A teenage hacker discovered flaws in his school's educational Blackboard software and presented his findings with the eye of improving security. He made a presentation at the Black Hat Hackers convention in Las Vegas. But while he could have changed his grades, he opted not so. But he did break into a college network to change his admissions status to "accepted" to make a point. And while the software company lauded the teen for discovering the flaws, he was suspended at school.
This week, home mortgage company First American Title experienced a security breach, according to Brian Krebs of Krebs on Security. Due to a design flaw in their online interface, hackers could easily have access to all 880 million customer files. The website has been shut down, but nobody knows just how much data was stolen if any.
Rich wants to know if connected cars that have internet can be hacked. Leo says they can indeed, but the hacker needs to be pretty close to the car to make that happen. Car companies also need to put forth more effort to make the car's computer more secure.
Steve was given a Barnes and Noble Nook reader. Can he watch movies on it? Leo says that the Nook had very limited space and used a proprietary format, but he may be able to hack it to give it more options, including watching the movies he wants. He should head over to XDA-Developers to see how to "root" the Nook. His real problem, though, is copy protection. The Nook only supports movies with Cinema Now DRM. But that's part of the fun of hacking old technology like a Nook.
There's a new attack that has been affecting ATMs around the world, and it's called "Jackpotting." It causes ATMs to dispense all of its cash. Hackers are using endoscopes to gain access to the interior of an ATM in order to connect to it and hack into the ATM's Windows XP operating system. Then, the once the malware is installed, a remote command is given to spew out 40 bills every 23 seconds.
Securing your online accounts is vitally important. The consequences of being hacked can be great — someone could lock you out of your email account. If that account is used for password recovery for your other accounts, then a hacker could get access to all of those as well. There are a few basic things that you should make sure you do to protect your email account:
1. Provide a secondary email address for recovery.
2. Provide a phone number for password recovery.
3. Turn on 2 Factor Authentication.
Using basic social engineering skills, hackers have managed to use the data on cell phone bills to get customer service reps to move service to a set up mobile phone, and then use that to get into CoinBase through 2 Factor Authentication. As such, one hacker stole 8,000 BitCoin from a user named Cody. Read the full article here.
A hacker by the name of "The Dark Overlord" broke into Netflix' servers and released the new season of "Orange is the New Black," after demanding payment not to. According to TDA, he also has shows from ABC, IFC, and other channels. Leo says that is a childish act that probably was perpetrated by an ambitious teenager and Netflix did the right thing by refusing to pay up.
A year ago, a hacking group called the Shadow Brokers claimed it had a treasure trove of NSA hacking tools that they would sell to the highest bidder. They asked for $7 million in Bitcoin, but didn't get any bids. They've now released the catalog of documents, which means it's a very busy day for security researchers. While these documents are old, they're still very interesting.
Mike is worried about the Turkish Crime Family's iCloud hack. If he changes his password, couldn't they just hack it again to get them? Leo says that Apple has said it hasn't been hacked, and even if it had been, the hackers would have to "rehack" the system to get them. If Mike has turned on two factor authentication, they can't use his password anyway.
It's annoying to use two-factor, but it's the best last line of defense to prevent his account from being compromised. Also, he can use his TouchID on a new MacBook Pro and his iOS devices to insure verification.