hacked
Latest
Mabinogi hacked by a 16-year-old for $325K of virtual currency
A sixteen-year old boy allegedly hacked the website of Nexon Japan, and made off with about $325k worth of game points for Mabinogi, a free-to-play MMO that's inspired by Celtic mythology (and on its way to North America soon). He reportedly was able to obtain the password of a former Nexon employee, and then used that info to log on to the game servers and load himself up with virtual cash.Some of which apparently then turned into real cash, as he was able to sell it (as least that's what it seems like) for "web money," which he used to buy books and other software. The bottom line here seems to be not that the kid is a genius, but that the company and/or its employee made a dumb mistake, allowing the password to get nabbed by simple hacking software.No word on what punishment, if any, the kid faces, but Nexon claims they've "re-evaluated" their security software, and created a "24-hour monitoring system." Well that's good -- when they get hacked again, at least they'll be able to monitor it.
Blu-raydisc.com hacked, redirects to HD DVD Promo site
Tried visiting Blu-raydisc.com lately? You know, that site created by the Blu-ray Disc Association? If you're a newcomer, go on and click that "United States" location button upon arriving -- and shield your eyes if you fear the sight of HD DVD. As of right now, some clever (and equally meddlesome) individual has hacked the website to redirect to the The Look and Sound of Perfect, which is the official website of the HD DVD North American Promotional Organization. Of course, it's impossible to say who did this or what's really going on, but it should provide a hearty chuckle if nothing else. Peep the gallery shot below for a full-screen image of the redirect result. You wanted a format war? Oh, you've got one.Update: Seems to be fixed now -- 'twas fun while it lasted![Thanks, Tom]%Gallery-12150%
Final Fantasy XI hacked; Square-Enix hides behind policy
Numerous reports have come in concerning the recent hacking of Final Fantasy XI player accounts, with the concomitant liquidation of assets, leaving many users without gear and gil. Although complaints to the game admins have been many and passionate, Square-Enix seems to be employing a strategy of claiming that the hacked users are somehow to be found at fault for downloading keylogging software, or somehow allowing their account information to be taken by malicious hackers. There is an interesting theory circulating that the attacks are in response to S-E's crackdown on real money trading (or RMT) activities, which in general drive up inflation of in-game economies. It's been supposed that " ... RMT have decided for Christmas to meet demands for the people who buy the games currency (gil) to hack droves of veteran characters and sell everything of value in an attempt to meet the demand with the least amount of labor as possible", to quote player Sparthos.Interestingly, many of the hacked account holders place the inception of these attacks as occurring shortly after the release of FFXI's newest expansion, Wings of the Goddess. If there is a connection, it might be possible for there to be some weak code in the expansion that allows a hack of this nature to occur. With S-E's refusal to acknowledge legitimate grievances on the part of the players, however, it's not likely that we'll have this either confirmed or denied. We'll keep an eye on this story and see how it develops.[Thanks to everyone who sent this in!]
ES&S e-voting machine fails epically at withstanding hackers
We're going out on a limb here and assuming that precisely no one is surprised, but yes, another e-voting machine has proven totally incapable of resisting even the most unsophisticated of hacks. Not long after California Secretary of State Debra Bowen okayed the use of systems that failed prior security audits provided they make a few last minute attempts to appear invulnerable, a security penetration team revealed that an ES&S test system was no better than the rest. Reportedly, Red Team researchers were able to circumvent physical blocks with little effort, and they were even able to access internal files by making a quick and dirty change to the BIOS and booting it up with an external memory device. Needless to say, this deceased horse has been bludgeoned quite enough, but if you're interested in seeing a dozen pages of epic failure, the read link has got you covered. [Warning: PDF read link][Via ArsTechnica, image courtesy of USA Today]
MMO security irresponsibly bad, experts claim
MMO players have more to fear than simply kobolds and virtual super villains. According to several security engineers interviewed by TechNewsWorld, gamers face greater risks than many of them realize, as lax security measures on the part of publishers expose players to identity theft, malware, and potential hack attacks. And as persistent online worlds continue to grow in size, they only become more lucrative targets for online ne'er-do-wells. They attribute much of the risk to the fact that so much of the actual game software lies on users' home computers, and is not adequately shielded by firewalls and other protective measures.Unfortunately, the solutions posed by the so-called experts betray an obvious lack of experience with MMOs and the people who play them. They cite enterprise networks as an example of having the kind of network security that gamers need to ensure that they're protected from intrusive attacks... So they suggest that people play games from work to alleviate the risk. While I'm enthusiastic about such a prospect personally, I highly doubt that most employers are too keen on the idea of their employees logging in while on the clock and using up company bandwidth to grind for Sporeggar rep. They also suggest purchasing expensive security products, but that's not something I'd imagine most people haven't considered and disregarded already.A more prudent suggestion, though not one explicitly cited in the article, is to instead be extremely mindful of what kind of mods you download for your favorite games, and from where you download them. If you don't give hackers an open door to your system, than there's probably not too big a cause for concern, unless you're unlucky enough to have bought pre-hacked products.
