hacked
Latest
Apple developer site hacked, names and addresses possibly compromised
Apple's developer website was hacked last week, according to an email sent to developers. The website reportedly went down for maintenance on Thursday, July 18. "Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website," the email reads. "Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed." Apple pulled the Developer Center site and is "completely overhauling our developer systems, updating our server software, and rebuilding our entire database." [Thanks, Jordan!]
CCP takes EVE and DUST offline due to DDoS attack
If you were looking to play EVE Online or DUST 514 this afternoon, you might want to go with your backup plan. CCP has taken its Tranquility server cluster offline in order to deal with a "significant and sustained distributed denial-of-service (DDoS) attack." Tranquility hosts EVE and DUST players, and while CCP initially reopened the servers, it has since decided to close them down in order to conduct an investigation and "an exhaustive scan of our entire infrastructure." The outage also affects CCP's web presence. You can follow the situation via the company's Twitter feed. [Thanks to everyone who tipped us.]
The War Z forums and databases hacked, taken offline for investigation
The War Z has been taken offline due to the compromise of its databases and official forums, publisher OP Productions has announced. "We have discovered that hackers gained access to our forum and game databases and the player data in those databases," the statement reads. "We have launched a thorough investigation covering our entire system to determine the scope of the intrusion. This investigation is ongoing and is our top priority."The user information obtained during the break in includes log-in e-mail addresses for the official forums and the game itself, along with the encrypted passwords associated with those addresses. No user payment information was compromised, however, as payments are handled by a third party company that operates outside of OP Production's ecosystem.Despite the fact that "there was absolutely no exposure of your payment or billing information of any kind," according to the statement, the possibility still exists for the stolen encrypted passwords to be decrypted, which could obviously be an issue for anyone that used the same email address and password for The War Z as they did for other, more vital internet accounts. As such, OP Productions recommends that its users change up their passwords.Beyond the promise of future updates, no further timeline was given with respect to when the game may come back online.
Rumor: SimCity modded to disable disconnection timer, open debug mode
Reddit user AzzerUK claims to have enabled SimCity's debug mode and to have disabled its disconnection timer, both of which imply that there is more to the game's inner workings than EA and Maxis originally stated.Currently, a user that loses their connection to the server during gameplay will be logged out of the game after 20 minutes. This is supposedly because the client must sync simulation data back to the server on a regular basis, in order to ease the computational load on the user's machine and to ensure the simulation as a whole runs smoothly.Though not demonstrated in the video above, AzzerUK claims to have disabled that disconnection timer, and that playing an offline city for extended periods of time resulted in no issues with the simulation itself. Since SimCity does not support local saves in any way, it is not possible for AzzerUK to actually save anything that happens in his offline city, but the important thing is that the simulation reportedly did not come to a screeching halt after being unable to sync with the server.The modder/hacker also claims to have enabled SimCity's debug mode, which allows for cities to be edited beyond their typically imposed borders. Though clipping and texture mapping issues are easily visible in the above clip, the traditionally impossible highways created at least appear to function properly. This supposes that, at least theoretically, the game is capable of supporting city sizes that are larger than what is currently available.
Evernote issues site-wide password reset after hackers access user details
Popular cross-platform note-storing service Evernote has revealed in a blog post that it has been the subject of hacking attacks. The operations and security team is keen to point out that there is no evidence that any stored notes and content was accessed, but that some user information -- including passwords and emails -- were. The data breached does benefit from one-way encryption (hashed and salted), but the firm is issuing a site-wide password reset just in case. In short, all users of the site will be required to set a new password, and are advised to log-in as soon as possible to do so. For more details and updates, we suggest keeping a close eye on Evernote's official blog and twitter. Both of which can be found below.
Some PlanetSide 2 European accounts have been compromised [Updated]
You know the drill people: Accounts hacked, time to change those passwords ASAP. Who's affected this time around? It's the runners-and-gunners of PlanetSide 2 in Europe. Email addresses and passwords for some accounts were exposed, and affected players have been notified that they should create a new secret code so that the unwashed hackers don't gain entry to personal accounts elsewhere. ProSiebenSat.1 issued the warning last night: "We have ascertained that there was recently unauthorized third-party access to one of our systems. The possibility that your data (email address and password) has been accessed by an unauthorized third party cannot be excluded. We were able to detect the problem promptly and took all necessary action to rectify the issue." The company said that account data are encrypted and issued instructions how to change your password if this impacts you. No European SOE PlanetSide 2 accounts were affected by the intrusion. [Thanks to the mighty Tandor for the tip!] [We've updated the article to clarify that only some PSS1 accounts were affected. SOE's European accounts are in the clear.]
