerabilities in virtual aircraft, and via these problems he used his Android app called PlaneSploit to take control of a Boeing jet in autopilot mode. Rockwell Collins, which is a company that make the systems that were hijacked, says the problem is that Tesco is using a virtual plane, and that such a method wouldn’t work with a real aircraft. The FAA agrees, publishing a statement that says:

“The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer … The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain ‘full control of an aircraft’ as the technology consultant has claimed.”

[via The Register]

Hammerpoint assures The War Z players, however, that their payment credentials have not been compromised since it uses a 3rd party to handle all of its transactions. It also says that its players’ real names and addresses should not be compromised, unless the players themselves posted the information on the forums. Hammerpoint also says that player passwords and the email addresses that they use to log into the game are encrypted, so hackers should not be view them without using a “brute force” attack. Nonetheless, change your passwords.

Hammerpoint is currently working with external investigators and security experts in order to determine just how wide-spread the breach was. It has enhanced its security systems to better protect its players’ personal information. It has notified all of its players of the security breach, and is taking the steps necessary to ensure that an incident like this will not happen again in the future.

For those of you who are unfamiliar with The War Z, it’s a zombie survival MMO that many gamers say is a rip off of Arma II’s DayZ mod. It has also received bad press for falsely advertising its game. It launched the game on Steam with misinformation. It lied about how the game has a skill tree system and private servers, and it also over-exaggerated its offerings. This outraged many players who purchased the game but realized that they had no access to many of the promised features. The game was removed from Steam, and was reinstated 2 months later after it amended its description.

Hammerpoint didn’t release an ETA on when the investigation and security updates will be finished, so we’ll update you when we find out. Security breaches seem to be going around a lot recently. Earlier last month, Evernote suffered from a similar breach where user emails and passwords were compromised. It had to initiate a mandatory password reset for all users in order to protect their data.

[via The War Z]

It all seems like the blame game so far, but hopefully things will come to an end soon. China’s Foreign Ministry spokeswoman, Hua Chuying, said that China is willing to discuss the issues and cooperate with the international community “on the basis of the principles of mutual respect and mutual trust.” She stated that cyber security is a big issue and that China is one of the biggest victims of the attacks.

This statement comes one day after Tom Donilo, the national security adviser to President Obama, gave the Chinese government 3 courses of actions to follow in order to end the cyber attacks. He told China to give public recognition of the issue, give their assurance that the Chinese hackers would be targeted and dealt with, and give their consent to taking part of forming worldwide cyberspace standards.

Senior officers of the People’s Liberation Army were outraged by the United States’s accusations and demands. Major General Liu Lianhua from the Guangzhou Military District stated, “This talk from the U.S. has no foundation whatsoever. And what evidence is there? There isn’t any!” Another deputy from the Nanjing Military District called the United States a “thief calling others a thief.” Mandiant, a U.S security firm, provided a 60-page report indicating that a majority of the cyber attacks came from China, a report that China dismissed because they believe the IP addresses were spoofed to place the blame on them.

[via Reuters]

Guccifer took over Colin Powell’s Facebook and made posts that were vulgar, juvenile, and in all caps. Guccifer had also uploaded various private photos to Colin Powell’s Facebook as well. One of the photos showed George H. W. Bush lying in a hospital bed, another showed George W. Bush “wearing” a Ku Klux Klan hat, and there were a few self-portraits of Bush in a bath, taking a shower, and attending church.

There were many references made on Powell’s Facebook page that claimed George W. Bush was affiliated with the Ku Klux Klan, and that the entire Bush family were “puppets of the Illuminati.” Guccifer posted on Powell’s wall, “Kill the Illuminati! Tomorrow’s world will be a world free of Illuminati or will be no more.” The hacker has stated that he has no intentions of stopping his attacks on the Bush administration.

There has been a federal criminal investigation on Guccifer ever since he breached Bush’s e-mail accounts back in early February. Along with those e-mail accounts, Guccifer had also accessed the accounts of U.S. Senator Lisa Murkowski, a senior UN official, security contractors in Iraq, and several former FBI agents. Colin Powell’s hack is the latest attack in this case, and judging from the timing of the attacks, there may be another hit within the next 2-3 weeks.

[via The Smoking Gun]

The Chinese government has issued a call for international “rules and cooperation” on the recent hacking issues. China has stated that they have been the target of several internet hacks as well, and that it’s not just the United States who are the victims. They stated that by tracing the cyber attacks, they discovered that the hackers were located in the United States. This could just be a case of finger pointing, or the attacks may be a case of retaliation.

