Limn 8: a social science journal issue devoted to hacking

Gabriella Coleman is the hacker anthropologist whose work on the free software movement, Anonymous and the Arab Spring, the politicization of hacking, and the true role of alt-right dank memes in the 2016 elections are critical reading for the 21st century. Read the rest

$70 Hackintosh matches MacBook Pro

Snazzy Labs built a startlingly powerful Mac with only $70—editing the video above on it to prove it!

Read the rest

Justice Dept. to charge 2 Russian spies and 2 criminal hackers with 2014 Yahoo breach of 500 million accounts

Before today's anticipated announcement by the Justice Department, more details are already leaking out about who they're after: “two Russian spies, and two criminal hackers.”

Read the rest

Yahoo reveals hackers took a further 1 billion accounts (phone, DoB, names, emails)

Just a few months after Yahoo disclosed a 2014 breach of 500 million user accounts, the company today revealed this was preceded by a 1 billion account breach in 2013, in which the hackers took everything: hashed passwords, names, email addresses, phone numbers, dates of birth, and possibly the tools necessary to forge login cookies that would bypass password checks altogether.

Read the rest

How to browse privately in public

This fellow cut the polarizing film from a $20 thrift store monitor and put film on a pair of eyeglasses to make a display that looks like a black screen to everybody but him. This is a good way to enjoy photos of Rubik's Cubes without anyone catching you. Read the rest

Plaintext passwords galore in huge AdultFriendFinder hack

AdultFriendFinder was hacked (again) in October 2016. According to LeakedSource, which acquired a copy of the dataset, this amounts to more than 400m accounts, many with plaintext passwords, from AdultFriendFinder and associated websites.

The site was compromised with a local file inclusion exploit, which means the website's code allowed access to files on the server that aren't supposed to be public.

Nearly a million accounts have the password "123456". More than 100,000 have the password "password".

The non-plaintext passwords were easily cracked anyway, apparently due to some roll-your-own encryption that involved lowercasing everything, SHA1ing it and going back to bed. The longest passwords were "pussy.passwordLimitExceeded:07/1" and "gladiatoreetjaimelesexetjaimefum", with a Blackadder fan in #3 with "antidisestablishmentarianism" and a sybarite who reads XKCD in #4 with "pussypussymoneymoneyweedweed."

Hotmail was the most common email provider, followed by Yahoo and gmail. These three accounted for the vast majority of registered addresses, with AOL and Live an order of magnitude down.

Leaked Source isn't making the data set publicly available; but if they have it, others might too. Read the rest

China electronics maker will recall some devices sold in U.S. after massive IoT hack

A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive "Internet of Things" malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday.

Read the rest

St. Jude heart implant devices can be hacked, security researchers say

Security experts hired by the short-selling firm Muddy Waters said in a legal brief filed today that cardiac implants made by St. Jude Medical can be hacked. If hackers can pwn your heart device, the researchers say, they can kill you--from as far away as 100 feet.

Read the rest

NSA contractor Harold Thomas Martin to face espionage charges over 50TB of "stolen code"

A former Booz Allen Hamilton contractor who worked with the National Security Agency will face charges of espionage in a case involving 50 terabytes or more of highly sensitive NSA data the government says were stolen.

Read the rest

Michelle Obama's passport leaked in new hack blamed on Russia

An image identified as a scanned copy of U.S. first lady Michelle Obama’s passport was published online today by "DC Leaks," along with personal emails associated with a man identified as a “low-level White House staffer who worked with Hillary Clinton’s presidential campaign.”

Read the rest

Yahoo says at least 500 million accounts hacked, blames "state-sponsored actor"

Yahoo today confirmed that it suffered a massive data breach that exposed information for at least 500 million user accounts in 2014. If you have a Yahoo account, the company says you should review all your online accounts for any suspicious activity.

Read the rest

Nightwork: the extraordinary, exuberant history of rulebreaking at MIT

MIT has a complicated relationship with disobedience. On the one hand, the university has spent more than a century cultivating and celebrating a "hacker culture" that involves huge, ambitious, thoughtful and delightful pranks undertaken with the tacit approval of the university. On the other hand -- well, on the other hand: Star Simpson, Bunnie Huang, and Aaron Swartz. In Nightwork, first published in 2003 and updated in 2011, MIT Historian T. F. Peterson explores this contradictory relationship and celebrates the very best, while suggesting a path for getting rid of the very worst.

DCCC hack: FBI probes Democratic congressional group intrusion; Links to DNC hack and Russia investigated

Yet another U.S. Democratic Party group has been hacked, the FBI said today. This latest cyberattack against the Democratic Congressional Campaign Committee (or DCCC) could be related to an earlier hack against the Democratic National Committee, Reuters reported, citing unnamed sources on the FBI investigation.

Read the rest

FBI paid at least $1.3 million to hack into the San Bernardino iPhone

The Wall Street Journal (paywall) reports that the FBI payed more than $1m to get into the San Bernardino terrorist's iPhone after Apple refused to create software to bypass its encryption. The Washington Post reports that a one-off $1.3m price tag was admitted, obliquely, by FBI Director James Comey by comparison with his own salary.

Federal authorities have not publicly revealed who helped the FBI unlock the San Bernardino iPhone, which was at the center of an extended fight between the government and Apple. The Justice Department had maintained that only Apple could help it access the phone without erasing all of its data before abruptly saying it had gotten help from an outside party and no longer needed Apple’s assistance.

According to people familiar with the issue, the FBI cracked the phone with the help of professional hackers who were paid a one-time flat fee. Law enforcement officials have said recently that the FBI has found no links to foreign terrorists on the phone, though they are still hoping that geolocation data on the device could help reveal what the attackers did during an 18-minute period after the shooting.

The FBI's attempts to compel Apple's cooperation backfired after CEO Tim Cook publicly accused the Bureau of exploiting the case to try and gain backdoor access to iPhones in general. The phone ultimately yielded no useful information.
“But it was, in my view, worth it,” the FBI director said of what it cost to access the phone’s data.
Read the rest

Amazing Mario glitch allows game to be turned into Flappy Bird

A bizarre glitch in Super Mario World, and an incredible amount of patience, and the SNES classic is transformed into Flappy Bird.

It's incredible to watch SethBling in action. Once the glitch (triggered by giving Mario too many power-ups) is active, machine code can be arbitrary rewritten in memory by carefully moving Mario around. This code can, ultimately, be executed. The process takes an hour of careful pixel-perfect actions in the game world, which becomes stranger and more nightmarish as Mario's universe-editing rituals proceed.

Welcome to the weirdest, most painful, most existentially-nightmarish IDE—and a reminder that our own reality is probably an abandoned simulation waiting for someone to take too many power-ups and turn it all into a sadistic casual game. Read the rest

FBI investigating ‘teen stoner hack’ of CIA Director John Brennan

A pair of self-described teen stoner hackers say they breached an AOL account used by CIA Director John Brennan, the New York Post reported today.

Read the rest

Ashley Madison leak 2.0: new dump is twice as large, and includes CEO's emails

Self-proclaimed Ashley Madison hackers the Impact Team today released what looks like another 20 gigabytes of ill-gotten data. The just-dropped “other shoe” includes emails from the cheater-dating website's CEO.

Read the rest

More posts