Voiding your warranty, apparently, is as simple as running five short commands. To run those, however, you need a higher-resolution way of communicating with your Google Glass device than the touch-sensitive screen on your specs.

“Fortunately, this is an Android device, and like most Android devices, it has a Bluetooth chip,” Google engineer P.Y. Laligand said today at the chat on hacking Glass.

Source: Google

Glass is just Android, underneath.

So he simply turned on Bluetooth, paired an external keyboard, opened up a terminal window, and typed five commands in ADB, or Android Debug Bridge:

1. $ adb reboot bootloader: (Allows you to access the bootloader)
2. $ fastboot oem unlock: (Removes security precautions, erases user data, and … voids your warranty.)
3. $ fastboot flash boot boot.img: (Replaces the boot image)
4. $ fastboot reboot: (Reboots back into a normal state)
5. $ adb root: (Finally, you have root access and access to all the data partitions)

These are not steps to be taken lightly, according to Google engineer Hyunyoung Song.

“Even though there are recovery methods, there is a chance that you could get stuck in a state from which it’s not easy for your device to be recovered,” she said. “And Google will not support you.”

Google Glass owners who have taken the lives of their $1,500 Google Glass Explorer Edition devices in their hands and bravely gone where few dare, however, have done some exceptionally cool things. One has installed standard Ubuntu Linux on Glass and now programs on Glass using Emacs, a text editor. Another has created an avatar that mimics your head motion, bobbing around just as you do while talking and gesturing.

Source: Google

Danger, Will Robinson! Voiding warranty now!

And Google — while not supporting you if you brick your device — encourages developers to play around in root mode, hacking new apps and experiences which can be then brought into the Google Glass ecosystem.

“Now you’re in root mode,” Song said. “Play around and go nuts with whatever you want to do.”

For the faint of heart, there will be a safety net at some point. Google will be releasing the standard Glass system images, which can be used to recover bricked devices.

Probably.

Image credit: Jolie O’Dell/VentureBeat

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

The Pentagon pointed an accusing finger at China today in its annual report to Congress, saying the country and its government are trying to gain insight into U.S. secrets.

Specifically, the report says China is hacking into U.S. computer systems to grab data that will improve its own technology. It is also looking to get a read on how the U.S. government feels about China internally, according to the Wall Street Journal. It’s a strong statement for the Pentagon, which is very direct about the use of hacking in its report.

“China is using its computer network exploitation capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs,” said the report.

Security firm Mandient identified a group of hackers from China’s People’s Liberation Army called PLA 61398, which has been launching a number of damaging cyber attacks on the U.S. It has been linked to hacks on a number of technology companies as well as media such as the New York Times.

Last week, it was revealed that PLA 61398 is suspected to be behind a wide-scale attack on QinetiQ, a U.K.-based defense contractor with a U.S. subsidiary. Those brought on to research the QinetiQ case said they were able to find traces of the hackers in all corners of its business. The cyber criminals stole what Bloomberg reports as the equivalent of 3.3 million excel spreadsheets.

The data lifted included drones and robotics plans.

Pentagon image via michael baird/Flickr

Cloud identity management company Ping Identity says that between those six or more corporate passwords and all the personal passwords we maintain, the average person has to remember 15 passwords. That’s probably a recipe for disaster, given the total information onslaught we face every day, which is why the majority of us — 61 percent — reuse passwords from site to site.

That’s what security companies call “password negligence,” and the results are costly.

Too many passwords and not enough memory contributes to 39 percent of all malicious hacking attacks, which can cost large enterprises $5.5 million each.

One solution, of course, is corporations requiring users to change their passwords every 30 to 60 days. That’s more secure, theoretically, but people often reuse an old password. Or, worse, if they’re worried they won’t be able to remember the new password, they may write it down.

The end result, unfortunately, can be less security than before the change.

All the data is below, in visual form:

photo credit: Simon Lieschke via photopin cc

Google Glass may only be in the hands of a few people, but some of these folk have already found a way to crack it.

Jay Freeman, a hacker who goes by “Saurik”, says he tested a known exploit in Android 4.0 that he used to get root access to Glass. The move could, in theory, allow Glass owners to circumvent any restrictions Google has installed in the device.

Freeman, however, is not alone. Liam McLoughin, a hacker known for getting Chrome OS on netbooks and the Macbook Air, says he’s also rooted Glass.

Glass developer Stephen Lau says that the hacker cracking is all a part of the plan.

But while McLoughin and Freeman are patting themselves on back, Glass developer Stephen Lau — whom you may recognize from those early Glass promo shots — says that the hackers’ feat is a tad less impressive than it seems.

“Not to bring anybody down … but seriously … we intentionally left the device unlocked so you guys could hack it and do crazy fun shit with it. I mean, FFS, you paid $1,500 for it … go to town on it.  Show me something cool,” Lau wrote on Google Plus.

While none of this means very much to the vast majority of us who haven’t even touched Glass, it’s clear that all of this could lead to developers doing some interesting things with Google’s controversial new device a time goes on.

Photo: Flickr/Maxbraun

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Last week I bought 13 laptops from WalMart.com. All were pretty cheap, between $500 and $700, but 13 of them added up to a rather hefty $8,000 bill on my MasterCard.

There were only two problems: I didn’t buy them, and they weren’t being shipped to my house.

I’d been hacked. Somehow, somebody in Sacramento, Calif., was going to get 13 Dell Inspirons at my expense. Lucky them … and unlucky me.

But not only unlucky me — a staggering one in four Americans report being a victim of identity fraud, according to a new study by Jumio, a leading credit card validation service for web and app-based commerce. And 83 percent of us worry about identify theft.

Source: John Koetsier

Fraudulent WalMart.com orders charged to my account

That’s a problem, because commerce is increasingly going mobile. Two-thirds of us own a smartphone and/or a tablet, and most of us plan to use them to buy things in the near future. A full 48 percent of us use our mobile devices to check something as sensitive as our bank balances. But as we do, we’re opening ourselves up to even more avenues of fraud and scamming.

