Hack

Copied from LA-Times: A man who hacked the email accounts of celebrities should pay movie star Scarlett Johansson $66,179.46 in compensation, federal prosecutors said. The hacker also should serve 71 months in prison and pay a total of $150,000 in compensation to all his victims, prosecutors said in court papers filed this week. Christopher Chaney, 35, of Jacksonville, Fla., who pleaded guilty in Los Angeles federal court to nine counts of computer hacking, for two years hacked almost daily into email accounts of 50 people in the entertainment industry. ...

v3.co.uk: Card processing firm Global Payments has provided more detail on the attack on its computer systems earlier this year, warning that the attackers may have had access to unspecified personal data. Global Payments confirmed the attackers had access to details of 1.5 million cards, but it said the attack had now been contained. Global Payments also revealed the attacks had gained access to servers containing personal information “from a subset of US merchant applications”. While it could not ascertain whether the data had been copied, it would be notifying affected customers in the coming days. ...

The H-Online: There have still been no official statements on the causes and extent of the recent password leaks at LinkedIn, eHarmony and Last.fm. A credible source is now reporting that the published 2.5 million Last.fm MD5 hashes, for example, are just the tip of a 17 million hash iceberg. That iceberg has reportedly been circulating since summer 2011.16.4 million of these – 95 per cent – have, the source claims, already been cracked, a claim which, for unsalted hashes, is entirely credible. ...

The H-Online: A list with several million passwords belonging to users of the music community site Last.fm has been posted on the internet. The site owners have posted a statement saying that the company is investigating the leak and that all users of the service should change their passwords immediately. This is the third major compromise of a popular web site’s passwords in as many days. ...

H-Online: Internet forums are currently circulating a list containing over six million password hashes which allegedly originate from LinkedIn. The passwords are being cracked collaboratively with about 300,000 passwords already published as plaintext. The list contains pure SHA1 hashes with no name or email addresses. If decrypted, the passwords will not easily give access to an appropriate account. However, it is probable that the person who captured the hashes also has the corresponding email addresses. In an initial sampling, The H‘s associates at heise Security didn’t find any known LinkedIn passwords in the list, but with over 160 million members that doesn’t mean a lot. The already cracked passwords often contain “linked” or even “linkedin” in the form, for example, of “lawrencelinkedin”. This suggests that the passwords actually come from the LinkedIn social network. However, this has not yet been confirmed. ...

H-Online: Hackers developed a script which was able to crack Google’s reCAPTCHA system with a success rate of better than 99 per cent. They presented the results of their research at the LayerOne security conference in Los Angeles last weekend; however, their demonstration was somewhat frustrated as, just an hour before the presentation, Google made improvements to its CAPTCHA system. ...

GFI Wrote: In September, our friends at Sophos wrote about a fake BBC website offering up the “chance” to work from home for predictably large sums of money. No more than a day later, we were covering fake BBC video posts targeting Facebook users. Today we’re looking at a fake BBC URL which drops the end-user onto a “work from home and earn $10,000+ a month” fake news site, but not before it’s attempted to load up the PC with malware via a rather nasty collection of exploits. The URL in question is bbcmoneynews(dot)com: ...

theregister.co.uk wrote: A Brit who distributed a Trojan horse that posed as a patch for popular shoot-em-up game_Call of Duty_ has been jailed for 18 months. Lewys Martin, 20, of Deal in Kent, used the malware to harvest bank login credentials, credit card details and internet passwords from the compromised Windows PCs of his victims. Martin then apparently laundered the credentials via underground cybercrime forums, earning $5 or less for every credential, directing proceeds of his criminal activity towards an offshore account in Costa Rica, funds which remain beyond the reach of UK police. ...

TheHackerNews: Google got Pwned ? NO Few Algerian Script Kiddies try to spread fake rumors that they Hack and Deface the Giant Search engine “Google Iranian” domain http://www.google.co.ir/ . As the screenshot shown a Algerian flag on it and Page Titles : **“**H4Ck3D By vaga-hacker dz and DR.KIM”. As mentioned by hacker, the team include hackers named : “V4Ga-Dz,Dz0ne,DR-KIM King-Dz,BroX0 aghilass elite jrojan password kha&mix wasim -dz” . It is not confirmed that, either these are member from some Anonymous Hackers but they try to use Anonymous Hackers Tag line : We Dont Forget , We Dont Forgive, Expect Us! to get some publicity. ...

The H-Online: The whitec0de.com blog reports that, for $20, a member of a hacker forum offered to crack any Hotmail account within a minute – and that he kept his word. Apparently, the hacker found out about a critical vulnerability in Microsoft’s email service on a security forum, and the hole allowed him to change the passwords of arbitrary Hotmail users. ...