Ashley Madison leak 2.0: new dump is twice as large, and includes CEO's emails

Self-proclaimed Ashley Madison hackers the Impact Team today released what looks like another 20 gigabytes of ill-gotten data. The just-dropped “other shoe” includes emails from the cheater-dating website's CEO.

Read the rest

Love cheats' hookup site hacked, user data purloined


Ashley Madison is a social network for people who want to cheat on their spouses. It's been hacked and "large caches of user data posted online," reports Krebs on Security.

The privacy of some 37 million account-holders is at stake, though the bulk of the dataset is apparently being withheld and its contents remain uncharted territory.

The social network's boss, bless his stupid nylon socks, thinks that he'll be able to take their "intellectual property" off the 'net.

Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman confirmed the hack, and said the company was “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, in the short span of 30 minutes between that brief interview and the publication of this story, several of the Impact Team’s Web links were no longer responding.

“We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”

The claimed hackers say they were motivated by the site's hypocrisy. Ashley Madison apparently had a "remove your data from our servers for a fee" wheeze going on—a practice unnervingly reminiscent of some revenge porn operators.

The Next Web's Abhimanyu Ghoshal.

The Impact Team said that the ‘full delete’ feature didn’t actually wipe profiles as advertised and that it brought ALM $1.7 million in revenue last year.

The hackers said:

Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.

Read the rest

Mobile ad

Accused Turkish cybercriminal extradited to U.S. to face charges of hacking ATMs worldwide

Never a good look, at least not to prosecutors.
The so-called unlimited cash out operations used hacked debit cards with withdrawal limits removed to make ATMs spew money.

LastPass hacked, but says user data's safe


The password management service was hacked last week, but its layers of security prevented a serious breach. Here's what users should do to make sure they're unaffected.

Tl;dr: change your master password.

LastPass says in its blog entry, “Encrypted user vaults were not compromised.” This is a critical fact because changing your master password will immediately make the stolen password information useless. If crackers had stolen vaults, they would be able to churn on them forever or return to them to the future and crack them with more advanced or powerful technology. Since people often don’t change passwords for years at a time or forever, that could have still been a risk.

LastPass also advises changing your password at any other account for which you use the identical password

Photo: Shutterstock. Read the rest

How the hell did they get 1024 colors out of a 1981 PC?

If technical descriptions of how they achieved the amazing graphical feat flew over your head, this pictorial explanation makes clearer just how insane this thing is.

The idea that such multi-color trickery was possible came to me some time ago, as I was looking at reenigne's code for patching up composite CGA emulation in DOSBox; messing with that patch during development gave me a much better picture of composite CGA's inner workings. When I had ironed out the basic concept for this hack, I divulged it to reenigne for 'peer review' and for testing on real hardware. Soon enough, we had an improved recipe:

Take two familiar (though officially undocumented) tweaks. Blend to an even mixture producing a new effect. Add one crucial new trick – an ingredient of reenigne's devising. Test and calibrate until blue in the face.

It's also a great look at the workings of CGA for the interested but nontechnical layman.

Released at the Revision 2015 demo party, 8088 MPH is a vision of previously undiscovered possibility (a perfect entrypoint to the 19A0s!)—there's even MOD music, including digital samples, at 6:40m, like it's just no big deal at all to do that with 1981 hardware Read the rest

Nigerian email swindlers using more sophisticated hacks

It's not so much that the scammers themselves are becoming better at their jobs, just that off-the-shelf scripts are so much more powerful. [NYT] Read the rest

NSA has "backdoor access" to iPhones

According to a leaked NSA document, the spy agency can snoop on personal iPhone communications such as SMS messages, location and cellular data. Though any device could be compromised likewise given the physical access required, the document demonstrates that the NSA a) is actually doing it, and b) is working on (and may also have successfully developed) remote hacks. Apple says it has never worked with the NSA to create a backdoor in any of its products and is unaware of the shenanigans. [Daily Dot] Read the rest
Mobile ad

"Politicians aren't scientists"

You know how some media love "he said, she said" journalism? The kind in which any issue, no matter the facts or relative degrees of extremism, is narrated in perfect equilibrium between two opposed, yet indistinguishably-intractable sides. Doesn't that stuff suck? OK! Cool.

Moving on, Slate's Daniel Engber has an interesting article up today about how Democrats and Republicans all hate science just as much as one another: "Willful ignorance of science is a bipartisan value." Read the rest

Grab YouTube thumbnails easily

YouTube makes available a set of different-sized thumbnails for every video through its API, but sometimes you just need to grab 'em and go. So I made a plain-jane widget to grab what's available, at-a-glance, for any given YT URL. Enjoy! Read the rest

Hacks that never happened

Yesterday, GoDaddy went down, taking with it countless hosted sites. A hacker claimed credit, gaining the attention of the entire tech press. But his story was soon debunked: a DNS configuration mistake was the real cause. At Threat Level, Robert McMillan recounts the greatest hacks that never were. Read the rest

Apple suspends over-the-phone password resets

Following the incredible social engineering hack suffered by Wired's Mat Honan over the weekend, Apple's shut down the exploit by "ordering support staff to immediately stop processing AppleID password changes requested over the phone." Read the rest

How to turn old car parts into a video game controller

Jason Torchinsky of Jalopnik shows how to turn old car parts into a video game controller.

The idea came to me while adjusting the mirrors in a car, and realizing that the little mirror-control joystick was better than many video game joysticks I used. I then had a waking dream of the grand possibilities of playing old videogames with control pads sourced from cars. The dream was a beautiful, fantastical vision of a world we could all achieve. I woke up hours later behind a CVS, and headed straight to a junkyard to make this dream real.

Super-sleuth readers may note that in the final project I used a seat control panel instead of a mirror controller. There's a reason for that. When I got the mirror control pads and joysticks home and tested them, I uncovered one of the auto industry's darkest secrets: the "up" and "left" directions on mirror controllers are THE SAME DAMN THING. They're wired together! Think of all the times you've thought you were adjusting your mirror up, not left, thinking you were hot shit? IT'S ALL BEEN A FILTHY LIE. So I soon learned to look elsewhere. Luckily, 70s-80s American cars provided the solution, since they're full of funny little chrome joysticks for seat controls and other various duties.

How to turn old car parts into a video game controller Read the rest

Disability insurance

To avoid a return to work, an unemployed Austrian man apparently sawed his own foot off. [Reuters] Read the rest

RIM kills PlayBook root hack; hacker roots it again

RIM's attempts to stop people rooting their PlayBooks are failing. But it will keep trying! Because sunk costs aren't just about money, you know! Read the rest

Mandatory "agreement" for Playstation Network users waives your right to class actions over future hacks

The next time you log into your Sony Playstation Network account, the company is going to ask you to click through a EULA whereby you promise not to sue them in a class action if they get hacked again, even if they're negligent, and even if you get screwed over as a result. If you don't agree, no more PSN for you. (Thanks, @sickkid1972!) Read the rest

More posts