Tag: password

Investigation of password crackers busts site feds say hacked 6,000 accounts

An international law-enforcement crackdown on paid password cracking services has resulted in at least 11 arrests, including the operators of an alleged cracker-for-hire site in the US that prosecutors said compromised almost 6,000 e-mail accounts. Mark Anthony Townsend, 45, of Cedarville, Arkansas, and Joshua Alan Tabor, 29, of Prairie Grove, Arkansas, ran a site called needapassword.com, according to court documents filed this week in federal court in Los Angeles. The site accepted user requests to hack into specific e-mail accounts hosted by Google, Yahoo, and other providers, prosecutors alleged. According to charging documents, the operators would break into the accounts, access their contents and send screenshots to the users proving the accounts had been compromised. The men would then send passwords in exchange for a fee paid to their PayPal account, prosecutors said. “Through www.needapassword.com, defendant and others known and unknown to the United States Attorney obtained unauthorized access to over 5,900 e-mail accounts submitted by customers,” a criminal information filed against Townsend stated. During the time of Tabor’s involvement, needapassword.com broke into at least 250 accounts, a separate charging document claimed. Read 3 remaining paragraphs | Comments

View original post here:
Investigation of password crackers busts site feds say hacked 6,000 accounts

Microfluidics panel could add physical buttons to a touch screen

Tactus Technology Tactus Technology has created a microfluidics panel that could be overlaid on touchscreens to produce “buttons,” per a report from CNET. The panel would allow smartphones to create a bunch of nubs over the keyboard keys on touch screens to help guide typists’ fingers. Some smartphone users are still lamenting the loss of tactile keys like those on a Blackberry, but QWERTY keyboards are hard to justify in terms of real estate when a touch screen can use that space better. A keyboard add-on is a possibility, but one pretender to the Blackberry throne, the Typo, has gotten a mixed reception . Tactus Technology Tactus’ system would put a 0.75 to 1 millimeter-thick microfluidics panel over a device’s LCD instead of glass or plastic. A sub-layer of the panel would be punctured with 200-nanometer holes, through which fluid would be pressed to raise the flexible surface of the screen when the operating system called up some buttons. Read 1 remaining paragraphs | Comments

View original post here:
Microfluidics panel could add physical buttons to a touch screen

Tivo lays off 5 hardware engineers but says it won’t abandon its boxes

The TiVo box itself got a slight aesthetic makeover… Something’s afoot at Tivo, and it started today with five lay-offs. Wired reporter Roberto Baldwin had the initial report , claiming that five layoffs from the company’s hardware division left “a skeleton crew of two engineers,” indicating an official exit from the hardware business. Baldwin’s sources within Tivo may have been overstating the situation, though. Subsequent reports feature comments from Tivo’s Vice President of Corporate Communication Steve Wymer, where he emphatically denies that Tivo is abandoning hardware. What Wymer doesn’t do, however, is deny the layoffs. An update to the original Wired piece indicates that Tivo will work with third-party designers for subsequent hardware. Tivo hardware has been a saga of gradual iterations, with each successive generation adding features and capabilities. Ars’ Nathan Matisse reviewed  the company’s latest hardware, the Tivo Roamio, and had heaps of praise—after he went through the hellish setup process. At CES this year, Tivo didn’t have new consumer hardware, but instead met with network operators to discuss its new NDVR hardware, which moves the Tivo experience entirely to the cloud. Moving content recording, discovery, and delivery into the cloud has a lot of appeal for operators who want more control over viewers’ content. Read 1 remaining paragraphs | Comments

See the original post:
Tivo lays off 5 hardware engineers but says it won’t abandon its boxes

Supreme Court will hear case on police search of cell phones

On Friday, the Supreme Court said that it would weigh in on whether it is legal for police officers to search the contents of a suspect’s cell phone when they are arrested. Specifically, the high court will take up two cases from California and Massachusetts, both arising from criminal prosecutions, that have brought to question the admissibility of evidence obtained through a search of the suspect’s phone after arrest. The legal decision will come down to whether searching cell phones without a warrant is a violation of the Fourth Amendment, which prohibits unreasonable search and seizure. Earlier court precedent has allowed police officers to search all the items that a person has on them at the time of arrest. But as phones have grown to include e-mail, bank history, and location data, the potential problems with the old standards have become more apparent. A Supreme Court ruling, at least, would give some clarity as to how such situations should be handled. Reuters notes that 91 percent of Americans now have cellphones, and over half of those can connect to the Internet. Read 4 remaining paragraphs | Comments

