PIN
Latest
Provisioning for prepaid Google Wallet cards on hold while PIN-related security hole gets fixed
Remember that Google Wallet exploit from a few days ago? The one that would allow 'brute-force' PIN attacks, but only on rooted Android devices? Well, another PIN-related security hole was discovered soon after, putting even non-rooted Androids at risk. As Android Central points out, should your phone make its way into the wrong hands, your Google Wallet PIN number could be reassigned, allowing access to the prepaid account attached to the phone itself -- yikes. As such, the folks at Mountain View have taken action, shuttering provisions to prepaid cards until it finds a permanent fix for the problem. Despite the troubles, Google is sticking by its original tune, stating that Google Wallet offers multiples levels of protection (when used on official builds of Android) that go beyond traditional plastic cards, including your phone's lock screen. There's no estimate on when things will be back to normal, but you'll find Google's assessments and assurances about this situation at the source link below.
PSA: Google Wallet vulnerable to 'brute-force' PIN attacks (update: affects rooted devices)
Security hounds over at zvelo have discovered a vulnerability in Google Wallet that means your precious PIN can be "easily revealed." Digging through the app's code and using Google's open resources to reveal its contents, they uncovered a piratical treasure trove of data: unique user IDs, Google account information, and the PIN stored as a SHA256 hex-encoded string. Since this string is known to carry four digits, it only takes a "trivial" brute-force attack involving a maximum of 10,000 calculations to decode it. To prove their point, the researchers made a Wallet Cracker app -- demoed after the break -- that does the job quicker than you can say "unexpected overdraft."Google has been receptive to these findings, but its attempts at a fix have so far been hampered by the need to coordinate with the banks, since changing the way the PIN is stored could also change which agency is responsible for its security. In the meantime, zvelo advises that there are some measures users can take themselves, aside from putting a protective hand over their pockets: refrain from rooting your phone, enable your lock screen, disable USB debugging, enable Full Disk Encryption and keep your handset up-to-date.Update: Google has responded by emphasizing that it's only users of rooted devices who are at risk. In a statement to TNW it said: "We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone."[Thanks to everyone who sent this in.]
Researcher finds vulnerability in WPS protocol, looks for manufacturers to offer fix
On the plus side, your router's mostly secure. Security researcher Stefan Viehbock has just discovered a major security hole which allowed him to use a brute force technique to access a WPS PIN-protected network in about two hours. According to Viehbock, a design flaw allows the WPS protocol's 8-digit PIN security to fall dramatically as additional attempts are made. With each attempt, the router will send a message stating whether the first four digits are correct while the last digit of the key is used as a checksum and then given out by the router in negotiation. As a result, the 100,000,000 possibilities that the WPS should represent becomes roughly to 11,000. The US-CERT has picked up on this and advised users to disable WPS on their routers. Viehbock, in turn, claims to have attempted to discuss the vulnerability with hardware vendors such as Buffalo, D-Link, Linksys, and Netgear, but says he has been roundly ignored and that no public acknowledgement of the issue has been released. As a possible final step, Viehbock has promised to release a brute force tool soon, thereby pushing the manufacturers to work to resolve the issue. In other news, that evil supercomputer from the movie War Games just got a few more digits of the nuclear launch codes -- maybe one of Stefan's pals can look into that one.
Club Nintendo 'Platinum' members to receive commemorative pin set
Yesterday marked the end of the "year," as far as North America's Club Nintendo Elite Status goes. Did you earn 600 "Coins" by registering first-party Wii, DS, and 3DS games and taking surveys between the end of June last year and yesterday? If so, you're entitled to this year's gift for Platinum status holders, a set of commemorative pins. The 25 Super Mario Bros. sprite pins come in six boxes that can be arranged to form a picture of Mario, a mushroom, or a Goomba. If you hit the 300-Coin mark in that period, you're entitled to the "Gold" gift, which, as always, is a desk calendar with a different Nintendo game theme for each month. We just switched over to the Nintendogs + Cats page in our 2011 calendar this morning! Awwww.
Digits conductive pins won't make a fool of you in the cold
Ever tried writing a text message or an urgent work e-mail with gloves on? Chances are what you planned to type and what came out couldn't look more different...if anything came out at all. Digits are a $14 set of four conductive pins that, like the Dots iPhone gloves, were designed to make cold weather touchscreen use easy, and hopefully error free. Unlike Dots and other pre-made touchscreen products, however, Digits allow you to use your own gloves, provided they're knit (unfortunately, they're not leather-friendly). Each pin comes in two parts: one piece sticks through from inside your glove, and the other, which sports silicone caps, attaches from outside, using the same concept as this DIY set. Digits should keep your touchscreen free of scratches and your texts and e-mails free of error, even when it's freezing out. Hopefully now you won't end up firing when you should be filing.
