exploit
Latest
Void Reaver exploited, brought down in 53 seconds
Word's flying around about a Void Reaver exploit that involved mind-controlling a Tempest-Smith, and then blasting the heck out of him with the bomb ability. One guild, as seen above, has brought VR down within a minute-- apparently the ability has no cooldown, so VR can come down as fast as your mind-controlling Priest can click. However, Blizzard has said this is an exploit, and it is not recommended that you do this on the live realms. Blizzard will definitely be watching VR raids-- avoid the banhammer!But still, a fix has got to be incoming as fast as possible. The question is: how? The most obvious answer is that they have to simply make the Tempest-Smiths not be mind-controllable, but I'm not sure how it works-- in order for the groups to go down right, most raids will sheep or trap these guys, so they do have to still be vulnerable to some kind of CC. The other option is to put the bomb on a cooldown, but even then, that kind of DPS will still help the raid against VR.At any rate, Blizzard will think of something, and probably sooner than later. Interesting exploit, but an exploit just the same, and a definite no-no. [ via WoR ]
Will name changes let ninjas run free?
While Robin and I think it's a great idea, some people are in an outcry about the upcoming name-change service that Blizzard is offering. As Monsoon tells Blizzard on the forums:This is probably the worst ever decision ever made. How are we supposed to track ninjas and retards who may apply to our guild if there is no way to track their name changes?"Nethaera calmly responds:Perhaps putting them on an ignore list might help.The ignore list will be automatically updated once that character's name change gets activated. Of course no system is fool proof, and there will always be someone looking to exploit things, but realistically, is it a terribly big problem if people you consider "ninjas" and "retards" yet are still unwilling to put on your ignore list can change their names once every 90 days? In my experience, the kind of person who likes to call others "retards" generally isn't very nice themselves, and tends to find new "retards" all the time (with no offense meant to Monsoon here). I don't think it would be possible, even if the ignore list were extended to include a potential thousands of names, for some people to be satisfied that all the "ninjas" and "retards" were sufficiently dealt with and removed from the system
iPhone / iPod touch v1.1.1 jailbreak code posted
Well if you like looking through line after line of incomprehensible programming gibberish, make sure to hit up the Read link below, in which the TIFF exploit-based firmware v1.1.1 jailbreak code from team Toc2rta is posted in its entirety. More of an academic exercise for curious geeks than a useful bit of knowledge for the average iPod owner, we're sure there's still some interest out there in seeing exactly how this hack was developed. And as usual, if you do decide to go about 'breaking your device as previously described on these pages, we're, like, totally not responsible for any undesired consequences.
MacBook WiFi hack to be published, sound of snoring overpowers announcement
You may remember good-old David Maynor, the infamous hacker who caused a stir in the Mac community by "exploiting" a "loophole" in a MacBook's WiFi that allowed an outside user to gain control of the system. Of course, the hack was then promptly disputed by all sorts of people, said to be a hoax, and generally made fun of. A little bit later on, Maynor and co. turned up in a nerd-tastic war of words on the internet over an OS X "worm," trading barbs, assuming fake names, creating counterfeit blogs, and eventually being reduced to death-threats and public "outings" of their online personalities. Now, according to reports, Maynor is "officially" publishing the details of his original exploit, freed from legal shackles (i.e., NDAs) which he claim prevented him from revealing the truth about his hack. The hot-blooded work is to be published in the September issue of Uninformed.org (an online hacking journal). Says Maynor, "Let them tear me apart all they want but at the end of the day the technical merit of the paper will stand on its own." To which we respond: your 15 minutes are up.
Realm-crashing exploit going around
Before you ask, no, I'm not going to reveal how to crash a realm in just a few simple steps. It would be chaos. However, there is, in fact, just such a technique making the rounds of the internet. Hopefully it will be fixed very soon -- one commenter I've seen says that his realm went down four times in 20 minutes. I'd say that qualifies as a serious problem. If you've been having realm stability issues lately, perhaps some jerks performing this exploit are to blame. And Blizzard? Please get this fixed ASAP.How's your realm been?P.S. If you know the exploit, please don't post it here. Realm crashing is not cool. If you do post it, your comment will be deleted.Update: Blue says a fix is on the way, without actually saying they're fixing a player exploit.
