Skip to Content

Are you prepared for Wrath of the Lich King? WoW Insider has you covered!
AOL Tech

Posts with tag exploit

PWN 2 OWN over: MacBook Air gets seized in 2 minutes flat


And just think -- last year you were singing Dino Dai Zovi's praises for taking control of a MacBook Pro in nine whole hours. This year, the PWN 2 OWN hacking competition at CanSecWest was over nearly as quickly as the second day started, as famed iPhone hacker Charlie Miller showed the MacBook Air on display who its father really was. Apparently Mr. Miller visited a website which contained his exploit code (presumably via a crossover cable connected to a nearby MacBook), which then "allowed him to seize control of the computer, as about 20 onlookers [read: unashamed nerds] cheered him on." Of note, contestants could only use software that came pre-loaded on the OS, so obviously it was Safari that fell victim here. Nevertheless, he was forced to sign a nondisclosure agreement that'll keep him quiet until "TippingPoint can notify the vendor," but at least he'll have $10,000 and a new laptop to cuddle with during his silent spell.

Wii Tetris: homebrew edition


If that unplayable version of Pong we saw for the Wii wasn't quite doing it for you, you 'll be happy to know that homebrewer Christian Auby (aka DesktopMan) has just hit the next stage in evolution: Tetris. That's right, you can now get a fully functioning version of the puzzler running on your Wii, thanks to that handy Twilight Princess hack, and what was probably a gargantuan amount of work on Auby's part. The game loads from the GameCube memory slot (using an SD adapter) out of Twilight Princess, but after the hack has been engaged you can jump back to the loader to pull something new off of a card, which should make experimenting a little bit easier. Check the video after the break to see how it all works.

[Thanks, Craig]

Wii Pong: the Twilight Princess hack evolves


Those hackers work fast. Two days ago, we saw a demo of the Zelda: Twilight Princess exploit, which allowed for the possibility of Nintendo's Wii to boot homebrew code off of SD cards via stack smashing (buffer overflow). Now a clever coder named Auby has gone ahead and extended the hack to load an ELF version of Pong which was originally coded for the GameCube. Right now the controls aren't functioning, but it appears that this is a work in progress, so we should be seeing updates to it soon. Check the video after the break to watch the breathtaking drama unfold.

[Thanks, Craig]

New iPhone and iPod touch Safari exploit discovered

It's difficult to tell if this is just a little fear-mongering, or cause for real concern, but it looks like there's another iPhone / touch exploit out there lurking on the unseen horizons of those device's browsers. According to reports, a memory exploit -- similar to the previously-patched TIFF exploit -- has been discovered which affects units with firmware 1.0.2 all the way up to 1.1.3, thus carrying over to new 16GB iPhones and 32GB touches. Apparently, all you have to do is browse over to a site containing the malicious code, and it triggers a memory-exhausting script which causes the phone or iPod to crash. At this point, it doesn't appear to be anything more than a nuisance which can be easily circumvented by disabling JavaScript for Safari, though that hardly qualifies as a fix. To date, Apple hasn't issued a patch for the problem, but keep in mind it's only been a known issue since January 24th.

[Via iPhone World]

Security exploit bricks HP and Compaq laptops


A Polish security researcher calling himself porkythepig is apparently gunning hard for HP this month, first exposing a slew of vulnerabilities that affected 83 different HP and Compaq models ten days ago, and today releasing an exploit that allows an attacker to brick any HP or Compaq laptop. The 'sploit takes advantage of a vulnerable ActiveX control in HP's Software Update, allowing a hacker to easily corrupt Windows kernel files, or even take control of the machine with a little more effort. Porkythepig says the bug affects HP and Compaq laptops running Windows 2000, XP, Server 2003 and Vista, and that simply disabling the Software Update mechanism may not prevent attackers from taking advantage of the vulnerability. Even still, those of you out there running HP / Compaq machines may want take a second to shut down Software Update until HP issues a patch.

Update: Wow, we didn't realize how seriously everyone took their slang. For what it's worth, the definition of "bricked" has caused some amusingly serious discussion amongst Engadget editors today, and most agree that it should mean "dead beyond all repair" -- except for Nilay, who keeps stubbornly saying that people "un-brick" devices all the time. We'll stick to the most common definition for now, so no, this exploit didn't "brick" anything.

