hacked
Latest
Refresh Roundup: week of February 6th, 2012
Your smartphone and / or tablet is just begging for an update. From time to time, these mobile devices are blessed with maintenance refreshes, bug fixes, custom ROMs and anything in between, and so many of them are floating around that it's easy for a sizable chunk to get lost in the mix. To make sure they don't escape without notice, we've gathered every possible update, hack, and other miscellaneous tomfoolery we could find during the last week and crammed them into one convenient roundup. If you find something available for your device, please give us a shout at tips at engadget dawt com and let us know. Enjoy!
Microsoft Store hacked in India, passwords stored in plain text
Frequenters of India's online Microsoft Store were briefly greeted with the suspicious visage of a Guy Fawkes mask this morning, following a hack that compromised the site's user database. According to WPSauce, Microsoft Store India's landing page was briefly taken over by a hacker group called Evil Shadow Team, who, in addition to putting a new face on Windows products, revealed that user passwords were saved in plain text. The group's motivations are unknown, though the hacked page warned that an "unsafe system will be baptized." The store is now offline, suggesting that Microsoft may have regained control. Read on for a look at the compromised password database.[Thanks to everyone who sent this in]
RIM puts BlackBerry Playbook on massive sale; Android Market shoehorned onto rooted units
Research in Motion may not have found itself in a coveted spot as 2011 ended, but if it's learned anything from HP, there's a surefire way to rid itself of remaining BlackBerry PlayBook inventory: sell 'em for a loss. After the unloved slate went on sale in its native land, Americans can now save up to $400 on a PlayBook through February 4th. RIM's official webstore is offering the 16GB, 32GB and 64GB model for $299, leaving us to wonder who would ever choose the smaller two if all three remain in stock. In related news, those who take the company up on the offer can now gain access to the Android Market with a few choice moves. The fine folks over at CrackBerry have detailed the process, which requires a rooted PlayBook, WinSCP, the latest version of Cyanogen Google apps and a fair amount of patience. Naturally, not all Android apps will actually work on the device, but it's a lovely hack for a sure-to-be-sluggish week in your workshop. Hit the links below to learn more.
PlayStation Vita shown running Sega Genesis titles (video)
Still mulling whether or not to pick yourself up a PlayStation Vita? Obsessed with retro gaming titles? If you answered "yes" to both, you should probably start socking away a few extra coins, buster. YouTube user frwololo has just upped a video showcasing the Half Byte Loader running the Picodrive emulator on Sony's PS Vita -- the first major proof that this kind of wizardry is indeed a possibility. The nuts and bolts of how it happened are being kept under wraps for now, and he seems certain that Sony's inbuilt security will make the mod unusable as soon as it's released. That said, there's still a lot of hope to be found in the clip just after the break, and c'mon -- who doesn't need a little hope to kick off a year where we're all supposed to perish?
WindowBreak Project seeks universal developer unlock tool for Windows Phone (video)
The developer known as Jaxbot is becoming quite familiar around these parts, who's known for bringing instant app resuming and multitasking to Windows Phone -- long before these features had gone mainstream. Now, he's back at it with WindowBreak, a project that seeks to deliver an interop unlock tool that can be used on any Windows Phone. As you can see in the video after the break, his tool already works on Samsung phones, and now, Jaxbot needs the help of like-minded hackers to perform similar feats with HTC and Nokia handsets. If you're willing to give 'er a go during the holiday weekend, just check the source links below.
Trion Worlds customer database hacked, 'no evidence' credit card info stolen
Trion Worlds has become the latest in a long string of MMO studio security breaches this year, as the company reported an intrusion into its customer database. At risk of compromise were customers' user names, passwords, birthdates, email and billing addresses, and partial credit card info. However, the company states that "there is no evidence" that full credit card numbers were stolen at this time. In a message posted on the Trion Worlds website, the company promises that it is both researching the intrusion and taking steps to increase security. As part of this, all RIFT players will be asked to change passwords and security questions, and their mobile authenticators will need to be reconnected. The company urges customers to watch their bank statements for questionable activity, and provides customers with resources to get a free credit report and putting a freeze on credit reports. To compensate customers for the issue, Trion is providing all RIFT players with three extra days of gaming time and a Moneybags' Purse that increases all money looted by 10% in-game. [Thanks to everyone who sent this in!]
Portable Jaguar modder gives Ben Heck a run for his compact gaming money (video)
We bet you thought Ben Heck's Atari Jaguar mod would be the first and only portable hack of the ill-fated "64-bit" game system you'd ever see. Well, you were wrong. User Evil Nod, over at the Made by Bacteria forums, has whipped up a rather impressive compact console using the seemingly ubiquitous PS1 screen as a display. At about 1.75-inches thick, it's a bit bulkier than Heck's build, but it also doesn't have a giant battery or cartridge slot hanging off the back -- everything is tucked neatly away inside the textured black shell. Check out the source links for a build log and a few more photos of the finished product. You'll also find a bonus video of the prototype after the break.
