At the Microsoft TechDays 2012 in Belgium, white hat Paula Januszkiewicz shows how the tool Fiddler can be used to intercept the password of a LinkedIn user. The reason is because the password is not being encrypted by LinkedIn, although https is being used.
Not that wow imho, as it’s basically a man in the middle attack using a self-signed (thus forged) certificate (on which the browser will give you a notification). Quite sure lots of sites are “hackable” in this manner.
BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load. Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password … via Google.
Specifically, it Googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results.
Security researchers discovered several serious security and privacy flaws in Skype that even a ‘high school-age hacker’ could use to track not only users’ locations over time but also their P2P file-sharing activity. The security team warned that this information could easily be used for “stalking, blackmail or fraud.”
For example, they tracked one vacationing volunteer from New York to Chicago, back to New York, and then to his home in France. “If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when.”