[Via Slashdot]

iPhone / iPod touch v1.1.1 jailbreak code posted


Well if you like looking through line after line of incomprehensible programming gibberish, make sure to hit up the Read link below, in which the TIFF exploit-based firmware v1.1.1 jailbreak code from team Toc2rta is posted in its entirety. More of an academic exercise for curious geeks than a useful bit of knowledge for the average iPod owner, we're sure there's still some interest out there in seeing exactly how this hack was developed. And as usual, if you do decide to go about 'breaking your device as previously described on these pages, we're, like, totally not responsible for any undesired consequences.

MacBook WiFi hack to be published, sound of snoring overpowers announcement


You may remember good-old David Maynor, the infamous hacker who caused a stir in the Mac community by "exploiting" a "loophole" in a MacBook's WiFi that allowed an outside user to gain control of the system. Of course, the hack was then promptly disputed by all sorts of people, said to be a hoax, and generally made fun of. A little bit later on, Maynor and co. turned up in a nerd-tastic war of words on the internet over an OS X "worm," trading barbs, assuming fake names, creating counterfeit blogs, and eventually being reduced to death-threats and public "outings" of their online personalities. Now, according to reports, Maynor is "officially" publishing the details of his original exploit, freed from legal shackles (i.e., NDAs) which he claim prevented him from revealing the truth about his hack. The hot-blooded work is to be published in the September issue of Uninformed.org (an online hacking journal). Says Maynor, "Let them tear me apart all they want but at the end of the day the technical merit of the paper will stand on its own." To which we respond: your 15 minutes are up.

Hackers crash e-passport readers -- stage set for exploits

Lukas Grunwald -- last seen cloning Germany's RFID passports -- is back with more "white hat" hackery on the world's new e-passport systems. This time, however, he's crashing RFID readers to demonstrate how a hacked passport could conceivably force approval of expired or forged passports. After all, "If you're able to crash something you are most likely able to exploit it," says Grunwald. Lukas was able to crash two passport readers made by different vendors by first cloning a passport's chip and then modding the JPEG2000 image file stored within the chip to create a buffer overflow condition -- the same vulnerabilities which make so many devices (the original Xbox, anyone?) so easily exploitable. Lukas contends that all airport readers are likely vulnerable to such an exploit as they would be using off-the-shelf libraries for decoding JPEG images. Lukas will be demonstrating his latest hack this weekend at DefCon in Vegas. Hmmm, with CES moving to RFID badges this year, we have a funny feeling that attendance is going to be way up.

[Via BoingBoing]

Safari exploit gives hackers full control over iPhones and possibly PCs and Macs

Oops, researchers just unveiled a pretty serious security vulnerability in the iPhone. More specifically, it's Apple's Safari web browser which exhibits the vulnerability. Researchers at Independent Security Evaluators have used the vulnerability to take malicious control of the iPhone from rogue websites loaded with the exploit. Once in, researchers have full administrative access over the phone allowing them to listen in on room audio or snatch the SMS log, address book, call history, email passwords and more -- we're talking full access to your phone. Researchers note that the only way to stay safe is to check those URLs and only visit sites that you trust (which isn't very reassuring) and "may or may not be exploitable" from Mac and PC versions of Safari -- the same vulnerability exists only they haven't written the proof-of-concept exploit to test it yet. Apple has been notified of the vulnerability and a proposed fix with full public disclosure coming at the BlackHat conference on August 2nd. You listening InfoSec Sellout? That's how you report a bug. Check the exploit in video form after the break.

[Via MacRumors]

Apple issues fix for recently discovered QuickTime flaw

Just over a week after a dubious duo found a way to commandeer a Mac thanks to an elusive flaw in QuickTime (of all things), Apple's security police have purportedly fixed the flaw and issued an update. Apparently, the hole could be "exploited through a rigged website and let an attacker control computers running both Mac OS X and Windows," and the firm elaborated by stating that a "maliciously crafted Java applet could lead to arbitrary code execution" if users didn't apply the patch. The newest version of QuickTime now sits at 7.1.6, and reportedly "repairs the problem by performing additional checking," and interestingly enough, Apple seemingly tipped its hat to Dino Dai Zovi and the TippingPoint Zero Day Initiative for reporting the issue. So make sure you fire up that Software Update today if you haven't already -- a presumably small bundle of downloadable joy should be waiting.