SlySoft claims to have cracked BD+, naysayers fall quiet
We haven't broken down the minutes and seconds or anything, but we're fairly certain that July 10th wasn't exactly ten years ago. Nevertheless, the so-called "impenetrable" BD+ DRM scheme has reportedly already been subverted, and it's no shock to hear that the folks behind SlySoft had a hand in it. Regrettably, there's not a lot of details beyond that just yet, but according to the outfit's CEO, the software is ready to rock and should be released before the end of 2007. Chalk (yet another) one up to the hackers.[Via HighDefDigest, thanks to everyone who sent this in]
Stacks on the iPhone
So I finally had a chance to watch that Leopard guided tour that everybody has seen already this week, and one thing struck me like a bricked iPhone thrown directly at my head: boy, Apple really does love iTunes, don't they? It's everywhere in Leopard, from the unified toolbars to the Finder with its CoverFlow interface and drop-down sidebars. Leopard might as well be called the iTunes OS.But in the future, a few months from now, we can only hope that some of Leopard functionality comes back around, and beefs up our iPhones and iPod touches. Until then, we've got this awesome hack-- someone has put Leopard's stack functionality onto the iPhone's little dock. Very cool-- if you made all four of the icons on the dock into four little stacks, you could have all of the application access, and none of the clutter.Especially when the SDK comes out (and already, those with jailbroken iPhones are feeling the icon squeeze), we're going to need expansion slots like this. Apple clearly borrowed lots of ideas from iTunes and the iPhone in their new OS, and with this idea, it's time to start borrowing them back.Thanks, Steve!
Apple voiding warranties, blacklisting hacked iPhones?
We don't foresee Apple chasing folks down that have modified their iPhone or anything, but at least one case has proven that you may want to return your handset to stock before attempting to have it serviced. According to a recent report, a handset running "some third-party apps" and operating on T-Mobile was flat out rejected when it entered an Apple store for service. More specifically, the employee reportedly said that "the warranty was voided," and added that the mobile was "blacklisted" against future service or return. 'Course, the owner did manage to coerce the Apple store manager to allow a return (albeit with a 10-percent restocking fee added on), but we'd highly recommend reverting your iPhone to AT&T mode before begging for service just in case.[Via Digg, image courtesy of HamptonRoads]
Wii update provides minor menu changes, could brick modded consoles
It's that time again folks -- the moment when you're rushing out of the house, but you make the oh-so-wise decision to head in even later rather than leaving that glowing Wii unattended. Today, Wii owners in Europe, Japan, and the US can download a shiny new firmware update, which institutes a new digital clock on the main menu, a few "aesthetic changes to the Wii Shop," an updated Forecast Channel window, a "Today's Accomplishments" note on the message board, and a made over Wii Shop that "changes the way Virtual Console games are ordered." Also of note, some users are reporting that a message appears before updating that states: "If your Wii console has an unauthorized technical modification, this upgrade could cause interoperability of your console." Of course, this shouldn't come as a surprise considering the Big N's crackdown on modders, but in our single attempt of updating a Wii not left on standby, the aforementioned statement did not appear. So go on, head on down and get to updatin' (if you're not chipped, that is), and do let us know how your experience goes.[Via The Wolf Web]UPDATE: We've seen numerous reports of the new firmware not bricking modded Wii consoles, and that includes machines using Cyclowiz and WiiKey. If you're courageous enough, give it a go yourself and let us know how it turns out in comments.
