hacker
Latest
Arduino geek develops Cold War Angst, starts spying on satellites (video)
Start with some Arduino and Gameduino hardware, add a splash of PLAN-13 satellite tracking software from 1983, and finish with a healthy dose of libertarianism. The result? A neat little hack called Angst, designed and built by Mark VandeWettering (aka Brainwagon). It can store details of up to 750 satellites on 128KB of EEPROM memory and display their predicted orbits in all the glory of SVGA. Don't get lazy though -- the most reliable way to track those pesky snoops in the sky is still to don your anorak, step outdoors and snoop right back.
Water pump reportedly destroyed by SCADA hackers
The FBI and DHS are investigating damage to a public water system in Springfield, Illinois, which may have been the target of a foreign cyber attack. There's no threat to public safety and criminal interference has not been officially confirmed, but a security researcher called Joe Weiss has reported evidence that hackers based in Russia are to blame. He claims they accessed the water plant's SCADA online control system and used it to repeatedly switch a pump on and off, eventually causing it to burn out. Coincidentally, a water treatment facility was publicly hacked at the Black Hat conference back in August, precisely to highlight this type of vulnerability. If there are any SCADA administrators out there who haven't already replaced their '1234' and 'admin' passwords, then they might consider this a reminder.
The Engadget Interview: Dr. Charlie Miller
Dr. Charlie Miller -- a man who has been covered extensively here at Engadget -- snagged a doctorate in Mathematics from the University of Notre Dame. He spent five years working on cryptography for the National Security Agency. And, after heading into the wilds of security analysis, he was the first to find a bug in the battery of the first MacBook Air, various bugs within Mac OS X and the Safari web browser and assorted bugs within iOS itself, all while racking up thousands of dollars in hacking contest prize money. PWN 2 OWN over: MacBook Air gets seized in 2 minutes flat The Pwn2Own trifecta: Safari, IE 8, and Firefox exploited on day 1 Linux becomes only OS to escape PWN 2 OWN unscathed Last week, this came to a head, as Miller created a controversial proof of concept application that both proved the existence of an iOS security hole as well as got him expelled from the App Store's developer network. Given that he's driven Apple Inc. somewhat nuts over the past few years, we sat down with the good doctor to see how he felt about Apple, iOS, security, technology, sandboxing, the pros and cons of modern security and the ups and downs of one of the weirdest career paths for any aspiring technologist today. Join us after the break for the full interview in both textual and audio form.
Valve: Steam user database hacked, no evidence of personal info taken
In a message sent to all Steam users by Valve's Gabe Newell, it was revealed that the vandalizing of the Steam forums, which occurred on November 6, was followed by an intrusion on "a Steam database." The hacked database included usernames, "hashed and salted" passwords, transcripts of game purchases, email and billing addresses, and encrypted credit card info. The message specified that Valve doesn't have any evidence of the intruders taking the credit card numbers or any other "personally identifying information," or that the encryption on said numbers or passwords had been cracked. The company is investigating the incident, but because a few forum users have been compromised all users must change their passwords during their next forum visit. Steam users aren't forced to change their passwords, but are encouraged to do so, especially if they match their forum passwords. Also, if your bank account, Paypal account, PSN, Xbox Live, email, AIM or, you know, anything, shares your forum password, you should probably change that too -- and then you should probably just move into a log cabin in the woods for a while. You can read Newell's full message after the break.
Jailbreakers unearth hidden panorama mode in iOS 5 camera app
Somewhere deep within the bowels of iOS 5 lurks a panoramic camera function, and hacker Conrad Kramer has unlocked it. The trick, according to Kramer (AKA Conradev), is to set the "EnableFirebreak" key to "Yes" within an iOS preference file. Alternatively, you could just grab fellow hacker Grant Paul's Firebreak tweak, which just hit the Cydia storefront this morning. Once installed on your jailbroken phone, Firebreak will allow you to take full panoramic shots directly from the iOS interface, as pictured above in Paul's screenshot. No word yet on if or when Apple plans on flipping this function live, but in the meantime, you can check out the links below for more details. [Thanks, Charlie]
Siri port now talking to Apple servers, avoiding Cydia
A little cajoling from a clever developer got Siri talking to the iPhone 4 and the iPad, but Apple's tight-lipped servers kept the conversation effectively one-sided. The last-gen port was still missing something, and developer Steven Troughton-Smith knew where to find it: a jailbroken iPhone 4S. In an interview with 9to5Mac, Troughton-Smith said that getting Siri to talk to Cupertino's data servers only took ten minutes after he had all of the pieces in place. Ready for your personal assistant port? Hold the phone, the process is a bit dodgy -- our hacking hero said that getting Siri on the older device is a 20-step process, and it requires files from the iPhone 4S that he says aren't his to distribute. When asked about distributing the hack over Cydia, Troughton-Smith said it was something he couldn't be a part of. On Twitter he suggested that a release would "anger the hive," but promised to post detailed notes on the hack after a iPhone 4S jailbreak drops.