“Users may be willing to accept risk now in favor of convenience, but this tolerance will weaken as fraud continues to grow,” Daniel Mattes, founder and CEO of Jumio, said in a statement. “The industry needs to get on board to protect our customers as much as the customers themselves need to take greater precautions.”

Investigators in my case suspected a phishing attack, in which you get an email purportedly from an online store that leads you to a fake but real-seeming site that then takes your credentials, but I had not clicked on any real or fake WalMart emails.

And so the only greater precautions that would have been useful would have been perhaps using unique passwords for each e-commerce site I use.

The problem of online and mobile security is a growing one. According to VISA, mobile commerce fraud was $2.7 billion in 2010, $3.4 billion in 2011, and $3.5 billion in 2012. And Cybersource says almost a third of all retailers experienced mobile fraud in 2012.

So what’s the solution?

Perhaps biometrics. Apple is said to be building a fingerprint sensor into the next iPhone model, the iPhone 5S. And Jumio’s survey says that 74 percent of us don’t feel that simple username/password security is sufficient. It certainly didn’t protect me — I was only fortunate enough to notice 13 thank-you-for-your-order emails from Walmart.com.

But biometrics won’t be available on every device, and won’t be an industry-standard smartphone feature for some time to come, if ever.

Meanwhile, according to Jumio, 69 percent of us would feel more comfortable sharing our personal information online, and buying via mobile, if there were more secure ways of storing that data online.

Source: Jumio

Mobile purchasing and banking activity

“For mobile to reach its full potential, the industry needs to adopt more consistent and accurate ways to identify and authenticate consumers,” Mattes said. “Only then will we be able to truly combat fraud.”

The question remains: How exactly that should be done?

The mechanisms for catching fraud after the fact, and protecting consumers from the consequences, are mostly in place. MasterCard canceled my credit card, WalMart canceled the transactions, and no harm was done. And big data solutions that the big credit card issuers including VISA and American Express employ to track consumers’ spending habits and suspend cards if odd or suspicious spending patterns start to emerge limit losses when the fraud proceeds successfully.

But that’s not the case every time: web and mobile security has a last-mile problem that isn’t going away any time soon.

photo credit: ToastyKen via photopin cc

When hackers compromised the Associated Press’s Twitter account yesterday, they showed just how much damage one can do with a few scary tweets.

Now, Twitter is finally making it harder for that to happen again. The company is working on a two-factor authentication system for Twitter accounts, which should, in theory, make it harder for hackers to break into them, as Wired reports.

Twitter’s reply? “We have nothing to announce at this time,” the company tells VentureBeat.

Here’s how it the system would work: Right now when you log into your Twitter account from a new computer or device, Twitter treats that device like any other you’ve used — you just log in and start using the service. With two-factor authentication, that process gets a bit more complicated: Soon, when you try to log in on a new device, Twitter will also send to your phone a random code, which must be entered on you new device before you’re able to use Twitter.

Basically, what two-factor authentication does is add a second layer of security: Hackers may get a hold of your password, but it won’t do them much good if they don’t also have your phone.

While two-factor authentication is new to Twitter, Facebook, Google, and, most recently, Microsoft all already offer it. It’s not perfect, but then again, no security measure really is.

Updated 5:22pm PT with comment from WordPress.

Hackers are targeting major blogging platform WordPress using a botnet aimed at stealing login credentials for admin-level accounts.

Those who use WordPress to run the back-end of their blogs may want to pay close attention to their accounts. Attackers are accessing the login portals for those blogs, entering the username “admin,” and then using a tool that “brute forces” its way into the account. The tool is programmed with dictionary words, which it then enters into the login portal by the thousands to guess your password. Many people still use “password” for their, well, password, and other easy-to-remember words.

WordPress founder Matt Mullenweg released a blog post saying, “If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.”

He explained that in the WordPress 3.0 update, the company began allowing you to create your own login username when you first set up your WordPress backend — “admin” used to be the default. If you took the opportunity to make your own username, your account will be unaffected for now.

CloudFlare — a company that filters your web traffic to make sure your pages are loaded speedily, but also watches for bots stealing your bandwidth — released a blog post saying that it believes the attacker behind this botnet likely wants to take over your website’s servers, not mess with your WordPress site. The botnet as it stands now, according to CloudFlare, is made up of home PCs that aren’t as powerful as full servers. With that server capability, however, the botnet would be able to execute more impactful attacks such as strong denial of service attacks that can knock a website offline.

CloudFlare explained to me in an email that over 100,000 IP addresses are currently detected in the botnet.

“It’s a big attack directed at a significant percentage of the WordPress installs worldwide,” a company spokesperson said in the email.

We have reached out to WordPress and will update this post upon hearing back.

hat tip TechCrunch; Bot image via Shutterstock

Ryan Ackroyd, otherwise known by his nicknames “lolspoon” and “kayla,” pleaded guilty to attempting to impair the operation of a computer today in a U.K. court.

Ackroyd was a member of the hacking collective known as Lulzsec. Lulzsec was made widely known after its members hacked into a number of high-profile companies such as Sony, Westboro Baptist Church, and PBS. The hacking group finally shut its doors after what it called “50 Days of Lulz,” where it went on a hacking spree and immediately disbanded after that.

Ackroyd would otherwise have gone to trial, but decided to enter the guilty plea instead. He and three others, Ryan Cleary, Jake Davis (known by his nickname Topiary), and Mustafa Al-Bassam all pleaded guilty to a variety of computer crimes and will be sentenced in May.

Cleary and Davis both pleaded not guilty to counts of denial of service attacks, and, according to the BBC, a charge for the same will be kept on Ackroyd’s file and will not be included in the sentencing.

Both Davis and Ackroyd were arrested after Lulzsec “leader” Hector Xavier Monsegur, otherwise known as Sabu, helped law enforcement collect evidence on the two.

hat tip BBC; Lulzsec image via openfly/Flickr

Updated at 12:57 p.m. with more detail about current Bitcoin prices.

Bitcoins are a hot commodity now, but are your Bitcoins actually safe? Bitcoin wallet company Instawallet has suspended its service “indefinitely” after being hacked.

