hacker posts

Twitter's internal documents: stolen, boring

by Jay Hathaway Jul 15th 2009

Some internal Twitter documents were recently compromised by a hacker who offered them to various tech websites for publication. Other than the illicit way they were obtained - via some weak passwords set by Twitter employees, Biz Stone suggests in a blog post - the documents are pretty boring. TechCrunch, as you might expect if you're at all familiar with that blog, has gone ahead and published some of them anyway, because Twitter's financial projections and the details of the Twitter TV show pitch have "so much news value."

Most of the arguments against revealing this information have been made on ethical grounds, resulting in TechCrunch's Mike Arrington responding with a lecture about the history of news, and citing cases where published info has been obtained in similarly shady ways.

Fair enough. That's the news business sometimes, and Twitter can take action if they don't like the decision to publish. In fact, Biz's blog post suggests they're looking into it. "We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents," he writes.

My problem with sites that publish this stuff is that it's ultimately pretty boring, and the attention and extra pageviews that come their way are because of the controversy, not because of some inherently interesting new story. The story here is "hacker compromises Twitter documents" not "we now know a little bit more about the Twitter TV show."

Wake me up when this is all over.

UPDATE: The hack wasn't due to weak passwords, says Twitter's Evan Williams.

Tags: controversy, documents, hacker, stolen, techcrunch, twitter

Filed under: Business, Developer, Internet, Security, Commercial, Open Source

Does software piracy hurt the open source community?

by Danny Mendez Jul 30th 2008

Louis Suarez-Potts, the community manager for the open-source Open Office project, says software piracy also hurts the open-source community, and though it can be argued that open-source is bad for innovation, most of us love the open source community. So does the occasional pirated piece of software really hurt our beloved open source projects?

Suarez-Potts thinks it's bad for everyone including the open source community since pirated software theoretically takes "customers" away from open source projects. For example, a college student may never end up downloading Open Office since he copied Microsoft Office from a friend, but that's not to say it hurts the money-makers like Microsoft at all. A little bit of piracy helps to establish big company's products as "the standard", hurting open source projects even more and making it harder for them to get their foot into a user's door.

Now we'd like to pose a question: Like the college student used in the example above, does pirating software generally prevent you from trying Open Source software or would you have put the cash down anyway even if you couldn't get it for free?

Tags: community, hack, hacker, hackers, open, open source, OpenSource, piracy, pirate, software

Filed under: Internet, News, E-mail

Federal government knocks California state websites offline

by Brad Linder Oct 4th 2007

Sometimes the cure can be more painful than the disease. Case in point: the federal government tried to help a California county website recover from a hacker's attack yesterday and wound up knocking every California state website offline for 7 hours.

Here are the details. A hacker had diverted traffic from the Marin County website so that visitors found themselves looking at porn. That's bad. But when the feds tried to lend a helping hand, the accidentally "deleted the ca.gov domain."

While that did prevent users from finding naughty pictures when searching for Marin County services, it also meant Californians couldn't get information about vehicle or voter registration or find contact information for Arnold Schwarzenegger's office. Oh yeah, and California state employees couldn't reliably send or receive e-mail.

By last night everything was restored to normal. but it just goes to show, it's hard to find good help these days.

[via Techdirt]

Tags: ca.gov, california, hack, hacker

Filed under: Business, Developer, Internet, Security, Web services, Google, Search, web 2.0

Google Gmail hijacking

by Chris Gilmer Sep 26th 2007

Your open Gmail account could be in severe jeopardy, thanks to a malicious script that initiates itself when a website is viewed,

The tables have turned from hacking your computer, to hacking your virtually stored information. Supposedly hackers are not seeing the benefits of attacking your protected and firewalled computer these days, and are much happier to go after hacking Web 2.0 API's. Such is the case in a recent exposure of a critical process that executes a filter looking for specific incoming emails, sending them to another email address for snooping and prying. The filter would be in place until the Gmail account owner deletes it from the Settings>Filter menu.

