Skip to Content

Free TUAW iPhone app -- try it now!
AOL Tech

hacking posts

Filed under: Internet, Security, E-mail, Microsoft

Using Hotmail as a secondary address? Be very careful

by Adam Maras Jul 29th 2009

Windows Live Hotmail

If you're like me, you have at least two email addresses. One of these email addresses is for important business; you hand it out to co-workers, friends, and family, whose emails you actually want to pay regular attention to. The second email address is for other stuff, like signing up for newsletters, shopping online, or creating accounts for services on the web. Also, if you're like me, you might tend to forget to pay attention to that second email address for days, weeks, or months at a time. As it turns out, forgetting to check a free Windows Live Hotmail account might have some dire consequences.

According to the Windows Live help files:
Free Windows Live Hotmail accounts become inactive if you don't sign in for more than 270 days or within the first 10 days after signing up for an account. After an account becomes inactive, all messages, folders, and contacts are deleted. Incoming messages will be sent back to the sender as undeliverable. Your account name is still reserved. However, if the account stays inactive for an additional 90 days, the account name may be permanently deleted. If you don't use your Windows Live ID for 365 days, your Windows Live ID may be permanently deleted.
What does this mean to someone who is using a Hotmail address to sign up for things on the web? It means that, once your year of inactivity has passed, anyone can sign up for a Windows Live account with your expired username. The unintentional side effect of this is that if your Windows Live account expires, one could potentially create an account with the same name and use the password reset function on almost any online service attached to that email address, receive the email with the password (or further instructions) and take over your account entirely without your knowledge. This very technique is how the personal accounts of Twitter employees were taken over by malicious users.

Read more →

Tags: hacking, hotmail, security, windows live hotmail, WindowsLiveHotmail

Filed under: Internet, Kids, Security

Students encouraged to put their hacker skills to good use

by Adam Maras Jul 29th 2009

U.S. Cyber Challenge

Three major federal organizations are looking to include 10,000 high school and college students in what's being dubbed by the Center for Strategic and International Studies the "US Cyber Challenge." CSIS is making three challenges available to young Americans looking to both better themselves in the field of cyber-security and potentially earn themselves a position as a security specialist in one of the high-profile federal organizations (like the NSA or FBI) that deal with security of the utmost importance on a daily basis.

The Air Force Association is putting on the Cyber Patriot Defense Competition; the gist of the competition is to demonstrate the most effective techniques in preventing an attack on a corporate network from malicious intruders. The SANS institute is taking the opposite approach with its Netwars competition, by challenging participants to successfully break into simulated (but realistic) systems in a "capture-the-flag" format game. The Department of Defense Cyber Crime Center provides a less hacking-oriented Digital Forensics Challenge, where teams will use their skills to examine and investigate forensic data manufactured by the Department of Defense to try to gain access to hidden or encrypted data.

According to the AFA, the United States is the single most likely country to experience a crippling cyber-attack from terrorists. Because of this, the CSIS is looking for young students and IT workers who have or are interested in having expertise in the area of computer security. The participants in these challenges will be on the path to a career in security keeping any network safe, from a small corporate intranet to those super-secret documents tucked away by the high-profile federal organizations.

[via Switched]

Tags: defense, education, hacking, security, youth

Filed under: Internet, Security, Browsers

Safari hacked in a flash at Pwn2Own 2009, Firefox and IE8 follow

by Lee Mathews Mar 19th 2009

Security pro Charlie Miller came in to Pwn2Own 2009 with a plan, and things unfolded exactly the way he wanted them to. Within seconds of the competition's start, he had already gained control over the fully-patched MacBook running Apple's Safari web browser.

"It took a couple of seconds. They clicked on the link and I took control of the machine," said Miller. It's safe to say that when Apple proclaimed Safari "the fastest browser on the planet," that they weren't referring to how soon it would fail at the competition.