Bitcoin is a virtual, decentralized currency that no government or central bank controls. Several companies, including Reddit and Expensify, have recently added Bitcoin support, helping the value bubble up. The value of Bitcoin surpassed $100 per coin just two days ago, and early today it reached as high as $145. Now the price reportedly sits below $117.

Instawallet provided a way to easily set up a Bitcoin wallet that can be used to store your Bitcoins and associated data. But the company had its database “fraudulently accessed,” so it has decided to close down until it can develop a new architecture that is safe from hacking attacks.

Instawallet writes on its homepage:

INSTAWALLET SERVICE NOTICE

The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture.

Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is.

In the next few days we are going to open the claim process for Instawallet balance holders to claim the funds they had stored before the service interruption.

Important information on claims submission:

For the first 90 days we will accept claims for individual Instawallets. Your wallet’s URL and key will be used to pre-populate a form to file the claim.

After 90 days, if no other claim has been received for the same url, your Instawallet balance under 50 BTC will be refunded. If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.

Claims for wallets that hold a balance greater than 50 BTC will be processed on a case by case and best efforts basis.

The Instawallet incident highlights that Bitcoin still has serious issues with security. While transfers between Bitcoin holders are secure and instantaneous, the software used to actually store Bitcoins may not be up to snuff in many cases.

Bitcoin prices have often faltered in the past after hacking incidents, and a security breach in June 2011 is thought to have triggered a massive sell-off in Bitcoins. We’ll see if something like this happens again with today’s incident.

A spate of computer failures at South Korean banks and television networks this morning is being blamed on a computer virus, a government official tells the BBC.

The virus apparently generated “malicious” code that resulted in the cyberattack, which is a sign that it’s part of a planned attack. The outage affected South Korea’s Shinhan and Nonyup banks, as well as three TV broadcasters. Government investigators are still looking into the computer failures, and not surprisingly, North Korea remains the prime suspect.

North Korea blamed the U.S. and South Korea for attacks on its own servers last week, so today’s attacks could be some sort of retaliation. North Korea was responsible for cyberattacks on South Korea’s government and financial institutions in 2009 and 2011.

“We do not rule out the possibility of North Korea being involved, but it’s premature to say so. It will take time to figure out,” South Korea Defence Ministry spokesman Kim Min-Seok told the AFP.

Skulls appeared on some of the affected computer screens, while others simply displayed error messages and couldn’t be restarted. The attack also affected ATM and online banking services for Shinhan bank. Additionally, internet service provider LG UPlus reported that its network was hacked.

South Korea’s Defense Ministry raised its cyber threat alert status from level four to three as a result of the cyberattack.

Photo: Emanuelle Dyan/Flickr

Tomorrow, he’s likely going to jail.

“It’s a fucking ludicrous charge,” Auernheimer told me this morning from New Jersey. “The FBI has tried to frame me for terrorism five times, and by their own admission they’ve been surveilling me since I was 15 years old.”

Update: Auernheimer was sentenced to 3 years in jail and $73,000 in fines

But tomorrow he expects to go to jail. In preparation, he and supporters have rented a 10,000 square foot hall where they’ll party the night away in perhaps his last taste of freedom for 10 years.

If he does go to jail, it’ll be the latest chapter in a long list of federal prosecutions of computer “crimes” by hackers who are forcing mainstream society to reconsider what freedom of speech means online, what is an appropriate response to a corporation’s poor security, and what kinds of access constitute crimes. That list includes Aaron Swartz, who committed suicide after what many have said was DOJ misconduct.

The story starts with a boneheaded AT&T decision.

During the summer of 2010, Auernheimer and co-defendant Danile Spitler discovered that by querying AT&T’s iPad servers with a string of numbers that matched subscribers’ SIM card identifiers, AT&T’s servers would send back the unencrypted, unprotected email address of the AT&T customer, the iPad owner. AT&T had a massive security design flaw, which, as it admitted in Auernheimer’s one-week trial, was intentional: for subscriber convenience. After running the script to capture 114,000 email addresses of AT&T iPad subscribers, Auernheimer sent a list of the email addresses to Gawker to highlight the security hole. Gawker then printed them in redacted form.

“If you buy an Apple product, you have a right to know that Apple partners could compromise your privacy,” Auernheimer told me, explaining why he sent the email addresses. “And that they take six months to patch security issues.”

So there’s obviously a security issue. And there’s obviously a privacy issue. But where’s the crime?

“We sent Get requests to a public API,” Auernheimer says. “They charged me with unauthorized access to a computerized device … and identity theft, which is a possession charge … if you walk down a street and write down physical addresses, you’re stealing identifiers, and you’re an identify thief.”

If sending Get requests is a crime, we are all criminals.

You could be charged with unauthorized access to a computerized device, for instance, simply because you clicked on the link that brought you to this article. Oh, and Google, one of the most successful corporations in the world, is the root of all evil. A Get request is simply a note from a browser computer code asking for a resource. You issue thousands of them every day all by yourself. Google issues billions.

Whether the receiving server responds to that request in any way, shape, or form is entirely at the discretion of the developers and system administrators who control that server.

The CFAA does not define the phrase “unauthorized access,” so according to Auernheimer, the government essentially told the jury that his access to the server was unauthorized because they said it was. Which, if true, means that whether you commit a legal act or an illegal act is at the discretion of anyone who runs a webserver, who can change their mind at any time without you knowing.

Good luck following the straight and narrow.

After a one-week trial, a jury found Auernheimer guilty on November 20 after just a few hours of debate. Auernheimer told me that his friend overheard “vicious arguing and screaming” in the jury room, so there was some serious debate, but there was a potential reason to be fast, and maybe even hasty.

“The trial was right before Thanksgiving … I think people wanted to get the hell out of there and get to Thanksgiving,” Auernheimer said.

Tonight he’s awaiting sentencing, which could be up to 10 years in jail and up to $500,000 in fines. And he’s not too hopeful that the judge will go easy on him.

“I’m probably going to prison, and they may take me into custody immediately,” Auernheimer told me. “But I have an excellent chance on appeal … any sane examination of the CFAA at this point is going to realize that it criminalizes all web access.”

