Paul Moreno, an Ecuadoran blogger, discovered a flaw in the country's national online identity database, which he demonstrated by hijacking the identity of President Rafael Correa. He was briefly arrested, but was released after a vociferous Twitter campaign that prompted action from the president, who personally ordered Moreno's release. Moreno triumphantly announced his victory on Twitter.
Citing a Wired story on password security, Moreno set out on Nov. 26 to demonstrate a security flaw in DatoSeguro with an attention-getting proof of concept scheme: accessing President Correa’s account. He began by doxing the president, and once equipped with Correa’s date of birth and a national identification number — obtained via online searches — he had two of the three pieces of information he needed. The third was a set of two numbers from an identity card, which he simply guessed. With that, he had access to Correa’s account.
“Out of curiosity, I noticed one time that the fingertip digits in the IDS are all very similar,” he wrote on his blog. “There’s a V or an E or an A followed by various numbers: V23444 – E5444 and so on…combinations that are very simplistic, apparently. The system asked me for the third and fourth numbers of the fingertip digits. With the first combination, I got the numbers right and my account was created. After verifying the email the system sends, I had access to all Rafael Vicente Correa Delgado’s so-called secure data. It took me about half an hour, maybe less.”
Blogger Jailed After Password-Hacking Ecuador’s President [Wired/Mat Honan]
Connor Krukosky's lifelong hobby was collecting and refurbishing superannuated computing equipment, which is surprisingly cheap provided you have a lot of space -- Krukosky scored things like keypunch machines for a mere $7 (though he had to drive 1,000 miles roundtrip to get it home).
Jen "Klingon Pop Warrior" Usellis records covers of pop songs, translated into Klingon, the apex of which is surely her rendition of "Let it Go" ("yIbuSQo'") from Frozen. (via Borderlands)
The Lixada LED Handheld Flashlight is a $9 stocking-stuffer ($29 for 4): a six-LED/36 lumen flashlight that clips directly over the terminals of a 9V battery, forming an easy flashlight rated for up to 10,000 hours (battery life depends on whether you're switched to 6, 4 or 2 LEDs). One reviewer uses 9V batteries swapped […]
Every Christmas list has names you dread buying for. But hold up: Before you wave the white flag and get them yet another gift card, scroll down a few. We’ve got 15 items that run the gamut from stylish old-school lighters to cutting-edge audio tech, enough variety to please any Scrooge. And the best part? […]
We’re living in the age of Big Data. As the driving force behind everything from Google’s famed algorithms to self-driving cars, massive sets of complex data can be found at the heart of some of today’s most exciting and important technologies. The Ultimate SQL Bootcamp Certification Bundle will give you the skills and tools you […]
So you missed Black Friday and Cyber Monday? Well, there’s one more holiday milestone coming up: Green Monday, on Dec. 16. It’s one of the busiest online shopping days for the simple reason that it will be 10 days before Christmas, which is when last-minute shoppers start to stress. Our advice? Don’t wait for that […]