NCsoft answers questions on Aion's new security
Ever been in the middle of a duel with a friend in Aion and watch him (or her) drop offline in the middle of a conversation, then come back online on each alt, strip it down, and sell off everything -- right in front of your eyes? That very scenario has happened to me, and similar situations have happened to others. Even counting RNG rages, nothing really compares to the frustration and heartache of losing all you have worked so hard for in-game, and no one wants to experience this. With this in mind, NCsoft has introduced an extra layer of security -- a new PIN system designed to better safeguard your virtual stash. We were able to speak with Sean Neil, Associate Producer of Aion, and Lance Stites, Executive Vice President of Game Operations and Production at NCsoft West, to bring you the scoop on this new system. Join us past the cut to hear what they had to say.
I've upgraded to iOS 4: Now what?
You've upgraded your iPhone to iOS 4, and you're anxious to play with all sorts of new and wonderful features. Before you do that, take a few minutes to make sure everything is working as expected. Here's a list of things to confirm. They aren't in any particular order, and not all of them will apply to everyone, but some of them will, especially if you have "restored" your iPhone. 1. Launch the phone app and go to the voicemail tab. Make sure that it isn't asking for your PIN. If you're really cautious, you might even call your iPhone and leave yourself a voicemail just to make sure it's working as expected. Six more easy and necessary steps after the break.
Boy Scouts introduce videogame badge, other badges ask 'Really?'
Yes, really. The Boy Scouts of America have finally recognized that most important of modern children's pastimes with the creation of a "Video Games" belt loop and pin. However, our initial excitement on this momentous day is drastically lessened after reading how one goes about earning them. Here are the belt loop's three requirements: Explain why it is important to have a rating system for video games. Check your video games to be sure they are right for your age. With an adult, create a schedule for you to do things that includes your chores, homework, and video gaming. Do your best to follow this schedule. Learn to play a new video game that is approved by your parent, guardian, or teacher. To go on and earn the pin, Scouts will need to teach adults how to play videogames, participate in a family gaming tournament, and learn how to comparison shop for prices. In other words, the Boy Scouts aren't interested in how many digits you have in your Gamerscore, don't care how stuffed your Trophy Room is, and shun your techniques for surviving the latest Trials HD expansion. We, however, are all ears. Update: We're getting a number of e-mails upset that this post does not explicitly point out that these awards are for the Cub Scouts, not for the Boy Scouts. Mind you, the Cub Scouts are most definitely a part of the greater Boy Scouts of America organization, and anyone who knows anything about the BSA in the first place knows that pins and belt loops are exclusively for Cub Scouts. So, chill, yeah? Also, we're still waiting on that Trials HD advice -- we can't get 10 feet on those new Extreme levels without repeated faceplants.
Microsoft Kin Studio saves all your phone content to the web (update: video!)
There's no denying that Microsoft's new Kin phones are a next-gen riff on the Sidekick, and just like the Sidekick, everything that happens on the phone will be backed up to a Microsoft service, called Kin Studio. Text messages, photos, videos, music, other content -- it's all instantly synced to the Studio, which is obviously accessible from any browser. Of course, it's sort of funny for Microsoft to be saying that it'll back up all your data for you, since it just had a major Sidekick data loss incident, but hey -- the kids don't know that, right? They're off skateboarding, or hanging out watching fat people eat burritos*, or whatever they do. Update: Video for the "upload generation" now available to stream after the break. Think you can handle that? *Actual line from teen testimonial video shown during Microsoft event. We are not kidding.
Corsair's Padlock 2 offers 256-bit AES encryption inside a rugged body
Our British readers will already be painfully familiar with the comical propensity that government officials (even spies!) have for losing sensitive data while on the move. It might be an idea, therefore, to give your forgetful local representative a break with one of these new Corsair USB drives. The Padlock 2 features OS-agnostic password protection via the keypad you see above plus 256-bit encryption of the data stored on the flash inside. So even if someone is tenacious enough to pry the case open, he'll have a hard time getting anything useful out of it. Oh, and don't worry about forgetting the passcode, there's a procedure for wiping the drive clean and generating a new one. 8GB units are available immediately, and we've spotted them online priced at £46 in the UK and $59 in the good old US of A.
Show and Tell: And buttons for all
Buttons are important to gamers. Usually, they're our primary method of input, and while some systems (why hello, Nintendo) may be moving us away from that tradition, we'll always have a soft spot for those little buttons.But we're not talking about those sorts of buttons today. We just like 'em. No, we're taking a look at the other sort today, the kind you wear. Badges. Pins. Sometimes, they can be just as important as the buttons on our handhelds and controllers -- if you want to display your likes and dislikes, anyway. And badge-making has long been quite the thing among the crafty gaming contingent. Take the guided tour of our selection of game-related buttons here, or dip into the gallery below wherever you'd like. You might be surprised at what you find.%Gallery-38307% Show and Tell is all about fan stuff, so long as it's Nintendo-related. We love to see your collections, your crafts, your frosted creations, your t-shirts and swag of all sorts.Just snap a few pictures, tell us what's up, and send it all to showmeit [at] dsfanboy [dot] com. We'll take care of the rest. Not a handy type, but found something neat? Send us a link instead.
