hacker
Latest
How GeoHot went from winning science fairs to instigating the hacker war
Hackers built the Internet. Throughout the 1970s and '80s hackers altered the Internet from a strictly business communications system for the defense department and librarians into a robust online community for anyone with a computer to use as they pleased. The Internet and computer technology is still evolving, perhaps at a a faster, more public rate today, and hackers are still at the forefront of its design. Hackers such as Geohot, the guy who rooted Sony's PS3 early last year.George Hotz posted the PS3 root key online with a statement reading "I don't condone piracy" in January 2011 and it spread online. Geohot became an unsuspecting martyr in the hacker community when Sony sued him and won an injunction barring him from ever tampering with a Sony product again. Thus began the hacker wars, The New Yorker suggests in a biographical run-down of 2011's events.Hotz was brilliant in science and technology fields throughout middle and high school, winning $15,000 at the Intel International Science and Engineering Fair in 2007 and appearing in Forbes and on The Today Show for his technological achievements.He hacked the PS3 master key while he was high on OxyContin and Vicodin. He didn't condone or participate in any of Anonymous' hacks into Sony's servers, and since his online spotlight has faded he's worked for Facebook, quit and run amok in Panama, and met with Sony engineers curious about his methodology. He has reminders to "Call therapist" on his whiteboard. Geohotz is human, The New Yorker makes sure to point out.The full story is available here, or we figure you can just watch this eerily similar dramatic recreation of an antisocial programmer's rise to fame. They're both human, after all.
2600 Volume 1 released as a DRM-free ebook: phreak like it's 1984
Long-running hacker magazine 2600 has been digging into its archives quite a bit as of late (it began releasing videos of the early HOPE conferences in December), and it's now gone back right to the beginning for its latest offering. It's just released 2600: The Hacker Digest - Volume 1, a DRM-free ebook that collects its first year of newsletters -- reformatted in book form for easier reading, but with every last detail intact (including typos). That's available in both the Kindle and Nook stores, as well as through 2600's own site in plain old PDF form, each of which set you back just under $4. What's more, while there's no firm word on any additional volumes just yet, 2600 says it'll keep them coming if there's enough support for the first one.
Google Wallet gets prepaid security fix, but 'brute-force' issue still hangs in the air
Google says it's fixed a Wallet security flaw that potentially allowed a phone thief to spend a user's prepaid balance. The ability to provision new prepaid cards had been suspended pending the update, but has now been restored. Things aren't quite back to normal in the Big G's world of mobile money, however. Users still find themselves caught between two competing arguments over an entirely different vulnerability, which involves a 'brute-force' attack on rooted devices. Google insists that this isn't a major concern, so long as Wallet users refrain from rooting, and that the system still "offers advantages over the plastic cards and folded wallets in use today." On the other hand, the company that discovered this issue -- zvelo -- has come back at Google with an equally blunt response. It acknowledges that a handset must be rooted to be vulnerable, but crucially its researchers also say that a device doesn't have to be rooted before it's stolen. In other words, they allege that a savvy thief can potentially steal a phone and then root it themselves, and they won't be happy with Wallet until it requires longer PIN number. Whichever argument sways you, it's worth bearing in mind that there's no evidence that anyone has yet managed to exploit these weaknesses for criminal purposes.
Hacker spites Symantec, puts pcAnywhere's source code out in the open
Symantec said that folks running its pcAnywhere utility were at an "increased risk" when it revealed that the company had been hacked and its source codes pilfered, and advised customers to stop using pcAnywhere for the time being. Sage advice, as a hacker with the handle YamaTough -- who's affiliated with Anonymous -- helped do the deed and has now published the code for all the world to see. Apparently, the hacker and hackee had attempted to broker a deal for $50,000 to keep the code private, but neither side negotiated in good faith -- YamaTough always intended to release the code, and law enforcement was doing the talking for Symantec to catch him and his hacking cohorts. The good news is, Symantec has released several patches to protect pcAnywhere users going forward. As for the stolen code for Norton Antivirus, Internet Security and other Symantec software? Well, the company's expecting it to be disclosed, too, but because the code is from 2006, customers with current versions can rest easy.
