hacker
Latest
Apple targeted by hackers
Reuters is reporting that Apple has been targeted in a cyber-attack. Apple announced the breach this morning, noting that malware had targeted a "limited number" of Mac systems. Reuters notes that the same hacker group is suspected of an attack on Facebook machines last week. In a statement the company made to The Loop, Apple said that the malware infected the systems through a vulnerability in the Java browser plug-in. "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware." Macs with OS X Lion and Mountain Lion installed ship without Java, and OS X currently disables Java if it is unused for 35 days. Apple will release an updated Java malware removal tool today that will check Mac systems and remove this particular malware if it is found.
Suspect found guilty in 2010 iPad user info leak
Andrew Auernheimer, one of two people charged last year with leaking the email addresses of 114,000 iPad users with AT&T data plans, has been found guilty on two felony counts by a federal court in New Jersey. Auernheimer is facing 10 years for fraud and conspiracy to access a computer without authorization. The other defendant in the case, Daniel Spitler, accepted a plea deal last year. Auernheimer and Spitler, part of a group calling itself Goatse Security, discovered a method for getting AT&T's website to provide them with iPad customer email addresses by inputting a legitimate SIM card ID number. Prosecutors in the case used extensive IRC chat transcripts to convince a jury that the two released the email addresses in an attempt to harm AT&T. For its part, the company fixed the flaw after it was exposed to the public. In a tweet, Auernheimer said that he intends to appeal the verdict. [Via Gizmodo]
Blizzard lowers the boom on Diablo III cheaters
Blizzard's had all it can stands, and it can stands no more. The studio is taking aggressive action against botters and cheaters in Diablo III, reporting that it's gone through "several rounds of account bans" against such players. The studio also used the ban announcement as an excuse to clarify its position on hacks and third-party software. If you're curious about what steps over the line that Blizzard has in mind, wonder no longer. Beyond allowing some players to get away with an unfair advantage over others, cheat programs reportedly cause instability and performance issues with client software and Battle.net at large. "We strongly recommend that you avoid using any third-party software which interacts with Diablo III," Blizzard posted, "even if you are accessing that software from a reputable third-party site-as doing so can result in permanent ban from the game."
JailbreakMe hacker Comex let go by Apple after failing to respond to offer letter
After developing JailBreakMe, cracking such devices as the iPad 2 or iPhone 4 and finally scoring a paying intern gig with his nemesis, hacker Comex tweeted that he's no longer working at Apple. Also known as Nicholas Allegra, the talented coder's Cupertino situation apparently came asunder when he failed to respond to an email offer to re-up with the company, though he also told Forbes that the situation was more complicated than that. He added that "it wasn't a bad ending," and that he has fond memories of his Apple experience, but if you're hoping the Brown University student will have an iOS 6 jailbreak soon, don't hold your breath -- he's concentrating strictly on his studies, for now.
David Schuetz cracked the case of stolen iPhone UDIDs
Earlier this week, Blue Toad publishing confirmed that it, and not the FBI, was the source of 1 million UDIDs leaked by hacker group AntiSec. The company was tipped off by mobile security expert David Schuetz of Intrepidus Group, who spent days poring through the data and discovered references to Blue Toad and its employees. It's an impressive piece of work by Scheutz, who details how he discovered the Blue Toad link in a lengthy blog post on Intrepidus Group's website. His story is well worth the read when you have a few minutes to spare. [Via Apple 2.0]
Blue Toad publishing claims itself as source of leaked UDID database
According to a report in NBC news, a small publishing company is the source of Apple UDIDs leaked by hacker group AntiSec. AntiSec and Anonymous claimed the UDIDs were stolen from an FBI employee's laptop, but the governmental agency denied that it was the source the leak. Paul DeHart, CEO of Blue Toad publishing company, told NBC News that his company compared the leaked Anonymous database with its own database and found a 98 percent correlation between the two datasets. DeHart did not provide details, but said forensic analysis by his company showed the data a had been stolen within the past two weeks.