Showbiz Pizza's Rock-afire Explosion hacked to rap on stage
Hacking your Roomba to sing and dance is one thing, but reprogramming The Rock-afire Explosion animatronic robot band to belt out rap tunes is undoubtedly on another level. Ripped straight from Showbiz Pizza Place, Fatz Geronimo and crew have apparently been reworked to perform Ms. New Booty, a less than flattering (but entirely comical) piece. So if you're in desperate need of a midday laugh, be sure and check out the video after the break.[Via BoingBoing]
Voting machine producers criticize critiques
Voting machine makers scoffing at bad reviews? That's preposterous! Actually, it's not all that alarming to hear that Diebold, Hart InterCivic, and Sequoia Voting Systems all had less-than-amicable responses to a state study that "found that their machines could be breached by hackers." Of course, we're not exactly sure what all that groaning is about, as we've seen nothing but proof to back the investigation up. Nevertheless, Sequoia dubbed the review "an unrealistic, worst-case-scenario evaluation," Diebold kvetched that the study didn't look at its most recently developed software, Hart found "several inconsistencies, alternate conclusions, and errors," and Elections Systems & Software bypassed the rigmarole entirely by failing to provide their information to the secretary of state. Oh, the irony. [Warning: Read link requires subscription]
California white hat hackers: 3, Diebold and friends: 0
In a move which will bolster your undoubtedly high sensations of "faith" in the US voting process, a group of University of California researchers have just hacked their way through security on nearly every voting machine certified by the state of California. According to Secretary of State Debra Bowen, who initiated these tests, the team was able to "bypass physical and software security in every machine they tested." The group, which was sanctioned by the state, was given full access to the machines, as well as their source code and manuals, leaving some to argue that the test doesn't accurately depict how vulnerable the machines are -- because we all know how hard it is for hackers to get their hands on that kind of stuff. The report will affect whether or not Bowen approves the systems for use throughout California in its upcoming presidential primaries. It looks like 2008 is going to be an exciting year, to say the least.[Via The Raw Feed]
Safari browser exploit produced within 9 hours in hacking competition
Shane Macaulay and Dino Dai Zovi, a software engineer and security researcher taking part in the brilliantly named "PWN to Own" Hack-a-Mac contest at the CanSecWest conference in Vancouver, managed to hack into and take control of a MacBook by finding a security exploit that takes advantage of an open Safari browser window. Shane and his teammate Dino won the prize of a brand new MacBook -- presumably loaded with Firefox or some other browser variant -- for managing to find the hole on the second and final day of the contest. The hack wasn't exactly a breeze, since the pair admitted to a total of 9 hours in order to find and exploit the weakness. Apple has patched OS X four times over the last year to fix dozens of security updates, and only regurgitated the corporate line when asked for comment on this particular vulnerability. ("Apple takes security very seriously", well duh!) Even with the recent arousal of interest in Mac OS security, the world has yet to see any kind of exploit released into the wild world web; when / if one does, we'd probably expect the most damaging exploit to use good ol' social engineering rather than a complicated hack like this. Still, Mac users should take some form of satisfaction from knowing that the issue of Mac security is being investigated, rather than being taken for granted.