Gnucitizen broke the news on this, and it has been verified by a few sources. He is not planning on demonstrating this process, or releasing more details on findings until Google has fixed this concern. He is also urging that others do not expose anything until they have notified Google and a fix is implemented. But does say that the hacks are out in the open for anyone searching Yahoo or Google.

Tags: api, email, filter, gmail, gmail-hijack, google, hack, hacker, malicious, web2, web2.0, yahoo

Filed under: Business, Developer, Internet, Security, Yahoo!, Troubleshooting

Trojan in banner ad avoided security testing

by Chris Gilmer Sep 12th 2007

Yahoo! owned RightMedia has been serving ads to popular networks such as MySpace, Bebo and Photobucket that could wreak havoc on visitors' machines.

The Trojan which was reported to have been inserted by a third party ad server, was tracked down to RightMedia. The infected banner ad supposedly ran several million times over a three week period after it was first spotted on August 8th by a web security company before it was removed.

The ads used Flash to load an invisible iFrame which in turn would load content in from another website. RightMedia has said that it has systems in place to test and determine whether ads contain malicious code, and will flag them appropriately. Upon further investigation of the ad, code inserted was actually designed to tell the difference between RightMedia's protection systems and not display the Trojan when the company ran the testing process.

All we can say is, "Hello Firefox with AdBlock!"

Tags: code, flash, hacker, iframe, malicious, rightmedia, security, virus, yahoo

Filed under: Business, Security, E-mail, Troubleshooting

Pfizer computers sending Viagra spam?

by Chris Gilmer Sep 7th 2007

Pfizer is a pretty big drug manufacturer is it not? Then why have they been hawking Viagra and fake Rolex watches through their email network?

Apparently some of Pfizers computers have been sending out emails that are not part of their marketing efforts. Malware has infected a number of the drug giant's computers and instructed them to send out spam on behalf a very ingenious hacker that has penetrated their systems that should have been well sealed up. A security based company let Wired into what was happening, and has stated that Pfizer's computers have been sending out spam for the past six months from over 138 different Pfizer IP addresses hawking their own goods, as well as junk stocks and penis enlargement products.

There is no word from Pfizer whether they know what's going on inside their own computer network yet. Maybe they are keeping it a little hush hush for now until quarterly earnings prove that the hacker's efforts are affecting their bottom lines in a good way.

Tags: email, hacker, malicious, pfizer, security, spam

Filed under: Blogging, E-mail, Web services, Google, Troubleshooting

Blogger infections

by Chris Gilmer Aug 31st 2007

Some Google Blogger users have been stung with attacks over the past little while, causing disturbing infections. Or is it just a case of the splogs.

Malicious hackers have supposedly been successful in gaining access to some blogs and posting fake entries with weblinks that lead to infectious downloads on Windows PC's. A security researcher started noticing the corrupt links turning up in Blogger accounts on August 27th. Since then hundreds of blogs have been reported to contain the malicious links. The researcher could not tell how the links were posted. They could have been posted through a Blogger exploit, through a feature that lets users email an entry, or the blogs could have been also set up solely to host spam and no hacking could have occurred at all.

So far the links appear to pose as YouTube links, others are looking for software testers, and others are links to supposed digital greeting cards. No word from Google on the matter.

Tags: blogger, code, email, google, hacker, infections, malicious, splogs, youtube

Filed under: Internet, Security

Job seekers get hacked, Fed says phishing to result

by Ted Wallingford Aug 31st 2007

People applying for federal jobs recently had their personal information stolen by a crafty hacker that nailed the USAJobs web site, operated by the Office of Personnel Management. Some 146,000 job applicants hoping to get a job with the fed instead may find themselves the victims of identity theft. Although the fed insists no social security numbers were compromised, the information stolen is still quite valuable.

Security experts (people who, like O.J., speculate how they would've accomplished an illegal feat "if they did it") believe that the information stolen will be used to phish additional information from Monster.com subscribers (the USAJobs web site is powered by Monster--the inspiration for our blue friend in the picture). So, if you've applied for a federal job recently using USAJobs, it might be wise to use caution when corresponding with Monster by e-mail or web. Office of Personnel Management is sending letters to subscribers to alert them of possible counterfeit e-mails. Individuals who receive a suspicious e-mail regarding a federal job search should forward the e-mail to mayday@fedjobs.gov.

Tags: fed, federal government, FederalGovernment, hacker, identity theft, IdentityTheft, jobs, monster

Filed under: Business, Internet, Security, E-mail

Government emails hit by hacker

by Chris Gilmer Aug 31st 2007

Government and embassy email accounts were penetrated by a 'hacker' recently, with passwords posted live for all to see.

This 100 email account information highjacking involved government agencies and embassies worldwide. Accounts penetrated include foreign ministries in Iran, Indian embassies in the US, the UK visa office in Nepal, and the Russian embassy in Sweden. The 'Hacker', a so called freelance security expert, was doing an experiment and came across the information by accident. Then he found it necessary to repost the information on a website.

All of the involved parties have been contacted by Computer Sweden, the company that found the leaks, some confirmed the leaks, but most denied to comment. Time to beef up the security boys.

[via infoworld]

Tags: email, hacker, security

Filed under: Internet, Security, News, Symantec

Most hack attacks originate in the US says report

by Grant Robertson Mar 20th 2007

More hack attacks originate from inside the US than from anywhere else on earth and, increasingly they're coming from more organized and focused groups. Those are the findings of a report released yesterday by security firm Symantec.

The US was the source for 31 percent of attacks, with China following a distant second at 10 percent according to the report. To make matters worse, thanks to this vibrant underground run-amok, your credit card info can be purchased for as little as $1 US, and full sets of identification credentials (name, address, mother's maiden, etc) can be had for only $14 bucks. Yikes!

In unrelated news, my name will be Robert Paulsen from here on out. I got a sweet deal too!

Tags: hack, hack attacks, hack statistics, HackAttacks, hacker, hackers, HackStatistics, security, statistics

Filed under: Internet, Social Software

Coming soon: month full o' MySpace bugs

by Brian Liloia Mar 19th 2007

Ever want to see MySpace crash and burn? Or, are you at least a little tired of the horrific design/coding/everything nightmare that is MySpace? A couple of hackers plan to introduce security vulnerabilities in MySpace next month, revealing one a day as part of the "Month of Bugs" tradition. However, Mondo Armando and Müstaschio, in a kind of satirical, cynical, and humorous fashion, will attempt to subvert both the popular social networking website and the "Month of Bugs" trend simultaneously. From their website, their reasons for this endeavor are as follows:

Myspace is important, in that there are a bazillion users and a kajillion dollars involved.
"Months of Bugs" are whiny, attention-seeking ploys for acceptance. Myspace's design use is to enable whiny, attention-seeking ploys for acceptance.
"Months of Bugs" are annoying, so rather than suffering through another, we figured it'd be better to just create our own where we could at least direct the content a little.

MySpace haters, hackers, coders, and everyone else in-between should look forward to this experiment. What will be the result of spreading word of the Emperor's many vulnerabilities? Only time will tell. Godspeed.

Tags: code, hacker, hacking, month of bugs, MonthOfBugs, myspace, vulnerabilities

Filed under: Business, Internet, Video, Web services, Apple

QuickTime vulnerability patched

by Chris Gilmer Jan 30th 2007

Woops, seems like our friends at Apple had left a back door open for hackers to enter through QuickTime. It seems like no matter what companies do, hackers always find a way to penetrate and drop harmful code in. Don't worry, Apple has it fixed now with a patch, but the issue in question stemmed from a concern about a buffer overflow. When QuickTime processes a Real Time Streaming Protocol URL it directs the player to a streaming file, and allows the user to play and pause the file. During the buffer overflow, a hacker could have penetrated through a malicious RTSP URL embedded into a web page that would open a door to run code on the user's machine.

