What do the majority of web developers and an Australian-based online retailer have in common?

They hate Internet Explorer.

In fact, a company by the name of Kogan hates IE so much, it’s imposed a sales tax on any of its clients who use the beleaguered browser.

“Anyone who visits the website using IE 7 will be charged an additional 6.8% tax (IE tax) on purchases,” explains Newslaunches.com. “Interestingly that figure is derived as 0.1% for each month since the browser was released.”

read more

Some hackers use software and hardware to express themselves creatively—either solving entirely novel technical challenges or finding new ways to skin the same old cats. Others are motivated by money, power, politics, or pure mischief. They steal identities, deface Web sites, and break into supposedly secure and certainly sensitive databases.

IEEE Spectrum has written dozens of stories about both—the Steampunkers and Arduino do-it-yourselfers, on the one hand, the Anonymous and Lulzsec ne’er-do-wells on the other. Inspired by New York Magazine’s Approval Matrix, they took 25 of the biggest and best stories and assessed them along two dimensions: innovation and impact.

read more

The Autistic Hacker

A few months after the World Trade Center attacks, a strange message appeared on a U.S. Army computer: “Your security system is crap,” it read. “I am Solo. I will continue to disrupt at the highest levels.”

Solo scanned thousands of U.S. government machines and discovered glaring security flaws in many of them. Between February 2001 and March 2002, Solo broke into almost a hundred PCs within the Army, Navy, Air Force, NASA, and the Department of Defense. He surfed around for months, copying files and passwords. At one point he brought down the U.S. Army’s entire Washington, D.C., network, taking about 2000 computers out of service for three days. U.S. attorney Paul McNulty called his campaign “the biggest military computer hack of all time.”

read more

Followed by a numerous news count of hacker break-ins (link 1, link 2 and link 3), it looks as though hackers are inflaming a cyber war against major corporations and institutions. This time the International Monetary Fund, United States Senate and Central Intelligence Agency servers got hacked. Full coverage of these stories inside.

read more

Poor Sony — not again. Lulz Security has broken into SonyPictures.com, where it claims to have stolen the personal information of over 1,000,000 users — all stored (disgracefully) in plain text format. Lulz claims the heist was performed with a simple SQL injection — just like we saw the last time around. A portion of the group’s exploit is posted online in a RAR file, which contains over 50,000 email / password combos of unfortunate users. In addition to user information, the group has blurted out over 20,000 Sony music coupons, and the admin database (including email addresses and passwords) for BMG Belgium employees. Fresh off the heels of the PlayStation Network restoration, the fine folks in Sony’s IT department are now surviving solely on adrenaline shots.

Update 1: On the topic of clear-text passwords, Neflix, Foursquare, LinkedIn and Square are also spotted to expose your data. Therefore as a developer, please be careful developing apps with sensitive information; and as a user be even more careful sharing your sensitive information over the internet.

Update 2: 3rd of June 2011, Codemasters (UK game developer that brought us Dirt, GRID, Operation Flashpoint, etc) website got also hacked. The say tens of thousands accounts have been compromised exposing the names, addresses (both physical and email), birthdays, phone numbers, Xbox gamer tags, biographies, and passwords of its registered users. Payment information wasn’t compromised, but when you consider that almost everything else was, that feels like hollow consolation.

read more

Following a series of hackers break-ins on Sony (and several others), The black-hat group attacked an automobile manufacturer — Honda Canada. The company said the information accessed was related to a program in 2009 that encouraged customers to register at the myHonda website. In an alert posted on its website, Honda said details such as customer names, addresses, vehicle identification numbers and in some cases Honda Financial Services account numbers were accessed. The company said the information didn’t include data typically used for identity theft or fraud, such as birth dates, credit card numbers and bank account numbers.

read more

A Russian white-hat security firm, Elcomsoft, has found that Nikon’s system of determining whether an image from one of their cameras has been tampered with is vulnerable to circumvention. Images carry an encrypted signing key, which is overwritten as soon as they are edited; the presence or absence of this key can be checked for later.

Elcomsoft, however, claims to have demonstrated that the key can be re-written, and therefore fake images be made “authentic” according to Nikon’s tools. They have informed Nikon of the problem, but have received no response… so up it goes on the internet. The actual method isn’t disclosed, but a few sample photos (obviously doctored) are provided that should pass the Nikon authentication system. The same company found a few months ago that Canon’s system to the same effect can also be compromised. What’s the take-away here? Well, for legal and professional purposes, making sure an image is “real” just got a bit more difficult — if you assume there are people out there who know the method Elcomsoft is describing.

read more

The names and e-mails of customers of Citigroup Inc and other large U.S. companies, as well as college students, were exposed in a massive and growing data breach after a computer hacker penetrated online marketer Epsilon.
A diverse swath of companies that did business with Epsilon stepped forward over the weekend to warn customers some of their electronic information could have been exposed.

Drugstore Walgreen, Video recorder TiVo Inc, credit card lender Capital One Financial Corp and teleshopping company HSN Inc all added their names to a list of targets that also includes some of the nation’s largest banks. The names and electronic contacts of some students affiliated with the U.S.-based College Board — which represents some 5,900 colleges, universities and schools — were also potentially compromised in what could be one of the biggest breaches in U.S. history.

No personal financial information such as credit cards or social security numbers appeared to be exposed, according to the company statements and e-mails to customers. Epsilon, an online marketing unit of Alliance Data Systems Corp, said on Friday that a person outside the company hacked into some of its clients’ customer files. The vendor sends more than 40 billion e-mail ads and offers annually, usually to people who register for a company’s website or who give their e-mail addresses while shopping.

read more

Google will pay $20,000 to the first researcher who successfully exploits its Chrome browser at this year’s Pwn2Own hacking contest. The award is the largest ever for the annual challenge, which will kick off for the fifth time at the CanSecWest security conference in Vancouver, British Columbia, on March 9.

At this year’s Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft’s Internet Explorer, Mozilla’s Firefox, Apple’s Safari and Chrome. The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards.

read more