After some gamers took advantage of an exploit that automatically produced codes for Microsoft Points — e-currency that’s used on Xbox Live purchases — Microsoft invalidated the points and may punish those who took advantage. [More]
“Kevin Butler” is the fictional Sony VP who is the face of its recent PlayStation ads, so of course he has a Twitter account. It looks like whoever is running the account hasn’t been reading the news much. When a Twitter user tweeted at him the code used to jailbreak PS3′s, the entity misinterpreted the series of letters and numbers and made a Battleship joke, retweeting the code in the process, reports Engadget. This is ironic because Sony has been cracking down with legal threats and attacks on anyone they can find disseminating the jailbreak information. I wonder if Kevin Butler will be getting one of these C&D’s… [More]
The illicit economy of phishers and malware perpetrators is growing more sophisticated, and more brazen. “Bulletproof” hosting sites that offered to protect their users from attacks and takedown requests now have corporate-like web pages offering a menu of a la carte services. The only limit is no spam and no porn. Hey, even they have standards. [More]
While testing out its electronic vote-by-mail program for overseas voters, the District of Columbia invited hackers to do their worst to break into the system. The programming geeks answered with decisive force, with someone making the site play the University of Michigan’s fight song after a test subject submitted the ballot. D.C. officials suspended testing before patching things up and getting back online. [More]
Several comely young Russian woman were snagged by the feds in New York yesterday for allegedly working as money mules for hackers who stole over $3 mil from American bank accounts using trojan viruses. [More]
Better not load any PDFs on your iPhone for a while, not unless you want to risk handing over total control of your device to hackers. The exploit affects all
iOS 4 iOS 3.1.2 and higher devices, including the iPod touch and the iPad. [More]
Some early iPad adopters got a special bonus prize for buying a device that’s sure to be replaced with a vastly superior model a year from now — a data breach in which hackers unearthed account info from 114,000 users, including newscaster Diane Sawyer, New York mayor Michael Bloomerg and movie kingpin Harvey Weinstein. [More]
By the time someone hacks into your Facebook account and sends all of your friends plaintive messages about being mugged in London, it’s too late to do anything about it. However, Facebook does have an early-warning system of sorts. Using a security setting, you can have the service alert you whenever your account is accessed from another location, giving you a chance to (hopefully) force the intruder out and change your password.
Albert Gonzalez, the mastermind behind most of the multi-million dollar credit card breaches in the past few years, is being sentenced this week. (Feds are asking for 25 years.) Now his former accomplice, Stephen Watt, has told Wired that while Gonzalez was busy stealing and selling credit card data he was also being paid under the table by the U.S. Secret Service to inform on others, earning as much as $75,000 in cash annually. [More]
Max Vision, the security consultant who was first sent to prison in 2001 for messing with the Pentagon, has now been sent to 13 years in prison for “stealing nearly two million credit card numbers from banks, businesses and other hackers,” reports Wired. The FBI took a renewed interest in Vision in 2006 after he successfully made a power grab on several competing black market ID theft websites. “I’ve changed,” Vision wrote in a letter to the court, and although he faced life in prison, he was given the shorter sentence partly because he’d cooperated with the government. With good behavior he’ll be back out in 2018. [More]
What constitutes adequate security for a bank? PlainsCapital Bank in Lubbock, Texas says what it currently has is enough, and if after all that some crooks still manage to steal your money, it’s not the bank’s fault. The bank has preemptively sued a business customer, Hillary Machinery, to absolve itself from any liability on what it couldn’t get back from the more than $800,000 that was stolen by foreign hackers last November. [More]
Richard, whose wife had her Hotmail account swiped by a hacker, was able to get it back by calling Xbox Live customer service, of all people.
Hey, we helped get an Ameriprise customer banned from the financial company’s consumer advisory panel! Sorry about that, Brendan.
[Note: The original headline for this post mistakenly identified Ameritrade as the subject of the post. It is actually Ameriprise Financial. I deeply regret the error.] Since March of this year, security expert Russ McRee of HolisticInfoSec.org has sent 6 messages to Ameriprise Financial warning them of easily exploitable security holes on their website. They ignored every request, while at the same time reassuring customers that “No one without the proper web browser configuration can view or modify information contained on our systems.”