A United States security firm, Madiant, issued a 60+ page report that provides evidence that there is a link between the cyber attacks on U.S. businesses, the Chinese hacking groups, and also the Chinese government. The cyber attacks originated at the HQ for the People’s Liberation Army Unit 61398 in China. China has stated that those accusations were false and that the IP addresses could have been easily spoofed in order to plant the blame on them.

Yang Jiechi, China’s Foreign Minister, stated that the “international community is closely interconnected on the Internet, therefore cyberspace needs rules and cooperation, not war.” He says that he hopes the accusations against China would stop because they will “not be able to blacken the name of others nor whitewash themselves.” However, it’s hard to refute the report from Mandiant, that shows that around 141 companies had their data stolen by the People Liberation Army, and 115 of those companies were from the United States.

[via New York Times]

Speaking back in the essay from 2010, Schmidt and Cohen let it be known that soon “governments will be caught off-guard when large numbers of their citizens, armed with virtually nothing but cell phones, take part in mini-rebellions that challenge their authority.” This prediction essentially became a hard and fast real-world situation when events such as the Free Iran movement spread and were maintained by and with social networks like Twitter and Facebook. Everyone knew what the green flags meant because the internet let them know it.

In the new book authored by Schmidt, “The New Digital Age” is a chapter in which it’s detailed how the next generation will see the information age take full hold of political uprisings and movements between countries across the planet. As the Wall Street Journal notes, Schmidt also make clear that he believes China will be a “dangerous and menacing superpower” in the not-to-distant future. This book is also go-authored by Schmidt’s 2010 cohort Cohen, the book saying similar things to the article back then. This new text notes that they believe “the disparity between American and Chinese firms and their tactics” will be putting the USA at a real disadvantage when it comes to future business and politics.

Cohen and Schmidt assirt that the United States will be at a disadvantage against China because the country is not willing to “take the same page of digital corporate espionage” for two reasons: moral values and laws. The “American sense of fair play” will be the reason China gains an upper hand because in the USA “the laws are much stricter (and better enforced)”. In addition to being able to dominate the USA in several digitally-influenced ways quite soon, Schmidt and Cohen note that China will be seeing “some kind of revolution in the coming decades”. What that revolution will be is anyone’s guess. Schmidt’s book will be released in full with details galore this April – can’t wait!

Recently, several banks across the nation have been hit with attacks that harmed them to various degrees for ten or so minutes before they recovered. This is due to extremely high amounts of that are being directed to the banks in the DDoS attacks, affecting the likes of Wells Fargo, HSBC, Bank of America, and Citigroup, among others.

According to a former state official, the United States government is 100-percent certain that Iran is the cause of the attacks. Likewise, security firm Radware’s Vice President Carl Herberger is quoted as saying, “The scale, the scope and the effectiveness of these attacks have been unprecedented. There have never been this many financial institutions under this much duress.”

Fortunately, none of the bank accounts have been violated, and no money has been taken. The attacks are being directed from data centers, which are said to have taken control of some small-time cloud services and used them as the powerhouse behind initiating the attacks. Two issues are making it difficult to resolve the problem, however: 1, the DDoS attacks are encrypted, and 2, how the data centers are being hijacked is unknown.

[via New York Times]

Cosmo and his Underground Nazi (UG Nazi) hacking group went after Shirley Phelps a few days ago, successfully taking over her Twitter account. Cosmo switched out her profile image with one proclaiming his victory and pointing to the UG Nazi website, which has been seized by the FBI and bears FBI emblems. He is also reported to have hacked her DVR and filled it with gay porn, followed by cancelling her Internet service.

Now the hacker went after Fred Phelps, Jr., who’s Twitter account he successfully took over. The account has now been suspended by Twitter, just as Shirley’s was, and will presumably be back up and under Fred’s control tomorrow. All this started when WBC proclaimed that it would picket in Newtown in regards to the school shooting that took place.

Cosmo and UG Nazi isn’t the only hacker(s) targeting Westboro, however, with Anonymous also going after them. We reported yesterday that Twitter had temporarily suspended one of Anonymous’s Twitter accounts because it had allegedly posted personal information about Shirley Phelps. Twitter is alight with tweets supporting Anonymous and Cosmo in its/his actions.

[via Wired]

Chaney plead guilty to 9 counts of wiretapping, unauthorized computer access, and other felonies for hacking the email accounts of multiple celebrities, including Scarlet Johansson and Mila Kunis. U.S. District Judge S. James Otero sentenced the 35-year-old to ten years for the digital violation, something for which Chaney could have received up to 60 years imprisonment.