None of the three browsers on display made it out unscathed: a competitor known only as Nils was the next to overcome Safari, and he later took down Firefox and Internet Explorer 8. It's an important reminder to all of us that - regardless of what browser we're using - someone out there is hard at working looking for an exploit that could put us at risk, too.
[via ZDnet]

Tags: exploit, firefox, hacking, internet-explorer, safari, security, web-browsers

Filed under: Utilities, Linux, Open Source

BackTrack: A penetration testers toolset

Linuxby Alan Silcott Jun 17th 2008

Backtrack 3There are few job titles as misleading as that of the "Penetration Tester." Sure, saying professional computer hacker would be more direct, but have you ever noticed how hackers seem to have a dirty mind? Why else would they want to go phreaking through backdoors?

Anyway, in order for hackers to umm...maximize their penetration; they need the right tools for the job. BackTrack is a bootable Linux CD that is the swiss-army knife of computer hacking tools. Need to crack a password or break into a wifi connection? Backtrack has the tools already configured and ready to go.

As a matter of fact, with over 250 tools to choose from, your problem will be finding the right tool for the job. We recommend a quick YouTube search for common hacking scenarios.

Backtrack is open-source, as are all the included tools. The program is completely free to download and use. Unfortunately, as with most open source software, it may be hard to find support should you experience any problems.

Now that you have the tools, be sure to use them wisely. We are sure your neighbors wouldn't appreciate being brute forced. I am talking about their WiFi, sheesh!

Tags: Hacking, Linux, wifi

Filed under: Audio, Security, web 2.0

Muxtape mucked up: who hacked it?

by Jay Hathaway May 21st 2008

Muxtape, the popular online mixtape service we wrote about earlier this year, appears to have been hacked today. Every song on every Muxtape has been replaced by, "Aim (with Stephen Jones) - Good Disease [Babybird does a Prince thing]." Users can't delete the track from their mixes, and (in our professional opinions) the song isn't even very good.

An update was just posted to the Muxtape blog. No details yet, but they know about the problem and have taken the site down temporarily to fix it.: "This afternoon, someone gained access to our server and caused some problems. We are investigating and will have more information soon. I've taken the site down temporarily as a precaution. Thanks for your understanding, watch this space for an update."

On the plus side for Muxtape, the service has only gotten better since its initial launch. It's now playable from iPhones, and plenty of sites have popped up to catalog the best and most interesting Muxtapes. The site is down right now, presumably being fixed, and we will update this post as we get more information on the battle between Muxtape and Babybird's Prince thing. Is this a publicity stunt by the band, or just a prank?

UPDATE: Muxtape is now saying that this may have been a result of a database problem and not any kind of breakin, but the cause is still undetermined. The site should be back up by tomorrow, and everyone's mixes were probably backed up and should be restored.

Tags: babybird, hacked, hacking, muxtape, prank, publicity stunt, PublicityStunt, stephen jones, StephenJones

  • Tweet this!
  • Comments (2)

Filed under: Games, Utilities, Freeware

Introducing Dark Alex's Time Machine for PSP

by Ian Dumych Feb 16th 2008

PSPPSP developer extraordinaire Dark Alex is at it again, pushing the boundaries of firmware hacking to whole new places. His latest creation, Time Machine, is perhaps his greatest feat yet. This gem of a hack allows one to run previous firmwares on the PSP by use of the Pandora Battery.

Why is this cool? The biggest reason we can see is this: the 1.50 firmware, which is generally the most popular base for homebrew code, does not run on the Slim PSP. However, DaX has managed to create a hybrid 1.50 firmware with modules from 3.40 that runs just fine with Time Machine! This means that PSP slim owners no longer need to worry about compatibility issues.

Check out Dark Alex's personal website for downloads as always, and let us know how it goes in the comments!

Tags: Dark Alex, DarkAlex, Hacking, PSP

Filed under: Internet, Social Software

Coming soon: month full o' MySpace bugs

by Brian Liloia Mar 19th 2007

Ever want to see MySpace crash and burn? Or, are you at least a little tired of the horrific design/coding/everything nightmare that is MySpace? A couple of hackers plan to introduce security vulnerabilities in MySpace next month, revealing one a day as part of the "Month of Bugs" tradition. However, Mondo Armando and Müstaschio, in a kind of satirical, cynical, and humorous fashion, will attempt to subvert both the popular social networking website and the "Month of Bugs" trend simultaneously. From their website, their reasons for this endeavor are as follows:
  • Myspace is important, in that there are a bazillion users and a kajillion dollars involved.
  • "Months of Bugs" are whiny, attention-seeking ploys for acceptance. Myspace's design use is to enable whiny, attention-seeking ploys for acceptance.
  • "Months of Bugs" are annoying, so rather than suffering through another, we figured it'd be better to just create our own where we could at least direct the content a little.
MySpace haters, hackers, coders, and everyone else in-between should look forward to this experiment. What will be the result of spreading word of the Emperor's many vulnerabilities? Only time will tell. Godspeed.

