Marriott admits hack exposing "as many as 500 million" travelers

Stayed at a Starwood hotel in the last five years or so? Every one of you and more—as many as 500 million people, says owner Marriott—are implicated in what would be the second-largest hack of all time.

The company said Friday that credit card numbers and expirations dates of some guests may have been taken. For about 327 million people, the information exposed includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences. For some guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.

Yahoo holds the record, with 3bn accounts breached. The only other breach in the same league as these would be the 412m accounts dumped from Adult Friend Finder. Marriott and Starwood merged two years ago, but open season at Starwood's servers apparently continued until September this year. Read the rest

Equifax engineer gets 8 months house arrest for $75,000 insider trading spree

An internet engineer at Equifax who coded parts of a breach portal for the credit agency has been sentenced to 8 months of house arrest for insider trading. He was convicted of using insider information about the Equifax breach to make more than $75,000. Read the rest

Facebook: Hackers got (very) personal data from 29M users. FIND OUT if your info was breached.

The good news: Facebook downgrades the number of accounts hit in the breach they disclosed two weeks ago to 29 million, down from 50 million. The bad news: Uh, that's still a LOT. And if you were one of those 29 million Facebook users, A LOT of your intimate personal data was stolen. Read the rest

Facebook: 50 million users’ personal information exposed in mega breach

Facebook says an attack on its network left the personal information of some 50 million users—perhaps you?—exposed to hackers. Who were the hackers, and what did they want? Facebook doesn't know, or won't say. But the company has confirmed that execs Mark Zuckerberg and Sheryl Sanders were among the users affected.

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Zuckerberg said about Facebook's Cambridge Analytica scandal earlier this year.

Well. You heard the man. Read the rest

wideNES: see outside the viewport while playing classic games

wideNES is an ingenious tool that lets you zoom out of the NES game you're playing. It's a feature of ANESE, a new NES emulator developed by Daniel Prilik.

wideNES is a novel technique to automatically and interactively map-out NES games, in real time.

As players move within a level, wideNES records the screen, gradually building-up a map of what’s been explored. On subsequent playthroughs of the level, wideNES syncs the action on-screen to the generated map, effectively letting players see more of the level by “peeking” past the edge of the NES’s screen! Best of all, wideNES’s approach to mapping games is totally generalized, enabling a wide range of NES games to work with wideNES right out of the box!

The technical description of how it works is well-worth reading. It's like a primer on how memory-challenged early game consoles managed to keep things smooth and sweet--and why it's better to employ such an elaborate technique of observation than to try and pre-emptively decode the internal geography of each game.

Why not extract levels directly from ROMs?

Trying to extract level data from a NES ROM would be equivalent to determining which sections of the ROM are code (as opposed to data), which is hard, since finding all code in a given binary is equivalent to the Halting problem!

wideNES takes a much simpler approach: Instead of guessing how games pack level data in ROM, wideNES will simply run the game and watch the output!

An excellent suggestion from ArtWomb on Hacker News: set up a high-resolution monitor that has the entirety of a game world on it, letting it remain static whole your tiny sprite (Link, for example, in Hyrule) quests forth. Read the rest

42-byte hack adds two-player battles to Karateka

Karateka is not just a classic game, but one of the most well-documented thanks to Jordan Mechner's memoirs and his habit for maintaining archives. 34 years after its release, Charles Mangin studied the game's source code and patched it to allow a second player to control the enemies—effectively adding a vs. battle mode.

I’ve taught myself 6502 assembly after getting back into the Apple II, through the thriving community online. The idea of a two player version of Karateka came back to me while at KansasFest a couple of years ago. I noodled a little on it back then, getting distracted by finding the code that created the unique music in the game. Long story short: I finally found the places in the game code that needed patching to allow a second player to control the enemies in the game, and create a functioning two player version of Karateka. The resulting patch is only 42 bytes long

42, the meaning of life! You can play the two-player Karateka at the Internet Archive.