The hacks revealed personal information, videos, and photos to the public, including nude images of Johansson that were taken for her husband at the time. Judge Otero heard and read statements from those affected by Chaney’s actions during the hearing. Upon release from prison, the hacker will serve three years of surpervised probation, which includes monitoring of his digital accounts.

Chaney expressed remorse over his actions, stating: “I don’t know what else to say other than I’m sorry. I could be sentenced to never use a computer again and I wouldn’t care.” Meanwhile, those affected by his actions have also made statements, including Johansson in a video statement, during which she said that she has been “truly humiliated and embarrassed.”

[via Associated Press]

If her LinkedIn profile is anything to go by, Paget now works as Apple’s Core OS Security Researcher. She has long been known as an accomplished hacker, having set up a system to intercept cell phone calls during Defcon, among other things. There’s no official word on what her tasks are at Apple, aside from the fact that they’re security-related.

Rumor has it that Paget is tasked with responsibilities revolving around malware protection. This comes soon after Apple has been forced to deal with the Flashback trojan, something that infected over half a million Macs earlier this year. This is another indication that threats against Macs are growing, and Apple is getting a jump on the issue.

Paget confirmed to Wired that she has been hired by Apple, but declined to offer further comment. Apple likewise declined speaking on the issue. We’re not likely to hear much – if anything – on her activities at Apple. She did reveal not too long ago information about her days at Microsoft, however, stating that she and the team were responsible for uncovering so many bugs that Microsoft was forced to extend Vista’s shipping date.

[via Wired]

The zero-day exploit takes advantage of a cross-site scripting vulnerability, allowing the hacker to steal a Yahoo! user’s cookies and take control of the account. In order to work, the victim must click on a malcious link. Upon doing so, the user’s cookies will be stolen and he or she will be redirected back to the Yahoo! email home page.

Said TheHell: “I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers. And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!”

Yahoo stated that while fixing the issue will be simple enough, that can’t happen until they actually find “the offending URL.” This isn’t the first time an XSS attack has been directed at Yahoo!, however, with some recent examples of vulnerable linkes including surveylink.yahoo.com and order.store.yahoo.com. You can see a full list of XSS vulnerabilities and whether they’ve been fixed over at XSSed.com.

[via Sophos]

The discovery was made after a hacker named ViruS_HimA posted a claim online that he had the log in info for 150,000 users. The attack was performed to make a point about Adobe’s slow process of correcting security issues, according to the hacker, who claims to be from Egypt. Out of the alleged compromised credentials, 664 records were released, which included emails.

In addition to the Adobe breach, the same hacker has threatened to publish stolen data from Yahoo, which declined comment. For Adobe’s part, the company will be resetting about 150,000 passwords on Connectusers.com, which accounts for most of its user base. In addition, Adobe’s Senior Manager of Corporate Communications Wiebke Lips offered a statement.

“As soon as we became aware of the hacker’s post, we launched our investigation, which led us to determine that the hacker appears to have compromised the Connectusers.com forum site. We are in the process of resetting the passwords of impacted Connectusers.com forum members and will reach out to those members with instructions on how to set up new passwords once the forum services are restored.” As of now, the website is still offline.

[via Reuters]

A total of 63 stores had the compromised keypads, and were located around the country, including Chicago, San Diego, New York City, and Miami. Barnes & Noble issued a statement saying that customers who shopped at any of the 63 stores should change their PINs as a precaution, as well as check out their recent bank statements for anything out of the ordinary.

As can be imagined, some customers aren’t terribly happy that they weren’t informed about the security breach. Barnes & Noble says that its decision to withhold the info from customers was due to “the direction of the U.S. government,” which instructed the company to keep quiet. Barnes & Noble says that it notified credit card companies of the breach, however.

It continued to say that the company received two letters from the South District of New York’s attorney’s office stating that it wasn’t obligated to share the security breach with customers while the investigation was ongoing. Barnes & Noble, in an effort to identify and eradicate the compromised hardware, sent all 7,000 of its keypads from every store to a company that checked them out. The result was that one keypad was compromised per store, for a total of 63 hacked devices.

[via New York Times]

Comex, from Chappaqua, New York, was a Brown University student on hiatus looking for an internship. He stayed under the radar for quite awhile, until Forbes fished around and discovered his name. To get an idea of hacking skills, former network exploitation analyst for the NSA told Forbes, “I didn’t think anyone would be able to do what he’s done for years…He’s totally blown me away.”

