If your child, or someone you know, received a My Friend Cayla doll, a Furby Connect doll, a Q50 children’s smartwatch, or a Sphero BB-8 droid (or quite likely one of a number of other toys or devices aimed at children, and that connect to the Internet via Bluetooth), that device – and thus the child who plays with it or uses it – is at risk of being hacked, personal data stolen, and even a hacker talking to the child, all because of unsecure Bluetooth connections.
Yahoo today released a statement indicating that a data breach that occurred in 2014 may be the most massive breach yet. Moreover, Yahoo is claiming that they believe that the 2014 breach was “state-sponsored”.
The BBC is reporting that there seems to have been a massive data breach of 200 million Yahoo accounts, with the data – which appears to be from 2012 – being offered for sale for 3 bitcoins ($1805 USD).
If you ever wondered just who gives in to ransom demands from hackers (which experts always agree one should never do), well, the answer today is Hollywood Presbyterian Medical Center hospital. And to the tune of $17,000 (in the form of 40 bitcoins).
The hacker group known as Anonymous has declared cyber war on ISIS (the Islamic State, which also goes by ISIL and Daesh). While Anonymous has actually stated this previously, they have stepped up their game, and their public announcements of this war on ISIS, following last Friday’s attacks in Paris. In response to the announcement, ISIS released their own statement, calling Anonymous “idiots”.
By now you’ve probably heard about Andy Greenberg’s expose in Wired about driving a Jeep while hackers – wireless carjackers – hacked into it. Of course, Internet Patrol readers who read our Can Your Car Be Hacked Through its Onboard Wireless were probably not surprised by this turn of events, because they already knew that the answer to that question was “yes”.
A lightbulb as a port of entry for a hacker to steal your wifi password? Yes! Specifically the LIFX smart lightbulbs, but it could be any smart bulb, or for that matter any other “smart” thing connected to that Internet of things.
A hacker, who goes by the name “Guccifer”, has hacked the email accounts of former president George W. Bush, as well as the accounts of his family and friends, and has taken to posting his findings online, including private photos, emails and private home addresses. Guccifer told The Smoking Gun, who broke the story, that he isn’t worried about the feds coming after him because they have actually been investigating him for awhile and this latest stunt is “just another chapter in the game.”
With one simple tweet, “#tangodown godaddy.com…Hello everyone who wanna me to put 99% of the global Internet in #tangodown?” one lone hacker, with the Twitter handle, “AnonymousOwn3r,” took down internet giant GoDaddy.com, causing an outage to the GoDaddy site, 1000s, if not millions, of sites that have GoDaddy-hosted sites, and their DNS, GoDaddy hosted e-mail accounts, and GoDaddy phone service. #tangodown is taken from a military term, meaning a target was successfully attacked. Hackers also use it when it means that a website has been taken offline.
Death by CAPTCHA is a company that has figured out a way to bypass security CAPTCHAs by offering their technology to solve CAPTCHA phrases. While this may sound like celebratory news for those who are tired of face-palming every time they try to read the twisted words provided by websites looking to make things secure for their users, in reality, it is a gateway to spam.
While Dropbox file-sharing service is intended to be a mostly consumer-based product, many companies use it as a means to share files between employees. The problem with using cloud-based services, such as Dropbox, for business purposes is that businesses don’t have proper controls over the data stored in the cloud. This was driven home this week when Dropbox announced that an employee’s password was stolen and the hackers made off with some sensitive information, including user email addresses which led to the spamming of Dropbox’s European user-base.
A Magistrate has recommended to the Federal court in Maine that a bank (in this case Ocean Bank of Maine) has no liability, even though it allowed hackers to remove more than $500,000 from one of the bank’s customers accounts. The customer, Patco Construction, had been the victim of the Zeus trojan, which steals passwords once surreptitiously installed on a victim’s computer.
Lots of you are asking lots of questions about the Sony PlayStation Network (“How was the Sony Play Station Network taken down?”, “Who hacked the the Sony PlayStation Network?”, “Is it true that it was done with rooted Sony PSP handhelds?”, and, perhaps most importantly, “Is the Sony PSN secure now?” To bring you up-to-date, if you are scratching your head right now, first, the Sony PlayStation Network (referred to in shorthand as the “PSN”) was taken down last month in a concerted cyber attack which, at first Sony claimed was down due to “maintenance” but, eventually, they admitted that a hacking attack had taken them down. The hacker or hackers also caused Sony’s Qriocity services to go down. Oh, and wait – it also extended to the Sony Online Entertainment network. In short, if you have ever completed any transaction online with Sony, you need to treat your identity and credit card information as compromised.
If you have ever had an account – even just to leave comments to articles and posts – on Gizmodo, Lifehacker, Gawker, Jezebel, io9, Kotaku, Deadspin, Fleshbot or Jalopnik, then you are in for a nasty surprise. Odds are good that your account has been compromised, and your user name and password posted on the Internet, as the result of security breach of Gawker Media’s servers that happened over the weekend. Gawker media does get points for alerting all of their users as soon as they discovered the breach (about 10 minutes ago as of the time of this posting on 6:20 p.m. PST on Monday, December 13th, 2010).
If you think that politics makes for strange bedfellows, take a look at the effort to raise public awareness about cybercrime. Because we’ve seen no stranger pairing than the partnership between rapper Snoop Dogg (of Snoop Doggy Dogg fame) and Internet security outfit Symantec, of Norton Antivirus fame. In their “Hack is Wack” (“wack” as in “wacky”, even though we think it should be “Hack is Whack” as in “we’re going to whack those hackers” – but what do you expect from someone who spells it “Dogg” instead of “Snoop Dog”?) contest, average Joes and Janes can submit a rap-like anti-cybercrime message of any length under two minutes, in the hopes of winning a prize that includes a tricked-out laptop, a trip for two to LA to meet with Snoop’s management, and two tickets to a Snoop Dogg concert. Woof.