Rumor: Origin hacked, EA denies intrusion [Updated]
If you have created an EA Origin account for any reason, such as for Star Wars: The Old Republic or Ultima Online, we advise you to change your password posthaste. Numerous sites are reporting that hackers have breached Origin's security and are potentially modifying account information and stealing it. Allegedly affected players claim that the hackers are changing the log-in emails associated with their accounts and that the new email addresses have a Russian suffix. In response to a question about whether any accounts were compromised by hacking, an EA spokesperson made the following statement: "At this point, we have no reason to believe there has been any intrusion into our Origin database." EA has updated us with its full security statement: Anytime a player has a question about the security of his or her account or personal data, we take it very seriously and take all possible steps to help. For any customer who cannot access their Origin account for any reason, we ask them to please contact Origin Help or EA's customer experience group at help.ea.com. The robust security measures in place to protect Origin users accounts are constantly being expanded and upgraded, and we also strongly recommend customers take the protective steps of using strong passwords and changing passwords often.
Security breached in PlaySpan hack, multiple games affected [Updated]
Some MMORPGs have been affected by a security breach at PlaySpan. User IDs, encrypted passwords, and email addresses for the players of multiple unconfirmed MMOs have been compromised, according to Develop. Upon detecting the breach, PlaySpan locked all accounts and closed the PlaySpan Marketplace. The company is asking users to reset their passwords while the firm investigates the hack; it also encourages folks urges folks to reset passwords on other websites as a precaution. A PlaySpan spokesperson stated, "We sincerely apologize for any frustration or inconvenience this incident has caused our customers. We know PlaySpan's business depends on consumer trust. Security is a top priority for us, and we are redoubling our efforts to strengthen PlaySpan's overall system security." [Thanks to Chris for the tip!] [Update: We've removed EVE Online, Guild Wars, and RuneScape from the list of compromised games as they were not affected as Develop originally reported. CCP has released a statement denying that it shares customer information with PlaySpan; ArenaNet has likewise posted that it does not use PlaySpan for its games. Turbine has likewise confirmed that contrary to rumor, "Turbine game accounts are not connected to the Playspan Marketplace".]
Guild Wars 2 brings trading post online, handles hacked accounts
It's a good day for Tyria's Wall Street and its many denizens, as ArenaNet has brought Guild Wars 2's trading post fully online. The trading post, which works as an advanced version of an auction house for the game's players, has only been sporadically available since launch. The defense and counter-attack against the legion of GW2 hackers continues, however. The devs report that "a Guild Wars-related fan site" was recently hacked for its account information, and say that the reset password feature for the game will remain disabled for the time being as to not allow hackers another avenue of attack. ArenaNet said that during the past 24 hours, the team has dealt with over 2,500 hacked accounts and over 2,800 login issues.
Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition
The folks in Mountain View are starting to make a habit of getting hacked -- intentionally, that is. Earlier this year, Google hosted an event at the CanSecWest security conference called Pwnium, a competition that challenged aspiring hackers to poke holes in its Chrome browser. El Goog apparently learned so much from the event that it's doing it again -- hosting Pwnium 2 at the Hack in the Box 10th anniversary conference in Malaysia and offering up to $2 million in rewards. Bugging out the browser by exploiting its own code wins the largest award, a cool $60,000. Enlisting the help of a WebKit or Windows kernel bug makes you eligible for a $50,000 reward, and non-Chrome exploits that rely on a bug in Flash or a driver are worth $40,000. Not confident you can break Chrome? Don't let that stop you -- Google plans to reward incomplete exploits as well, noting that it has plenty to learn from unreliable or incomplete attacks. Check out the Chromium Blog at the source link below for the full details.
North American players may now update their security questions
As an update to the security breach last week, players on North American realms will now be prompted to change their security question and answer when logging in to their Battle.net accounts. The security breach included no financial information; however, answers to personal security questions were compromised, as well as some information related to Mobile Authenticators. In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea. Nethaera As a precaution following our recent security update, players on North American servers please take a moment to visit Battle.net account management, where you will be prompted to change your security question as well as update your Mobile Authenticator. There you'll also find helpful tips and an FAQ, as well as instructions on how to add additional layers of security to your account, including the Battle.net Authenticator or the Mobile Authenticator for those that aren't already using one. source
Blizzard security breach, no evidence that financial data was compromised
Mike Morhaime, the president of Blizzard Entertainment, reported today in a blog post posted on the official Blizzard website that a list of email addresses for Battle.net users, answers to security questions, and information relating to the Mobile and Dial-in Authenticator program were illegally accessed by outsiders. The security hole has been closed, but Blizzard is officially recommending that all Battle.net users change their passwords immediately. In the coming days, players will be prompted to automatically change their security questions and update their mobile authenticator software. A FAQ is available here. The full post is below. Mike Morhaime Players and Friends, Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened. At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed. Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts. We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well. In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here. We take the security of your personal information very seriously, and we are truly sorry that this has happened. Sincerely, Mike Morhaime source
TouchPad gets an early taste of Android 4.1 Jelly Bean courtesy of CyanogenMod 10 (video)
Want the latest version of Android on your device? Sure, we all do, and despite HP having put the TouchPad out to pasture long ago, the modder community isn't giving up hope. One brave soul over at Xda Developers who goes by the handle Jscullins can (and should) be thanked for bringing bargain tablet lovers a dose of CyanogenMod 10. It's still a preview build lacking, among other things, sound and video acceleration, but if you absolutely have to get a buttery smooth UI on your tablet right now hit up the source link for the download. Or, you could just check out the video of it in action after the break courtesy of Liliputing. It's probably safer.
