Hackers are making headlines these days like never before. From video game systems to voicemail accounts, it seems like almost every type of electronic device or information storage medium can be hacked to either give up information or perform actions it wasn’t initially designed to do. We’ve gathered a handful of the weirdest hacks out there, and the vulnerability of some of your everyday devices might surprise you.
For all its benefits, the Internet can be a hassle when it comes to remembering passwords for email, banking, social networking and shopping.
Many people use just a single password across the Web. That’s a bad idea, say online-security experts.
“Having the same password for everything is like having the same key for your house, your car, your gym locker, your office,” says Michael Barrett, chief information-security officer for online-payments service PayPal, a unit of eBay Inc.
To come up with a strong password, some security officials recommend taking a memorable phrase and using the first letter of each word. For example, “to be or not to be, that is the question,” becomes “tbontbtitq.” Others mash an unlikely pair of words together. The longer the password — at least eight characters, experts say — the safer it is.
Once people figure out a phrase for their password, they can make it more complex by replacing letters with special characters or numbers. They can also capitalize, say, the second character of every password for added security. Hence “tbontbtitq” becomes “tB0ntbtitq.”
No matter how good a password is, it is unsafe to use just one. Mr. Barrett recommends following his lead and having strong ones for four different kinds of sites — email, social networks, financial institutions and e-commerce sites — and a fifth for infrequently visited or untrustworthy sites.
Facebook’s computer systems will soon be able to recognize familiar faces.
Facebook is making changes to the process for tagging friends in photos uploaded to the social network, the company announced on Tuesday.
Starting in a few weeks, the system will scan all images posted to Facebook and suggest the names of people who appear in the frame.
Facebook’s more than 500 million users have been automatically included in the database, but the company is allowing each person to choose whether to be identified by toggling a pane in the account’s privacy settings.
Google on Wednesday began fixing a security flaw that affects some 97% of Android smartphones. The fix, which addresses a hole allowing hackers to access the contacts, calendars and photos on an Android phone connected to an open Wi-Fi network, will take a few days to cover every phone, a Google spokesman said.
Additionally, owners of Android smartphones are being warned to avoid public WiFi networks after researchers found a security flaw that could affect the vast majority of devices based on Google’s software.
By default, Facebook sends your access credentials in the clear, with no encryption whatsoever. Switching to HTTPS is important because a browser extension called Firesheep has made it especially easy for anyone sharing your open wireless network—at cafe or conference, for example—to sniff your credentials and freely access your account. One blogger sitting in a random New York Starbucks was able to steal 20-40 Facebook identities in half an hour. HTTPS solves this longstanding problem by encrypting your login cookies and other data; in fact the inventor of Firesheep made the software to encourage companies like Facebook to finally lock down their systems.
You can sign up for Facebook HTTPS by going to Account Settings and then selecting “Account Security,” third from the bottom. Then click under “Secure Browsing” — if it’s there. Facebook says everyone should have this by the end of the day, but in the meantime you might be missing the relevant option toggle.
Governments and government agencies across the country and the world are now seeking answers from Sony about the PlayStation Network outage and the potential loss of personal information.
Interested parties include the Connecticut state attorney general, the FBI, government privacy officials from Australia, Canada and the U.K., and even the city of Taipei.
Sony’s online network has been down since April 20, when the company took down the PlayStation Network and the related Qriocity cloud music service due to a external intrusion, or hack into the network.
That may have been on Sony’s mind on Friday, when the company’s latest blog post addressed the issue of compensation, and what will happen to customer’s saved games, data, and other aspects of game play.
Customers, meanwhile, have complained that their credit-card information that was given to Sony has been compromised, perhaps by a hacker group. “There have been charges at retail stores, restaurants, parking garages, and hotels in TN [Tennessee] and MD [Maryland],” Thomas O’Brien wrote in an email to PCmag.com. “There have also been charges in AZ [Arizona], but those may be online, and not a physical retail location.”
Sony has contacted the Federal Bureau of Investigation in San Diego, and its cybercrimes unit is investigating.
“The situation also raises questions about the effectiveness of Sony’s measures to protect the confidentiality and security of private information it receives from consumers,” Jepsen wrote. “I am particularly concerned that breaches of this sort do not reoccur and that affected individuals, many of which may be children, are provided sufficient protections to safeguard their information from further disclosures.”
Note: Full Timeline Here – Friday, April 29 – Hackers claim to have access to PSN customers’ credit card numbers and reportedly try to hold the data for ransom, demanding payment from Sony, which refuses and declares that the data is encrypted.
Will it take being accused of downloading child pornography to get people to lock down their WiFi networks once and for all? Although that’s not the only reason to keep your network secure, perhaps some users will be scared into doing so after reading a number of horror stories collected by the Associated Press over the weekend. The underlying lesson: keep your WiFi networks locked down, lest you find law enforcement kicking down your door in the middle of the night.
The three stories all fall along the same theme: a Buffalo man, Sarasota man, and Syracuse man all found themselves being raided by the FBI or police after their wireless networks were allegedly used to download child pornography. “You’re a creep… just admit it,” one FBI agent was quoted saying to the accused party. In all three cases, the accused ended up getting off the hook after their files were examined and neighbors were found to be responsible for downloading child porn via unsecured WiFi networks.
Being accused of amassing the world’s largest collection of child pornography is just one of the many downsides to leaving your network open, yet people (including some self-identified geeks) continue to do it. But why? As evidenced by reader e-mail over the last few years, some users claim they’re providing a service to their neighbors by letting them use their WiFi every so often (in turn, these users tend to also make use of open WiFi networks when they see them). Others hope that leaving their WiFi networks open will help to exonerate them if they were to be accused of downloading copyrighted music or movies—Big Content would never sue the wrong individual for copyright infringement, right?