You can grab the patch now at Apple's download page, or through the Apple Software Update service.

Tags: apple, bug, downloads, hacker, itunes, rtsp, streaming, url

Filed under: Windows, Yahoo!, P2P

Yahoo! Messenger ActiveX flaw fixed

by Chris Gilmer Dec 18th 2006

Yahoo! fixed a little flaw this week in Yahoo! Messenger for Windows that could have been used by hackers. The flaw was in the ActiveX control and allowed hackers to crash a chat session and Internet Explorer. Worse, it could have executed malicious code on the victim's machine. The initiation could have taken place if hackers prompted users to view HTML code that linked to a web site with malicious code.

Not to worry, though--Yahoo! has this "highly critical" bug all fixed, and is recommending that users who downloaded Yahoo! Messenger before November 2nd to install the new 8.1 update.

Tags: activex, chat, hacker, im, instant messanger, InstantMessanger, malicious, messenger, yahoo

Filed under: Security, News

Botnet do da jailhouse rock

by Ryan Carter Sep 18th 2006

Christopher Maxwell, of California was sent to prison for 37 months (3 years) for using viruses to plant adware on people's computers, netting over $100,000. His ring of hackers broke into 629,000 PCs (most running Windows) including several at government installations. Chris is the latest criminal and hacker (no they aren't the same thing) to be jailed for computer crimes in recent months. Botnet (Chris's operation) has been officially shut-down and the good people who were infected by Chris's viruses I'm sure still have the software on their systems. That will keep Geek-Squad in business for a long time. Chris, we're hurt that you would do such a thing. The only question on all of our minds is why?

Tags: botnet, hacker, security, Windows

Filed under: Business, Developer, Windows, Microsoft, Commercial, Freeware

Windows Genuine Advantage workarounds

by Victor Agreda, Jr. May 1st 2006

So let's just say, hypothetically, that your copy of Windows XP isn't "genuine." If you're tired of seeing the warning that alerts you to this fact, there's now a workaround to disable the WGA notifications. Does it work? Honestly I don't know, because every version of Windows I touch appears to be the real thing. And of course, I'm not here to advocate piracy. But the incessant twiddling of this whole WGA issue is kind of a mess, isn't it? Already pirates have figured out how to disable the check. Now you can disable the warnings, so it's like WGA doesn't even exist. It makes me wonder why MS is putting all versions of Vista on one optical disc, essentially setting up a very low-hanging fruit for potential pirates... But maybe that's the plan?

Tags: hacker, piracy, pirate, software, wga, windows genuine advantage, WindowsGenuineAdvantage

Featured Time Waster

Graveyard Shift - zombie-busting Time Waster

With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet. They key to getting good at Graveyard Shift is learning to use ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures

Download Squad at the Crunchies After-Party

Android First-look: Amazon.com MP3 Store

Flickr Pool

www.flickr.com

Download Squad bloggers (30 days)

#	Blogger	Posts	Cmts
1	Jay Hathaway	112	5
2	Lee Mathews	77	34
3	Sebastian Anthony	49	163
4	Brad Linder	38	7
5	Jason Clarke	32	0
6	Grant Robertson	8	10
7	Victor Agreda, Jr.	7	1
8	Dolores Parker	7	2
9	Nik Fletcher	4	0
10	Matt Heerema	3	3
11	Paul O'Brien	2	0
12	John Burke	1	0
13	Download Squad Staff	1	0

More Tech Coverage

Control Shift It's all about the experience
Somewhat Frank Perspectives on tech as it fuses in everyday life
Switched Gadgets, web news and commentary
Urlesque Exposing bits of the web

Download Squad