hack Stories May 14, 2015

Starbucks has confirmed multiple reports of users of its smartphone app having three-figure sums stolen from their accounts in the form of gift certificates, reports CNN.

One user lost $550 in a matter of minutes, his account auto-reloaded each time it was emptied by a hacker sending a series of $50 gift cards. Other users have also reported three-figure losses within a matter of seconds or minutes …  expand full story

hack Stories April 21, 2015

A former NSA staffer says that the OS X 10.10.3 update which Apple claims fixed a significant security vulnerability has failed to do so, reports Forbes. Patrick Wardle, who now heads up research at security firm Synack, demonstrated the vulnerability in a video (without revealing exactly how it was done) to allow Apple time to issue a further fix.

The Rootpipe vulnerability allows an attacker with local access to a Mac to escalate their privileges to root – allowing them full control of the machine – without further authentication. A second security researcher confirmed the flaw …  expand full story

The buggy code highlighted by arsTechnica
Comments (9)

A bug in the way that 1,500 iOS apps establish secure connections to servers leaves them vulnerable to man-in-the-middle attacks, according to analytics company SourceDNA (via arsTechnica). The bug means anyone intercepting data from an iPhone or iPad could access logins and other sensitive information sent using the HTTPS protocol.

A man-in-the-middle attack allows a fake WiFi hotspot to intercept data from devices connecting to it. Usually, this wouldn’t work with secure connections, as the fake hotspot wouldn’t have the correct security certificate. However, the bug discovered by SourceDNA means that the vulnerable apps fail to check the certificate …  expand full story


hack Stories March 18, 2015

hack Stories March 4, 2015

Cryptographers have discovered that a security flaw dating back to the ’90s is placing OS X, iOS and Android users at risk from hacking attacks when visiting some major websites, including American Express, Airtel, Bloomberg, Business Insider, Groupon, Marriott and many more.

The FREAK exploit allows an attacker to force a website to use lower-grade encryption for HTTPS connections, which can be cracked within a few hours when using a small botnet of just 75 computers. Once cracked, attackers would be able to hack the website as well as steal personal data from those visiting the site …  expand full story

hack Stories February 22, 2015


Submit a Tip


Submitting a tip constitutes permission to publish and syndicate. Please view our tips policy or see all contact options.

Powered by WordPress.com VIP