Tag Archives: hacking

Final thoughts on the Houston Astros’ database

One of my college buddies (Hi Christian!) shared my previous post on Facebook, pointing out that I’m a long-suffering Royals fan in Cardinals country, and adding that what I said was balanced and dispassionate.

I’m normally anything but dispassionate. But in this case, it’s not a baseball matter–it’s a business matter, and neither my employer nor any past employer is involved, so it’s easy to be detached and dispassionate. I guess you can say my take on hacking has changed. I was going to say “evolved,” but “changed” is more dispassionate.

Continue reading Final thoughts on the Houston Astros’ database

Minor-League hacking in the MLB

So, about a year ago, the Houston Astros announced their internal player database had been breached. This week, more details emerged, pointing right at the St. Louis Cardinals.

It wasn’t a terribly sophisticated attack. You knew I’d write about this, but I’ll explore it from an IT security perspective more than from a baseball perspective.

Continue reading Minor-League hacking in the MLB

Why someone would hack a WordPress account

I wasn’t surprised people were trying to hack my blog. What surprised me were how many people were trying to hack my blog–there was a time when I probably had more hacking-related traffic than I had reader-related traffic.

If you have a WordPress blog, you’re probably in a similar situation.

Continue reading Why someone would hack a WordPress account

This should go without saying: Upgrade your WordPress!

Apparently, 86% of WordPress blogs haven’t been upgraded yet to version 4.0 or 4.01, because they are vulnerable to a terrible cross-site scripting vulnerability.

If you’re reading this, and you have a WordPress blog, go update it. This post will still be here when you’re done. Continue reading This should go without saying: Upgrade your WordPress!

Got tech support scammed? Worry about your credit card, not your computer

A college classmate contacted me a week or two ago. A relative of hers got scammed, and she wanted to know what to do.

“Get the charges reversed on the credit card,” was my simple response.

“What about cleaning up the computer?” she asked.

That’s the easy part. Continue reading Got tech support scammed? Worry about your credit card, not your computer

FTDI needs to be charged under the Computer Fraud and Abuse Act

FTDI is a company that makes computer chips for USB peripherals. Their chips are frequently cloned, which is an issue they have a right to deal with. But they have to be careful.

Breaking suspected cloned chips that consumers bought in good faith is the wrong answer. If I did that, it would be called hacking, and I would be sitting in jail right now, and probably would be facing a quarter-century in prison. Continue reading FTDI needs to be charged under the Computer Fraud and Abuse Act

The curious case of the Commodore TED machines

Dan Bowman kindly pointed out to me that former Commodore engineer Bil Herd wrapped up his discussion of the ill-fated Commodore TED machines on Hackaday this week. Here in the States, few remember the TED specifically, but some people may remember that oddball Commodore Plus/4 that closeout companies sold for $79 in 1985 and 1986. The Plus/4 was one of those TED machines.

What went wrong with that machine? Commodore miscalculated what the market was doing. The TED was a solution to too many problems, and ended up not solving any of them all that well. Continue reading The curious case of the Commodore TED machines

A security professional fights back against tech support scammers

I guess Matt Weeks is as sick as I am of tech support scammers, because he developed a way to fight back, in the form of a Metasploit module that exploits a software defect in the AMMYY remote access tool that these scammers sometimes use. Metasploit is a tool that penetration testers use to demonstrate–with permission–how hackable a computer network is. In this case, the would-be victim is penetration testing someone without permission. Run the module when the scammer connects to the would-be victim, and he or she gets a command prompt on the criminal’s PC. At that point, the would-be victim can break their computer, perhaps by deleting critical files, corrupting the Windows registry, or something else. Anything you can do from a command prompt would be possible at that point.

I’m anything but heartbroken that this threat exists, although I’m not going to do this myself. Let me explain. Continue reading A security professional fights back against tech support scammers

How to get 1440×900 resolution out of an Nvidia video card

I have a Gateway FPD1975W LCD monitor with an unusual 1440×900 resolution. Intel video cards have no issues with this resolution, but Nvidia cards don’t support it by default when running under Windows.

Hack the drivers a bit and you can get this monitor to work just fine with an Nvidia adapter, though. Believe it or not, the only hacking tool you need to accomplish the deed is notepad.exe.  Continue reading How to get 1440×900 resolution out of an Nvidia video card