Tags: code, hacker, hacking, month of bugs, MonthOfBugs, myspace, vulnerabilities

Filed under: Video, Windows, Microsoft, Commercial

Microsoft Vista DRM subverted

Windowsby Brian Liloia Jan 31st 2007

Within the past month, both HD DVD and Blu-Ray's AACS protection scheme has been bypassed, and now news has broken of a researcher cracking Vista's DRM scheme. Mind you, Vista just barely hit the shelves. Boing Boing sums it up very nicely:

"As with previous multi-year DRM development efforts, this one disintegrated like wet kleenex on contact with the general public. Now that Vista, HDCP, Blu-Ray and HD-DVD are all broken, it seems like the millions of dollars and thousands of work-hours sunk into these systems was mis-spent. The only benefit that these anti-copying systems confer to the companies that developed them is the right to sue competitors -- and that benefit could have been had by shellacking a one-atom-thick layer of token DRM onto their systems, just enough to be able to invoke the DMCA. Everything else was just gold-plating, wasted money."

So the trend continues. Anything meant to be protected will always be cracked, it seems. Researcher Alex Ionesco's hack bypasses Vista's anti-copying technology and allows for full-res, unencrypted high-def video streams. Due to legal concerns, he has not yet released his code, so it is unknown what will become of his hack. And how will companies respond to the prompt obsolescence of their copyright protection schemes?

Tags: aacs, copyright, drm, hacking, vista, windows

Filed under: Security, News

Hack-attack, Dept. of Commerce bars their doors

by Ryan Carter Oct 9th 2006

Dept of CommerceChinese hackers are apparently trying to access the US Dept. of Commerce's computers, targeting the Bureau of Industry and Security (BIS) network. The Dept of Commerce has responded to the hacking attempt to gain access to user accounts by replacing systems and moving any employee workstations that access the Internet to a non-BIS connected machine. The Department had traced several access attempts to Chinese ISPs, making them nervous and prompting the tightened measures. It isn't often you hear about the pre-hacking preparations taking place. You generally only hear about the hacked and devastated yelling about who didn't do their job and gave up sensitive information.

Tags: dept of commerce, DeptOfCommerce, hacking

Filed under: Internet, Security

Phishing, fighting it, and Netcraft's toolbar

by Ryan Carter Sep 21st 2006

nEtcraft's anti-phishingBrian Krebs of the Washington Post writes about how Banks and other financial institutions are stopping phishers by disallowing the use of their logo and website images via a white-listing technology for outgoing image links. This forces phishers to actually do some work if they want to duplicate the website, since the bank swaps the real images with a fraud warning image. The phishing site thinks it has displayed the image, but it has been duped into using an image that alerts consumers not to use the site. Pretty smart of banks, don't you think? Brian also mentions Netcraft's anti-phishing toolbar, and its near-flawless detection of phishing sites. Personally, I haven't used it, but wanted to see if you had heard of it, and if it is any good. Brian seems to think so.

Tags: Brain Krebs, BrainKrebs, hacking, internet, NetCraft, phishing, security, Washington Post, WashingtonPost

Filed under: Internet, Security, Utilities, Features, Windows, Office, Productivity, Web services, Freeware, P2P

AOL Active Security Monitor review

Windowsby Chris Gilmer Jul 31st 2006

AOL Active Security Monitor
There are tons of threatening viruses, spyware, and other yucky things out there in the world wide web. They have the powers to potentially access your computer if it is not locked down with security software, ensuring there are no kinds of intrusions and any malicious hacking going on. Is your computer protected against the many potentially dangerous things floating around the internet? Do you know for sure? How can you know for sure? And how do you get started and stay on top of your computers security? AOL has made it easier. A whole lot easier at ensuring you know how your computer is doing, staying up to date with its security, and protecting against all things threatening. I recently installed AOL's Active Security Monitor to check out my systems vitals, and how I was doing at staying secure on the machines I connect to the internet with. I knew I was lacking in some areas, but not that much!

