Hacking

WEEKLY RECAP

The Sony Horror Hacker Show

Sony’s great big data leak could go down in history as the company’smessiest mess of all time — even worse than the CD rootkit disaster.

Last week, we learned that hackers had broken into Sony’s PlayStationNetwork and made off with a bunch of user data. Names, passwords andbirth dates were definitely leaked, and Sony wasn’t able to guaranteepeople’s credit card numbers were safe either.

That’s what we were told a week after the break-in, and in the meantime, lots of customers’ credit card numbers may have been in thehands of crooks. Since then, the plot has thickened further.

Even though Sony initially said users’ credit card data had beenencrypted, security researchers have reported hearing chatter about alist of PSN users’ credit card numbers being shopped around throughcriminal underground channels for somewhere in the neighborhood ofUS$100,000. Sounds like someone’s trying to cash in on a raid.

Sony’s recommended that users keep a close eye on their cardstatements and credit reports. But for users who really want to besafe, you might want to also treat it like you know the card’sbeen stolen. Call it in and ask for a new card with a new number, thenshred the old one. Banks probably don’t like that advice — ifeveryone on PSN was to take that step, it’s estimated the collectivecosts to issuers of replacing all those cards could be upwards of $300million. Then again, what does it cost to deal with a massive influxof fraudulent transaction complaints?

Later, it was announced that, counter to the company’s initialassessment, another part of Sony’s system — Sony Online Entertainment– had also been broken into as part of the original hack attack. Samekind of info was stolen: name, full address, email, gender, birthdate, phone number, user name, etc. In all, we could be looking at a breachof more than 100 million accounts, and nobody at Sony seems to be sure exactly what’s missing from where.

The company even snubbed an invitation to explain itself in person ata U.S. House subcommittee hearing on data theft Wednesday. Granted, itprobably wouldn’t have been a very pleasant exchange if Sony hadshown up, but its absence apparently didn’t prevent congresspeople andother witnesses from unloading on the company. The chair, CaliforniaRep. Mary Bono Mack, burned Sony for not notifying customers about theintrusion immediately. When it did break the news, it did so on acompany blog, which she said put the burden of finding out about theproblem on the customers themselves. “Not gonna fly” is how she putit.

On top of that, an expert witness said Sony’s security system was weakand that the company was well aware of that fact for months.

Sony hasn’t completely ignored the dirty looks it’s been gettingfrom Washington. It wrote a letter to Congress explaining its side ofthe story and defending the way in which it disclosed information tousers. It said it didn’t want to cause confusion by dribbling out abunch of unconfirmed or incomplete info hour by hour. So instead, itwaited until it had a full and verified story to tell before goingpublic.

Sony also explained that one of the reasons its security system wasoff the ball at the time of the attack was because it had recentlybeen targeted by the hacktivist group Anonymous in retaliation for thecompany’s lawsuit against hacker George Hotz. According to Sony,Anonymous’ denial-of-service attack was so distracting that malicioushackers were able to sneak in through the back door. Sony didn’tdirectly implicate Anonymous for the theft itself, but it did notethat it found a file left by the thieves on one of its servers thatcontained the text “We are legion,” which is an Anonymous battle cry.

Anonymous has denied having any part in the theft, and usually thegroup very proudly claims responsibility for the activities it doesengage in, so at this point it doesn’t smell like an Anonymous stunt.On the other hand, Anonymous is by nature very decentralized, so it’shard to say that any proclamation attributed to the group is theofficial party line. And who knows, maybe the people that really stolethe data actually consider themselves part of Anonymous, regardless ofwhether the rest of Anonymous likes that or not.


Listen to the podcast (13:49 minutes).


Back on the Market?

VoIP provider Skype has been passed around a lot in recent years. It had something going on with eBay for a while, but that mostly fizzled out. It was a strange match anyway — made it look like eBay intended to make Skype this system for strangers to chat each other up while buying each other’s crap, instead of a more general worldwide communication system.