FBI and Apple separately deny being source of leaked iPhone UDIDs
Yesterday, hacker group AntiSec released 1 million UDIDs from a pool of 12 million that it allegedly obtained from an FBI-issued laptop. The group used this high-profile leak to accuse the FBI of spying on the American public. Late on Tuesday, the FBI responded to AllThingsD with its own statement that says it was not the source of the leak. The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data. The FBI re-iterated this statement on its Twitter account with a strong denial that says, "We never had [the] info in question. Bottom Line: TOTALLY FALSE." Apple also chimed in and said it did not give the UDIDs to the FBI or anyone else. Apple spokesperson Natalie Kerri told AllThingsD that, "The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID."
Hackers reportedly leak 1M iOS UDIDs (updated)
Update: The New York Times reports that F.B.I has released a statement saying there's no indication that an FBI laptop was compromised or that the FBI sought out the data to begin with. Hacker group AntiSec claims to have 12 million iPhone and iPad UDIDs it obtained during an attack on an FBI agent's compromised notebook, according to a report in The Next Web. It made 1 million of the stolen UDIDs publicly available in a file posted on Pastebin. The UDID is a unique 40-digit code assigned to each iOS device and is often used by developers to distribute beta apps to an iOS device. Besides the UDID, some records in the FBI database also contained names, addresses, mobile phone numbers and other identifying information. The group stripped out most of the personal information from the 1 million leaked records, but left the Apple Device ID, Apple Push Notification Service DevToken, Device Name and Device Type, so users can search for their device. You can find the UDID of your iOS device using these directions and then search for your UDID in the leaked records using this tool at The Next Web. [Via AppleInsider]
Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition
The folks in Mountain View are starting to make a habit of getting hacked -- intentionally, that is. Earlier this year, Google hosted an event at the CanSecWest security conference called Pwnium, a competition that challenged aspiring hackers to poke holes in its Chrome browser. El Goog apparently learned so much from the event that it's doing it again -- hosting Pwnium 2 at the Hack in the Box 10th anniversary conference in Malaysia and offering up to $2 million in rewards. Bugging out the browser by exploiting its own code wins the largest award, a cool $60,000. Enlisting the help of a WebKit or Windows kernel bug makes you eligible for a $50,000 reward, and non-Chrome exploits that rely on a bug in Flash or a driver are worth $40,000. Not confident you can break Chrome? Don't let that stop you -- Google plans to reward incomplete exploits as well, noting that it has plenty to learn from unreliable or incomplete attacks. Check out the Chromium Blog at the source link below for the full details.
Defcon 20 badges meld hieroglyphs, circuitry and cryptography for hacker scavenger hunt
Every year, the world's hacker population descends upon Las Vegas to trade notes, sit in on informational talks and compete in friendly contests -- all in the name of Defcon. But this time out, it's the conference's ever-evolving smart badges that've caught our eye, owing mostly to what lurks beneath. Designed by Ryan Clarke -- the mastermind behind the gathering's Mystery Box challenge -- these hackable IDs, issued according to status (Press, Human, Goons, vendors, etc), come embedded with an LED, a multi-core processor, IR transmitter and accompanying hieroglyphic graphic. But that's not all that makes these high-tech tags so special. Turns out, each one contains a game, buried within its open source software, that's encoded with several cryptographic, linguistic and mathematical layers. Shying away from hardware-focused hacks of the past, Clarke built this year's scavenger hunt-like game to be more inclusive of attendee skills, as it'll force conference-goers interested in cracking its code to break down social barriers and collaborate with other highly-specialized nerds. What's the end game, you ask? Well, according to Clarke, the puzzle is a continuation of last year's secret agent story (played out by a real-life actor) involving "a [mysterious] society of computer elites." It's not the sort of payoff we'd be after -- something greener and covered with a certain Ben Franklin's face would suffice -- but it sounds intriguing enough. Click on the source below to read more about the makings of this geek sport. And may the pastiest neckbeard win!