Read more here:
Supreme Court will hear case on police search of cell phones

Sleeping spacecraft Rosetta nearly ready to wake up for comet landing

ESA The Rosetta spacecraft is due to wake up on the morning of January 20 after an 18-month hibernation in deep space. For the past ten years, the three-ton spacecraft has been on a one-way trip to a 4 km-wide comet. When it arrives, it will set about performing a maneuver that has never been done before: landing on a comet’s surface. The spacecraft has already achieved some success on its long journey through the solar system. It has passed by two asteroids—Steins in 2008 and Lutetia in 2010—and it tried out some of its instruments on them. Because Rosetta’s journey is so protracted, however, preserving energy has been of the utmost importance, which is why it was put into hibernation in June 2011. The journey has taken so long because the spacecraft needed to be “gravity-assisted” by many planets in order to reach the necessary velocity to match the comet’s orbit. Rosetta’s path through the inner Solar System. When it wakes up, Rosetta is expected to take a few hours to establish contact with Earth, 673 million km (396 million mi) away. The scientists involved will wait with bated breath. Dan Andrews, part of a team at the Open University who built one of Rosetta’s on-board instruments, said, “If there isn’t sufficient power, Rosetta will go back to sleep and try again later. The wake-up process is driven by software commands already on the spacecraft. It will wake itself up autonomously and spend some time warming up and orienting its antenna toward Earth to ‘phone home.’” Read 10 remaining paragraphs | Comments

View original post here:
Sleeping spacecraft Rosetta nearly ready to wake up for comet landing

Point-of-sale malware infecting Target found hiding in plain sight

Cyberslayer Independent security journalist Brian Krebs has uncovered important new details about the hack that compromised as many as 110 million Target customers, including the malware that appears to have infected point-of-sale systems and the way attackers first broke in. According to a post published Wednesday to KrebsOnSecurity, point-of-sale (POS) malware was uploaded to Symantec-owned ThreatExpert.com on December 18, the same day that  Krebs broke the news of the massive Target breach . An unidentified source told Krebs that the Windows share point name “ttcopscli3acs” analyzed by the malware scanning website matches the sample analyzed by the malware scanning website . The thieves used the user name “Best1_user” to log in and download stolen card data. Their password was “BackupU$r”. KrebsonSecurity The class of malware identified by Krebs is often referred to as a memory scraper, because it monitors the computer memory of POS terminals used by retailers. The malware searches for credit card data before it has been encrypted and sent to remote payment processors. The malware then “scrapes” the plain-text entries and dumps them into a database. Krebs continued: Read 2 remaining paragraphs | Comments

Continue reading here:
Point-of-sale malware infecting Target found hiding in plain sight

Google Play Movies & TV comes to iOS, minus the store and offline support

Google loves itself some iOS apps. Its newest addition to Apple’s platform is Google Play Movies & TV , Google’s video content store. To call the app a “store” on iOS is a bit of a misnomer, as buying content from the iOS app isn’t possible, thanks to Apple’s restrictions. What it  can do is play existing content that you’ve purchased on an Android device or through the Google Play Web interface . There isn’t much to the app. Movies and TV shows are broken out into separate categories, and everything is displayed as a large thumbnail. The individual content pages show a short description, a minimal list of credits, and the all-important “play” button. The app supports Google’s Chromecast via a button in the top right corner, and that’s about it. It’s simple, but a movie player doesn’t really need to be complicated. Compared to the Android version, there are a few things missing. The lack of a store means Google’s recommendation engine is missing too, which leads to of a lot of blank-looking pages. The biggest omission is offline support—there is no way to download a video for later offline viewing, so make sure you have a great Internet connection before pressing “play.” In fact, the app doesn’t work over a cellular connection at all—Wi-Fi is required. Read 2 remaining paragraphs | Comments