Some Xbox Live accounts hacked [update 1]
Over the weekend a group of hackers hijacked Windows Live IDs through Bungie.net and supposedly took over all accounts associated within those IDs. ZDNet.com compiled a list of sources who are confirming such hacks after a security researcher over at Digital Munition released a full disclosure report. ZDNet.com then received emails from Xbox Live members confirming that their accounts have been taken over and that everything from fraudulent charges on their account to password changes occurred. So far Microsoft has somewhat admitted to the problem, but hasn't been overly helpful. There has been no official word from Microsoft, but in a phone conversation with a Xbox Live Tech they said that "hackers have control of Xbox live and there is nothing we can do about it".Have you noticed anything screwy with your Xbox Live account or Windows Live ID? So far we haven't heard anything from the fanboy community, making us believe this is a much more isolated problem then ZDNet.com makes it appear. But we definitely think Microsoft needs to either come out and admit to the problem and tell us what happened or squash this over-zealous rumor. This whole hacking problem further begs the question; why can't hackers and gamers live in harmony?Update 1: This mystery has been solved![Via Digg]
GameTrailers.com hacked
Late this weekend video game media site GameTrailers.com found itself on the receiving end of a joyfully implemented internet shenanigan. Hacked by a not-very-mysterious source, it seems the miscreants didn't do much more than defile the home page, alleging that someone other than MTV "owns" them and making sure we know how to get in touch with them for more witty banter. GameTrailers is back up and running now, serving delicious content as if nothing ever happened.[via digg]
Xbox 360 hacked, but quickly patched
Back in January, we reported on a possible Xbox 360 OS hack that came from a German hacker's congress. Today, we learn from a post on SecurityFocus that indeed it was real, because there is proof that those hackers found a way to break Microsoft's iron clad code. As the story goes, back in November a vulnerability was found due to "Unsigned Code Execution in Hypervisor Mode" in the latest kernel update. In the end, this vulnerability could potentially allow full access to the Xbox 360's OS and hackers to wreak whatever hacking havoc they wished. But before you get too excited about running Windows Vista on your 360, the problem has since been fixed. Microsoft was notified back in January about the problem and they quickly released an auto-update six days later to prevent anyone from exploiting the bad code.So ... any uber cool hacker up for teaching the rest of us some l33t hacking skills? We're thinking something along the lines of "Hacking Xbox 360s for Dummies".[Via Xbox-Scene]
Windows-based ATM machine hacked, gets Painted
Although we wouldn't expect to find the latest release of Photoshop on your neighborhood ATM, it's not so far fetched to think that Paint would be left on a Windows-based ATM. We've seen a recent boost in cash machine hacking of late, and while this latest attempt doesn't siphon illegal coinage out of the slot, it does make for quite a laugh. Joining the pitiful array of other Windows-powered mishaps, a sharp cameraphone-toting individual spotted a local ATM that had a beautifully hand-crafted Paint message on the front screen in place of the typical "Insert your card to begin transaction," and while we've already said too much about a picture that speaks a million words, be sure to click on through to see how accessing an ATM's start menu can lead to all sorts of mischievous mayhem.[Via Digg]
Wii's "Everybody Votes" channel hacked to allow unlimited suggestions
It looks like the dozens of e-voting terminals across the globe aren't the only voting machines getting hax0red these days, as the sweet, innocent "Everybody Votes" channel has now been exploited too. Nintendo's Valentine's Day gift to the world was met with much applause, but we knew those tricksters behind the scenes would be hard at work trying to find a workaround to the dreaded "one suggestion (or vote) per day" limitation. Along the same vein as fooling poorly coded shareware into thinking your "30 day trial" never runs out, all you have to do is set the Wii's internal clock a day forward, and from there on out, you're able to cast as many votes as you wish without being hampered. Of course, we don't really expect the Big N to just kick around this weekend and not fix this, but then again, we don't exactly foresee any of the polls found here to face recounts of any magnitude either.[Via Joystiq]
Unlimited Xbox Live 1 month trial ... twah?
We received the above YouTube video via a tip and it will have Microsoft scratching their collective heads. It looks like thedalmeny was able to make their 1 month Xbox Live gold trial last ... forever. The video above shows their Xbox account with an "enabled" status even though the trial period ended December 1st, 2006. So, in theory, their trial has expired, but the account status is enabled meaning they still have access to gold features. We're a little curious to how this was exploited, whether it was done through a browser, through their 360, or a combination of both. No matter, someone is always trying to beat the system and stick it to the man! [Thanks, Andy]
Mac OS X hacked to run on UMPC, tablet fans rejoice
For those who don't obsessively refresh Engadget, UMPC stands for 'Ultra-Mobile PC' - an emerging hardware form factor for a device smaller and more mobile than a notebook, but nowhere near pocketable (by any stretch of the imagination) like a PDA or iPod. For now it's definitely a niche device (most don't even have built-in keyboards), but that didn't stop Engadget from finding 'Igor', who managed to get a hacked version of Mac OS X 10.4.7 installed on an Asus R2H UMPC. Play the video above for a demo of this home-grown Mac OS X tablet, complete with Safari, iChat and iTunes action, with support for the Apple Remote to boot.Come on Apple! If DIYers can whip this together at home, where's my Mac OS X Tablet mini? Update:Removed incorrect video. Thanks to all who pointed that out.