PSA: Google Wallet vulnerable to 'brute-force' PIN attacks (update: affects rooted devices)
Security hounds over at zvelo have discovered a vulnerability in Google Wallet that means your precious PIN can be "easily revealed." Digging through the app's code and using Google's open resources to reveal its contents, they uncovered a piratical treasure trove of data: unique user IDs, Google account information, and the PIN stored as a SHA256 hex-encoded string. Since this string is known to carry four digits, it only takes a "trivial" brute-force attack involving a maximum of 10,000 calculations to decode it. To prove their point, the researchers made a Wallet Cracker app -- demoed after the break -- that does the job quicker than you can say "unexpected overdraft."Google has been receptive to these findings, but its attempts at a fix have so far been hampered by the need to coordinate with the banks, since changing the way the PIN is stored could also change which agency is responsible for its security. In the meantime, zvelo advises that there are some measures users can take themselves, aside from putting a protective hand over their pockets: refrain from rooting your phone, enable your lock screen, disable USB debugging, enable Full Disk Encryption and keep your handset up-to-date.Update: Google has responded by emphasizing that it's only users of rooted devices who are at risk. In a statement to TNW it said: "We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone."[Thanks to everyone who sent this in.]
Arduino hack turns Space Invaders alarm into Gmail Notifier (video)
Glaswegian engineer Grant Gibson spied a Space Invaders alarm clock being flogged off cheap ($5) and decided it deserved hacking. When activated, the battery-powered unit scuttled left to right, old-school style as it roused sleepy gamers but Mr. Gibson added a little Arduino magic to turn it into a moving Gmail notifier. Stripping out the battery compartment, he installed a USB-powered Arduino Nano, programmed to poll his email and activate the motion whenever he received a new message. The system is ripe for customization, it can be set up to alert when a front door bell is pushed or a notification received on Twitter -- which you'll be allowed to try as he's included all the details on his blog. The project (including the Nano and Alarm Clock) came to $20 and three hours of his time, which we're understandably impressed by. Head on past the break to see the thing in action and then fling yourself (highland-style) down to the source link to learn how to build your own.
Human Birdwings project takes flight (update: hoax)
Just now catching up with the Human Birdwings project? Nice timing. The human flight machine -- built by Jarnos Smeets to rely on a Wiimote and Wildfire S, among other niceties -- has just enjoyed its first moments of liftoff. In essence, the wings were strapped onto a willing Earthling, and as he began to flap his arms... well, it's a sight you need to see to fully appreciate. We'll confess that the "flight" didn't last long, but Jarno himself told us that it was but a first "test run." Promising? Oh, yes. Head on past the break for the vid.Update: The project here has been underway since at least August of last year, but we've requested raw footage of the test flight here to further justify concerns. We'll report back shortly!Update: Shocker, it's fake. And that's that.
The Envision: A portable Gamecube sans disc drive
One of the main problems faced by hackers and modders creating portable versions of home consoles is, well, portability. Making something you can hold in your hands isn't exactly an easy task, but creating something that also fits in your messenger bag is a tall order, especially when hacking together a handheld version of something with a disc drive. ModRetro member Jonathan Shine's solution to this problem is as ingenious as it is simple: If the disc drive is too thick, don't use it. The Envision, Shine's homemade portable Gamecube, kicks spinning media to the curb in favor of an SD card loaded with what we're sure are completely legal and legitimate backups of games he already owns. The device measures approximately 1.375 by 6.5 by 4.125 inches and will run for 2 to 3 hours on a single charge. Check out this thread at ModRetro for complete build specs and more pictures of the finished product. [Thanks, Mason!]
RC car modded with Arduino, controlled by iPad
This is great -- developer Wannes Vermeulen has hacked a toy remote control car with an Arduino board and hooked it up to an iPad to drive it around. You can see video of the project in action over on Vimeo right now. It's not anything too special these days, as you can buy lots of RC vehicles that are controlled with an iPad or an iPhone app, but as a DIY project, it's pretty amazing. There's actually an Android smartphone on the car itself to provide camera information and wifi access, and I believe, according to the description, that it also connects to a laptop, which then sends information to the iPad. So it's a pretty complicated setup, especially given that there are vehicles which will do this out of the box. But making it from all of these pieces is really cool no matter what. [via Make]
Hackers planning homespun anti-censorship satellite internet
SOPA is making ordinary, decent internet users mad as hell, and they're not gonna take it anymore. Hacker attendees of Berlin's Chaos Communication Congress are cooking up a plan to launch a series of homemade satellites as the backbone of an "uncensorable (sic) internet in space." Like all good ideas, there's a few hurdles to overcome first: objects in lower-Earth orbit circle the earth every 90 minutes, useless for a broadband satellite that needs to remain geostationary. Instead, a terrestrial network of base stations will have to be installed in order to remain in constant contact as it spins past, at the cost of €100 ($130) per unit. The conference also stated a desire to get an amateur astronaut onto the moon within 23 years, which we'd love to see, assuming there's still a rocket fuel store on eBay.