Visit site:
Google Play Movies & TV comes to iOS, minus the store and offline support

New DoS attacks taking down game sites deliver crippling 100Gbps floods

Online gamers such as these ones often stream their play in real time. Twitch Recent denial-of-service attacks taking down League of Legends and other popular gaming services are doing more than just wielding a never-before-seen technique to vastly amplify the amount of junk traffic directed at targets. In at least some cases, their devastating effects can deprive celebrity game players of huge amounts of money. As Ars reported last week, the attacks are abusing the Internet’s Network Time Protocol (NTP), which is used to synchronize computers to within a few milliseconds of Coordinated Universal Time . A command of just 234 bytes is enough to cause some NTP servers to return a list of up to 600 machines that have previously used its time-syncing service. The dynamic creates an ideal condition for DoS attacks. Attackers send a modest-sized request to NTP servers and manipulate the commands to make them appear as if they came from one of the targeted gaming services. The NTP servers, which may be located in dozens or even hundreds of locations all over the world, in turn send the targets responses that could be tens or hundreds of times bigger than the spoofed request. The technique floods gaming servers with as much as 100Gbps, all but guaranteeing that they’ll be taken down unless operators take specific precautions ahead of time. Among the targets of this new type of attack are game servers used by celebrity players who broadcast live video streams of their gaming prowess that are viewed as many as 50,000 times. In some cases, the massive audiences translate into tens of thousands of dollars per month, as ads are displayed beside video feeds of the players blowing away opponents in Dota 2 and other games. Read 8 remaining paragraphs | Comments

Excerpt from:
New DoS attacks taking down game sites deliver crippling 100Gbps floods

DoS attacks that took down big game sites abused Web’s time-sync protocol

69 percent of all DDoS attack traffic by bit volume in the first week of January was the result of NTP reflection. Black Lotus Miscreants who earlier this week took down servers for League of Legends, EA.com, and other online game services used a never-before-seen technique that vastly amplified the amount of junk traffic directed at denial-of-service targets. Rather than directly flooding the targeted services with torrents of data, an attack group calling itself DERP Trolling sent much smaller-sized data requests to time-synchronization servers running the Network Time Protocol (NTP). By manipulating the requests to make them appear as if they originated from one of the gaming sites, the attackers were able to vastly amplify the firepower at their disposal. A spoofed request containing eight bytes will typically result in a 468-byte response to victim, an increase of more than 58 fold. “Prior to December, an NTP attack was almost unheard of because if there was one it wasn’t worth talking about,” Shawn Marck, CEO of DoS-mitigation service Black Lotus , told Ars. “It was so tiny it never showed up in the major reports. What we’re witnessing is a shift in methodology.” Read 4 remaining paragraphs | Comments

More:
DoS attacks that took down big game sites abused Web’s time-sync protocol

Hackers use Amazon cloud to scrape mass number of LinkedIn member profiles

Image courtesy of TheTruthAbout. Image courtesy TheTruthAbout LinkedIn is suing a gang of hackers who used Amazon’s cloud computing service to circumvent security measures and copy data from hundreds of thousands of member profiles each day. “Since May 2013, unknown persons and/or entities employing various automated software programs (often referred to as ‘bots’) have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages,” company attorneys alleged in a complaint filed this week in US District Court in Northern California. “This practice, known as ‘scraping,’ is explicitly barred by LinkedIn’s User Agreement, which prohibits access to LinkedIn ‘through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members.'” With more than 259 million members—many who are highly paid professionals in technology, finance, and medical industries—LinkedIn holds a wealth of personal data that can prove highly valuable to people conducting phishing attacks, identity theft, and similar scams. The allegations in the lawsuit highlight the unending tug-of-war between hackers who work to obtain that data and the defenders who use technical measures to prevent the data from falling into the wrong hands. Read 7 remaining paragraphs | Comments

See more here:
Hackers use Amazon cloud to scrape mass number of LinkedIn member profiles