Square Enix Members server hacked, personal info possibly compromised
Square-Enix has sounded the klaxons and let out the guard dogs in response to an "unauthorized access" on one of its Square Enix Members servers. The web service was taken offline in North America and Japan while the company investigates the situation and determines how serious the problem is. Fortunately, it doesn't appear as if credit card information is at stake, although some users' personal information may be: We are assessing the full extent of this potential breach to determine what data, if any, was compromised and will provide more details as soon as possible. While some personal information may have been accessed, we can confirm that there is no possibility of any credit card information leak from this incident, since the server in question stores no credit card information. We estimate that the suspension will continue for a few days until we complete our investigation and counter-measures. We will update you as we learn more. Square Enix Members is a loyalty program that dishes out rewards in exchange for players who register Square-Enix games with the service. The website does store users' names, addresses, usernames, and passwords.
BlackBerry PlayBook gets root thanks to childishly named DingleBerry tool
It's been a long time coming, but the PlayBook has finally been rooted. Devs neuralic, xpvqs and Chris Wade have been hard at work and have finally discovered a persistently exploitable hole that enables unfettered root access to the PlayBook. The culmination of their efforts, DingleBerry, hasn't been released just yet, but it should be hitting the series of tubes in the not too distant future. Obviously having super user access opens a world of possibilities to developers, but there are some immediate advantages too. For one, with DingleBerry the creators were able to re-enable web access to Hulu -- not only bypassing the lack of an app, but skipping the usual requirement of a Plus account for mobile consumption. Head on after the break to see the hack in action.
Google Wallet unofficially finessed into Galaxy Nexus, complete with complimentary cash
Galaxy Nexus owners may start looking to their phone whenever that pesky bank account is dying for some hurt. Although Google's latest smartphone doesn't officially support its mobile payment scheme, a few clever developers have introduced a functional workaround. Early reports suggest that Citi MasterCards can't be added (yet), but thankfully, the gratis Hamilton courtesy of Mountain View comes without a hitch. To get started, you'll need to unlock your phone's bootloader and install MoDaCo's custom ROM. From there, a Google Wallet patch must be applied, and its permissions then changed. The process isn't exactly for the faint of heart, but we know our readers are more than capable -- you'll find instructions in the source. Best yet, the crew at BGR verified this newfound functionality by purchasing enough sugar to make our teeth hurt. And why not? After all, it was on Google's dime.
MapleStory breached, 13 million accounts exposed
The famously hacked Sony has a sympathetic shoulder this week, as Nexon recently discovered a massive breach that's exposed over 13 million MapleStory player accounts to cyber ne'er-do-wells. Discovered this past Thursday, the breach was solely limited to South Korea, as Nexon hosts separate countries on their own servers. This means that any South Korean MapleStory player's information is at risk, including user IDs, names, passwords, and residential registration numbers. This information could potentially be stolen and used for a variety of crimes. While there's been no word whether actual personal information has been stolen, Nexon nevertheless urged these 13+ million subscribers to change their passwords. The company has contacted the police to ask for a formal investigation. This comes at an unfortunate time for the company, as Nexon is poised to present its IPO on the Tokyo Stock Exchange in December.
SiriProxy enables voice control of third-party apps (video)
If you'll rewind your mind in time to earlier this week, you might remember a clever proxy server from @plamoni that enabled Siri's control of a thermostat through spoken commands. Now, the same bit of engineering has been exploited to enable voice control of third-party applications. In this example, FastPdfKit Reader is manipulated by various commands with SiriProxy acting in the middle. A plugin is used to add new commands to the ones recognized by Siri, and finally, the proxy then sends the final commands to the app. Those hoping to get hacking will find a complete list of instructions from the source link below. For everyone else, you'll find the true magic after the break.
Exploit discovered in Siri servers, promises cross-platform access to the foolhardy
A few clever folk have had some fun with Siri lately, first by making it do the time warp with the Fat Mac and then by shoehorning it into an iPhone 3GS. Neither development is quite so intriguing, however, as a purported exploit that enables any device to access to Siri's remote server. While this certainly holds great potential for Siri apps on numerous platforms, the mystical floodgates to the masses are unlikely to open any time soon. You see, the hackers have since learned that for seamless communication to take place, a unique identifier from an iPhone 4S must be provided to the mothership in Cupertino. While it's certainly feasible to spoof these bits from an existing device, it's also likely that Apple would simply blacklist any "unique" identifiers submitted en masse. In other words, unless you have a very trusting friend who's willing to risk her handset join the naughty list, your best bet is to purchase an iPhone 4S -- simply for the identifier alone. At any rate, it seems like a steep price to find a locksmith.