Apple to present at Black Hat conference
This Thursday, Apple is poised to do something its never done before --- give a formal presentation at the Black Hat security conference. According to Bloomberg, Dallas De Atley of Apple's platform security team will give a presentation on iOS security to the hackers in attendance. This isn't the first scheduled showing by an Apple representative. A panel presentation by Apple employees was slated for Black Hat 2008, but the event was abruptly canceled when the marketing department found out about it. This bit of trivia comes from Black Hat general manager Trey Ford who discussed the matter with Bloomberg. Black Hat 2012 is significant as the security conference is celebrating its 15th anniversary. Five of the speakers from the first Black Hat event are returning and will present their vision of security for the next 15 years. You can follow the events via Black Hat's twitter account or its Facebook account. Images will be posted on its Flickr account as well. [Via Bloomberg]
Bug-zapping lightsaber built in minutes, ready to fry pests
Simulated Jedi training not passing muster? Something more firmly grounded in reality might fit the bill. Hack a Day's bug zapping lightsaber, for instance, is suitably real -- and what it lacks in actual lasers it makes up for in insect annihilation. As the amalgamation of a Star Wars toy and an electrified bug racket, the zapper saber isn't exactly a looker -- two layers of metal mesh wrap awkwardly around the toy's telescoping blade, secured only by electrical tape and the sheer will of the force. All told, the contraption was constructed in roughly 20 minutes and Hack a Day reckons that more elaborate ones can be crafted with a tad more time and materials. Head past the break to catch the build process in motion.
Ben Heck makes Super Glove mod for Kinect, takes strain out of gestures (video)
Sick of trying to control your 360 using Kinect, semaphore and advanced flailing? Modgod Ben Heck, deciding he wanted to be more Minority Report and less lunatic, has been working on Power Glove 2.0 to improve the console's navigation experience. The prototype glove is tricked out with Arduino, an accelerometer, a gyroscope and some fingertip buttons. With the addition of IR and a little coding magic, the 360's interface can be controlled via subtle gestures, with increased functionality / style points also apparent. Check out the latest episode of The Ben Heck Show after the break for a detailed walkthrough of the project and a demo of the glove in action.
Hacker pod2g to speak and run hacking workshop at JailbreakCon's WWJC
While WWJC's already got a healthy list of special guests to address fellow iOS hackers, word has it that pod2g -- a well-known and good-looking contributor to the iDevice jailbreak scene -- will be the latest guest to join JailbreakCon's show on September 29th. Better still, the self-professed iOS security researcher will be both speaking and running a workshop there, making it all worthwhile for attendees traveling all the way to San Francisco. For those who want to familiarize yourselves with pod2g, hit the Redmond Pie link below to see his interview by JailbreakCon's Craig Fox. Or, you know, you can head over to WWJC to meet the man up close and personal -- just make sure you get a ticket first before it's too late!
Adafruit modder builds Captain Jack's Vortex Manipulator / Leela's wrist-lo-jacko-mator for real
This impressive wrist / forearm cuff is the brainchild of Adafruit forum member and modder Stephanie, who has built a sensor platform into the fashion accessory. The device can monitor the exposure value, track your movements over GPS, measure your galvanic skin response, tell you the temperature, humidity and even doubles as a watch and flash-light. It was built around Sparkfun's Pro Micro development board and a boatload of sensors purchased from Adafruit. We might just build one ourselves with a radiation detector, so that we can live out our Pip-Boy fantasies down at the mall. %Gallery-156412%
Blizzard denies Diablo III authenticator hacking claims
We've been following the mass reports of hackers bypassing passwords and authenticators to rob Diablo III accounts blind, and now we have a new twist on the story. While Blizzard confirmed "an increase in reports of individual account compromises," the studio says it has no hard evidence that hackers have found a way to skirt around the authentication system. Community Manager Bashiok said that the company is taking the claims "extremely seriously" and is investigating the rash of account compromises. "Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand." Blizzard is assisting compromised customers by restoring stolen items and rolling back their accounts. The studio has a post up on its forums to help players protect their accounts and get assistance if theft occurs.