The Electronic Frontier Foundation has already agreed to help him with that appeal.

President Obama called to congratulate China’s new president Xi Jinping yesterday, reportedly taking the opportunity to talk to the leader about the increasingly tense cyber security situation developing between the two countries, according to the New York Times.

Xi Jinping successfully completed the transfer of power and became China’s president on Thursday, opening a door to new conversations with Washington. Despite many other issues the U.S. must hammer out with China, cyber security has been top of mind for many government officials and rightfully so. A number of high-profile companies have been hacked, tracing the attacks back to China. This includes the The Wall Street Journal and The New York Times. Security firm Mandiant also recently released a report saying China has been attacking the U.S. for a number of years, specifically one group within the Chinese military.

The New York Times reports that President Obama specifically mentioned stealing U.S. companies’ proprietary information and intellectual property.

On Monday, U.S. national security adviser Tom Donilon said in a speech in New York that the international community should not stand for action like this any longer and that China needs to come to the table to discuss cyber security rules.

“From the President on down, this has become a key point of concern and discussion with China at all levels of our governments,” he said in the speech.

China’s Foreign Ministry spokeswoman Hua Chuying responded on Tuesday saying the country is “willing, on the basis of the principles of mutual respect and mutual trust, to have constructive dialogue and cooperation on this issue with the international community including the United States to maining the security, openness and peace of the Internet.”

President Obama phone image via The White House/Flickr

Reuters deputy social media editor Matthew Keys was indicted for allegedly giving hackers access to the servers of his former employer, the Tribune Company. Tribune owns the Los Angeles Times, which the Anonymous hacker subsequently defaced.

According to the indictment, Keys allegedly chatted with an Anonymous hacker and offered credentials to log into the Tribune’s servers after the hacker explained that system administrators had caught and blocked him. Keys identified himself on the chat as AESCracked. After supplying the access, the hacker then defaced a feature story in the LA Times, changing the headline, the byline, and the sub-headline to include variations on the name “CHIPPY 1337.” He also edited a line to say, “House Democratic leader Steny Hoyer sees ‘very good things’ in the deal cut which will see uber skid Chippy 1337 take his rightful place, as head of the Senate, reluctant House Democrats told to SUCK IT UP.”

Today’s indictment is new, but allegations against Keys have been around for awhile. As Gizmodo pointed, Sabu, the reported “Anonymous leader” who worked with the FBI to take down a number of key figures in the loose organization, accused Keys of being involved in the hack two years ago.

He tweeted, “AESCracked/Matt Keys was former producer for Tribune sites. Gave full control of LATimes.com to hackers.”

According to the indictment, Keys could face up to 10 years in jail, three years of supervised release, and a $250,000 fine.

hat tip Politico; LA Times hack image

U.S. national security adviser Tom Donilon spoke out today against Chinese hacking saying “the international community cannot afford to tolerate such activity.”

Donilon spoke today in New York saying that the U.S. needs three things from China: a recognition of how serious this situation is, action from Beijing to stop people within the country from carrying out these cyber attacks, and an opportunity to come to the table and hammer out “acceptable norms of behavior in cyberspace.” He did not specifically call out the Chinese government an actor in recent hacking events.

Earlier in February, security firm Mandiant released information about Chinese hackers attacking not just the New York Times, which found a breach in its system also in February, but U.S. entities in general. This has, as The Hill points out, been the first real substantive comment from the White House on the issue.

China made it’s own call for “rules” today as well. Foreign minister Yang Jiechi spoke to reporters in China Sunday referencing reports, perhaps Mandiant’s, that he says are “built on shaky ground.”

“Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale,” said Donilon in his own remarks. “From the President on down, this has become a key point of concern and discussion with China at all levels of our governments.”

Tom Donilon image via The White House/Flickr

Oracle has issued an emergency patch for its Java software after a string of high-profile hacking incidents at companies including Apple, Facebook, Twitter, and Microsoft.

Java has become a persistent thorn in the side of major companies. A small number of Apple employees had their computers hacked via a Java exploit in February. Facebook disabled Java after several of its employees were hacked as well.

The U.S. Department of Homeland Security even recently recommended to stop using Java because of its persistent security problems.

Oracle’s new emergency patch specifically addresses issues affecting Java running in web browsers. The company writes in its latest security alert:

This Security Alert addresses security issues CVE-2013-1493 (US-CERT VU#688246) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.

Sewing patch on jeans via cosma/Shutterstock

Who’s committing these crimes?

Most of them are between 29 and 49 years old, and three-quarters are male. They work in organized groups, half of which have six or more members. And they live all over the world, but especially in Asia, notably China and Indonesia.

That’s according to online payments company Jumio – one of the companies that Facebook founder Eduardo Saverin has invested in. Jumio has put together an infographic highlighting who is attacking companies and people.

To do what they do, cyber criminals need access to the interwebs. That means Internet service providers and website hosting providers are critical, and most of the ones criminals work through are based in Russia and China.

This won’t make victims of identify theft, hacking, or online fraud feel any better, but only 0.0019 percent of cybercrimes in the U.S. in 2010 were tried in court and saw the hackers convicted.

Here’s all the data, in visual form:

Image credits: Jumio

The response from the Communist Chinese government comes a day after U.S. security firm Mandiant Corp. released a lengthy report (PDF) claiming that a Chinese military group stole hundreds of terabytes of data from about 141 organizations since 2006. While the report mentioned no specific businesses, the firm did say that the type of organizations came from several industries, including information technology, energy, aerospace, and telecommunications.

“Cyberattacks are anonymous and transnational, and it is hard to trace the origin of attacks, so I don’t know how the findings of the report are credible,” said Chinese foreign ministry spokesman Hong Lei during a news conference today.

That may be so, but Mandiant’s report indicated that the bulk of cyberattacks in its report came from a building just outside Shanghai that is operated by “Unit 61398” of the People’s Liberation Army. I’d say that’s pretty specific, which basically makes the Chinese government’s response equal to a professional version of nuh-uh. And while that response might be OK for denying cheating during a middle school game of kickball, it’s probably not going to hold up for hacking giant U.S. corporations.

