Home / Tag Archives: hack

Tag Archives: hack

Developers, hack your way to free passes to Disrupt SF 2018

You’ve heard how  TechCrunch Disrupt San Francisco 2018  is going to be  the biggest, most ambitious Disrupt ever  — and we’re serious. So serious, in fact, that we’re super-sizing the Hackathon, taking it online and making it global. Thousands of the world’s most talented developers, programmers, hackers and tech makers can participate and submit their hacks from anywhere in the world. The clock starts now — you have a little less than 6 weeks to build your team and start creating your projects — so sign up today to get started . We’re asking you to show us how you’d creatively produce and apply technology to solve various challenges. Judges will review all eligible submitted hacks and rate them on a scale of 1-5 based on the quality of the idea, technical implementation of the idea and the product’s potential impact. The 100 top-scoring teams will receive up to 5 Innovator Passes for their team to attend TechCrunch Disrupt SF 2018. Plus , the 30 highest-scoring teams will advance to the semi-finals, where they get to demo their newly created product at Disrupt SF. From there, we’ll choose 10 of those teams to pitch their hack on The Next Stage in front of thousands of Disrupt SF attendees. One of those 10 teams will win the $10,000 grand prize and be the first-ever TechCrunch Disrupt Virtual Hackathon champ. But that’s not all! We’ll also have some fantastic sponsor contests already announced from BYTON, TomTom and Viond : BYTON What can AI do for you while on the move? What will people want to do in a car that has a 49” screen and drives autonomously? How can we create an enjoyable time with a vehicle that’s able to communicate with other vehicles on the road or smart city infrastructure? We challenge you to think creatively and develop unique solutions to give people their “time to be” while on the move. Smart agendas, recommendations and digital assistants are only some of the ways we’re thinking about doing artificial intelligence during the age of autonomy

Read More »

UK watchdog issues $330k fine for Yahoo’s 2014 data breach

Another fallout from the  massive Yahoo data breach that dates back to 2014 : The UK’s data watchdog has just issued a £250,000 (~$334k) penalty for violations of the Data Protection Act 1998. Yahoo, which has since been acquired by Verizon and merged with AOL to form a joint entity called Oath (which is also the parent of TechCrunch), is arguably getting off pretty lightly here for a breach that impacted a whopping ~500M users. Certainly given how large data protection fines can now scale under the European Union’s new privacy framework, GDPR , which also requires that most breaches be disclosed within 72 hours of discovery (rather than, ooooh, two years or so later in the Yahoo case … ). The Information Commissioner’s Office (ICO) focused its investigation on the more than 515,000 affected UK accounts which the London-based Yahoo UK Services Ltd had responsibility for as a data controller. And it found a catalogue of failures — specifically finding that Yahoo UK Services had: Failed to take appropriate technical and organisational measures to protect the data against exfiltration by unauthorised persons; had failed to take appropriate measures to ensure that its data processor — Yahoo! Inc — complied with the appropriate data protection standards; had failed to ensure appropriate monitoring was in place to protect the credentials of Yahoo! employees with access to Yahoo! customer data; and also that the inadequacies found had been in place for “a long period of time without being discovered or addressed”. Commenting in a statement, the ICO deputy commissioner of operations, James Dipple-Johnstone, said: “People expect that organisations will keep their personal data safe from malicious intruders who seek to exploit it. The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.” According to the ICO personal data compromised in the breach included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers. It considered the breach to be a “serious contravention of Principle 7 of the Data Protection Act 1998” — which states that appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data. Happily for Oath, GDPR does not apply historically because the UK’s domestic regime only allows for maximum penalties of £500k. And given Verizon was able to knock $350M off the acquisition price of Yahoo on account of a pair of massive data breaches , well, it’s not going to be too concerned with the regulatory sting here. Reputation wise is perhaps another matter. Though, again, Yahoo had disclosed the breaches before the acquisition closed so any damage had already been publicly attached to Yahoo

Read More »

Ticketfly is finally back online after hack

Ticketfly's site is back online after a hack last week which forced the company to take the site down while it investigated the incident. The iOS app, along with the Promoter and Fanbase functions, are still down, as Ticketfly prioritized "bringing u...

Read More »

FCC has a redaction party with emails relating to mystery attack on comment system

You may remember the FCC explaining that in both 2014 and 2017, its comment system was briefly taken down by a denial of service attack. At least, so it says — but newly released emails show that the 2014 case was essentially fabricated, and the agency has so aggressively redacted documents relating to the 2017 incident that one suspects they’re hiding more than ordinary privileged information. As a very quick recap: Shortly after the comment period opened for both net neutrality and the rollback of net neutrality there was a rush of activity that rendered the filing system unusable for a period of hours. This was corrected soon afterwards and the capacity of the system increased to cope with the increased traffic. A report from Gizmodo based on more than 1,300 pages of emails obtained by watchdog group American Oversight shows that David Bray, the FCC’s chief information officer for a period encompassing both events, appears to have advanced the DDoS narrative with no real evidence or official support. FCC says its cybersecurity measures to prevent DDoS attacks must remain secret The 2014 event was not called an attack until much later, when Bray told reporters following the 2017 event that it was. “At the time the Chairman i.e. Tom Wheeler did not want to say there was a DDoS attack out of concern of copycats,” Bray wrote to a reporter at Federal News Radio. “So we accepted the punches that it somehow crashed because of volume even though actual comment volume wasn’t an issue.” Gigi Sohn, who was Wheeler’s counsel at the time, put down this idea: “That’s just flat out false,” she told Gizmodo. “We didn’t want to say it because Bray had no hard proof that it was a DDoS attack. Just like the second time.” And it is the second time that is most suspicious. Differing on the preferred nomenclature for a four-year-old suspicious cyber event would not be particularly damning, but Bray’s narrative of a DDoS is hard to justify with the facts we do know. In a blog post written in response to the report, Bray explained regarding the 2017 outage: Whether the correct phrase is denial of service or “bot swarm” or “something hammering the Application Programming Interface” (API) of the commenting system — the fact is something odd was happening in May 2017. Bray’s analysis appears sincere, but the data he volunteers is highly circumstantial: large amounts of API requests that don’t match comment counts, for instance, or bunches of RSS requests that tie up the servers. Could it have been a malicious actor doing this?