Hackers crash e-passport readers -- stage set for exploits
Lukas Grunwald -- last seen cloning Germany's RFID passports -- is back with more "white hat" hackery on the world's new e-passport systems. This time, however, he's crashing RFID readers to demonstrate how a hacked passport could conceivably force approval of expired or forged passports. After all, "If you're able to crash something you are most likely able to exploit it," says Grunwald. Lukas was able to crash two passport readers made by different vendors by first cloning a passport's chip and then modding the JPEG2000 image file stored within the chip to create a buffer overflow condition -- the same vulnerabilities which make so many devices (the original Xbox, anyone?) so easily exploitable. Lukas contends that all airport readers are likely vulnerable to such an exploit as they would be using off-the-shelf libraries for decoding JPEG images. Lukas will be demonstrating his latest hack this weekend at DefCon in Vegas. Hmmm, with CES moving to RFID badges this year, we have a funny feeling that attendance is going to be way up. [Via BoingBoing]
Safari exploit gives hackers full control over iPhones and possibly PCs and Macs
Oops, researchers just unveiled a pretty serious security vulnerability in the iPhone. More specifically, it's Apple's Safari web browser which exhibits the vulnerability. Researchers at Independent Security Evaluators have used the vulnerability to take malicious control of the iPhone from rogue websites loaded with the exploit. Once in, researchers have full administrative access over the phone allowing them to listen in on room audio or snatch the SMS log, address book, call history, email passwords and more -- we're talking full access to your phone. Researchers note that the only way to stay safe is to check those URLs and only visit sites that you trust (which isn't very reassuring) and "may or may not be exploitable" from Mac and PC versions of Safari -- the same vulnerability exists only they haven't written the proof-of-concept exploit to test it yet. Apple has been notified of the vulnerability and a proposed fix with full public disclosure coming at the BlackHat conference on August 2nd. You listening InfoSec Sellout? That's how you report a bug. Check the exploit in video form after the break. [Via MacRumors]
PSP firmware hack drives Lumines sales
Well that was fast. It was just Saturday that hackers at Noobz found a buffer overflow exploit in the puzzle classic Lumines that allowed hackers to run a simple Hello World program on any PSP firmware, including the recently released version 3.5. By Sunday, our blogging brethren at PSPFanboy caught the above screengrab of Amazon's Movers and Shakers page showing the game's sales jumping a ludicrous 5900 percent in just one day. As of this posting Monday morning, the same page shows a more moderate 750 percent rise pushing the two-year-old title to the second-highest spot on Amazon's video game sales charts.We understand that there are a lot of people out there that want to exploit this new, uh, exploit to run homebrew code on their PSPs. What we don't understand is how there can be so many PSP owners out there that don't already own Lumines. How do you buy a PSP and not immediately pick up this hauntingly beautiful musical puzzler? We suppose there could be some PSP owners out there who eschew UMDs altogether for legally questionable emulators, but really, if you need a firmware hack to justify shelling out a few bucks for such sublime puzzle goodness then we don't want to be your friend anymore.
Lumines sales up nearly 6000 percent since exploit
Many modern PSP owners do not have homebrew-capable PSP systems. Therefore, when an exploit was found in Lumines that defeats protection in 3.50 firmware, many leaped at an opportunity to purchase the beloved PSP music/puzzle game. Sales on amazon.com have jumped up a whopping 5,900% percent, making it the tenth best selling video game on the retailer's site. Until there's an alternative solution for those clamoring for homebrew on their systems, Lumines looks like it will be experiencing quite an incredible new revival in sales.[Thanks, ben!]
Lumines unlocks homebrew on firmware 3.50
Homebrew on PSP systems with firmware 3.50 was thought to be impossible ... until now. An exploit was found in the classic puzzle game, Lumines, that allows a Hello World application to run on the system. Users must download a special program, and install it on the Memory Stick. When launching Lumines, the exploit will be taken advantage of.This is a huge win for the homebrew community. Most likely, downgraders will be created to take advantage of this exploit, which will allow all modern PSP owners to revert to a homebrew-capable firmware. Most likely, Sony has already heard about this exploit, and is working on a new firmware to ensure too many people won't be able to take advantage of this flaw. [Update: Now included a video, via MAXCONSOLE][Thanks, Merc25!]
Apple issues fix for recently discovered QuickTime flaw
Just over a week after a dubious duo found a way to commandeer a Mac thanks to an elusive flaw in QuickTime (of all things), Apple's security police have purportedly fixed the flaw and issued an update. Apparently, the hole could be "exploited through a rigged website and let an attacker control computers running both Mac OS X and Windows," and the firm elaborated by stating that a "maliciously crafted Java applet could lead to arbitrary code execution" if users didn't apply the patch. The newest version of QuickTime now sits at 7.1.6, and reportedly "repairs the problem by performing additional checking," and interestingly enough, Apple seemingly tipped its hat to Dino Dai Zovi and the TippingPoint Zero Day Initiative for reporting the issue. So make sure you fire up that Software Update today if you haven't already -- a presumably small bundle of downloadable joy should be waiting.
