Tesla Motors Twitter Hijack / Hack

It was recently discovered that during the hijacking of Tesla’s Twitter account, more may have been compromised than previously thought. It is now thought that the Tesla machine had been accessed in the midst of all these hacking’s and that the Install.pgsql.txt and Install.mysql.txt files were modified. The hacking was thought to have been performed by the Lizard Squad (the team mentioned in previous blogs of mine).

As usual, groups of scripters are always trying to find a way to get attention. There’s a reason they are targeting big name twitter accounts in the tech world and nothing something separate from social media. Or perhaps the reason I hear about social media attacks so often is just because of the fact that it is social media in the first place?

http://x42.obscurechannel.com/2015/04/28/tesla/

Advertisements
Tesla Motors Twitter Hijack / Hack

minecraft security problems

There are times when a company should really do a better job of listening to the customers who attempt to show off flaws in your system. This is one of those times. Mojang (the gaming developers who created the massive title “Minecraft”) have a massive security flaw in their software. Two years ago, back in July of 2013, a flaw was discovered which allows users to crash any given server through means of sending malformed packets which causes the system to run out of memory. Ammar Askar had sent this information to Mojang back in 2013 and had awaited a response patiently. He waited a month before sending another message. Then another, 3 months later. This pattern continued for 2 years. Two entire years of Mojang ignoring the issues until it finally started seeing light on the mainstream social media sites such as Reddit. It wasn’t until the issue was hitting the front page of major media sites before Mojang actually did something about it. Once again, companies really need to be listening to their customers.

http://blog.ammaraskar.com/minecraft-vulnerability-advisory/

minecraft security problems

D-Link is dishonest again and again

I know I’ve written before about companies that provide their customers with a masked middle finger. In some cases, more masked than in others. This is a case of a heavily masked middle finger. D-Link has released a patch to fix some security flaws in their system, this patch not only didn’t fix the issues but managed to introduce a new security flaw. As paraphrased by the writer:

patch to prevent an unauthenticated sprintf stack overflow includes a new unauthenticated sprintf stack overflow.”

I always find it amusing when a company does this kind of crap because, most of the time, they get away with it and more. It just makes me wonder how much crap we’re missing as a tech community.
http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/

D-Link is dishonest again and again

DDOSing Github

We’ve been constantly hearing about hits on freedom of speech lately. Whether it’s a comic in France or changes to laws here at home, it seems we’re always under attack. This is another case. Github has been under attack, big time.

Using network monitoring tools, this man was able to discover just what is going on with github:

http://insight-labs.org/?p=1682

DDOSing Github

Deleting any video from Youtube

Similar to my previous blog entry, this is a blog about a lad who discovered a vulnerability and disclosed it to the company running the site. In this case, a Russian lad had discovered a way to remove any video from Youtube.com (a big deal obviously). This was done with a simple request made by the user:

POST https://www.youtube.com/live_events_edit_status_ajax?action_delete_live_event=1

event_id: ANY_VIDEO_ID
session_token: YOUR_TOKEN

In response to the disclosure of this bug, Google rewarded $5,000. A small reward for such a massive flaw in the system. (at least in my opinion)

http://kamil.hism.ru/posts/about-vrg-and-delete-any-youtube-video-issue.html

Deleting any video from Youtube

Facebook hands over $10,000 to a guy who helped them out

Laxman had discovered a security vulnerability on facebook.

The vulnerable part is, it just checks the owner of the access token and not the application which is making the request. ┬áSo it allows any application with user_photos permission to read your mobile photos. “

The vulnerability allows for a user to see the photos you have privatized on your mobile device. Laxman reported this vulnerability and explained how he got there. Facebook responded by rewarding him with $10,000 and putting him on a white-list. It pays to know a thing or two about computer security.

http://www.7xter.com/2015/03/how-i-exposed-your-private-photos.html

Facebook hands over $10,000 to a guy who helped them out

Greater storage capacities means stronger user demand?

In my experience, most people who go to purchase a new smart phone are not thinking about hardware. No one thinks about hardware because most people know so little about hardware. Apple knows this. Samsung knows this. Google knows this too, which is why so many major companies are trying their best to push their cloud services out into the market. If you sell a phone with low storage and pretend that including more storage would cost a lot more to produce, then people become forced to use some kind of cloud storage. If the phone they purchased comes with the manufacturers cloud software already installed, the user will be more likely to use that service. This is why Samsung is moving away from the removable battery and external SD card slot with their newest flagship (Galaxy S6), as shown here:

http://www.cnet.com/news/the-samsung-galaxy-s6-just-killed-two-of-my-favorite-android-features/

If companies like Sandisk keep pushing the envelop with their outstanding hardware developments, like a 200gb micro sd card slot, don’t you think customers will become more hardware-aware? I’m not so sure.

http://www.fiercecio.com/story/sandisk-announces-new-microsd-card-capacity-200gb/2015-03-02

Greater storage capacities means stronger user demand?