British 15-year-old Saleem Rashid created a code that enabled him to “backdoor” Ledger’s wallets.
The story started in November 2017 when Rashid discovered the flaws on the wallet. He disclosed the vulnerability to the company but was apparently not taken seriously.
For years, the top guys at France-based Ledger has touted their product to be tamper-proof. The Ledger Nano S is a $100 hardware wallet for Bitcoin, Ethereum and Altcoins that according to Ledger, has sold by the millions. The company claims that resellers are not able to modify and tamper this device without attracting end users’ attention. Why would they listen to a 15-year-old right?
After four months, the company released did release an update to address the issue that Rashid privately disclosed to them. However, Ledger’s Chief Security Officer Charles Guillemet maintains that the issue was “NOT critical”. He also stresses that the “attack cannot extract the private keys or the seed.”
Rashid publicly criticized this update on social media and in a blog post entitled entitled Breaking the Ledger Security Model. He maintains that he could still “autonomously extract the root private key once the user unlocks the device” and use to it instigate manipulation of destination addresses for transactions.
This recent discovery of the wallet’s vulnerability definitely puts a lot of pressure on the company and to their users who actually puts their faith in these devices.
A Russian student who studies in Canada has successfully hacked into a fully patched Windows 7 64-bit version. He used a remote code execution vulnerability/exploit in Google Chrome.
Sergey Glazunov is a security researcher who finds security holes in Chrome and reports it directly to Google.
He earned $60,000 due to his exploits. He targeted two distinct zero-day vulnerabilities in the sub-system of the Chrome extension. Google is trying to partner with hackers to find holes in the system. In exchange they pay the hacker for his job. They call the Pwnium hacker contest which they are running this year.
Justin Schuh of Google said that, “It didn’t break out of the sandbox [but] it avoided the sandbox.” Glazunov’s exploits bypassed the browser sandbox in its entirety.
He also added, “It was an impressive exploit. It required a deep understanding of how Chrome works. This is not a trivial thing to do. It’s a very difficult and that’s why we’re paying $60,000.”
Sergei is a regular contributor in the Google bug bounty program. He also did a similar sandbox bypass bug before that is similar to his work. Schuh said that these types of full code execution that executes code outside the browser sandbox from a very small percentage of bug submissions.
Albert Gonzalez faces a sentence of up to 25 years in prison after pleading guilty today.
The 28-year-old man from Miami admitted to federal charges in New York and Massachusetts. He also faces charges in New Jersey.
Gonzalez’s hacking activities in the past years were so huge that it could be the most notorious computer hacking including attacks on computer systems of retailers like T.J. Maxx, OfficeMax, BJ’s Wholesale Club, Boston Market, Barnes & Noble, Sports Authority and even Dave & Buster’s restaurant chain. Feds say he must have stolen as many as 40 million credit and debit card numbers.
“He just feels really bad, mainly because of the damage he’s caused, but also because of what his family has had to endure,” Rene Palomino Jr., Gonzalez’s Miami attorney said. “He just wants to go ahead and do the right thing and take responsibility for his actions. One day, he will go and lead a productive life like any other citizen.”
Gonzales was arrested in May 2008 while he was staying with his girlfriend at the National Hotel, Miami Beach.
Miami Beach, Florida has enamored lots of people with its sublime beaches and luxury hotels: locals, tourists and er..criminals.
On May 7 of last year, Albert Gonzales or “soupnazi” was arrested while staying at the National Hotel on South Beach. Feds were able to seize two computers, a gun and $22,000 in cash. He was charged with credit and debit card accounts theft as well as hacking into business computer networks.
Last week, he was indicted in New Jersey on more federal charges, with his hacks totaling to 170 million accounts – the biggest of the decade.
Gonzales, 28, is not a newbie when it comes to arrests. He was first arrested for hacking in 1998 and a year after, was charged for marijuana possession. In 2003, he had his first federal arrest for hacking. By acting as an informant to the U.S. Secret Service however, he managed to escape from being charged. He helped them hunt other hackers.
But I guess leopards really cannot change its spots because over the next five years after his 2003 arrest, he continued to hack into computer systems of Fortune 500 companies and national restaurant chain Dave & Buster’s.
It was around 2005 when Gonzales and others devised a hack that could steal credit and debit card data and send them to remote computer servers. The feds said the hackers were able to steal approximately 40 million credit card numbers – the biggest theft at that time.
If convicted, Gonzales will be facing a lifetime imprisonment and nope, he couldn’t use a computer there I guess. 😉
A British hacker who has an obsession with unidentified flying objects seemed to think sci-fi movies aren’t enough so what did he do? He decided to break into 97 military and NASA computer systems to look for evidence about UFOs.
Gary McKinnon will be tried in America and if convicted, he may be facing a 70-year sentence. He has been appealing in the British judicial system to avoid extradition to these shores. His lawyers had argued that McKinnon should not be extradited because he suffers from Asperger syndrome, and could be at risk for psychosis or suicide if sent to United States, an article from EmaxHealth says.
People with Asperger syndrome have difficulties in social interaction, show restricted and repetitive patterns of behavior and interests.
The 43-year old man doesn’t deny that he had hacked into the computers in 2001 and 2002 but he claims he has no intention whatsoever to compromise US security – he just wanted to find secret info about UFOs.
His hacking efforts which started February of 2001 to March of the following year however, caused significant disturbances such as the hack that knocked seven hundred computers at a New Jersey naval station offline immediately after the 9/11 incident.
McKinnon was first issued a warrant in October 2001 and extradition efforts began in late 2004.