Skype seems to have gotten over that one, though, and now it’s back in the dating scene with a vengeance. Suddenly it has two very serious buyers knocking at its door, according to Reuters: Google and Facebook. Or it could strike on on its own with a big IPO — somewhere in the $1 billion neighborhood. Or both.

That possible Facebook buyout could be very interesting. An anonymous source said that if that deal goes through, it could be worth $3-$4 billion. The big question is what Facebook would do with Skype once it has it. It’s a sensible pairing — Facebook is all about communicating with friends; Skype let’s you do exactly that. They could put a Skype button somewhere on everyone’s profile; instead of instant text chat, you could do instant Skype chat.

But Facebook is kind of its own little fiefdom within the Web. If you want to use a Facebook feature, you have to be a Facebook member, and even though the network’s huge and still growing, some people really don’t want any part of that. If the deal happens, will Facebook refuseniks be ineligible for Skype? The VoIP and video-chat service right now has more than 600 million users, so that’s a lot of people Facebook could potentially alienate by requiring them to join its network. Then again, fewer than 10 million of those users actually pay for services, so maybe they can take a walk.

But if the report is true, Facebook will have to battle Google if it wants Skype. Google’s still trying to get its act together as a social network, and snapping up a communication service like this could be a big win in that direction. Mix it in with Google Talk and Android and see how it comes out.

There’s lots at stake, so the battle could turn into a real heavyweight fight. As the biggest Web company in the world, Google has a lot of power in its corner, but Facebook has a ton of momentum, not to mention a friend in Redmond who would love to see Google fail.

Don’t Slouch

Moore’s Law is a principle that always seems to be on the brink ofextinction until one company or another saves it with its ingeniousnew breakthrough invention that’ll surely keep the dream alive, atleast for another six months or so.

The law holds that the number of transistors that can be crammed intoan inexpensive integrated circuit doubles about every two years. It’sheld true for longer than the term’s been around, which was about1970, and the progression it describes is one of the reasons youcan buy a laptop for $400 today that can do more than themillion-dollar machines that were around a few decades ago.

The problem with keeping Moore’s law intact is that making transistorssmaller and smaller becomes increasingly tricky, so chip makers haveto be more creative in their design processes. It’s rare that onesingle innovation turns out to be THE thing that makes the trendcontinue. There are lots of different ways to solve the problem, andchipmaker Intel just came up with one.

Intel says its latest transistor breakthrough is the creation of thefirst 3D transistor. That’s not to say previous transistors existedonly in two spacial dimensions. But they would typically just lie flaton the wafer. Intel got them to stand up straight, allowing more ofthem to be crammed onto the same surface area. Perhaps that sounds alittle obvious, and actually the idea has been around for years. Butthe really big step forward that Intel’s made involves the creation ofa process for turning the idea into an actual commercial productrather than a sketch on a bar napkin.

Mobile devices may see the biggest early boost from Intel’sinnovation. One of the benefits of the 3D transistors is that they useless power than their 2D counterparts, and power consumption is a bigissue when the device you’re talking about lives off a battery.For Intel, getting a foot in the door in mobile would be a big win –at the moment it’s barely visible in the smartphone scene.

Friends With Search Benefits

Microsoft was one of the first players in the smartphone world, but it’s still fair to call it a late bloomer. While iPhone and Android were out there making smartphones fun and interesting for buyers other than belt-holster-toting uber-geeks, Microsoft was stuck for a long time with Windows Mobile. Windows Phone 7 came along only recently, and now it’s uncertain how much of a foothold it’s ever going to get.

For a company like Microsoft, though, the mobile world has a lot of different angles to play, besides just putting a mobile OS out there and hoping phone makers and buyers will all fall in love with it. That’s no doubt a big angle, of course, and Microsoft isn’t too proud to buy some love for WinPho7 by doing things like stuffing Nokia’s pockets full of cash.