NVIDIA Developer Zone shut down, may have been hacked
Bad news from the land of Tegra. NVIDIA has shut down its Developer Zone forums after noticing what it calls "attacks on the site by unauthorized third parties." While the nature of the attacks isn't clear, what's troubling is that these attackers "may have gained access to hashed passwords." Users are of course encouraged to change their secret codes and, with all the hackery going on lately, we might recommend you just go ahead and change them all -- just in case. [Thanks, Alfredo]
Nexus Q repurposed to play Pong, games with your heart (video)
Google's mysterious, if not ominous Nexus Q has already been hacked to launch apps of varied origins, but there's one particular app that stands above all: Pong. Or, Brick Defender -- you know, what's a generic title amongst friends? BrickSimple managed to hack the Q for Pong playback, using the spinning top (read: volume wheel) to move the lower bar in the game. We'll let you get right to the action; the video's embedded after the break, and the code snippet necessary to duplicate it is there in the source below.
Nexus Q hacked to run Android games in under 24 hours
The word "run" in the headline is chosen very carefully. Developer Christina Kelly managed to get Swords and Soldiers up and running on the Nexus Q, but the game is not actually playable. Without a touchscreen or any other way to actually control the title, there's not much to do besides look at the splash screen. Still, the fact that in under 24 hours Google's new streaming appliance has already made to fire up unapproved apps bodes well for its future with the hacker community. Once the device gets in the hands of more devs we imagine it'll only a matter of time before someone figures out a way to get Hulu or Netflix running on it, with your Android phone acting as the remote.
Blizzard denies Diablo III authenticator hacking claims
We've been following the mass reports of hackers bypassing passwords and authenticators to rob Diablo III accounts blind, and now we have a new twist on the story. While Blizzard confirmed "an increase in reports of individual account compromises," the studio says it has no hard evidence that hackers have found a way to skirt around the authentication system. Community Manager Bashiok said that the company is taking the claims "extremely seriously" and is investigating the rash of account compromises. "Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand." Blizzard is assisting compromised customers by restoring stolen items and rolling back their accounts. The studio has a post up on its forums to help players protect their accounts and get assistance if theft occurs.
DingleBerry 4.0 cancelled, open-sourced in search of PlayBook OS 2.0 root exploit (updated: ok, maybe it's not cancelled)
DingleBerry arrived with an awesome name and even better functionality: the ability to root a BlackBerry PlayBook. For the moment, however, it seems the utility is little more than dust in the wind. We've received news that development of the famed exploit has been halted. If it's any solace to super users, the project may find new vigor, because the source code for DingleBerry 3.3.3 is now available for all to improve upon. Perhaps the cat and mouse game with RIM's security team was simply too burdensome for DingleBerry developers, as PlayBook OS 2.0 has remained impervious to root exploits. Whatever the case may be, if you'd like to take a swing at a new root method, be sure to hit up the source below.[Thanks, Joao]Update: DingleBerry dev Chris Wade reached out to us to clarify that version 4.0 is not cancelled -- regardless of what the official changelog says. Where exactly the confusion comes from we're not entirely sure, but we've been told the project was open sourced so that others, perhaps those with more free time on their hands, could take a crack at the PlayBook OS and not because it's dead.
Inception brings root privileges, rush of adrenaline to Nokia N9 community
So, here's the thing: Aegis, the security framework on the Nokia N9, has been busted wide open -- thanks to an exploit known as Inception. Much like root access on Android, the software allows developers to write apps (and users to install apps) that take full advantage of the N9's capabilities. Naturally, exploits such as these aren't for everyone -- in particular, Inception requires a familiarity with the command terminal -- but if you've ever wanted to load custom kernel modules, activate disabled hardware features or apply community-provided upgrades, a quick and relatively painless method is now here. A few words of caution: users mustn't upgrade their firmware beyond PR1.2 without first confirming that Inception is compatible, and because the exploit allows applications to gain full access to the phone, users should only install apps from trusted sources. Want to know more? Just follow the rabbit hole in the source below.
Windows Mobile takes up roost in Windows Phone, thanks to WML project (video)
Whether you're looking for a good laugh or a simple trip down memory lane, seeing Windows Mobile 6.1 hobble around like a grumpy old man within Windows Phone might just satisfy both those urges. The technical stunt comes courtesy of the Dark Forces Team, which is now previewing a bit of hackery known as WML (Windows Mobile Loader?). While details of the project have yet to be made public, a video posted to YouTube clearly shows the elderly OS accessible from within Windows Phone on an HTC Gold (HD7). Support for Windows Mobile 6.5 is also in the works, but for the moment, just take a peep at the most important visual treat in the above clip.
