Daily Bits

hacking

Evernote Users, Don’t Be Surprised If Your Password Has Been Reset

by 1 Comment

Evernote
Evernote

Evernote, the popular “remember everything” software has been hacked. Late Saturday, the company made an official announcement saying that the system has been compromised, with sensitive user information being accessed by a hacker. As such, they have deemed it necessary to reset the password of each of their users. All 50 million of them.

The announcement was rather sparse with details, but we know that the hacker was able to gain access to some users’ encrypted passwords. That’s the bad news. [Read more…] about Evernote Users, Don’t Be Surprised If Your Password Has Been Reset

What Kind of Hacker Are You?

by Leave a Comment

Hacking and its proponents have been in the forefront lately, what with hacking “groups” being more active and aggressive in their activities. The general public probably does not have an accurate idea as to what hacking really entails and what hackers really are like. Then again, I think that I am correct to assume that you know a tad more than your average joe. You might even have an experience or two to back you up. If this is the case, then you will definitely be interested in finding out just what kind of hacker you are. (Using the term rather loosely, I know.)

Well, wonder no more as the guys at IEEE Spectrum ((Source)) have done their utmost best to provide the only hacking chart you’ll ever need. That is, a hacking chart that will help you determine whether you are involved in activities that are good, bad, or neutral.

This chart is the result of the consolidation of the 25 biggest (and best) stories about hacking that have been published at IEEE Spectrum. They took both the good (those who hack to express themselves creatively without doing harm to others) and the bad (motivation: money, power, politics, and mischief), and of course, the ones that fall in between. They identified two parameters: innovation and impact. Using these parameters, they came up with this chart.

Hacking Chart
Hacking Chart

In the chart above, you can see the complete range of hacking activities covered by the site. In case you only want to do good, here is a simplified version, with only the good hacks displayed.

Good Hacks
Good Hacks

You can visit the site and play around with the options (even though there are only three). Now, you have to realize that the chart has been created by people with their own perspectives and opinions, so you might not necessarily agree with their assessment of the activities. In any case, you are totally free to let them know what you think about their assessment.

The bigger question is this: given that chart, where do you think your activities (if any) fall? Care to share?

BeautifulPeople.com Hit by Shrek Virus; “Ugly” People Let In

by 1 Comment

BeautifulPeople
If Anonymous and LulzSec were to hit targets such as BeautifulPeople.com, then perhaps they would bring about more lulz. The social network for the good looking has been hit with a virus called “Shrek”, which allowed applicants to pass through the screening process more easily. Indeed, it seemed to approve people who normally would not have passed the site’s requirements.

If you have not heard of this site yet, it is an online dating site that only allows – as the name says – beautiful people. And how do they determine who is beautiful? Who is to say what’s beautiful and what’s not? That’s where their “strict” rating system comes into play, where the voices of the members are heard. In short, existing users vote on whether or not an applicant is beautiful enough to be part of the site. In other words, it is nothing but an extension of social cliques you find in high school, college, or wherever.

Still, the site has not been unsuccessful. To date, they have over 700,000 members from all over the world. This number suddenly swelled by the tens of thousands recently, which made the management suspicious. (I wonder why – isn’t it possible that there are tens of thousands beautiful people wanting to be part of their site?) In any case, they discovered that there was something wrong – the virus.

As if the original premise is not already borderline ridiculous as it is, the management decided to inform the “incorrectly accepted” people that they cannot retain their membership status. As managing director Greg Hodge says, “We have sincere regret for the unfortunate people who were wrongly admitted to the site and who believed, albeit for a short while, that they were beautiful. It must be a bitter pill to swallow, but better to have had a slice of heaven then never to have tasted it at all.”

iTunes Is Safe. Are You?

by Leave a Comment

If you have an iTunes account that you use to purchase apps, songs, etc. for, then you were probably one of those who have been anxious in the past day or so.  Reports that iTunes has been hacked spread like wildfire the other day.  Posts in mainstream sites such as TechCrunch probably served to make people more anxious and alleviate fears at the same time.  I say people probably got more anxious because TechCrunch showed proof that unauthorized (at least by the account owners) purchases had been made, but at the end of the post, there is a statement from Apple saying that they have not been hacked (which is still kind of a good thing).

So what is really happening?  What happened?  If iTunes has not bee hacked, then why have so many people lost money via “illegal” purchases?

John Paczkowski of Digital Daily offers an explanation:

…not much to their assertion that Apple (AAPL) is at fault here. There’s no security hole in iTunes, and if you’ve been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes account, it’s likely because you’ve fallen victim to a bot attack or phishing scam–a variation on the one that’s been around for years now. Sources close to Apple tell me iTunes has not been compromised and the company isn’t aware of any sudden increase in fraudulent transactions.

More likely than not, the PayPal accounts of the affected users are the ones that had been compromised.  Bottom line: iTunes is safe.

The question is: how secure are your PayPal accounts?  This is happening now, it has happened before, it will happen again.  Remember all those tips about passwords and phishing.  They just might save you a whole load of money.

Pirates Under Attack

by Leave a Comment

The Pirate Bay is arguably the best known file sharing web site today. This group has risen to fame over the years due to their service of providing millions of users around the world with all sorts of files – many of them considered to be illegally shared. There was a time when The Pirate Bay was taken down and was temporarily “closed.”

Recently, it has been quite active again, with users continuing their file sharing activities. This time, though, The Pirate Bay came under attack – from a different source. A group of researchers from Argentina took it upon themselves to show the vulnerability of the site.

What they did was to hack into the system, compromising the data of more than 4 million registered users of The Pirate Bay. The group announced its “feat” in their blog, Insilence.biz, and went one step further by outlining the specific details of how they did it. This is what they have to say:

As any other website, as any other system or mechanism, www.thepiratebay.org has robust parts and soft spots. We [believe] that the people behind this [community] always acted with the local laws on their side, and so have we. The community caused problems to huge companies and corporations[,] which turned into threats between this companies and them. What we have done, we did not do it with anger, or for commercial value. As always, we saw the change, the moment and decided to take it. The protocol or procedure done to achieve this wasn’t anything out of the ordinary…

Just like many of the commenters in their blog, I do not totally understand why they hacked the site. Perhaps it was out of a twisted sense of justice? What do you think about this move? Is it justified or is it a mere publicity stunt?

All About Hackers

by 1 Comment

Not all hackers are bad. Why? Simple. It’s because only a hacker can fight (and most likely correct the wrongdoings of) another hacker. But first, what exactly does a hacker do?

Hacking, Not Security Cracking

Hacking has always been associated with a far graver offense in the computer field known as security cracking—a skill, quote-unquote, wherein a programmer, specifically a cracker, easily find traces of weak spots and flaws of a system, network, or software, and eventually use them to their advantage, either for profit or for fame. However, hacking is not just about exploitation of the security failures of any virtual property. While it suffers from a negative connotation, hacking still has its positive nuances. But before going there, let’s take a trip down Information Technology’s memory lane to discover what hacking was before it became a staple in virtual criminology.

Back in the early 60’s, long before the dawn of what we now know as computers, “hack” was closely related to a simple, seemingly practical solution to a problem, regardless of its intellectual value. However, even in the olden times, it was so loosely identified that it can also be defined as any clever prank done, as compared to a reckless yet operational solution in the earlier meaning. Consequently, those doing the tricky type of hacks are called hackers.

Later on, the word “hack” found itself involved in the field of telecommunications. There, it is used to refer to unlawful methods of telecommunicating, like making long-distance calls via a local radar system or interfering with phone lines using PDP-1 computers, the ancestors of PCs which “punches” information. And along with the development of computing did hacking make its own advancements (or in contrast, ethical decline).

Basically, hacking is not just for “fooling around with” computers and amateur or unaware programmers. Its usage even spanned past computing, became a lay man’s term, and settled with being defined as simply a clever approach, like “hack your brain” and “hack your way out.”

Overall, hacking, in terms of computing and technology, is simply enthusiasm towards understanding programs, networks, and other techie stuff. It should never be confined with the negative, security cracking definition.

Donning of “Hats”

During my term as editor in our university paper back in college, I wrote an opinion article going by the same title, hoping that I can at least inform our studentry of the ambiguities in the definition of hacking. One of the most effective distinctions I used was the hackers’ donning of hats. Here’s an excerpt from my opinion article in my university’s publication, “In defense of ‘hackers’“:

Along with IT’s development is the donning of “hats.” “White hats” are, of course, the good guys. Also called “sneakers” and “ethical hackers,” they use their skills to secure computer systems, uncovering flaws through authorized hacking attacks. Even Macintosh, a computer line deemed to be virus-free, has white-hat hackers who test and fix their operating system so that it could be invulnerable to attacks.

On the other hand, “black hats” use their hacking knowledge for unlawful profit, attempting to gain unauthorized access to computer systems; they use their advanced programming skills to perpetrate crimes. Under the fame of black hats are “script kiddies,” who rely on semi-automatic software developed by others without really understanding the software’s functions. No matter what means they use, they aim for the same goal: intrusion.”

“White hats” and “black hats” seem to be the opposite ends of the morality scale. However, hacking knows more colors than just blacks and whites.

Hats of Other Colors

Gray hats, the margin that divides whites and blacks, are skilled hackers that sometimes act legally and sometimes don’t. Despite being skilled in hacking and do either good or otherwise, grey hats maintain secrecy of their identities as they may be confused by or just despise the thought of being branded as either white or black, hence the color choice. They also go by a seemingly undecided collective name-color: Brown hats.

Blue hats, on the other hand, are those who profit from hacking… legally. Like any colored hat hackers, they intrude systems and networks, too. However, they usually form a distinct group which firms and companies consult so as to check for flaws and fix errors in the latter’s virtual properties. They are good guys, in a broad sense. But the truth lies in their being run by monetary gain.

Looking closer at the good guys

Enough about the bad or money-less guys, for the angels of hacking are worth noticing. White hat hackers are the salvation of the depressing hacking culture. Although they thoroughly oppose the abuse of computer systems, they act against black hats using ways familiar to both, but they have different objectives in mind.

White hats maintain hacker culture for they still do break into systems and networks through their flaws. However, in light of making virtually unaware people cognizant, they are given permission to hacking the systems of others, making system owners and software creators aware of possible security flaws of their virtual properties. They are also known as ethical hackers, since they apparently observe a certain moral code in the field of IT, acting against the black hats.

No matter how insulting or depressing hacking culture became for us IT specialists and professionals, I still firmly believe that hacking is just half-bad, for a hack can only be countered by studying it and exposing its activities, meaning only hackers are capable of defeating other hackers. It’s just a matter of taking sides as this definition warfare ensues. So let me ask you: Which side, or color in this case, are you on?