But the attackers are coming from both sides, according to the Chinese government. During the press conference, Lei stated that his government was also the victim of cyberattacks that originated in the U.S. Lei didn’t, however, finger the U.S. government as being responsible.

Cyberattacks from within China are certainly on the rise. The New York Times reported being infiltrated by Chinese hackers back in January. And more recently, both Facebook and Apple reported Chinese hacker groups attempting to breach corporate security.

Cybersecurity image via Sergey Nivens/Shutterstock; Illustration by Tom Cheredar Via WSJ

Following Burger King’s Twitter hijacking yesterday, we would have assumed all major brands would beef up their passwords on Twitter. Apparently, we were wrong, as Jeep’s account has been hacked today by the same pranksters that hacked Burger King.

Jeep’s Twitter account now has the following description: “The official Twitter handle for the Jeep® — Just Empty Every Pocket, Sold To Cadillac =[ #OpMadCow #OpWhopper In a hood near you!”

Here’s what the top of the account looks like:

Here are some of the tweets from the hijacked account:

This tweet was especially childish, but Jeep probably had it coming after not working to protect its account more.

We fully expect Twitter will suspend the account soon, but this incident should be a clear lesson. If you’re a social media marketer, it’s time to make your passwords more secure.

And on Twitter’s end — this might be a good time to enable multifactor authentication. It’s a little annoying, but it could have stopped Anonymous from hacking Jeep and Burger King’s accounts as well as other hacks.

Top photo via Kradlum/Flickr

Adobe has issued an emergency fix to its Flash software, yet another incident where Flash shows vulnerabilities to hacks and exploits.

Flash is one of the most notorious pieces of software for exploits, along with Java. Steve Jobs famously blasted Flash and blocked it from working on the iPhone and iPad over several issues including security concerns.

The latest Flash exploit targets people who use Flash in the Safari browser on Mac and the Mozilla Firefox browser on Macs and PCs. Adobe also warns that there are attacks happening in email as well — users are tricked into opening a Microsoft Word document attached to an email, but it actually hacks the computer using “malicious Flash content.”

Adobe recommends that all users of Flash immediately update to the latest version of the software to protect from these latest exploits. We think it’s a good idea too.

The latest fixes designed to block the exploits are specifically for Windows and Mac OS X. That said, Adobe also has issued new versions of Flash for Linux and Android as well.

Flash mob photo via JD Hancock/Flickr

Media companies, it’s time to fire up those firewalls.

The New York Times has reported that Chinese hackers secretly attacked its networks for four months. The timing of the attacks syncs with stories it ran investigating the family wealth of Chinese prime minister Wen Jiabao, the newspaper said.

At the core of the attacks was the email account of Shanghai bureau chief David Barboza, who wrote the stories investigating Wen’s family. Hackers also targeted the email account of Jim Yardley, The Times’s South Asia bureau chief in India.

According to executive editor Jill Abramson, there was no evidence that the hackers had actually accessed sensitive files or emails. This means either they were the worst hackers in the world or The Times really has no idea what the hackers got their hands on.

The report is significant because it shows just how easy it can be to infiltrate the networks of multinational media organizations. Clearly it’s not just the military and utilities companies that have to worry about being hacked by foreign bad guys.

“Prosecutors do not acknowledge nuance,” Watt told me today. “They turn everything into a very clear-cut moral issue, where everything is nicely packaged into a premeditated act.”

Swartz, of course, downloaded almost 5 million academic articles from JSTOR, a nonprofit that provides access to academic journals. It was probably illegal, although JSTOR decided not to pursue legal action. Heymann did, however, and very aggressively. Swartz, who had a history of depression, committed suicide just five days ago.

“If you look at the sorts of cases that [Heymann] prosecutes, he does seem to very much enjoy being the first one to accomplish something in a legal sense,” Watt said. “He seems to push the envelope … and I have certainly heard the word ‘bully’ used to describe Heyman. It was a common label.”

That’s something that legal activist Lawrence Lessig highlighted on his blog post about Swartz’s suicide as well.

Watt was convicted of helping a criminal group steal 40 million credit cards from TJX and various retailers after creating a data-sniffing software tool for his best friend. According to Watt, he wasn’t in the conspiracy and didn’t know exactly how his software would be used; he just shared it, as is common in the hacker/cracker community. And he didn’t receive any of the ill-gotten gains.

“I acknowledge I’m a much less sympathetic character, simply because of the company I kept,” says Watt, a fitness addict who now runs a sports supplement store but is still negotiating with his probation officer over whether he can use computers. “What I do know is that in both cases you have actions taken by the defendants which are not in any way criminal … and actions which are not overtly criminal need to precipitate a much more nuanced investigation, and a much more appropriate sentence.”

When it comes to Aaron Swartz’s case, Watt says that prosecutors used the same damage and punishment matrix they had used for him. Based on the number of files and the calculated damages, Swartz was facing half a lifetime in jail and a million-dollar fine.

“But if you look at Aaron’s history, any reasonable person would assume he was not going to sell this information … he wanted to free this information,” Watt told me. “And yet you have this insinuation that he might have wanted to profit from it.”

When Heymann spoke in court about Watt, he highlighted Watt’s supposed “sociopathic tendencies” by finding quotes from Mike Tyson and the movie Fight Club on Watt’s MySpace page, he told me, insinuating that Watt had created his data-sniffing code as part of an attempt to “bring down the end of the country’s financial institutions.” Then, in closing comments, Watt says that Heymann said that he was “not someone to feel sorry for,” had enjoyed a “privileged background,” and that “his parents had read to him as a child.”

That kind of take-no-prisoners prosecution, Watt feels, contributed to Swartz’s suicide. And it’s something that doesn’t advance the pursuit of justice.

“In both situations there was a very compelling case that nothing illegal had been done,” Watt said to me. “To face those sorts of overwhelming odds … it’s just not justice.”

Watt, who will be speaking about his experiences with the law in April at Infiltrate 2013 in Miami, says the waiting is the hardest part.