Apple offered Allegra an internship, which he accepted because he was on leave from school and bored with jailbreaking. According to a recent tweet he sent out, that internship has ended. The reason? Failure to respond to an offer to extend his employment, as well as other reasons which the hacker declined to discus.

The tweets read:

“So…no point in delaying. As of last week, after about a year, I’m no longer associated with Apple. As for why? Because I forgot to reply to an email.”

In a call with Forbes, Allegra stated that though his termination from Apple was for more reasons than failing to reply to the email, “it wasn’t a bad ending,” and that he enjoyed his time with the company. He wouldn’t say more on the subject, however. Mum’s the word on what he did for Apple during his stay.

[via Forbes]

Facebook noted that it experienced outages across parts of Europe affecting an undisclosed number of users. The outage lasted only an hour according to Facebook. A Facebook spokesman said that the downtime was the result of changes made by Facebook to its DNS servers.

The spokesman says that Facebook was running some traffic optimization tests to determine which of its data centers to route certain users to. Facebook issued an official statement that said the change in its DNS servers resulted in some users being temporarily misrouted. The social network says that it detected and resolved the issue immediately, but a small number of users in Western Europe had issues accessing the site while the DNS information repopulated.

The outages occurred during midday Pacific Standard Time and Facebook claims that everything is running properly today. Facebook wasn’t specific in which Western European countries experienced outages. There were users from Sweden, Denmark, Ireland, Norway, and Portugal reporting issues online.

[via CNET]

If AnonymousOwn3r is telling the truth, then that would mean the now-infamous group Anonymous is behind the Facebook outage. Just a few minutes ago, he tweeted that he’d be halting his attack so people could get back on the social network, but it’s hard to tell if he’s telling the truth. As far as we can see, he hasn’t given a reason for his attack on Facebook, only saying that he tried to carry out the attack yesterday but was unsuccessful.

It seems that he has enjoyed plenty of success today, though, apparently bringing Facebook down across Europe. The Next Web reminds us that this is the same Anonymous member who claimed the attack on GoDaddy last month. That attack brought down millions of GoDaddy-hosted sites and kept them down for hours, effectively making millions of site owners angry in the process.

It seems that this was an attack on Facebook’s DNS servers, as trying to access touch.facebook.com brings up the site with no problems. If AnonymousOwn3r is serious when he says that he’s halting his attack on Facebook (and he’s responsible for bringing Facebook down in the first place), then the service should be coming back across Europe soon. If you live in Europe, do you have access to Facebook yet, or is it still down for you?

Don’t get too excited though, because details are still painfully scarce. The jailbreak isn’t ready for prime time yet, and it seems that Paul merely wanted to tweet these images to claim the title of “first to jailbreak the iPhone 5.” If he actually did jailbreak the device, you can bet that Apple is pretty upset that he did it so quickly following the iPhone 5′s launch. After all, Apple already has a problem with people jailbreaking their iPhones, so the fact that one hacker managed to do it in such a short amount of time can’t be sitting too well with the company.

Some people are naturally expressing some skepticism that he’s truly jailbroken the iPhone 5, and to quell those suspicions, Paul posted more images of his iPhone 5 running Cydia. Jailbreaking an iPhone, as many of you already know, allows users to do any number of things, from running homebrew apps to unlocking additional functionality. Many use jailbreaking as a way to tether without having to pay extra, and with many carriers imposing additional fees for tethering these days, it’s an increasingly popular reason to jailbreak your device.

Of course, jailbreaking also allows users to install pirated apps, but the jailbreaking community will tell you that there’s much more to it than just free software. Though Paul has already jailbroken the device, it looks like other iPhone 5 users will be waiting a bit longer for the jailbreak to be made public, either by Paul himself or by someone else. Have a look at our timeline below for more recent news on the iPhone 5.

This morning AntiSec reportedly managed to get their hands on over 12 million Apple IDs and other personal user information, and even posted 1 million of them to a pastebin. Now according to AllThingsD the FBI is calling AntiSec liars after reaching out and receiving this statement in return.

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

the FBI is basically saying these reports are totally false and that they never actually had the information mentioned to begin with. Essentially what this means is FBI is trying to distance themselves from the situation, and wants to get the word out that they are indeed not collecting this type of date. Whether or not this is true remains to be seen.

Now the real question is regarding all the information. If it wasn’t obtained from FBI then were did AntiSec managed to snag well over 12 million Apple IDs? The FBI has even tweeted that the claims are “totally false.” Now the heat is back on AntiSec as they are left to either prove how they got the information from the FBI, or share where it actually came from. Thoughts?

