Ad: Manage updates with the Download App
ie8 fix

hacks

Three men indicted in largest U.S. data breach

Two Russians and a Florida man were charged on Monday with hacking into Heartland Payment Systems, 7-Eleven, and the Hannaford Brothers supermarket chain, and stealing data related to more than 130 million credit and debit cards.

The indictment names 28-year-old Albert Gonzalez of Miami, who already has been charged with stealing data related to 40 million credit cards from eight major retailers, including TJ Maxx, and two unnamed co-conspirators based in Russia.

The breach involving Heartland and the others is believed to be the largest hacking and identity theft case ever prosecuted by the U.S. Department of Justice. In … Read more

Digital City No. 44: We welcome The Shack, plus the world's greatest pancake-making machine

Episode 44 of the Digital City, where we welcome Radio Shack's re-branding as The Shack; talk about unemployed laptop-users being banned from coffee shops; and learn about the world's coolest personal pancake-making machine.

Plus, remember that hacking your console is still illegal under many circumstances, so watch it!

Related links: >>We welcome our new giant laptop overlords, courtesy of The Shack >>Meet the ChefStack >>Modder arrest a reminder that most console hacks are illegal

>>Watch the Digital City live every Friday at 3pm EST on CNET Live! >>Subscribe to Digital City on iTunes &… Read more

Jailbreaking software already works for 3.0.1 iPhone update

So Apple on Friday released an update to the iPhone OS (3.0.1) that takes care of an SMS vulnerability. It's a fairly important patch, and usually when Apple updates the iPhone OS, jailbreakers have to wait until the Dev Team comes out with a new version of jailbreaking software before they can update.

But according to the iPhone Dev Team's Twitter, this is not the case with the 3.0.1 firmware. In fact, the current versions of redsn0w and ultrasn0w work the same with the 3.0.1 firmware as they do with the 3.… Read more

Why AT&T blocked 4Chan

AT&T caused a flurry of fury when it blocked a server from the online forum, 4chan. We'll look at the DoS attack against 4Chan and how and why AT&T reacted.

The trouble started with neither AT&T nor 4Chan. A third-party attacker, possibly a rival forum, started a Denial of Service attack known as TCP SYN flooding, or SYN attack. First let's look at what's supposed to happen when you request a Web page.

Your computer--let's call it HOME--sends a SYN request to the Web Server (SYN for synchronize sequence numbers). … Read more

BOL 1031: Happy SysAdmin Day!

Today, the last Friday of July is SysAdmin day and we appreciate them even more because they came through during the live show and got us back online. We also talk about David Pogue's new movement to "take back the beep." And we need to watch out for pandas. Listen and you'll find out why. Special guests: The hosts of Hak5.

Subscribe with iTunes (audio) Subscribe with iTunes (video) Subscribe with RSS (audio) Subscribe with RSS (video) EPISODE 1031

Apple to fix iPhone security flaw http://news.bbc.co.uk/2/hi/technology/8177755.stm

The truth about the iPhone virus / vulnerability thing http://www.businessweek.com/technology/ByteOfTheApple/blog/archives/2009/07/the_truth_about.html

Elinor: Researchers attack my iPhone via SMS http://news.cnet.com/8301-27080_3-10299378-245.html

David Pogue wants to take back the beep http://tech.slashdot.org/story/09/07/30/1955255/David-Pogue-Wants-to-Take-Back-the-Beep

Bootkit bypasses Truecrypt full-disk encryption http://www.h-online.com/security/Bootkit-bypasses-hard-disk-encryption–/news/113884

Hackers: We can bypass San Francisco e-parking meters http://news.cnet.com/8301-1009_3-10300233-83.html

HP researchers reveal details of browser-based darknet http://www.h-online.com/security/HP-researchers-reveal-details-of-browser-based-darknet–/news/113873

Shock threat to shut Skype http://www.smh.com.au/technology/biz-tech/shock-threat-to-shut-skype-20090731-e3qe.html

CU prof’s iPhone app lets users snoop out surroundings http://www.dailycamera.com/news/2009/jul/29/iphone-app-hoozat-cu-boulder-professor-richard-han

Cash for Clunkers cars get lethal injections http://www.thetruthaboutcars.com/cash-for-clunkers-trade-ins-must-be-crushed-shredded/ http://money.cnn.com/2009/07/31/autos/cash_for_clunkers_update/index.htm

Fewer than 10 ET civilizations in our galaxy? http://science.slashdot.org/story/09/07/31/1244235/Fewer-Than-10-ET-Civilizations-In-Our-Galaxy

Police: Texting, talking NY trucker hits car, pool http://tech.yahoo.com/news/ap/20090731/ap_on_hi_te/us_tow_truck_in_poolRead more

Microsoft acknowledges Windows 7 activation leak

Alex Kochis, Microsoft's director of Genuine Windows, posted a blog late Thursday addressing the "leak of a special product key" of Windows 7 RTM (release to manufacturers). This confirmed the rumor on Tuesday that an ISO file of Windows 7 RTM sent to Lenovo that contains a master key--a number used to verify the authenticity of the software--was leaked to the Internet.