Anonymous declares war on Sony over SOPA support
Sony may once again be the target of hacking attacks, but at least this time the company has a little heads-up in advance. The secretive organization of hackers known as Anonymous released a video declaring its intent to strike at Sony over Sony's support of the controversial Stop Online Piracy Act (SOPA). The video contains your usual vague proclamations of doom and ego-boosting statements, although with Anonymous' past activity, it will be hard to ignore the threat. The collective of hackers were thought to be at least partially responsible for the attack on Sony earlier this year that forced the company to take its network and games offline. SOPA is a proposed U.S. bill that would allow law enforcement to combat pirated digital goods by shutting down websites and blocking payments to site owners. While the bill is supported by Hollywood, the music industry, and some major game companies, SOPA opposers worry that the bill will infringe on First Amendment rights and permanently harm the internet. You can watch the Anonymous declaration after the jump.
Hacker builds allegedly pointless data network out of Lego train set
How can we appreciate bullet-quick SSDs and fiber networks without pausing -- at the year's end -- to appreciate where it all came from? We should think back to before the birth of modern computing, even before the telegraph, to a time when bits of data were forced to travel everywhere by train. A hacker named Maximilien has now recreated that locomotive golden era using Lego, Arduino and Linux, and what his system lacks in bandwidth it more than makes up for in historical relevance. A USB flash key is borne by miniature railway carriage from station to station, stopping at each one to unload or pickup information and thus creating its own barebones networking protocol. Click the source link to appreciate the full museum piece.
Human Birdwings combines Wiimote, smartphone in DIY flying initiative (video)
Somewhere, somehow, the Wright Brothers are smiling. Jarnos Smeets, a mechanical engineer from the Netherlands, has been plugging away on his Human Birdwings project for many, many months now, and his latest breakthroughs are absolutely worthy of a peek. Put simply, the bloke has married an HTC Wildfire S, a Wii remote and bookoodles of software genius in order to create a set of wings that are controlled by a human waving his arms as if to fly. As these things tend to go, it's all better explained in video, two of which are hosted up after the break. There's no capture just yet of Jarnos taking off himself, but at this rate, he'll probably be giving Santa a run for his money around this time next year.
Yifan Lu jailbreaks Kindle Touch, uses a special MP3 file to do so (video)
We've seen a fair share of Kindle Jailbreaks over the past few years, but Yifan Lu's (evidently the first) for the Kindle Touch is certainly novel in its approach. As The Digital Reader points out, a sizeable chunk of the Touch's software is essentially a string of pseudo HTML5 and JavaScript webpages -- differentiating it from Kindles prior -- which led Lu to notice an exploit rooted in its browser. It's there where he found a function titled nativeBridge.dbgCmd(), which'll run any ol' shell command as root. Armed with that knowledge, Lu crafted the jailbreak by cramming his payload of HTML and JavaScript into the ID3 tags of an easily downloadable MP3 file. There isn't much to be gained from "playing" that MP3 just yet, but Lu's looking forward to developers using the tools needed to write programs for the device. Full details about the jailbreak can be found at source link below, but before you head off, you can catch the video proof after the break.