Disclosure: Download Squad is owned by AOL. Nonetheless, the following is a completely unbiased review of AOL's Active Security Monitor software by myself. I absolutely loved it, and think it does a very effective job at ensuring users know how secure their computer really is and aiding in increasing security when needed.

Read more →

Tags: active security monitor, ActiveSecurityMonitor, aol, aolasm, asm, browser, computer, firewall, hacking, home network, HomeNetwork, internet, monitor, network security, NetworkSecurity, p2p, pc, peer to peer, PeerToPeer, safety score, SafetyScore, security, spyware, spyware protection, SpywareProtection, utilities, virus, virus protection, VirusProtection, wifi, windows, wireless security, WirelessSecurity, worms, xp

Filed under: Developer, Internet, Security, News, Windows

Find a Windows hole, win $10,000

Windowsby Victor Agreda, Jr. Feb 21st 2006

idefense bountyNo, it's not Microsoft making us do the dirty work, it's iDefense labs, a subsidiary of Verisign. They've announced a quarterly hacking challenge, and each quarter they will offer a different security challenge. Going for the easy target right out of the gate, eh? Here are the details from their site: "For the current quarter, iDefense Labs will pay $10,000 for each vulnerability submission that results in the publication of a Microsoft Security Bulletin with a severity rating of critical. In order to qualify, the submission must be sent during the current quarter and be received by midnight EST on March 31, 2006. The $10,000 prizes will be paid out following the publication of the Microsoft Security Bulletin and will be paid in addition to any amount paid for the vulnerability when it is initially accepted. Only the initial submission for a given vulnerability will qualify for the reward." If you think you've got what it takes, go for it! How hard can it be?

[Via BetaNews]

Tags: hacking

Filed under: Design, Fun, News, Freeware

Lego's response to hacking its product: hack away!

by Barb Dybwad Sep 16th 2005

lego designerIn a rare, extremely cluetrain response from a corporation whose product has been hacked, Lego is actually welcoming the modification to its 3D design program that will enable users to avoid purchasing too many extra blocks when making custom kits. The backstory is that last month Lego launched a new program that lets users make custom Lego designs using the provided free 3D design software, then actually order the kits that would create their custom models. The trouble is, users would sometimes end up over-ordering too many extra bricks because of the way brick packages or 'palettes' contained multiple bags of bricks. The software would generate an order based on which palettes to order, causing a glut of extra bricks -- so users created a database of the type and number of bricks in the bags, and modified the software to display the number of bags to order instead of palettes, bringing the cost of many custom pieces down. Instead of flipping out about users hacking their software, especially when the net result is a loss of revenue for the company, Lego is embracing the modifications. Lego senior producer Ronny Scherer said, "It was a puzzle to us. They took us completely by surprise. We think it's great." Wow, a company embracing its users' efforts to make its tools more useful -- how unfortunately novel.

[Via Slashdot]

Tags: cluetrain, hacking, lego

Featured Time Waster

The World's Hardest Game 2.0 - Time Waster

So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do. Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game. The mechanics of the game are very simple. You are a small red square, ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures
Microsoft Security Essentials
Chromium Pre-Alpha on CrunchBang Linux
Safari 4 Beta
10 Firefox themes that don't suck
IE8 RC1
Download Squad at the Crunchies After-Party
Download Squad at the Crunchies
WordPress 2.7
Cooking Mama: Mama Kills Animals
Windows 7 Hands On
Comodo Internet Security
Android First-look: Amazon.com MP3 Store
Android First-look: Twitroid
Google Reader Android
Android Hands-On
Twine 1.0
Photoshop Express Beta
Mozilla Birthday Cake
Palm stuff
Adobe Lightroom 1.1

 


Follow us on Twitter!

Flickr Pool

www.flickr.com

Most Commented On (7 days)

Recent Comments

More Tech Coverage

AOL Radio

Joystiq

TUAW

Daily Finance

Autoblog

Urlesque

Engadget

WoW

Switched.com

FanHouse