[via 9to5Mac]

The sting operation targeted hackers trading in stolen credit card and bank information. The US FBI has spent two years on the investigation and posed as hackers on forums watching as other hackers swapped methods for breaching servers and stealing data. The investigators also listened in as the hackers talked about creating fake credit cards that would work for purchases in stores and online. Law enforcement agencies say that the probe prevented about $205 million in possible losses on over 411,000 compromised credit cards and debit cards.

Eleven arrests were made in the United States, and 13 others were made in other countries, including Britain and Japan. Searches were also made in Australia. There is no indication of which credit card companies or banks the hackers compromised during the investigation. The investigation saw the FBI create a “carding forum” the participants didn’t know was operated by law enforcement. The forum was called “Carder Profit” and was used as a place for hackers to exchange stolen credit card information. The investigation resulted in the arrest of 24 different men between 18 and 25 years old. Some of them could face up to 40 years or more in prison if convicted. They’re facing charges such as conspiracy to commit wire fraud and access device fraud charges.

[via Reuters]

Nyre claims to be a former Anonymous member that is now against the activities of the notorious hacker group and attacked The Pirate Bay due to Anonymous’ use of the site to publicize its operations. The hacker posted the following message to Pastebin:

“You must be wondering why did I attacked The Pirate Bay. I am Nyre. I am highly against Anonymous. I do not support Anonymous anymore. I sometimes help the feds. The Pirate Bay was a press-release website for Anonymous, then I had a idea, why not take it down? Why not make it impossible for Anonymous? Get on your knees, Anonymous. I am a one-man army. I am not a hacker. I am a security killer. Expect yourself, f******.”

Although the massive DDoS attack against WikiLeaks during the same week seems to be more than a coincidence, no one has stepped forward to claim responsibility yet and there are plenty of groups that may be motivated to take down the whistle-blowing site, even for no good reason at all.

[via WebProNews]

Over the last 24 hours or so The Pirate Bay has been mostly inaccessible in many countries due to a DDoS attack. Interestingly, the pirate website apparently criticized the hacker group Anonymous for launching a DDoS attack against Virgin Media in the UK last week. I can certainly see some disgruntled Anonymous hackers attacking Pirate Bay in retaliation to the criticism.

Reports indicate that many Pirate Bay users believed workarounds were in place that would allow them to access the site once the European censorship started. However, those workarounds aren’t working in the face of the DDoS attack leaving users of the pirate website unable to access. It’s interesting that a group of hackers has been able to take the site off-line while The Pirate Bay has managed to skirt authorities around the world who have attempted the same thing over the years.

[via TorrentFreak]

The details published by the hackers on Pastebin included five pages of twitter usernames and passwords. Reports originally claimed that some celebrity accounts were among those that were hacked, but that hasn’t been confirmed. Twitter has been debunking claims of a large and successful hack. However, the website does note that is still investigating the issue.

No matter how large the breach was or if the accounts were mostly spammers, hackers getting into twitter servers is going to disturb many people. Twitter did send out password resets to accounts that could have been affected. Twitter encourages anyone concerned about security to change their password.

[via Mashable]

People who discover the bugs will still have to report the security issues to Google and then help the security team fix the flaws. Previously, the most a researcher could get as a reward was $3133, a very odd amount. The reward of up to $20,000 per reported bug is undoubtedly hoped to lure more hackers into sharing details with Google rather than selling them on the open market.

However, Forbes reports that hackers say a well-crafted hacking technique could fetch more than $100,000 from government agencies that use the techniques to spy on users secretly. Forbes also reports that one black market seller of exploits claims that the hackers who were able to exploit Chrome in the Google Pwnium contest, winning $60,000, could have earned double that payout by selling the exploit to nefarious hackers.

[via Forbes]

In addition to downloading unauthorized information about the organization’s contacts and clients, he defaced the BPAS website, with statements on the site calling the people in the organization murderers. Among the comments he added were, “An unborn child does not have an opinion, a choice or any rights” and “Who gave you the right to murder an unborn child and profit from that murder?”

Then he went on Twitter and tried to start a viral awareness of what he had done. If he was smart enough to orchestrate that, he must have known that officials would be hunting him down, which they did. They raided is house last month and said they caught him in the middle of trying to delete files from his computer. He admitted to violating Britain’s Computer Misuse Act. His sentence is to remain in jail for two years and eight months. He’ll be locked away until nearly 2014 for his stand against abortion.

