Ad: Manage updates with the Download App

Hacks

Millions of SSNs lifted from South Carolina database

If you live in South Carolina, there's a very good chance that slipshod state government security has allowed an overseas computer criminal to acquire your Social Security number.

The South Carolina Department of Revenue acknowledged the massive electronic security breach today, saying an electronic intrusion led to 3.6 million Social Security numbers being stolen. The state's population is approximately 4.7 million.

"We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected," Gov. Nikki Haley said in a statement.

Anyone … Read more

Outages hit Google App Engine, Dropbox, Tumblr, and more

A mysterious rash of outages struck the Internet today, crippling major services for hours at a time. It isn't clear whether they're related.

Among those hit:

Google Apps Engine. Google said that at about 7:30 a.m., an unnamed component of App Engine "began experiencing slow performance and dropped connections." Users began seeing slow response times and had trouble connecting to services. At the moment, most App Engine users and services are being affected. "Google engineering teams are investigating a number of options for restoring service as quickly as possible, and we will provide … Read more

Sony's PlayStation 3 experiences its biggest hack yet

Hackers have found a way to break down one of the toughest defensive walls in Sony's PlayStation 3 software security, ensuring that those who use custom firmware can run homebrew software and pirated games forever.

A group calling itself "The Three Musketeers" on Monday released a secret set of LV0 codes that can decrypt the PlayStation 3's Level 0 (LV0) security layer used by the primary boot loader. This means that hackers should always have the ability to release custom firmware for the device any time Sony updates the console's software. Custom firmware gives PS3 owners the ability to run pirated games, homebrew software (such as retro game emulators), and even Linux. … Read more

Sony PSN hacking lawsuit dismissed by judge

A California district judge has dismissed a handful of charges that plaintiffs brought against Sony, including negligence, restitution, and unjust enrichment in its handling of a PlayStation Network data breach last year.

Several lawsuits were filed against Sony PlayStation Network in the wake of a major security breach of the personal data of more than 75 million customers in April 2011.

On Friday, Judge Anthony Battaglia of the U.S. District Court in Southern California ruled that one of those class action suits is invalid, according to Courthouse News.

When the attack happened in 2011, more than 75 million customer … Read more

Some Android apps could leak personal data, researchers find

Android applications are once again in the hotseat over possible security vulnerabilities.

Security researchers at the Leibniz University of Hanover in Germany recently released a study (PDF) examining the way in which legitimate Android applications in the Google Play marketplace respond to attacks on security protocols known as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). In eight percent of those cases, the researchers found that apps used the security protocols improperly, leaving sensitive data open to hackers with some know-how.

The security team, however, didn't suggest that anyone has yet deliberately exploited these vulnerabilities.

SSL and TLS … Read more

Apple parts ways with hacker famous for iPhone jailbreaking

Apple's experiment with employing a hacker famous for jailbreaking the iPhone has ended.

Nicholas Allegra, also known as Comex, was hired at Apple after gaining fame with the JailBreakMe, a Web site that simplified the process of removing Apple-installed protections from the phone -- a practice Apple opposes. When Apple hired him as an intern in August 2011, Allegra was a high-profile member of the jailbreaking community, regularly publicizing security vulnerabilities in Apple's iOS software.

However, Apple ended the 20-year-old Brown University student's employment last week, Allegra revealed today.

"So... no point in delaying. As of … Read more

U.K. blocks extradition of Gary McKinnon

Gary McKinnon, the British hacker who allegedly broke into NASA's computers, will not be extradited to the U.S., ending his 10-year fight against the process.

Home Secretary Theresa May blocked the extradition on human rights grounds, saying she has "carefully examined the medical evidence" and concluded that his extradition would "give a high risk that he would end his life," the BBC reports.

Whether McKinnon will now face trial for the crime in the U.K. will be determined by the the director of public prosecutions Keir Starmer.

Read more of " Gary McKinnon extradition blocked by UK government&… Read more

Hacker wins $60,000 prize for breaking into Google Chrome

Hack into Google Chrome, and you could win $60,000, at least if you do it through Google's Pwnium 2 competition.

That's just what happened to a hacker dubbed Pinkie Pie, who won the award on Tuesday by exploiting a security hole in Chrome.

In an effort to shore up its browser's defenses, Google holds the competition to challenge hackers to hack their way through Chrome's security to find previously unknown holes. Tuesday's Pwnium 2 contest was held at the Hack in the Box 2012 event in Kuala Lumpur, Malaysia.

"We're happy to … Read more

White House confirms 'spearphishing' intrusion

The White House has confirmed that one of its internal computer networks -- reportedly a military office in charge of the president's communications -- has been targeted in a successful "spearphishing" attack.

An article yesterday published by the conservative FreeBeacon.com Web site said that hackers with ties to China's government had recently breached an unclassified "system used by the White House Military Office for nuclear commands," including the so-called nuclear football.

Spearphishing means an attacker is targeting a specific person or group, typically by sending fake e-mail that masquerades as legitimate correspondence.

The … Read more

Maker of smart-grid software discloses hack

Telvent Canada says someone sneaked past its internal firewall, installing malicious software and stealing files related to control software it makes that's used to manage the electric grid in various countries.

The company warned customers last week that it learned of a breach of its network on September 10, according to the KrebsOnSecurity blog. Project files associated with the firm's OASyS SCADA (supervisory control and data acquisition) software were stolen, the post says.

"Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to … Read more