Scattered Shots: Pet talent trees in the Wrath Beta
Welcome to another edition of Scattered Shots, the other WoW Insider weekly Hunter column. Daniel Whitcomb is your guest host again this week. So, we theorized about talented pets a bit quite a few installments of Scattered Shots ago, but now we have the actual trees live and testable on the Wrath Beta, and they seem to be firming up nicely. There's a few promised changes yet to come, such as the removal or lowering of focus costs on many major abilities and talents, and it's still very possible that Blizzard may make changes here and there before live, but I think they're solid enough at this point that we can look at each tree and make some solid predictions about how people will use them and how various talent builds might look.
WiQuest makes secure pairing simple for display-less Wireless USB devices
Pairing up display-laden Wireless USB device with another machine is quite possibly one of the easiest processes known to man, but what if your W-USB device is screen-less? Enter WiQuest, the self-proclaimed leader in WiMedia-based ultra-wideband solutions, which has just revealed a new Wireless USB PIN Association method "specifically designed for Wireless USB-enabled devices that do not have a display." In its words, "once the Association process is initiated, a software screen on the host PC requests that the unique PIN printed on the Wireless USB device be entered and the secure pairing is completed -- wirelessly." We just love it when a good plan comes together.
Nintendo recalls character lapel pins
If you received a lapel pin from Nintendo between 2004 and 2007, either as a giveaway or a purchase from the Nintendo World Store, you could be in danger. Not just the regular poking-based kind of danger associated with pins, either. The pins are painted with an unsafe level of lead, which could be harmful if ingested. Unlike other pins, which are harmless when swallowed.Nintendo is recalling the affected pins, and will ship out non-poisonous replacements. More information is available at the link, or at (800) 431-0971. At least you get a shiny new pin out of the deal. Keep it out of your mouth just in case.[Via Gamespot]
Wear your love for Link
Around here, we find that blowing money on random game-related gear is a great way to celebrate the weekend, but we're addicts like that. Considering that, it's no surprise that the bevy of new Zelda-themed gear at Hot Topic caught our collective Fanboy eye. Zelda hats, hoodies, and pins ... oh my! [Via Aeropause]
ATM PINs vulnerable to cracking, Israeli researchers say
Everyone relies on their ATM cards pretty frequently -- after all, there's no better (or, often, more necessary) way to start your evening than with a $40 quickdraw from your favorite local money machine. Well, you may want to think twice (that is, if you're among the paranoid security-minded types) next time you whip out that thin piece of plastic. A group of researchers at Algorithmic Research (ARX), an Israeli security firm, published a paper two weeks ago describing a very serious flaw inherent in most ATMs. Apparently, between the time that you input your PIN and the time that the machine spits out your cash, a dataset containing your PIN and account number is encrypted and decrypted a few times while being routed along the banking network -- and somewhere along that point, it's conceivable that those numbers could be intercepted. MSNBC reports that while no attacks using this method have been detected, the US Secret Service is already on the case, and that while Visa and the American Bankers Association are acknowledging the problem, both are dismissing the hacking scenario as being unlikely. Still, we might consider busting out that money belt sometime soon, getting the USSS on the job means it could be big. [Warning: PDF link][Via MSNBC]
Gitaroo Man pre-order swag (and other less important games)
Gitaroo Man Lives! plans on burnin' down the PSP come November 14th, and if you pre-order the game online at Gamestop, you'll not only secure yourself a copy of the game, you'll also get a 5-pin set (which looks suspiciously like the ones given away in Europe a while back). Although the game is merely an updated port of the PS2 cult classic, there are tons of people out there that haven't had a chance to play this rad game from the creators of import-favorite Ouendan. It received some rave reviews, so don't be afraid to break out the dough.It appears as if you'll be able to pre-order Pimp My Ride and NFL Street 3 and get some swag too, but I stopped reading 'round there. You can head over to Gamestop Gamespot (why are they named so similarly???!) to get all the details.
Thanko's PIN-protected Morse Code Drive
You may think that those USB thumb drives with biometric protection are keeping your data on adequate lockdown, but with so many Play-Doh-equipped crooks looking to steal your personal information these days, are you really willing to trust your most secure infoswag to a notoriously unreliable fingerprint reader? Our old friends at "innovative" Japanese manufacturer Thanko certainly aren't, as evidenced by their new keypad-sporting model called the Morse Code Drive -- which, despite its name, has nothing to do with the dash-dot-dashing we've seen performed by characters in old war movies. Available in either 512MB or 1GB flavors, this USB 2.0-compatible drive requires the user to input the proper PIN before revealing its precious data on a Mac or Windows machine, although we doubt that a determined hacker would be unable to penetrate its defenses. Still, most consumers will find the $60 and $85 drives acceptable for everyday use, and the fact that they camouflage themselves as a cheap calculator when stored in your pocket protector should only help seal the deal.[Via Fareastgizmos]
O2 makes reviving locked phones a little easier
If you've ever found yourself facing a locked phone asking for its PUK code, you know that you're kinda in a bind when that happens. Typically you need to call your carrier, wait the standard 3.44 minutes for a rep to answer, provide some identifying information so they know you're who you say you are, and you get your code. Phone thieves, rejoice: O2 is now offering PUK codes through its website to anyone providing little more than a phone number. Granted, very few people actually lock their SIMs down with a PIN and PUK, but for those that do on O2, your safety margin just got a little smaller.[Via textually.org]