“When I think of the stress that Aaron was feeling … that was absolutely the most psychologically debilitating time of the process,” he says. “It’s worse than being behind bars: You’re in limbo, you’re unable to work, and you’re financially hamstrung.”

Jonathan James, one of the other hackers investigated in the TJX investigation for which Watt did time, committed suicide, leaving a note that said in part:

I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.

There is a petition up on WhiteHouse.gov to fire Assistant U.S. Attorney Steve Heymann. It currently has 7,969 signatures and says:

We should not destroy the lives of human beings for crimes against computer systems that harm no one and provide no benefit to the perpetrator. Such actions should be treated as forms of protest and civil disobedience. To prosecute these actions the same as rapes and murders is a savage abuse of the criminal justice system which continues to destroy the lives of peaceful, productive members of society.

Photo credit: RageSoss/Flickr

MIT released a statement today on the death of Aaron Swartz, a computer programmer and information activist who committed suicide two days ago.

MIT president L. Rafael Reif expressed “profound condolences” for the “inexpressible loss” of this talented young developer and activist.

“I want to express very clearly that I and all of us at MIT are extremely saddened by the death of this promising young man who touched the lives of so many,” Reif wrote. “It pains me to think that MIT played any role in a series of events that have ended in tragedy.”

Swartz’s death came several months before he was due to stand trial on 13 felony counts related to his alleged misuse of MIT’s network to download nearly 5 million academic journal articles from JSTOR, a nonprofit publisher of journals. The charges were not for copyright violation, but for abuse of the MIT network, which the indictment alleges to the Computer Fraud and Abuse Act, an anti-hacking law.

His charges included copyright violations as well as more serious hacking charges. JSTOR declined to press charges, but reports suggest that MIT urged the U.S. Attorney’s office to pursue the case, which it did, aggressively: The charges filed against Swartz may have carried a maximum sentence of 35 years in jail and up to $1 million in fines.

In the wake of his death, many have speculated that Swartz, who suffered from depression, may have been driven to despair by the prospect of prison and by the financial ruin that mounting a legal defense had brought upon him. Some pointed fingers at MIT, and today, MIT responded.

Reif’s letter stops short of an apology, which is probably prudent, given that the circumstances of Swartz’s death are not yet fully known. Reif said that he would appoint MIT professor Hal Abelson to investigate, pursuing “a thorough analysis of MIT’s involvement” in the alleged hacking and the charges.

“I have asked that this analysis describe the options MIT had and the decisions MIT made, in order to understand and to learn from the actions MIT took. I will share the report with the MIT community when I receive it,” Reif wrote.

Security expert Alex Stamos, who would have testified in Swartz’s trial as an expert witness for the defense, argued yesterday that Swartz was not guilty of anything more than “inconsiderate” use of MIT’s network, a use that — ironically — MIT’s and JSTOR’s usage policies actually permitted.

The MIT statement is below.

Yesterday we received the shocking and terrible news that on Friday in New York, Aaron Swartz, a gifted young man well known and admired by many in the MIT community, took his own life. With this tragedy, his family and his friends suffered an inexpressible loss, and we offer our most profound condolences. Even for those of us who did not know Aaron, the trail of his brief life shines with his brilliant creativity and idealism.

Although Aaron had no formal affiliation with MIT, I am writing to you now because he was beloved by many members of our community and because MIT played a role in the legal struggles that began for him in 2011.

I want to express very clearly that I and all of us at MIT are extremely saddened by the death of this promising young man who touched the lives of so many. It pains me to think that MIT played any role in a series of events that have ended in tragedy.

I will not attempt to summarize here the complex events of the past two years. Now is a time for everyone involved to reflect on their actions, and that includes all of us at MIT. I have asked Professor Hal Abelson to lead a thorough analysis of MIT’s involvement from the time that we first perceived unusual activity on our network in fall 2010 up to the present. I have asked that this analysis describe the options MIT had and the decisions MIT made, in order to understand and to learn from the actions MIT took. I will share the report with the MIT community when I receive it.

I hope we will all reach out to those members of our community we know who may have been affected by Aaron’s death. As always, MIT Medical is available to provide expert counseling, but there is no substitute for personal understanding and support.

With sorrow and deep sympathy,

L. Rafael Reif

Photo credit: Sage Ross/Flickr

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

Facebook had some pretty sweet hacks over the past year. They basically deep-fried a server with phenomenal results. They created a QR code that can be seen from space. And one guy even made a 3D-printed map of Facebook.

The company holds regular internal hackathons to keep employees moving fast and breaking things, as per the social network’s now-famous Hacker Way code of conduct. And even outside those structured events, hacks just happen. It’s part of the Facebook way of life.

Some hacks are little more than pranks. Others end up becoming part of the site that you and I use every day. And in between those extremes, some hacks becoming canonized as Facebook lore, a sort of company-specific Jargon File that lives on Facebook’s servers and in its oral traditions.

This year, the company picked eight of its favorite hacks to share with the world. Here they are, in no particular order:

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

Unfortunately for those who want free games, his site is down.

Justin Angel posted the instructions on his personal site yesterday. Today, the page is displaying a “server offline” message … either because it’s too busy or because he’s been shut down.

However, there is such a thing as Google cache. And I did find the instructions.

Angel shows how to hack Windows 8 in not one, not two, but five different ways, showing users how to:

1. get free in-app purchases by modifying encrypted IsoStore files
2. crack trial apps and get paid versions for free
3. remove in-app ads from free games
4. reduce the cost of in-game paid items
5. unlock paid levels by script-injection techniques

Justin Angel’s website, this morning (December 11)

In the first case, he proof-of-concepts the hack by giving himself a million free gold in Soulcraft THD — worth over $1,000 at in-app purchase prices. To demonstrate the second hack, Angel cracks Meteor Madness, a $1.50 game with a free trial. For the third, he edits XAML data files to remove ads from Microsoft’s own Minesweeper game.

The purpose of all this cracking? Angel, who says he wants developers to get paid for their hard work, claims he’s doing this to help developers by exposing weaknesses in Windows 8:

“We were able to show that the majority of ways games and apps developers would make money aren’t secure by default on Windows 8,” he writes in his post.