[via Daily Mail]

MasterCard has hired an independent data security firm to look into the hack, while Visa has given the affected account number to the banks so that steps can be taken to protect those customers and to help find the hacker. However, the breach affects all major credit card brands, including Discover and American Express.

Although the alerts were sent out today, the estimated window for the breach is between January 21 and February 25. It’s not clear if any accounts have already seen fraudulent charges as a result of the hack and investigations are still in the early stages.

Microsoft found out the proof of concept code was in hacker hands this past Friday when an Italian security researcher named Luigi Auriemma discovered the code on a Chinese website. He found it was identical to what he had provided HP during one of its bug bounty programs. The code he provided was used by HP’s TippingPoint Zero Day Initiative (ZDI) to create a working exploit for the bug program verification work.

Once the exploit was proven to work, it was passed on to Microsoft along with the code that Auriemma had created. ZDI denies it was the source of the leak, but investigation is underway. I’m sure the point where the code was leaked will be discovered. How ironic would it be if one of Microsoft’s partner antivirus companies were discovered to be the leak source?

“Details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protection Program (MAPP) partners,” Yunsun Wee, a director with Microsoft’s Trustworthy Computing group, said in a statement.

“Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements,” Wee added.

[via ComputerWorld]

BBC isn’t the only news agency that’s complained about attacks coming from Iran, Reporters Without Borders is also complained about the Iranian cyber Army reports BBC. Thompson also complained in February that Iran has repeatedly jammed international television stations including BBC Persian TV to prevent citizens from seeing news.

Apparently, the attackers even tried to disrupt the Persian service’s phone lines based in London using multiple automatic calls. Thompson didn’t go into detail on the attacks such as when they occurred and if the attacks were successful in stopping services. We do know is that some parts of the BBC lost access to e-mail and Internet services on March 1, which could’ve been the day of the cyber attacks.

[via BBC]

“Anonymous decided today to besiege your site in response to the doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organisation spreads around the world,” said the hackers in a statement posted to its Italian website. “This attack is not against the Christian religion or the faithful around the world but against the corrupt Roman Apostolic Church.”

The attack comes just a day after a high-profile bust of another hacker group, LulzSec. Five hackers in Britain, Ireland, and the US were charged on Tuesday. The groups, however, are loosely organized and the bust doesn’t seem to be hampering their activities. Today’s take down of the Vatican website comes after a failed attempt last year.

[via Reuters]

“Some NASA systems house sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security, or significantly impair our nation’s competitive technological advantage,” said NASA’s inspector general, Paul Martin, in a testimony before the U.S. House Committee on Science, Space and Technology.

Martin revealed that of the $1.5 billion annual IT budget earmarked for cyber security, NASA spends only $58 million. He said that a November breach involved Chinese-based hackers that broke into NASA’s Jet Propulsion Laboratory and gained full system access and control. This allowed the intruders to modify, copy, or delete sensitive files, user accounts, credentials, and otherwise compromise NASA’s systems.

He detailed another attack last year where intruders stole the credentials of more than 150 employees. There was also an incident where an unencrypted NASA laptop was stolen. The laptop contained algorithms to command and control the International Space Station, sensitive data on NASA’s Constellation and Orion programs, as well as Social Security numbers.

[via Mashable]

Google is actually trying to lure hackers to attack its browser at this years show with the promise of $1 million in rewards. Hackers don’t even have to crack Chrome to win their share of that million-dollar bounty. Some of the money would be paid out for exploiting other bugs. Google is offering $20,000 to anyone who exploits hackable bugs in Windows, Flash, or device drivers. These are security issues, which can affect any browser.

The big money comes if hackers are able to exploit Chrome specific bugs. For each hacked that involves a Chrome specific flaw; Google will pay out $40,000. If an exploit attacks bugs only found in Chrome, the payout is $60,000. Google is also offering a prize money to the first, second and third-place winners of the competition with $60,000, $35,000, and $15,000 respectively. The catch is Google expects anyone wanting to claim its offered prize money to completely reveal the exploits to them, so the exploit can be patched.

