Category: Hacking / Security

The Case of the Changing Blog

I rarely re-read or revisit old blog posts on this site. Generally speaking I write them, give them a quick once over, and send them on their way. The only time I look up old posts is to either verify a date or find a link to send to someone. That’s what I was doing over the weekend when I dug up a blog post from four years ago and was surprised to find spam links embedded throughout the post — links I did not put there. The game, as they say, was afoot. Discovering your website’s been hacked in… (read more)

RobOHaraLeave a comment

Kevin Mitnick (1963-2023)

Earlier this week I was informed that Kevin Mitnick, the “world’s most infamous hacker,” had passed away. I was asked to sit on the news until the family had time to release a statement, but word travels fast and this morning it appeared on the front page of the New York Post. For those who haven’t heard or read the story, back in the mid-2000s my wife, who was in charge of putting together a training class at work, hired Kevin Mitnick to travel to Oklahoma and teach a course on social engineering. Susan knew how into computers and security… (read more)

RobOHara4 Comments

FBI vs. Apple vs. You

Shortly before entering the Inland Regional Center in San Bernardino, California and opening fire, killing 14 people and injuring another 20, the shooters — Syed Rizwan Farook and Tashfeen Malik — discarded their cell phones laptop’s hard drive. While the hard drive has not been located, the cell phones turned up in a dumpster near the terrorists’ rented home. Four hours after the attack, Farook and Malik were killed in a gun battle with FBI agents. Unfortunately, they were shot before anybody got a chance to ask Farook what the four-digit lock code on his iPhone was. Oops. An iPhone,… (read more)

RobOHara

Change your (everything) Password — Introducing the Heartbleed Bug

If you think you don’t need to read this post, you definitely need to read this post. Heartbleed is a security vulnerability that was discovered this week. It probably affects you. First, the five W’s: Who: Anyone who uses the web and uses https links. That’s probably you. What: Heartbleed is a vulnerability that allows people to see the information you send to some websites that use OpenSSL. It’s a lot of them. Where: Gmail, Yahoo, Tumblr, Flickr, Facebook… When: The problem has been around for two years now, but nobody noticed it until this week. Why: Honest human error.… (read more)

RobOHara3 Comments

A Resurgence of Interest in eCoder Ring

A lot of things just happened when you clicked on this article. Your computer connected to my computer, and each of these words I wrote zipped across the internet to their destination. Since this article contains words like encryption, NSA, and secret codes, it probably flagged something for the NSA along the way — you for reading about it, and me for writing about it. In some giant, government data warehouse, there’s now a record that you were here. We’re probably both on a watch list now. Welcome to the machine, and all that. About five years ago I wrote… (read more)

RobOHara2 Comments

Removing Malware from my own Site

A few months ago I spun up a new website, SpriteCastle.com. There’s no real content there yet — it’s more of a proof of concept site at this point. Last night after finishing up the latest episode of You Don’t Know Flack I decided to do some tweaking to the Sprite Castle. When I opened the site in Google Chrome, I got the following message: Crap. I know WordPress has been under attack lately, so my first assumption was that the site had been compromised. Bypassing Chrome’s warning, I opened the site and searched for any sign of malware. I… (read more)

RobOHara4 Comments

YDKF Episode 119: Hohocon ’94

Another week, another episode. Episode 119 of You Don’t Know Flack is about Hohocon — specifically Hohocon ’94, the last Hohocon and the only one I attended. Hohocon was a hacker conference that ran for 5 years in a row, from 1990 to 1994. It was put on by dFx, the Cult of the Dead Cow, and Phrack Magazine. This was a tough episode to complete. During the time slot I set aside to record, my sister inconveniently and inconsiderately had a baby. Don’t you hate it when other people schedule things when you already have plans? Sheesh! All kidding… (read more)

RobOHara1 Comment

Deconstructing the PS3 Hack

Last week at the 27th annual Chaos Communication Congress (CCC), a group calling themselves “fail0verflow” displayed the single-most important PlayStation 3 hack to date. A few months from now, when everybody who wants one has a modified PS3, you’ll be able to point your finger back to fail0verflow’s CCC presentation and say, “that is where is all began.” Just like the original Xbox, the PlayStation 3’s defenses didn’t fall to pirates, but to Linux experts. The quickest way to have your security precautions ripped out of your device, run up the flagpole and laughed at is to prevent people from… (read more)

RobOHara3 Comments

Sony Making a Grave Mistake (Please Read)

Sony’s decision to remove OtherOS from the PlayStation 3 could change the future of all electronic devices as we know them. You may not agree with or even completely understand that statement yet, but if you own anything (even a computer or a phone) that connects to the Internet, I urge you to read today’s post. Today’s story begins back in 2006 with Sony’s release of the PlayStation 3 (PS3). The PS3 was (and still is) the most advanced video game console ever released. In fact, the console was so powerful that not only could it also play both PS2… (read more)

RobOHara6 Comments

Security Through Obscurity, and why it fails.

Before we begin today’s lesson, we’re going to do something fun and generate your Rock Star name. Your first name will be the name of your first pet and your last name will be the name of the street you live on. Mine’s “Ernie Gregg.” Write this down or just make note of it; you’ll need it later near the end of today’s program. Security Through Obscurity (“STO”, for short) is the concept that things will be secure if you hide them. I’ve mentioned the concept before; I covered it in detail on Episode 104 of You Don’t Know Flack.… (read more)

RobOHara6 Comments