“The games appearing in this article are awesome and you should buy them and give them money,” he adds. The games he featured in the security tests included Soulcraft, Meteor Madness, Minesweeper, Ultraviolet, Dawn, and Cut The Rope.

Windows 8 does not have a secure location to store data files, and makes it relatively easy to decrypt trial apps and trivial to edit XAML files to remove ads. It’s also fairly simple to edit game data files, Angel says, and inject Javascript code into the IE10 process for a Windows 8 store app.

The kicker for Angel?

We’ve seen a myriad of issues and offered potential fixes to them all. Any mildly competent developer can productize these security attack vectors into shipping products. If Microsoft doesn’t take it upon itself to fix these security attack vectors it’s not because it couldn’t, it’s because it chooses not to.

Here are the instructions Angel provided:

Hack Windows 8 Games

Image credit: Ultraviolet app on Windows Store; hat tip: The Verge

A group of hackers is claiming responsibility for a bug that’s infecting almost 9,000 Tumblr user accounts, according to the group’s official Twitter account.

The group, offensively named the GNAA (look up what the NSFW acronym stands for if you feel the need), says 8,600 Tumblr users have been affected by the hack, as shown on multiple Tumblr pages around the web. The hack produces a new post — presumably written by someone representing the GNAA group — that contains plenty of racists remarks and asks the Tumblr owner to commit suicide on the basis that they aren’t original. (I hate to point out the obvious here, but neither is hacking someone’s personal site to tell them they aren’t original.)

Tumblr issued the following statement about the situation to The Verge:

There is a viral post circulating on Tumblr which begins “Dearest ‘Tumblr’ users.” If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible. Thank you.

We’re reaching out to the company for further information and will update this post with anything new.

The U.S. Computer Emergency Readiness Team (US-CERT) revealed that Samsung printers (and some Dell printers manufactured by Samsung) contain a hardcoded backdoor which could allow access to hackers, who could then make changes to the device, see information and data passed to the printer, and possibly use the printer as a vector for further attacks inside a company’s network.

The backdoor operates over SNMP, the simple network management protocol, and remains active even when SNMP is disabled. Even worse, it does not require any authentication … meaning that blackhats who are aware of the vulnerability can simply walk right in.

If you’ve just bought a printer, you’re likely safe: Models released after October 31st, 2012 are not affected. A patch will be released “shortly,” Samsung and Dell have said.

Vulnerable organizations that need a fix instantly, network administrators can block the custom SNMP port, CERT said. Another suggestion — and good network practice — is to only allow connections from trusted sources.

photo credit: alles-schlumpf via photopin cc

Skype has plugged a hole in its password recovery process that allowed outsiders to gain control of a Skype user’s account.

The flaw was first discovered by a group of Russian hackers about two months ago, according to The Next Web. All hackers need to break into your account is your Skype user name and corresponding email address.

The Microsoft-owned VoIP service said it’s aware of the flaw and temporarily turned off the email password recovery process this morning. The flaw, Skype said, only affected a small number of its users who had multiple Skype accounts registered to a single email address.

“We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly,” Skype told TNW. “We are reaching out to a small number of users who may have been impacted to assist as necessary.”

We’ve asked the company for more information and will updated this post with anything new.

Def Con recently celebrated its 20th birthday, and to mark the occasion, the famed hacker conference welcomed something it had strictly policed in prior years: A film crew.

This year, Def Con creator Jeff Moss decided that someone needed to preserve the con’s history while it is still in its heyday. Def Con brings in tens of thousands of people to Las Vegas each summer to talk about hacker culture, new exploits, current security policy, and the computer underground. Indeed, Def Con is now a staple event for the most unlikely of groups: press, law enforcement, and hackers.

So Moss chose a film crew headed up by Jason Scott Sadofsky (pictured above), who is known in the industry for his documentary on the old bulletin board systems (the predecessor to today’s social networks) as well as his website Textfiles, which archives content from those systems.

“On the 20th anniversary, [Jeff Moss] wanted to do special things,” said Eli, who is otherwise known as “Dead Addict” in hacker circles and helped Moss create Def Con. “One of those special things was to try to capture the spirit of the event and the history of the event while it was still possible.”

A history worth preserving

Source: Meghan Kelly/VentureBeat

Jeff Moss, the founder of Def Con.

Def Con began in 1992 as a small get-together that Moss, otherwise known as The Dark Tangent, helped coordinate after an online friend suggested they create a real-life gathering for people in their “bulletin board.” His friend, however, disappeared from the network after his father moved their family for a new job before the event ever happened (yes, people were actually disconnected from their friends due to a move back then), leaving Moss to put on the whole party by himself.

“Back in the day, back when Def Con started, people learned everything they knew about hacking and the computer underground by … searching out all these documents — which were hard to find, hidden in places — and trying to distinguish between bullshit and truth,” said Dead Addict.

Moss set the event in Las Vegas and invited all types of people connected to the “computer underground,” such as hackers, phreakers, police, and government officials. Thus was born one of the most unique characteristics of Def Con: its openness toward all people in the security industry. It even accepts us lowly security reporters.

But because of this, it needed rules.

“There’s a lot at Def Con that’s on the record. Every speech is on the record, things people say are on the record, but there’s also a lot of private conversations and a lot of people hooking up with the people that they know,” Dead Addict said. “[But] there are tourists here, as it were.”

The tourists are the Feds and the media. Hackers don’t love it when someone identifies them. At Def Con, they obscure their identities, sometimes wearing masks to panels, hoping to not get caught by the undercover cops who show up each year. Moss and some of the co-creators of Def Con, such as Dead Addict, decided that cameras and videotaping should be outright banned. You’d get thrown out for snapping a quick picture of the crowd because it disrupted the flow, because it made people feel uncomfortable. But the photography rules are starting to relax.

“To pretend there’s actual anonymity here was always delusional,” Dead Addict said. “We invited the Feds from day one to just highlight that, you know, you’re being watched. Don’t do stupid shit while you’re here.”