[via Forbes]

You can download and read this bill in its entirety here: Senate Committee Homeland Security and Governmental Affairs, downloading files here: The Cybersecurity Act of 2012, S. 2105 and here: Cybersecurity Support Letter: Reid in PDF form. This bill calls upon the Senate and the House to ratify a bill that would, and I quote, guard against the following:

“Hackers are stealing information from Fortune 500 companies, breaking into the networks of our government and security agencies and toying with the networks that power our economy.” – Jay Rockefeller

“A Norton study last year calculated the cost of global cybercrime at $114 billion annually. When combined with the value of time victims lost due to cybercrime, this figure grows to $388 billion globally, which Norton described as ‘significantly more’ than the global black market in marijuana, cocaine and heroin combined.” – Susan Collins

“Alongside terrorism, cybersecurity is perhaps the number one threat facing our nation today, but many obstacles exist that prevent the cooperation and coordination needed to deter this growing threat.” – Dianne Feinstein

“This bill would begin to arm us for battle in a war against the cyber mayhem that is being waged against us by our nation’s enemies, organized criminal gangs, and terrorists who would use the Internet against us as surely as they turned airliners into guided missiles.” – Joe Lieberman

We’ll be taking an extensive read of the bill soon and encourage you to do the same. When rhetoric like the sentences laid out above are dropped, you know good and well there’s something they’d rather you not read too closely in the bill itself. Fearmongering is all I think of whenever 9/11 is invoked, especially when it comes after a giant warning that Anonymous is going to come after us in the night and cut our heads off. Stay vigilant!

[via YourAnonNews]

As ASUS mentions in its rules and regulations for the bootloader unlock tool, “once you activate the App you will not be able to recover your ASUS product (“Original Product”) back to original locked conditions.” This is of course true of any bootloader unlock tool you use, no matter what, so don’t be fearful. On the other hand, if you’ve never unlocked the bootloader on any device you’ve had in the past, it’s probably not the best time to do so just for the fun of it.

Unlocking your bootloader is serious business and is not recommended for the faint of heart or weak of stomach. Once you’ve unlocked the device to that level, you reveal what’s essentially the inner bits of its brain, and one false move could result in the whole system going effectively brain-dead. So go and have fun, team, and keep your belt tight for the difficult parts! Get the Bootloader Unlock tool from ASUS and forever cross your fingers!

Anonymous is also taking credit for things like bringing down the CIA website along with the websites of several other domestic and foreign governments. While the attacks so far have been more focused on embarrassing the target companies, some in the government fear that the group could turn more towards disrupting services. In fact, Anonymous has announced a plan with the goal of shutting down the Internet on March 31 called Operation Global Blackout. However, experts believe the likelihood of Anonymous pulling off such a feat to be very low.

Experts also believe that even if Anonymous could gain the ability to cause limited power outages, the damage caused by these outages would be minimal. Power industry insiders note that the national electric grid has backups allowing the restoration of power quickly if the grid is taken down by cyber attack or other events. For now government officials say countries such as China and Russia that are thought to have the capability to cause a power outage don’t have the desire. The countries that might have the desire to cause a power outage don’t have the capability. However, groups like Anonymous would be more likely to use the ability to cause a power outage if they could fear experts.

[via WSJ]

The photo that replaced the website homepage showed that the responsible parties for the hack were EvilShadow team – 7z1&Ancker. The hackers are apparently from China and at this point, there’s no indication of why they hacked the site. The hackers were also able to upload an additional photo some verbiage the read “Unsafe system will be baptized.”

The part of this hack that will concern people who have done business with the Microsoft Store in India the most is that the database was breached, and passwords were stolen. The passwords were reportedly stored on the server in plain text. As of now, there’s no word on whether credit card data was stolen in the hack.

[via WPsauce]

Of course it’s absurd to expect any such complete forfeiture of a set of stolen codes which could so very easily be copied out and duplicated, so who do we look to questioning the logic behind a cash sum trade to hackers such as this? According to LoD, it was Symantec spokesperson Chris Paden, not the FBI or a federal commission of any kind as many news sources are reporting today. Though Paden is on record saying the following:

“The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation.” – Paden

A series of emails were sent back and forth between YamaTough and a person claiming to be working with Symantec but whom Symantec has since said was working with a law enforcement group they’d been working with specifically for this job. In the email conversation between the two, pasted in PasteBin for your full reading if you wish, the first mention of a cash transaction is made by DoM in their suggestion of a sale of the codes to the highest bidder. It’s the negotiator, on the other hand, that suggests Symantec purchase it first. In the middle of this negotiation is an interesting moment in which YamaTough is asked to provide a set of guarantees to Symantec for the deal:

“What are the guarantees that we wont come back for more? – NONE ofcourse, you have to trust us on this one, if we were really bad guys we would have already released or sold your code at the time of exchanging emails with you which is almost a month – AND WE KEPT SILENT all that time and stuck to our word given to you.” – YamaTough

At this point the negotiator, whose name is unimportant by the way since it’s almost certainly a placeholder “Sam Thomas”, suggests that $1,000 be sent to YamaTough via PayPal so they can continue negotiations. YamaTough disagrees and says they do not work with PayPal – they’ve been speaking about Liberty Reserve (an offshore group for no questions asked transactions) and Sam returns with an offer of the following:

“We are still looking into Liberty Reserve but we have to figure out how to get our money safely into our Liberty Reserve account through an exchanger.