More on the CanSecWest exploit and Java
According to Matasano (home base for security researcher Dino Dai Zovi), the announced-but-unreleased web browser exploit that was used to win the CanSecWest MacBook Pro challenge involves browser support for Java. Turn off Java for Safari (or Firefox, or Camino) and your machine is immune.Let's take a moment to note, before frantically shutting down all the garbage mashers on the detention level, that this is an unreleased exploit and there is no expectation of it going wild; it's in the care and feeding of the Zero Day Initiative now and notification to Apple, Sun (Java) and other affected parties will be handled professionally. The only real-world risk is if some clever soul manages to find the same unpublished vulnerability that Dai Zovi did and pairs it with a malicious payload. Personally, I use Java for a couple of work purposes, but I can presumably leave it on in one browser for those specific pages and do my general browsing with another, Java-disabled browser... that is, I would, if I was paranoid.There are plenty of other ways to improve your Mac security, most listed via this post. Top three: turn on the firewall, run as a normal user, and turn off wireless (at least, turn off automatic connection to open networks). Apple's guide to Tiger security is also available as a PDF here.
Forum post of the day: Beggars will be shot on sight
First, a word of caution: there is a possibility that Blizz may consider this strategy to be griefing, so employ it at your own risk. It is, however, awesome. Apparently, if you're a Hunter, you can get a beggar killed, in town, if you're near an NPC that you can declare war on. For this example, we'll use a Cenarion Circle NPC (which I think there are in every major city). To summarize the OP: Beggar asks for gold. Invite beggar to group. Set "at war" with Cenarion Circle, put Misdirection on beggar, and shoot the Cenarion Circle NPC. The NPC will attack and probably kill the beggar. Pretty sweet, eh? Of course, the more attention this gets, the more likely it'll be fixed, so I had to think for a while before deciding to post it here. However, the forum thread is pretty hot right now, so more than likely Blizz knows about it already. Check the thread for pictures; there's also allegedly a movie here.[Thanks to Brisk of Eldre'thalas for sending this one in]
Remote "exploit" of Vista Speech reveals fatal flaw
Run for the hills, everybody, Windows Vista has been proven vulnerable to the hax0rs mere days after its release -- Steve Ballmer should clearly just give up now and resign while he still has a bit of dignity left. Or not. The vulnerability in question is hardly a hack at all, at least of the traditional variety, instead this one relies on you turning up your speakers and leaving your microphone on. See, the new Windows Speech Recognition in Windows Vista has all sorts of new abilities, but unlike Mac OS speech recognition of yore, no keyword is required to make your computer start listening to what you have to say, meaning any stray word could be interpreted as a command by Windows if it has the right tone and is within Vista's repertoire. Microsoft also hasn't done anything to ensure speech recognition doesn't listen to the sounds coming out of your computer via the speakers, all of which means that if you visit a malicious website with the speakers turned up and the mic turned on (and Speech Recognition loaded, of course) an audio file could wake SR, open Windows Explorer, delete the documents folder and then empty the recycle bin. Not exactly the most likely of occurrences, but certain security types are already up in arms, and Microsoft has confirmed the potential problem, but merely recommends users turn of their speakers and/or microphone, along with killing any apps trying to attack them with such verbage. Not the greatest vote of confidence, so perhaps we'll be seeing a fix for this from Microsoft before too long.[Via Slashdot]Read - Vista Speech Command exposes remote exploitRead - Microsoft confirms
Ask PSP Fanboy: Volume 4
Every Saturday, PSP Fanboy will answer your burning questions. If you have a question for the team, send an e-mail to andrew @ pspfanboy.com with the subject "Ask PSP Fanboy."Q: With news of the recent "Hello World" N00bz exploit for 2.81-3.03 PSPs, word is that an un-patched version of GTA: Liberty City Stories will be required for the future downgrader. How can I explicitly tell an un-patched GTA:LCS from a patched one?A: Hope this image from DCEmu helps:The unpatched version seems to feature different pictures. As a general rule of thumb, you'll have to look for the oldest copies you can find, so they'll most likely be used. When you pop in the disc, make sure the game offers a 2.0 firmware upgrade, not anything higher. Good luck.See more questions after the break.
