../../../..//2008/08/21/gmail-recently-rolled-out-a/
Gmail recently rolled out a change to its settings, where now you can permanently turn on SSL encryption. Do it now—your personal data will thank you for it. Besides, it’s going to get a lot easier to hack Gmail sessions very soon, because some guy is planning on releasing a hacking tool to the public in order to force Google to implement better security. [monkey_bites]
Wired has been covering the ongoing investigation into recurring ATM pin thefts from Citibank accounts, and their latest article tracks how Ukrainian immigrants, a ringleader back in Russia, a hacked company named Fiserv that runs Citibank-branded ATMs in 7-Elevens, and an online payment service that also offers money laundering for a small fee all come together to steal your money. It’s an amazing look at how the U.S. tries to combat the threat of ATM-related theft.
Here’s a technique we’ll not be adding to our list of fun ways to escalate your complaint: The 18-year-old who recently hacked Comcast and took down the company’s homepage and webmail told Wired that it was Comcast’s own fault… The hacker, known as EBK, called Comcast to let them know they’d been hacked. The manager scoffed and hung up:
Whatever you do, don’t download any fun 3rd party programs to the iPhones at the University Avenue Apple store in Palo Alto, California. You may be detained for 2 1/2 hours, then photographed and told that other Apple stores will be ” on the lookout” for you.
../../../..//2008/05/29/okay-who-decided-it-would/
Okay, who decided it would be funny to hack Comcast? DSLReports says, “Though there’s no indication that user privacy is jeopardized, you may want to avoid using Comcast webmail until things have been completely cleared up. [DSLReports]
Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country, and on Friday they announced that they’d found credit card skimmers attached to three of their kiosks. What’s surprising is that they ‘fessed up so quickly, and in a highly public manner—they’ve got the text “SECURITY ALERT” at the top and bottom of their website, and the email they sent to their members is detailed, forthright, and helpful, and reposted in its entirety—along with photos of sample card skimmers—on their site. Attempts at identity theft no longer surprise us, but a competent handling of the issue by a company is pretty amazing.
Gregory writes in to point out that Facebook does a lousy job of monitoring the development of its third-party Platform applications—and in fact many of them are written so badly that they can be easily hacked. The examples he cites, which are listed in the winter issue of the hacker magazine 2600, are all fairly mild stunts like spoofing user IDs, changing the moods of another user, and re-routing gifts, “but this information could be used to mount large scale social engineering attacks if automated and coupled with other information.” To illustrate how easy it is to change another user’s settings, he pointed us to a YouTube example of how to change another users “mood” via the Mood app.
The Wall Street Journal is reporting that the most likely scenario for how the hackers stole an estimated 200 million card numbers is as simple as a person with a laptop breaking into the wifi network of a store:
The biggest known theft of credit-card numbers in history began two summers ago outside a Marshalls discount clothing store near St. Paul, Minn.
Small World’s Bazooka Joe interviews “John Dillinger,” a debit card hacker who participated in the infamous “Russian Connection” ATM hack scandal. He discusses how he and others hacked millions of debit card accounts and why the story never makes the mainstream news.
Part of 