We will pay you $50,000.00 USD total.

However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain.” – Sam Thomas

At this point YamaTough sends the following message:

“Say hi to FBI agents,
It’s funny you do not use your corp account anymore =)
We wonder why is that be that way? =)” – YamaTough

And the stories begin to fly on the web that DoM has discovered an FBI link to the Symantec investigation on the situation. While this is happening, Sam notes that “We are not in contact with the FBI. We are using this email account to protect our network from you.” and appears to send no following messages after another offer of $50,000 total. This brings us up to now.

What’s happening now is DoM is releasing the code bit by bit (and perhaps all at once at some point down the line here) and is suggesting the following:

“The real sting sends money and bust the crooks at the cash pickup =) it wasn’t feds – it was slimey Paden UNEMPLOYED =)” – @YamaTough

And thus is the truth of the matter, in this part of the situation anyway: it would have made one whole heck of a lot more sense for the FBI to have set up a real-world drop of cash for code as they would have had the upper hand without a doubt. Instead the situation appears to be that the negotiators that were actually involved took no such precaution for exchange of cash online and are not falling victim to circumstance and hackers with a taste for trade.

For those of you out there using Symantec software: you likely have nothing to worry about. The codes that DoM are releasing are of pcAnywhere and blueprints for old software that has been long-since outdated. Or so Symantec says. The important part of this equation for Symantec is bad PR as well as a possibility that the codes, once analyzed, may prove to be helpful to competing companies as well as hacker groups hoping to gain some insight into their code-building process.

In the e-mail, Thomas wrote that Symantec would pay $50,000 total the hackers to keep the source code from being posted publicly. The e-mails also show Thomas claimed Symantec wanted to use a payment system with $2500 a month for the first three months and the balance once it was convinced the source code was destroyed. Symantec has confirmed the extortion attempt to CNET and says that they were conducting an investigation in cooperation with authorities.

Symantec also says that the investigation is ongoing, and it will not release the name of law-enforcement agencies that are involved. Presumably, the FBI will be included in the investigation and perhaps other agencies as well. Negotiations broke down before the agreement was in place. Apparently, no money was ever sent. CNET now reports that the 1.2 GB file titled “Symantec’s pcAnywhere source code” has been posted to The Pirate Bay.

[via CNET]

Anonymous also had a news tip pop up this morning on how they’d intercepted a phone call between Scottland Yard and the FBI, this racking them up another notch in their belt for impressive cuts in the hacking world against major targets. What we’ve got here is what Anonymous billed as “Anonymous hacks Boston Police website in retaliation for police brutality at OWS.” The hack project in this case appears to also have resulted in personal information of confidential informants and tipsters was accessed, as as sensitive data surrounding citizen complaints about drug crimes.

“Statement from BPD regarding BPDNews.com hacking incident: The Boston Police Department is working diligently to restore the function of BPDNews.com, the department’s public safety blog. It is unfortunate that someone would go to this extent to compromise BPDNews.com, a helpful and informative public safety resource utilized daily by community members seeking up-to-date news and information about important safety matters. Our skillful technical staff is focused on rectifying this issue. Detectives continue their investigation into individuals engaging in this type of disruptive and criminal activity.” – Boston Police Department

What Anonymous is noting instead is that this attack comes in part because of what they called brutality against Occupy Boston, and part because of an anti-graffiti paraphernalia bill nearly passed in Boston state senate. This bill would have made it illegal not just to perform vandalism in the state, but to possess any instrument, tool, or device with intent of vandalizing – broadness will get you hit!

Cernaianu also offered for sale software that he claimed would allow others to hack into these servers. He even demonstrated in videos how he carried out his attacks on the US government websites. However, the motivations behind his exploits were more to point out security flaws than for financial gain or anything truly malicious.

As TinKode, Cernaianu often published the security flaws of the websites he hacked into over the last few years, including high-profile websites of the US Army, NASA, the UK Royal Navy, the European Space Agency, MySQL, and Google. Regardless of his intentions, authorities claim that his actions have caused significant damage to the servers and hacking into websites is still a crime.

[via PCMag]