Motorola Droid RAZR rooted -- watch out for rough edges
First it was the Kevlar-coated hardware, and now Android enthusiasts have cracked open the software edges of Motorola's latest Android baby. Yes, that dual-core slice of smartphone that is the Droid RAZR can now be rooted, but there is a catch. The Windows-only program won't let you reverse the deal once you've taken the hack-friendly plunge, even if you're unfortunate enough to hit a soft brick wall. You can check out the directions in the source link below, but we're wagging our finger of caution right now -- you've been warned.
Gabe Newell confirms Steam security compromise
A few days ago we reported that Valve's Steam forum security had been compromised. A letter from Valve head-honcho Gabe Newell today confirms this fact and reveals that the intruders also gained access to a Steam database that contained a ton of personal information, such as usernames, encrypted passwords, email addresses, and encrypted credit card information. Newell adds that there is currently no evidence that any of that information was actually taken by the intruders or that credit card numbers or passwords were cracked. Steam users will be required to change their forum passwords when the forums are opened back up. While the company claims that no Steam accounts have been compromised, if your forum password was the same as your account password, a change would likely be a good idea.
Valve's Steam forum security compromised
Valve is the latest gaming company to suffer a security breach during the hackathon that is the year 2011. What's that got to do with MMOs, you say? Well, the company's Steam digital download service offers access to a ton of our favorite virtual worlds, and it has thus far seemed relatively secure. Kotaku reports that the Steam forums were hacked last night, with the paper trail leading to a cracker website known as Fknowned.com. The gentlemen in question are of course denying all responsibility for the mischief, and thus far Valve has offered no comment on the situation. It's worth noting that the Steam forum account info is separate from the actual Steam service account info, but it's also likely that some users employ identical sets of credentials. We'll keep you posted as we learn more.
Order & Chaos security compromised, accounts hacked
Bad news for Order & Chaos Online players today. It would appear that the popular mobile MMO from Gameloft is suffering from some security issues resulting in a number of players' accounts being compromised. The issue seems to be stemming from two major holes in the game's security. There is reportedly an exploit with Gameloft's website which allows players to change another player's password, and usernames and passwords are sent between the client and server in plain text, which makes it a breeze for anyone with the smarts to run interception. Hopefully these issues will be fixed soon, but until then, stay tuned in the event that more develops. [Thanks to Andrew for the tip!]
Sony Reader PRS-T1 hacked to expose Android, run other e-reader apps (video)
We knew that lurking under the e-ink screen gracing the front of Sony's PRS-T1 reader was some version of Android. What was unclear, was whether or not we'd ever be able to actually get a peek under its highly customized skin and a chance to start poking its open-source innards. Well, thanks to one intrepid hacker, we're almost there. YouTube user vladboroda has managed to install AWD.Launcher and a host of other apps on the Reader and actually got some of them up and running. You won't be able to play Angry Birds on its 6-inch touchscreen (yet...) but it is capable of running other e-reader apps, like FBReader, and there is access to the terminal. It's not quite enough that we'd start referring to the PRS-T1 as a tablet just yet, and the hack still isn't available to the public, but work is progressing and we're sure it'll have you browsing the web and slingshotting aggravated avians in no time. Check out the video after the break.
Sony locks 93,000 PSN and SOE accounts due to 'massive' hack attempt
Sony's not having a good morning. In addition to having to recall 1.6 million Bravia TVs, it's also been forced to temporarily lock 93,000 customers out of their PSN and Sony Online Entertainment accounts. You won't be surprised by the reason: an attempt by hackers to "test a massive set of sign-in IDs and passwords" against Sony's network database. Some of the affected accounts showed "additional activity prior to being locked" and are being investigated. On the flip-side, Sony's Chief Information Security Officer, Philip Reitinger, stressed that most of the hackers' details resulted in failed logins and in any case credit card details are not at risk. Users are being told to expect an email if they've been affected, which will contain further instructions. Has Sony finally realized the value of timely communication?
Hackers compromise 33,000 SOE accounts
Sony's hacking woes continue today, as intruders today have attempted -- and, in some cases, succeeded -- to access the giant corporation's accounts. Chief Information Security Officer Philip Reitinger posted a letter on several SOE forums informing players that their accounts may have been compromised. The good news is that less than 0.1% of Sony's entire playerbase has been affected. The bad news is that that leaves around 33,000 SOE players -- in addition to Sony Entertainment Network and PlayStation Network customers -- whose accounts were hacked. Following the intrusion, Sony temporarily locked the accounts and is investigating the situation. "Only a small fraction of these 93,000 accounts showed additional activity prior to being locked," Reitinger said. He assured customers that credit card numbers were not leaked and that any purchases made during this intrusion will be restored. SOE customers with locked accounts will receive an email with instructions on how to validate their credentials and restore their service.