But Microsoft is also a player in search, and its relatively new Bing engine is making gains on Google. It’s still far, far behind, and there’s no way it’s going to actually overtake Google any time soon. But whenever Bing can score a key block against Google, Microsoft can consider that a good day.

One of those blocks happened this week as Microsoft CEO Steve Ballmer announced that Bing will be the default search and map utilities on upcoming Research In Motion BlackBerry devices. When you do a quick Web or map search on a BlackBerry, Bing will be the one providing you with the answers. It’s not like Google services will be completely blocked from appearing on BlackBerries, but Bing will be the default provider.

RIM hasn’t exactly been a media favorite lately. Its PlayBook launch was ham-handed, analysts gave it a painful downgrade last week, and critics often accuse it of putting out unexciting devices. But the fact is, there are tons and tons of BlackBerries out there, and even if some of their users only carry them because the boss says so, Microsoft’s deal could still turn into a lot of lucrative mobile search traffic.

In shacking up with both RIM and Nokia, it’s beginning to look like Microsoft is putting together an army of faltering giants to battle Android and iPhone. Android — more specifically, Google — is absolutely in Microsoft’s cross-hairs on this deal, but it’s not out of the question that Microsoft could eventually get Apple on its side too, if only to the extent of making Bing the default search engine on iPhones. They definitely seem to have a common enemy.

Good for What Ails Ye?

Here’s a great way to waste a perfectly good afternoon: Pick a fight about PC and Mac security. It’s especially fun if both you and the person you’re arguing with know a few things about computer security but lack complete and total understanding of the subject.

Suffice it to say general OS security is a very touchy subject in some circles. But sometimes a security problem comes up that has very little to do with how secure or insecure an OS is by design. For instance, if a user who’s in control of the OS can be tricked into actively installing a shady application, that doesn’t mean the OS is insecure, does it?

I’m talking about scareware. It’s an online ripoff tactic in which the bad guys make users think their computers are full of viruses, usually by performing a so-called free scan over a Web page — which is fake, of course, but it’ll tell you your machine’s insides are covered in warts.

“Oh my God, your machine is totally infected! Look at all those porn pop-ups all over your screen! Your credit cards and Social Security number and address are going straight to Al Quaida right now, so you’re pretty much screwed … unless you buy our antivirus product. What’s your credit card number?”

And from there, the bad guys have your credit card info. They might just charge you the price of the bogus software, or they might use it to defraud you further. Or they might take it up a notch — they’ll actually let you download the software and install it into your computer, and from there it acts as a constant spy.

The situation is one that Windows users encounter from time to time, and now it’s also reached the Mac platform through a scheme called “MAC Defender.” It catches potential victims from search result pages using SEO techniques, then it gets around all those Mac security walls by tricking them into giving its so-called security app tip-top, admin-level permission to come inside.

MAC Defender was spotted by Intego, and as an added twist, the scam actually uses the name of a legitimate company, MacDefender, that has nothing to do with the scam.

Experts who’ve looked at MAC Defender — the shady, scammy MAC Defender — say it’s an odd mix of sophistication and idiocy. Whoever built it did a good job of making parts of it actually look legit. Its setup screens looks nice and polished, kind of like what a Mac user would expect from a genuine made-for-Mac application. But before that, when it does that fake scan, the animation that it uses looks like it was lifted from an old version of Windows. Sloppy!

Moral of the story: If you don’t feel sick but some random person on the street tells you you’re sick and gives you a pill to take, do you take the pill?

I don’t think you should take the pill.

1 Comment

  • This article has it all wrong. I myself got an e-mail from Sony telling me that an OLD SERVER with 10,000 OVERSEAS USERS CREDIT CARD NUMBERS was hacked into, but other users had their card numbers encrypted and that part was not accessed during the attack. Everyone’s using this issue top put down Sony just because they hate the PS3 because it’s stolen a large part of the console market from the Xbox.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Elon Musk's Dec. 2 action to release The Twitter Files: Approve or Disapprove?
Loading ... Loading ...

E-Commerce Times Channels