Microsoft, the parent company of Skype, has patched a password recovery tool bug that Russian hackers utilized to exploit and gain access to user's accounts with nothing more than their account name and email. According to The Next of Web, they independently verified the five step process and confirmed that it works. Skype made this announcement on its website blog:
Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.
Read More | Skype
Yet another case of malware found on Google Play. A 20-year-old man suspected of an elaborate Android Trojan SMS scheme was arrested in France. The alleged hacker tallied over 17,000 Android users that installed malicious software posed as copy cat apps. The scheme works by sending SMS messages at a premium cost. The hacker then earns a micro-transaction fee, leaving the unsuspecting user with an unexpected hefty monthly bill.
The hacker informed French authorities that he was more motivated by the technical aspect than monetary gain and had goals of becoming a software engineer. Cyber criminals have made inroads into making malware in the Android platform partly because the Google Play Store is open and is not curated and vetted for security like Apple's App Store. Hackers have created clone malware of popular apps like Skype, Instagram, and Angry birds. Some of these apps steal personal information and passwords and can capture pretty much anything you type.
Computer venders Security, like Sophos, strongly advise Android users to be vigilant and also install their free anti-virus security suite.
Read More | The Register
Looks like the site of the Ultimate Fighting Championship (UFC) just got hacked due to the UFC's unwavering support of SOPA. As you can see in the image above, the site now redirects to a placeholder page, and the sub-pages in the site default to a HostGator error page. The hacker group Anonymous is behind this latest attack, as the group has spent the last few days targeting companies that have yet to withdraw their support of the controversial SOPA bill.
BART's troubles with Anonymous hackers continued Wednesday with the apparent hacking of a BART Police Officers Association website and ensuing publication of private data belonging to more than 100 BART police officers.
A Pastebin posting of data obtained in what appears to have been a "serious security breach" of BARTpoa.com, according to Sophos' NakedSecurity blog, includes the names, home addresses, email addresses, and passwords belonging to officers employed by Bay Area Rapid Transit (BART).
And the latest attack on BART may have been done by a self-proclaimed first-time hacker.
Late Wednesday, Twitter accounts associated with Anonymous and the campaign against BART began pointing to a purportedly leaked Internet Relay Chat log in which a user called "Lamaline_5mg" claimed to have broken into the BARTpoa.com database, acting alone and using an SQL injection tool, a common means of network intrusion:
Sony confirmed Tuesday that hackers have managed to obtain personal information Sony stored within the PlayStation Network, possibly including credit cards. The service will be down, at most, another week.
In an update posted to the PlayStation Blog, Sony senior director of corporate communications and social media Patrick Seybold noted that the "malicious actions" has caused Sony to send a email to all of its customers.
That email will tell subscribers that Sony has turned off the PlayStation Network and Qriocity cloud-music service; engaged an outside security firm; and "taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information".
A study by InsightExpress uncovered that 73% of mobile device owners are in the dark about protecting their device and data from Bluetooth hackers. If you fall into this bracket, listen up. There are three ways your gadget can be hacked: with Bluejacking, you’ll start receiving unwanted spam text messages, which can send your monthly bill (and mental state) skyward. The next level is Bluesnarfing, in which a hacker gains access to your data – and copies it for themselves. Most disturbing is Bluebugging, where a hacker can completely control your phone and make calls, obtain data, send texts and even eavesdrop on your calls. Prevention methods are amazingly simple, according to Ooi Szu-Khiam, a Symantec senior security consultant:
1) Turn off any Bluetooth features you’re not using.
2) Try to keep your device’s Bluetooth ID visibility setting at “hidden” so hackers can’t scan and find it.
3) Use passwords with a lot of digits, say 10. The more digits, the longer it takes to crack, if at all.
Read More | ZD Net
Three hackers broke into the United Nation’s website this past weekend, posting the message, “Hey Ysrail and Usa dont kill children and other people Peace for ever No war.” Identifying themselves as “kerem125,” “Gsy,” and “MOsted,” this and other messages were posted on pages that were used for UN Secretary General Ban Ki-Moon. That same group claims to have hacked into several websites. After taking down the “offensive” pages, the original words were put back. Although we are not sure we agree with the means, it seems to have been intended as a caring end.
Read More | BBC
How much longer can it be until some enterprising hacker unveils the multi-color glowing A Button AND Nunchuk mod which will no doubt drain the poor batteries in seconds? I’ll lay money on about 3 weeks…
Read More | WiiCade Forums