I'd love to see this done to Great Gurianos (sometimes renamed Gladiator), another 80s' fighter with an interesting combat system whose attract mode suggested vs. battles that were not in the game itself. Read the rest

TicketMaster UK: 'malicious software' may have allowed thieves to steal customer data

Ticketmaster UK today admitted that an unknown number of customers' data may have been stolen in a malware attack. Read the rest

John Kelly's phone was hacked

NEW REPORTING CONFIRMS what previous stories speculated: chief of staff John Kelly's phone was hacked, and now they know where. They still don't know by whom, or how, or why, or what the damage was. Read the rest

DHS informs 21 states that Russian hackers attacked their voting systems in 2016 election

The Department of Homeland Security today revealed which states were targeted by Russian hackers trying to break into voting systems during the 2016 election cycle. DHS said "most" states were unsuccessfully attacked, but didn't make clear how and where the hackers were successful, or whether the sustained cyberattacks helped Donald Trump win the presidency. Read the rest

Sega's OutRun hacked into a Tomy toy dashboard

Behold the most amazing arcade hack in existence: Matt Brailsford, AKA Circuitbeard, crammed Sega's OutRun into a Tomy Turnin' Turbo dashboard. [via]

Some key features are an integrated 3.5” TFT screen, fully usable steering wheel and gear shifter (dashboard turbo light comes on when in high gear), working ignition key for power, true MPH speed and rev counter displays, and a fuel gauge to represent the stage time remaining.

The project itself was quite a big one for me, filled with several moments of frustration, from burnt out potentiometers, to soldering LEDs backwards, multiple TFT screen purchases and more than one change in direction as approaches to problems were found to be inadequate.

All the toy's hardware is hooked up to the game, running on a Raspberry Pi with a PiCade board and Kookye 3.5" display. He worked around the lack of pedals by using the gearshift to accelerate and brake. How he made a physical LED dashboard to show the in-game speed completely escapes me. Genius!

Here's the original mechanical toy, for reference:

Read the rest

Limn 8: a social science journal issue devoted to hacking

Gabriella Coleman is the hacker anthropologist whose work on the free software movement, Anonymous and the Arab Spring, the politicization of hacking, and the true role of alt-right dank memes in the 2016 elections are critical reading for the 21st century. Read the rest

$70 Hackintosh matches MacBook Pro

Snazzy Labs built a startlingly powerful Mac with only $70—editing the video above on it to prove it! Read the rest

Justice Dept. to charge 2 Russian spies and 2 criminal hackers with 2014 Yahoo breach of 500 million accounts

Before today's anticipated announcement by the Justice Department, more details are already leaking out about who they're after: “two Russian spies, and two criminal hackers.” Read the rest

Yahoo reveals hackers took a further 1 billion accounts (phone, DoB, names, emails)

Just a few months after Yahoo disclosed a 2014 breach of 500 million user accounts, the company today revealed this was preceded by a 1 billion account breach in 2013, in which the hackers took everything: hashed passwords, names, email addresses, phone numbers, dates of birth, and possibly the tools necessary to forge login cookies that would bypass password checks altogether. Read the rest

How to browse privately in public

This fellow cut the polarizing film from a $20 thrift store monitor and put film on a pair of eyeglasses to make a display that looks like a black screen to everybody but him. This is a good way to enjoy photos of Rubik's Cubes without anyone catching you. Read the rest

Plaintext passwords galore in huge AdultFriendFinder hack

AdultFriendFinder was hacked (again) in October 2016. According to LeakedSource, which acquired a copy of the dataset, this amounts to more than 400m accounts, many with plaintext passwords, from AdultFriendFinder and associated websites.

The site was compromised with a local file inclusion exploit, which means the website's code allowed access to files on the server that aren't supposed to be public.

Nearly a million accounts have the password "123456". More than 100,000 have the password "password".

The non-plaintext passwords were easily cracked anyway, apparently due to some roll-your-own encryption that involved lowercasing everything, SHA1ing it and going back to bed. The longest passwords were "pussy.passwordLimitExceeded:07/1" and "gladiatoreetjaimelesexetjaimefum", with a Blackadder fan in #3 with "antidisestablishmentarianism" and a sybarite who reads XKCD in #4 with "pussypussymoneymoneyweedweed."

Hotmail was the most common email provider, followed by Yahoo and gmail. These three accounted for the vast majority of registered addresses, with AOL and Live an order of magnitude down.

Leaked Source isn't making the data set publicly available; but if they have it, others might too. Read the rest

China electronics maker will recall some devices sold in U.S. after massive IoT hack

A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive "Internet of Things" malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday. Read the rest

More posts