According to the blog, "The key is for use with Windows 7 Ultimate RTM product that is meant to be preinstalled by the OEM (original equipment manufacturer) on new PCs to be shipped later … Read more

Sign out of Gmail remotely

If you log-in to your Gmail account on computers that aren't yours, you're probably very responsible about logging out afterward so that no one can steal your e-mail account. But what about that one time you were drinking too much at the library (again) and you can't remember if you logged out of the public terminal?

Here's how to find out if you're logged in anywhere else, and what to do if you are. Scroll down to the bottom of your screen and click details.

You'll get a pop-up window listing all the other … Read more

BOL 1029: Microhoo: Friends with benefits

The Microsoft Yahoo hookup finally happened and now all their friends are glad the drama's over. But they're not getting hitched. Microsoft's shelling out some dough for Yahoo to use Bing and Yahoo's going to sell the crap out of it. In other news, we will all die from automatic drones programmed to make their own decisions about who to kill.

Subscribe now: iTunes (audio) | iTunes (video) | RSS (audio) | RSS (video) EPISODE 1029

Yahoo, Microsoft reach search, ad deal http://news.cnet.com/8301-13860_3-10298303-56.html http://news.cnet.com/8301-17939_109-10298334-2.html http://paidcontent.org/article/419-yahoo-to-keep-almost-all-revenues-for-first-three-years-with-msft-deal/ http://www.choicevalueinnovation.com/thedeal/Default.aspx http://calacanis.com/2009/07/29/yahoo-committed-seppuku-today/

How to hijack ‘every iPhone in the world’ http://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html

Samsung’s debut e-book reader arrives http://news.cnet.com/8301-17938_105-10296228-1.html

AT&T suffers massive mobile data outage in Northeast, Midwest http://www.businessinsider.com/att-suffers-massive-mobile-data-outage-in-northeast-2009-7

AT&T social network http://www.att.com/gen/press-room?pid=4800&cdvn=news&newsarticleid=26976

U.S. movie studios ask judge to board, scuttle Pirate Bay http://arstechnica.com/tech-policy/news/2009/07/us-movie-studios-ask-judge-to-board-scuttle-pirate-bay.ars

Pirate Bay co-founder denies MPAA allegations http://news.cnet.com/8301-1023_3-10298254-93.html

Pirate Bay sale dead in the water http://torrentfreak.com/pirate-bay-sale-dead-in-the-water-090728/

VoloMedia awarded the "Patent for Podcasting" http://newteevee.com/2009/07/29/volomedia-awarded-the-patent-for-podcasting/

Barnes & Noble switches to free Wi-Fi, just the thing for your e-book reader http://www.engadget.com/2009/07/28/barnes-and-noble-switches-to-free-wifi-just-the-thing-for-your-e/

U.S. Air Force says decision-making attack drones will be here by 2047 http://www.engadget.com/2009/07/28/us-air-force-says-decision-making-attack-drones-will-be-here-by/

Twilight MMO http://www.inquisitr.com/31013/this-is-happening-twilight-mmo-announced/ http://www.twilightthevideogame.com/Read more

Breaking into Gmail

Recently, Twitter suffered an embarrassment as a hacker obtained quite a bit of confidential information and passed it along to tech news sites. Apparently, the hacker accessed a Twitter employees' Gmail account and used that to gain access to Google Docs, company systems, and more.

The employee most likely thought they had proper security protections in place. We'll show you how the Gmail account got cracked, and how you can take better care to protect your Gmail account.

Obviously, you should start by picking a strong password that's not a dictionary word or easily guessable. But that password … Read more

Lessons from Twitter's security breach

Twitter's latest security hole has less to do with its users than it does with its staff, but lessons can be learned on both sides.

In the case of Jason Goldman, who is currently Twitter's director of product management, the simplicity of Yahoo's password recovery system was enough to let a hacker get in and gain information from a number of other sites, including access to other Twitter staff's personal accounts.

The aftermath of the hack, which took place in May, is just now coming to fruition. Documents that a hacker by the alias of Hacker Croll recovered from Goldman's account and others (including Twitter co-founder Evan Williams) could be a treasure trove of inside information about the company and its plans.

While Croll was planning to release the entire batch publicly (and at once), tech blog TechCrunch posted news late Tuesday that it had received them and was considering posting the details of at least some of them.

Although it seems that Twitter has been thrust into this situation a bit unfairly, a hack along these lines could have happened to the executives of more Web companies than anybody would like to admit. What it really highlights is the extreme interconnectedness of the social Web: with the likes of e-mail contact importing and data-portability services like Facebook Connect now commonplace, a savvy hacker can have access to multiple accounts simply by accessing one.

A post Wednesday on Twitter's official blog highlights just how far-reaching this can be.

"About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked," the post from co-founder Biz Stone read. "From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."

Following that attack, Twitter conducted a security audit, and Stone's post says that there was not a security vulnerability in Google Apps and that Twitter continues to use the suite internally. A separate hack targeted the account of CEO Evan Williams' wife, and from that some of Williams' personal accounts were accessed as well, Stone explained.

But Twitter is front and center in the news these days, and is now talked about as a communications protocol as much as a Web start-up. Not only does that make it a particularly appealing target, but also… Read more