Use iFaith v1.4 to downgrade to iOS 5.0
The jailbreakers among you are probably anxiously awaiting the first untethered iOS 5 jailbreak promised by pod2g and MuscleNerd. However, if you've upgraded to iOS 5.0.1, you'll be out of luck because the first untethered jailbreak will be for iOS 5.0 only. Nothing later. In iOS 4 and earlier, you could simply restore your iPhone to the base version of the firmware (ie: 4.0), but with the introduction of iOS 5, Apple made it so that once you upgraded the OS to a later version (ie: 5.0.1) it was impossible to downgrade via a restore to the base firmware. However, as Morpheus from the Matrix said, some rules can be bent and others broken. Hacker iH8sn0w has released a (currently) Windows-only tool called iFaith that allows users to downgrade to iOS 5.0. This will enable users to then apply the future untethered jailbreak patch to their iOS 5 device. For those of you who are interested in how iH8sn0w accomplished this feat (using SHSH blob vulnerabilities) you can check out this short YouTube video. [via Engadget]
iFaith v1.4 allows downgrade to iOS 5.0, jailbreaker's dream come true
In the game of Apple versus the jailbreakers, Cupertino threw the community a curveball with iOS 5's newly restricted downgrade system which blocks devices from restoring to old 5.x firmware. With the help of his noble steed iFaith (a custom Windows tool), hacker iH8sn0w has found a way around the firmware block, making it possible for dumped iOS 5 signature hash blobs (SHSH blobs) to permit unsigned restores. Why all the fuss about downgrading to prohibited firmware? Prominent iOS hackers MuscleNerd and pod2g have stated that the first untethered jailbreak will arrive on iOS 5.0 and, as such, may require iFaith's downgrade process to facilitate user restores. While the jailbreak is still under construction, iFaith should assure disheartened users in the community that all is not lost. Want to learn about blobs, blobs, and more blobs? Continue past the break to view iH8sn0w's informative video.
Man on vacation confused for a Russian spy, almost restarts cold war
Threats of Russian espionage can come from the unlikeliest of sources, as Jim Mimlitz, owner of Navionics Research, a small integrator firm, knows only too well. Curran Gardner Public Water District, just outside of Springfield, Illinois, employed Mimlitz's firm to set up its Supervisory Control and Data Acquisition system (SCADA), and the spy games began when Mimlitz went on vacation in Russia. While there, he logged into the SCADA system to check some data, then logged off and went back to enjoying Red Square and the finest vodka mother Russia has to offer. However, five months later a Curran Gardner water pump fails, and an IT contractor eyeballing the logs spots the Russian-based IP address. Fearing stolen credentials, he passes the info up the chain of command to the Environmental Protection Agency (as it governs the water district) without bothering to contact Mimlitz, whose name was in the logs next to the IP address. The EPA then passed along the paranoia to a joint state and federal terrorism intelligence center, which issued a report stating that SCADA had been hacked. Oh boy. A media frenzy followed bringing all the brouhaha to Mimlitz's attention. After speaking with the FBI, the massive oversight was identified, papers were shuffled, and everyone went about their day. So, next time you delete all your company's e-mail, or restart the wrong server, remember: at least you didn't almost start World War III. Tap the source link for the full story. [Image courtesy Northackton]
Blu-ray video encryption cracked using $260 kit
When a master key for HDCP encryption surfaced last year, Intel hardly broke a sweat. It declared that nobody could use the key to unlock Blu-rays or other protected sources unless they got into the semiconductor business and "made a computer chip" of their own. Oh Mann, didn't they realize? That sort of language is like a red rag to a German post-grad, and now Ruhr University's Secure Hardware Group has produced the ultimate rebuttal: a custom board that uses a field programmable gate array (FPGA) board to sit between a Blu-ray player and TV and decode the passing traffic. Student price: €200, and no silly bodysuits required.
Arduino hacker conjures NES and Etch-a-sketch wonderment (video)
You never know when that creative spark will ignite in your brain and compel you to sketch out some ideas. But when that genius moment finally arrives, you might consider grabbing your original Nintendo controller, quickly wiring it up to an Arduino board, connecting that to some motors and then using those to drive the dials on an Etch-a-Sketch. Modder Alpinedelta32 tries it in the video after the break and it turns out to be a breeze -- and so much more tactile than other idea-capturing devices.
Feds deny hacking caused Illinois water pump failure
Did a hacker or group of hackers, possibly in Russia, manage to physically destroy a water pump in Springfield, Illinois? That was the word last week, when reports spread that hackers had managed to take control of the water plant's Supervisory Control and Data Acquisition System (or SCADA), which gave them the ability to repeatedly turn the pump on and off and eventually burn it out. Now, however, both the FBI and the Department of Homeland Security say that their investigations have found no evidence of hacking or malicious activity, and that earlier reports were based on "raw, unconfirmed data." As you might expect, that explanation isn't quite being accepted by everyone, including Joe Weiss, the security researcher who first reported the incident. You can find his comments on Wired's Threat Level blog linked below.
