If you use the PlayStation Network, it's time to change your passwords everywhere

After days of outage, Sony is finally coming clean regarding exactly what the "external intruder" gained access to during their hack attack on the gaming giant. And the news is not good. Sony has essentially given up all information about their customers except their credit card numbers... they think.

As Seybold lays it out, the hacker — or “unauthorized person” to be specific — managed to obtain pretty much every bit of information you might’ve given the company, which I’m listing below:

- Name
- Address (city, state, zip)
- Country
- Email address
- Birthdate
- PSN / Qriocity password and login
- PSN online ID / handle
- Purchase history
- Billing address
- Password security answers

The biggest issue here is that most people use the same information to log into their game networks as they use to log into their banks and other financial companies. Thus, by simply reusing the usernames, personal info, and "personal security answers" here, the hacker may be able to steal money from many PSN users without having to touch Sony's network again.

If you're a PSN user, please change your username, password, and security answers at any financial services website that used the same info as Sony's system. Don't wait for the hackers to sell this info to criminals.

Iraqi Hackers crack Military Dones

For now, insurgents have only gained access to the video feeds from drones, but it appears that using off-the-shelf hacking tools they have gained valuable intelligence about American military operations in Iraq. This highlights the fact the age of dual-use technology is not just about making better toys available to the rest of us, but also about putting sub-standard security into some of our military hardware. This needs to be rethought before any war with a "real" enemy.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

U.S. enemies in Iraq and Afghanistan have used off-the-shelf programs to intercept video feeds from Predator unmanned aircraft.
The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas.

GSM (i.e. Your Cell Phone) has been cracked!

There are days when it pays to be telephobic. I am one of those people who will tend to reply to a phone call with an e-mail, a text message, a tweet, a face-to-face drop-by - anything to avoid having to actually use a telephone. But at the same time, I rely heavily on my iPhone to stay connected, and use it for both casual web browsing AND for doing eCommerce transactions.

It turns out that a group of hackers has hacked the most common cell phone system in the world - GSM and has released the results of the hack into the wild. This means anyone with a radio card, a laptop, and a little know-how can listen in on the cell phone calls of anyone on T-Mobile, AT&T Wireless, and many other providers (Sprint and Verizon use a competing standard called CDMA and are unaffected).

This is potentially a business-killer for GSM cellular companies, especially those who sell to businesses and government users. It is likely well be seeing firmware updates shortly to address the security hole. Or else the cell companies will try to use it as an excuse to make you pay for a new phone and re-up your contract.

Governor Palin's e-mail hacked

Where do you draw the line between public and private for government officials. Political candidates have long accepted that the press will invade privacy into areas of family and friendships that no private individual has to worry about. But even there, generally people have shown restraint in putting every aspect of an official's life under the microscope. Yesterday, however, an activist group which previously had targetted scientology revealed that they had hacked Covernor Sarah Palin's Yahoo e-mail and were publishing the results to the world on the website Wikileaks.

This action is unacceptable (and probably illegal). While it was unwise of Governor Palin to do any business on an unsecured server, there is no justification for hacking into the private communications of another person without court order and no logical rationale for making them public record.

Suddenly, I am guessing McCain's people are glad he doesn't know how to use a computer.

AT&T/Cingular Voicemail Insecure

This post does NOT only apply to iPhones, but rather to all AT&T/Cingular customers. It turns out that anyone's voice mail can be easily hacked even if you have set up a basic password.

The AT&T/Cingular voicemail system is configured by default not to ask for a password when you check your voicemail from the handset (it asks for your voicemail password if you call your number from another cell phone and press * when your voicemail answers). Unfortunately, the AT&T/Cingular voicemail system trusts Caller ID to determine if the handset is calling it. Because Caller ID can be spoofed easily.., anyone can gain access into your voicemail by calling you and spoofing your phone number (it will appear as if you are calling yourself when your phone rings) - should you not answer the call, your voicemail will answer and allow the intruder full access to your messages.

Of course, for most of us this is not an issue. I get few voicemails, and all of them can pretty much be broadcast in Prime Time without fear of embarrassment. But still, it could be used for malicious purposes. The linked article does have a method to prevent unauthorized access, as well.