iOS 5.1 untethered jailbreak gets a video demo, not yet ready to meet the public
Moving along a similar path to his previous untethered jailbreak for iOS 5.0, hacker pod2g has followed up announcements of an untethered jailbreak for the iPhone 4 and iPad 3 running iOS 5.1 with a quick demo video (embedded after the break) as evidence. The video shows a jailbroken iPad 3 that manages to stay that way even after a reboot, the key difference from the current tethered hack already available. There's still no word on when the community at large may get a crack at the software, although tweets mention "stabilizing the payload" before taking a crack at the recently released iOS 5.1.1, and that the new Apple TV may not be able to come along for the ride.
Adobe issues security update for Flash player, warns against IE exploit
Internet Explorer associated with an exploit? Color us shocked. Facetiousness aside, it's seriously about time you switched over to Chrome or Firefox (as a mitigation tool; not a foolproof solution), and if you're a desktop user relying on Flash Player, well... it's about time you updated that, too. Adobe has just released a security update for Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x. We're told that these updates "address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system." Adobe specifically mentions an exploit that targets Flash Player on Internet Explorer for Windows, where a user is duped into clicking on a malicious file delivered in an email message. Hit up the source link for more information on getting your system out of The Danger Zone. Which, conveniently, can be looped as you update with a click after the break. [Thanks to everyone who sent this in]
Phi: a wireless re-routing card that puts you in control of the airwaves (video)
For all the talk of convergence in mobile devices, there's relatively little chatter about the coming together of wireless signals themselves. In other words, why should we have a separate device to interact with each type of wireless signal? And so, with that intriguing question, begins the pitch for a new device call Phi. It's a $750 antennae-laden PCIe card that slots into a desktop and gathers up wireless signals that are flying around the home -- so long as they have a frequency below 4GHz and don't involve bank-busting neutrinos. The card then allows custom apps to re-direct those transmissions as you like: potentially acting as a "base station" so you can make free calls from your cell phone, or receiving over-the-air HD transmissions which you can play on your tablet, or doing whatever else hobbyists and devs can cook up. Phi is still version 0.1 and Linux-only while the startup behind it -- Per Vices -- looks for a Kinect-style blossoming of third-party interest, but with nothing less than a deity-like command over the domestic ether on offer, how could it ever fail?
My whole life is a hack: how Geohot owned the iPhone, PS3 and inadvertently rallied hacktivists
George Hotz is no stranger 'round these parts. Better known as Geohot, he first achieved internet fame at the age of 17 with his announcement of a hardware unlock method for the original iPhone. From there, he moved on to even greater notoriety with a PlayStation 3 exploit that quickly attracted the ire -- and legal wrath -- of Sony. Now profiled in The New Yorker, we're given a candid and unique insight into the world of George Hotz, whereby his own admission, he wasn't motivated by an ideology so much as boredom and the desire to control a system. The freedom issues, it seems, were merely an afterthought. George Hotz is unique. We're talking about someone who was programming by age five, building video game consoles by the 5th grade and making appearances on NBC's Today at age fourteen. Like many brilliant adolescents, he experimented with drugs and rebelled against authority. Eventually, the powers that be caught up with him, and George Hotz was sued by Sony on January 11th, 2011. The lawsuit drew the attention of malicious hacker groups such as Anonymous and LulzSec, which retaliated against the company in very public ways. However unintentional, Geohot became the poster child for hacktivists and inspired a movement that quickly grew out of control -- if only more of us could be so productive with our boredom. For an insightful read into one of the most influential hackers of our time, be sure to hit the source link below.