Remote "exploit" of Vista Speech reveals fatal flaw


Run for the hills, everybody, Windows Vista has been proven vulnerable to the hax0rs mere days after its release -- Steve Ballmer should clearly just give up now and resign while he still has a bit of dignity left. Or not. The vulnerability in question is hardly a hack at all, at least of the traditional variety, instead this one relies on you turning up your speakers and leaving your microphone on. See, the new Windows Speech Recognition in Windows Vista has all sorts of new abilities, but unlike Mac OS speech recognition of yore, no keyword is required to make your computer start listening to what you have to say, meaning any stray word could be interpreted as a command by Windows if it has the right tone and is within Vista's repertoire. Microsoft also hasn't done anything to ensure speech recognition doesn't listen to the sounds coming out of your computer via the speakers, all of which means that if you visit a malicious website with the speakers turned up and the mic turned on (and Speech Recognition loaded, of course) an audio file could wake SR, open Windows Explorer, delete the documents folder and then empty the recycle bin. Not exactly the most likely of occurrences, but certain security types are already up in arms, and Microsoft has confirmed the potential problem, but merely recommends users turn of their speakers and/or microphone, along with killing any apps trying to attack them with such verbage. Not the greatest vote of confidence, so perhaps we'll be seeing a fix for this from Microsoft before too long.

[Via Slashdot]

Read - Vista Speech Command exposes remote exploit
Read - Microsoft confirms

Gmail bug exposes your mail account to spammers

Like your Gmail account? Consider it a sacred place which must be protected from spammers at all cost? Yeah, us too. Well, we hate to break the bad news at the dawn of the new year but there's a weakness in Gmail which exposes your email address to any web site capable of exploiting the bug. As reported on Digg, the exploit takes advantage of the fact that Google puts your details into a JS file. As a result, if you're logged into Gmail and browsing the web, any rogue website can declare the function "google" and then parse all your contacts. The only way to safeguard yourself is to disable Javascript in your browser (or enabled it for trusted sites only) or simply climb into a hole and not browse while logged into Google services like Gmail, Blogger, Orkut, Reader, Calendar, etc. -- you know, the sites you typically have open all day long. For obvious reasons, we will not link directly to the site which demonstrates the exploit on your personal account due to the risk of running possibly malicious code. However, we tested it and found our most precious account -- and those of our contacts -- correctly identified and ready for harvest. But hey, even though Gmail has been out since 2004, it is still "beta"... right?

Update 1: There are reports that Google has fixed the issue. Their "fix" is related and with any luck should be applicable. However, it's no fix. Don't believe us? Login to your fave Google service and give this non-malicious link a click.

Update 2: Google seems to have now patched the vulnerability.

The poor (Mac) man's TiVoToGo arrives: TiVoDecode Manager

Well that didn't take long. Just four days after TiVo's DRM was hacked, and three days after we pointed you to the Zatz man's little exploitation guide, along comes the GUI wrapper that automates the process of downloading and decoding TiVo files onto your TiVoToGo-less Mac. TiVoDecode Manager v1.0 features automatic Bonjour discovery of local TiVos and the ability to one-click download any available recording listed by the date recorded, episode, etc. At the moment, only one recording can be downloaded at a time. Once on your Mac's disk, the decoded files still won't play in Apple's Quicktime player, but hey, that's why the Good Lord gave us VLC. As a front-end to software written by someone else, you'd be wise to heed the words of the developer: "use at your own risk." However, as tipster Brandon points out, he's "one happy geek" after giving it a whirl. Now quit hopping up and down clapping like little girls, there's decoding to be done.

[Thanks, Brandon H.]

PSP firmwares 2.0 - 2.80 hacked for homebrew


PSP fangirls and boys unite! It looks like you can now run homebrew apps on your PSPs that have version 2.00 to 2.80 firmwares installed -- no more downgrading! Apparently it involves a simple viewing of an image file on your mem stick. And for you überfans, you'll probably want to know that according to QJ.net: "This application runs in 'User Mode,' but kernel mode will be achievable on all firmwares except 2.80." We'll give it a spin and report back soon with our findings.

[Thanks, Crome T.]

Update:
Oh yeah, this thing works alright. It works so well ou don't even need to actually load the image on 2.8 -- just scroll down to it, and the thumbnail read takes over the homebrew hack. Nice.



    Weblogs, Inc. Network

    AOL News

    Other Weblogs Inc. Network blogs you might be interested in: