File this in the “uh-oh” department. Apparently there’s a small issue with Android devices on AT&T that allows pretty much anyone to gain access to your voicemail. Downloading any number of caller ID spoofing apps in the Android market is the only requirement. Simply input the destination number and then set the spoofing caller ID app to mimic the destination number. As long as the number in question doesn’t have a voicemail password, you’re in.
From the looks of things, AT&T already knows about the vulnerability. Though they incorrectly implies that these “spoofing apps” exist solely to hack into peoples’ voicemail accounts in efforts to topple the world. But who’s counting, eh?
Moral of the story is pretty basic — put a password on your voicemail folks.
Want to hear something stupid? Alrighty then — in Germany, private citizens will soon be able to be fined for open WiFi networks to the tune of 100 euros ($126 USD). No password, no money. Pretty straight forward. If you look at it at face value, it seems like the government protecting citizens from themselves (and their technological incompetence). But in reality it’s just the government sticking their nose where it doesn’t belong.
There are various environments and network setups that actually benefit and/or require open networks. So to say this ruling is troubling is an understatement. How this affects businesses remains to be seen as the ruling had more to do with the little guy (read: you and I). If the ruling does or will be extended to larger corporations and businesses, the effect on could be devastating depending on how their networks are set up…
Some sick side of me is actually interested in hacking. Though, that’s not to say more legal-minded hackers are “bad” or “sick”. It’s more so the stereotype that goes along with the word. Either way, hacking is one of those things that if harnessed and understood well, is a clear indicator to a high flying geek flag as actual hacking (as anyone who’s tried learning it) is quite complex with many, almost unlimited ways to get from point A to point B. When there’s a will and a way, people will do just about anything. Precisely the motivation I’d say behind a reported $24 DIY network hacking “kit” that is flooding the Chinese market…
- December 17, 2009 8:10 am
Unmanned aircraft are one of the greatest tools the US Military currently has in their arsenal. The humanless aircraft are able to go into remote regions and zones that would otherwise be too dangerous or inhospitable for human engagement. The only human interaction with the aircraft comes by way of a guy sitting behind a little TV screen controlling a few buttons and joystiqs. Easy. Safe. Simple.
The data captured by these drones is as one would expect, highly classified as the usual missions for these bodiless wonders often consist of spying with an ultimate focus on be covert. Not being physically seen is good and all, but this is the 21st century. The world is becoming increasingly digital, opening up new doors for all kinds of bad guys and attack methods.
With that said, would it shock or surprise you to know that the US Military is having feeds from unmanned aircraft “hijacked”? According to the WSJ, insurgents abroad are basically pointing their satellites up into the sky and using a widely available $25 piece of software (aka: network snooper) to hone in and download the drone/unmanned aircraft’s video feeds sailing through the wireless airwaves. Naturally, this presents a fundamental national security problem. What good is sneaking up on the enemy with a drone if the enemy can see exactly where it’s going?
The question that comes to my mind first and foremost: Why is the US Military of all people using unencrypted video feeds in such a volatile area? You’d think given the insurgents insatiable appetite to blow us all away would make the US Military a tad more careful with these sorts of things. Any admission of this story whether an actual admission or flat out denial will never mean anything. Regardless, if they are in fact running drones around the world with any link in the system unencrypted, we’ll never know. It will ultimately be labeled a “false rumor” for all eternity as the military will deny deny deny.
Scary stuff.
CrunchGear
[Image Source]
**Update 4: Looks like this just became everybody’s problem…Read more here…
If you pride yourself in being a Windows based (@hotmail.com, @msn.com and @live.com) email user, now’s the time to possibly think about changing your password. You see, an anonymous user at Pastebin.com (a site that allows developers to share code) apparently uploaded the passwords of thousands of Hotmail users on October 1st. Not exactly great news to start your Monday morning to, I know. Naturally staying on the up and up, Pastebin has already removed the content in question and forwarded a hail mary holy hell to Microsoft for further review. So far the count is right up around 10,000 breached accounts, though, the list was named “A through to B” meaning there could be more lists out there. Repeat: all Microsoft email domains: @hotmail.com, @msn.com and @live.com accounts are affected. Again, now would be a very opportune moment to change your password. We are waiting to hear back from Big M themselves so stay tuned for more details folks.
**To clarify, it’s account names and passwords that were leaked.
Update: We’re still waiting on anything from Microsoft themselves, however, BBC has a rather decent read on the issue at hand and has had contact with Microsoft. The latter whom have stated that they “are working as rapidly as possible on the subject” and of course are encouraging users to change the passwords. Anyone care to chime in?
Update 2: A Microsoft PR employee responded to an email I sent, though no new details were given except the usual “I’m talking to my colleagues…will get back to you with more info soon”. So…here we wait. Stay tuned.
Neowin > BBC
Update 3: Just received a more in depth response from a Microsoft Spokesperson whom rehashed most of what we’ve seen so far:
Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.
Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”
Microsoft recommends customers use the following protective security measures:
• Renew their passwords for LIVE-IDs every 90 days
• For administrators, make sure you approve and authenticate only users that you know and can verify credentials
• As phishing sites can also pose additional threats, Install and keep anti-virus software up to date
We’ll continue to follow the story to see if anything else interesting comes up.
Image Source