He went on to say, “Don’t commit large felonies with witnesses you can’t trust, which should be an obvious thing.”

A director, a Segway, and a whole lot of hackers

Source: Dean Takahashi/VentureBeat

The documentary crew wore bright orange jackets to make their presence known.

Flash forward 20 years to the latest Def Con, which took place in July at the Rio in Las Vegas. Sadofsky was milling around on a Segway, wearing a bright orange construction vest that said “DOCUMENTARY” on the back and with a hoard of cameras running around him.

“We worked very hard to make it so the film crew was totally obvious. We would travel in packs. That was on purpose,” said Sadofsky in an interview with VentureBeat. “When we came into a room, people saw us.”

This is not Sadofsky’s first go around at Def Con either. He has attended Def Con for 10 years, and the attendees and organizers alike know of him.

“Jason’s one of us, so there’s a deep level of trust that the entire community has for Jason,” said Dead Addict. “People that didn’t know him know his work.”

Dead Addict is directly involved in changing the photography and film rules. He says it doesn’t make sense to keep up the practice. This is especially important now that phones, tablets, and laptops can snap a picture fairly stealthily. But it also means the media will have an easier time capturing the essence of Def Con, its busyness, and the action.

“It was starting to seem ridiculous to have a much more restrictive rule for press than we have for our attendees because the distinction between bloggers and people that use interactive media and the official sanctioned press is very, very blurred,” Dead Addict said.”It seems a little absurd to not let the good photographers take photographs and to let everyone else take photographs.”

Over the course of Def Con 20, Sadofsky and his film crew interviewed over 200 people, 15 to 30 of which were sit-down interviews with Moss himself. In total, they recorded around 280 hours of footage. The crew itself was made up of Sadofsky, a few trusted friends — including Eddit Codel of Boing Boing TV — and some of his Kickstarter backers. He referred to Codel as his “ringer” and said he was “comfortable in a chaotic environment.” Those are good qualities to have, as Def Con is an inescapable organized chaos, with up to 12,000 people pushing through hallways to hear the next revered speaker show off their latest exploit.

The documentary’s debut

When I caught up with Sadofsky last week, he said he was still “editing like crazy.”

“The plan is still to provide the documentary for free for Christmas, with a for-sale version with bonus material coming in the new year — early 2013, if I can make it happen,” he said.

Once the editing is complete, the feature film goes to Moss for the final cut. As Sadofsky mentioned, Moss plans to give it away for free, though Sadofsky hopes the con can make a buck off of its story. He sees no reason why Def Con’s organizers would “turn away from a TV network or film festival-type deal.”

Source: Meghan Kelly/VentureBeat

The non-human (e.g. press) registration line at Def Con.

The film itself is not meant to be a yearbook and has no narration. Instead, Sadofsky wants the people to speak for themselves. Some of his favorite moments thus far include a couple of attendees who brought their children, and the sweet moments (yes, hackers can have sweet moments) when long-time attendees looked back on all their Def Con memories. Part of his inspiration for the documentary was The Dark Tangent himself. He describes Moss as a “mysterious figure who [attendees] see for a few seconds in the hallway.” Indeed, Moss told Sadofsky that he doesn’t actually know what happens at Def Con. He’s busy in the back, making sure the gears are turning, and misses out on much of the core of his own event: the people.

“The fact is that people are not ashamed to be at Def Con. It’s not a crime to be at Def Con. It’s not a black mark on your record,” Sadofsky said. “I would have been fine walking without a camera.”

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Updated at 3:30 p.m. PT with Amazon’s response.

A member of hacker collective Anonymous who previously claimed to take down GoDaddy and Facebook has now claimed responsibility for today’s big Amazon’s EC2 cloud outage.

The Amazon outage caused headaches for many large and small web services, including Reddit, Airbnb, Flipboard, GetGlue, Heroku, and Coursera. Amazon blamed the issues on “degraded performance for a small number of EBS volumes in a single Availability Zone in the US-EAST-1 Region.”

Amazon flat-out said the claims of an attack were untrue. “This is not accurate,” an Amazon spokesperson told Venturebeat via email. “An attack did not happen on Amazon EC2.”

Anonymous Own3r, a purported member of Anonymous, said he or she was the one who caused a major service disruption of GoDaddy in September and an outage of Facebook in parts of Europe in October. Both GoDaddy and Facebook claimed that both events were due to internal problems, not an outside attack. Now there’s a third company on Anonymous Own3r’s list.

Anonymous Own3r posted several tweets in poor English, claiming responsibility for an attack on Amazon EC2:

Based on the available evidence, we find the hacker’s claims to be extremely suspect and we believe Amazon. The primary outlets for Anonymous to spread its message on Twitter, @YourAnonNews, @AnonymousIRC, and @AnonOps, have said nothing about today’s Amazon outage. On top of this, both Facebook and GoDaddy claimed there were no outside attacks involved with their recent outages.

This pattern makes it look like Anonymous Own3r is simply claiming responsibility for any outage happening on the web. Of course, we can’t be 100 percent certain that Anonymous Own3r isn’t involved because Anonymous is a purposely fractured organization and major companies don’t want to admit when they’ve been successfully attacked.

Anonymous image via liryon/Flickr

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Popular web hosting company GoDaddy has restored most of it services after a member of hacker collective Anonymous attacked the site.

On Twitter, GoDaddy said that most of its customer-hosted sites were back online following the attack:

I can confirm that my own personal site is back online after being taken down during the outage.

A seemingly high-ranking member of Anonymous, Anonymous Own3r, claimed responsibility for the attack that took down countless sites. GoDaddy’s DNS servers were taken offline for several hours on Monday. Anonymous Own3r said this was not an attack made on Anonymous’ behalf, and it is just from a single member.

GoDaddy indicated that the takedown was isolated to just a denial-of-service attack and that customer data was not compromised..

“All services are restored and at no time was sensitive customer information, such as credit card data, passwords, names, addresses, ever compromised,” GoDaddy spokeswoman Elizabeth Driscoll told CNET.

GoDaddy illustration: Sean Ludwig/VentureBeat