Read More »

MyHeritage breach exposes 92M emails and hashed passwords

The genetic analysis and family tree website MyHeritage was breached last year by unknown actors, who exfiltrated the emails and hashed passwords of all 92 million registered users of the site. No credit card info, nor (what would be more disturbing) genetic data appears to have been collected. The company announced the breach on its blog , explaining that an unnamed security researcher contacted them to warn them of a file he had encountered “on a private server,” tellingly entitled “myheritage.” Inside it were the millions of emails and hashed passwords. Hashing passwords is a one-way encryption process allowing sensitive data to be stored easily, and although there are theoretically ways to reverse hashing, they involve immense amounts of computing power and quite a bit of luck. So the passwords are probably safe, but MyHeritage has advised all its users to change theirs regardless, and they should. The emails are not fundamentally revealing data; billions have been exposed over the years through the likes of the Equifax and Yahoo breaches. They’re mainly damaging in connection with other data. For instance, the hackers could put 2 and 2 together by cross-referencing this list of 92 million with a list of emails whose corresponding passwords were known via some other breach. That’s why it’s good to use a password manager and have unique passwords for every site. MyHeritage’s confidence that other data was not accessed appears to be for a good reason: Credit card information is not stored on MyHeritage to begin with, but only on trusted third-party billing providers (e.g. BlueSnap, PayPal) utilized by MyHeritage

Read More »

FCC asks Amazon and eBay to stop selling fake pay TV boxes

On Friday, the Federal Communications Commission sent a letter to Amazon CEO Jeff Bezos and eBay CEO Devin Wenig asking their companies to help remove the listings for fake pay TV boxes from their respective websites. These boxes often falsely bear the FCC logo, the letter informed, and are used to perpetuate “intellectual property theft and consumer fraud.” With the rise in cord cutting, a number of consumers have found it’s just as easy to use a software app like Kodi on a cheap streaming media device to gain access to content — like TV shows and movies — that they would otherwise miss out on by dropping their pay TV subscription. As an added perk, various software add-ons enable consumers to stream movies still in the theaters, too. It’s an easier way to access pirated content than visiting The Pirate Bay and downloading torrent files. While Kodi’s open-source software itself doesn’t facilitate piracy , through a number of downloadable add-ons, it’s relatively easy for consumers to figure out how to stream pirated content thanks to online tutorials and YouTube videos. It’s not clear if people know that they’re doing something illegal, or just don’t care because there are seemingly no repercussions related to their behavior. Amazon, Netflix and major Hollywood studios have gone after these box makers through the court system already. In January, for example, a U.S. District Court judge  handed down a preliminary injunction against TickBox TV, a Georgia-based set-top box maker that was profiting from the sale of its so-called “Kodi boxes.” Columbia Pictures, Paramount Pictures, Disney, 20th Century Fox Film, Universal Pictures and Warner Bros. were also plaintiffs in that case, along with Netflix and Amazon. Amazon and eBay also proactively remove devices facilitating piracy from their websites, the FCC acknowledged in its letter. Amazon, for example, prevented the sale of “tens of thousands of unlawful devices” through its “automated proactive detection, preventative investigations, and notices of infringement from rights holders,” the letter stated. Ebay, meanwhile, also removes devices reported as infringing and removes those that say things like “never pay another cable bill” or “fully loaded” in their descriptions. But the FCC wants the companies to do more, and faster, it seems. “Unfortunately, despite your good work in this area, devices continue to make it to consumers through your website,” writes FCC Commissioner Mike O’Rielly.

Read More »

CommerceDNA wins the TechCrunch Hackathon at VivaTech

It’s been a long night at VivaTech. The building hosted a very special competition — the very first TechCrunch Hackathon in Paris. Hundreds of engineers and designers got together to come up with something cool, something neat, something awesome. The only condition was that they only had 24 hours to work on their projects. Some of them were participating in our event for the first time, while others were regulars. Some of them slept on the floor in a corner, while others drank too much Red Bull. We could all feel the excitement in the air when the 64 teams took the stage to present a one-minute demo to impress fellow coders and our judges. But only one team could take home the grand prize and €5,000. So, without further ado, meet the TechCrunch Hackathon winner. Winner: CommerceDNA Runner-Up #1: AID Runner-Up #2: EV Range Meter Judges Nicolas Bacca, CTO, Ledger Nicolas worked on card systems for 5 years at Oberthur, a leader in embedded digital security, ultimately as R&D Solution Architect. He left Oberthur to launch his company, Ubinity, which was developing smartcard operating systems. He finally co-founded BT Chip to develop an open standard, secure element based hardware wallet which eventually became the first version of the Ledger wallet. Charles Gorintin, co-founder & CTO, Alan Charles Gorintin is a French data science and engineering leader.

Read More »