Stop asking if you can downgrade your 3.03 system [Update 1]
A public message announcement from the PSP Fanboy team: Stop asking if you can downgrade your system. Currently, downgraders only work for PSPs with firmware 2.80 or below. Constantly leaving comments about downgrading from 3.03 will not get responses.So, what are you supposed to do then? N00bz, "homebrew without a clue," answers some of your burning questions. They note a few key points: there is a "kernel mode exploit" in all PSPs, up to version 3.03, that seems to be unchanged. Once a "user-mode exploit" can be found, it will be theoretically possible to run homebrew on all PSPs--even downgraders should work.But when will this happen? Who knows. Certainly, there are hard-working homebrew coders trying to find exploits in all of Sony's latest. However, N00bz recommends that if you're ever serious about switching over to homebrew, you should stop upgrading your PSP altogether. 3.04 or whatever future firmware upgrade Sony releases will most likely address these exploits; and it should be much easier to run exploits on 2.81 versus 3.03. There's no guide as to when the homebrew community will release something, but we advise you: please be patient. Personally, I'll keep upgrading to Sony's official firmware because I actually like playing legal games. [Update 1: Looks like I offended a few of you with my overly bitter comment. I'd like to apologize to those of you that do actually use your homebrew PSPs in a legit manner. As an acknowledgement of the harsh tone I took, I will not delete the comment. Sorry to those that were offended: you are clearly upstanding in an industry where many people take game developers for granted.]
Rolling restarts for US realms Friday morning
Drysc informs us to expect rolling restarts for all US realms starting at 5:00 AM PST to apply a "minor hotfix." Downtime is expected to be minimal (around 15 minutes), and US players probably won't notice any interruption. But a hotfix? Blizzard's not said what they're fixing, which leaves us to guessing games as to the exact nature of the problem. However, poster Tuhljin seems to be on the right track when he points out that "if they won't tell you what the hotfix is for, at least part of it probably involves fixing an exploit." After all, they wouldn't keep us in the dark just for the fun of it... would they?
MMS exploit targets Windows Mobile 2003
What's scarier than a text message luring you into getting your PC all hosed up with virii? An MMS message that somehow manages to do the infection honors all by its lonesome, that's what. Details are now emerging on what appears to be the world's first proof of concept for an MMS virus, exploiting a weakness in the way Windows Mobile 2003 handles SMIL (Synchronized Mutlimedia Integration Language) to cause a buffer overflow -- which in turn leads to the dreaded "arbitrary code execution." The fella responsible for the exploit apparently gave Microsoft the heads-up a solid six months ago; when he never heard back, he went public with it in a big way at Berlin's Chaos Communication Congress. The good news (if you can call it that) is that it's only been tested on the i-mate PDA2K and HP iPaq h6315, both of which are approaching the tail ends of their useful shelf lives. No word on whether the vulnerability applies (or can be easily adapted to) Windows Mobile 2005, but somehow, "we hope not" simply doesn't properly express our sentiments.[Via El Reg]
Gmail bug exposes your mail account to spammers
Like your Gmail account? Consider it a sacred place which must be protected from spammers at all cost? Yeah, us too. Well, we hate to break the bad news at the dawn of the new year but there's a weakness in Gmail which exposes your email address to any web site capable of exploiting the bug. As reported on Digg, the exploit takes advantage of the fact that Google puts your details into a JS file. As a result, if you're logged into Gmail and browsing the web, any rogue website can declare the function "google" and then parse all your contacts. The only way to safeguard yourself is to disable Javascript in your browser (or enabled it for trusted sites only) or simply climb into a hole and not browse while logged into Google services like Gmail, Blogger, Orkut, Reader, Calendar, etc. -- you know, the sites you typically have open all day long. For obvious reasons, we will not link directly to the site which demonstrates the exploit on your personal account due to the risk of running possibly malicious code. However, we tested it and found our most precious account -- and those of our contacts -- correctly identified and ready for harvest. But hey, even though Gmail has been out since 2004, it is still "beta"... right?Update 1: There are reports that Google has fixed the issue. Their "fix" is related and with any luck should be applicable. However, it's no fix. Don't believe us? Login to your fave Google service and give this non-malicious link a click.Update 2: Google seems to have now patched the vulnerability.
The poor (Mac) man's TiVoToGo arrives: TiVoDecode Manager
Well that didn't take long. Just four days after TiVo's DRM was hacked, and three days after we pointed you to the Zatz man's little exploitation guide, along comes the GUI wrapper that automates the process of downloading and decoding TiVo files onto your TiVoToGo-less Mac. TiVoDecode Manager v1.0 features automatic Bonjour discovery of local TiVos and the ability to one-click download any available recording listed by the date recorded, episode, etc. At the moment, only one recording can be downloaded at a time. Once on your Mac's disk, the decoded files still won't play in Apple's Quicktime player, but hey, that's why the Good Lord gave us VLC. As a front-end to software written by someone else, you'd be wise to heed the words of the developer: "use at your own risk." However, as tipster Brandon points out, he's "one happy geek" after giving it a whirl. Now quit hopping up and down clapping like little girls, there's decoding to be done. [Thanks, Brandon H.]