How Arduino got its start: a behind the scenes revelation
Plenty of tales have cropped up through the years focusing on the roots of Arduino -- a tiny circuit board that holds a special place in the heart of every modern-day DIYer -- but a recent expose from the folks at Ieee Spectrum has a behind-the-scenes look that'll impress even historians. Massimo Banzi is the name, and Bar di Re Arduino is the place. The former is hailed as an Italian cofounder of the project he dubbed Arduino in honor of the latter, and in time, four more folks would join him to create what would become a complete gamechanger in the universe of homegrown electronics. We've covered initiatives built on Arduino for years here at Engadget. Everything from sigh collectors to early warning systems for pastry chefs has been built around the platform, and the story of how we got to the place we are now is a fascinating one. We won't introduce any spoilers here -- tap that source link below to enjoy at your own pace.
Siri shows up on an iPod Touch, no longer plays favorites in the iOS family
That Siri gal is certainly making the rounds these days. When she's not answering your questions on a 4S, she's showing up on iPads and elder iPhones. Not one to play favorites, Siri's now lending her considerable talents to an iPod touch. Two enterprising young hackers, euwars and rud0lf77, are the ones who put Siri on the iPod, and you can see the results of their labor in the video after the break. Of course, Apple's servers still aren't as friendly as the virtual voice assistant, so Siri's latest cameo remains a silent one -- but some Siri's better than none, right?
Siri ported to iPad, still getting silent treatment from Apple servers
Developers wasted no time bringing Siri to the iPhone 4, and nine days later, it's been brought to the iPad as well. This version, running on a first-generation jailbroken Apple tablet, suffers from a similar problem as past non-iPhone 4S ports: it's still not talking to Apple's data servers. This means that until devs manage to get voice commands recognized and initiated, the iPad's unofficial virtual assistant will remain effectively gagged.
Siri ported to an iPhone 4, old phone learns a new trick (Update: Better performance!)
Apple's iPhone 4 may not have the fancy dual core CPU of its successor, but thanks to the efforts of developer Steven Troughton-Smith and the folks at 9to5 Mac, it may soon have Siri. The port of the sultry voice assistant was accomplished by using the 4S Siri and Springboard files, and some serious elbow grease, no doubt. As you can see in the video below, it's far from perfect, but it can recognize spoken commands without issue. Currently, the hack is missing an iPhone 4 GPU driver that keeps things running buttery smooth on the elder phone, and Cupertino won't authenticate Siri's commands coming from it either. So, it isn't quite ready for primetime, but it should only be a matter of time before all you iPhone 4 owners can tell Siri what to do, too. Update: And in the space of just a few hours, Mr. Troughton-Smith has already managed to improve performance of the app on the iPhone 4 significantly, although Apple's servers are still unreachable. Check out a newer YouTube video showing off some seriously smooth scrolling action after the break. [Thanks, Ramzi]
Sony locks 93,000 PSN and SOE accounts due to 'massive' hack attempt
Sony's not having a good morning. In addition to having to recall 1.6 million Bravia TVs, it's also been forced to temporarily lock 93,000 customers out of their PSN and Sony Online Entertainment accounts. You won't be surprised by the reason: an attempt by hackers to "test a massive set of sign-in IDs and passwords" against Sony's network database. Some of the affected accounts showed "additional activity prior to being locked" and are being investigated. On the flip-side, Sony's Chief Information Security Officer, Philip Reitinger, stressed that most of the hackers' details resulted in failed logins and in any case credit card details are not at risk. Users are being told to expect an email if they've been affected, which will contain further instructions. Has Sony finally realized the value of timely communication?
Growing Up Geek: Ben Heck
Welcome to Growing Up Geek, an ongoing feature where we take a look back at our youth and tell stories of growing up to be the nerds that we are. Today we have Hacker Extraordinaire (and host of his own show), Benjamin J. Heckendorn! As a kid growing up in Richland Center, WI, I sometimes had to be extra creative in finding things to occupy my time, and my creativity naturally gravitated toward all things technology. Soldering, erector sets and deconstructing toys were the epicenter of my young life. Taking things apart to find out how they worked was essentially a rite of passage for me to becoming the geeky man I am today. I got my first taste of programming in elementary school on a collection of even-then old Apple II's, but I really got into it wholesale when, at age 11, I got my first computer - an Atari 800. While still ancient for the time, I did a lot of programming on it and learned a lot of fundamentals that are useful to this day.
NC State researchers team with IBM to keep cloud-stored data away from prying eyes
The man on your left is Dr. Peng Ning -- a computer science professor at NC State whose team, along with researchers from IBM, has developed an experimental new method for safely securing cloud-stored data. Their approach, known as a "Strongly Isolated Computing Environment" (SICE), would essentially allow engineers to isolate, store and process sensitive information away from a computing system's hypervisors -- programs that allow networked operating systems to operate independently of one another, but are also vulnerable to hackers. With the Trusted Computing Base (TCB) as its software foundation, Ping's technique also allows programmers to devote specific CPU cores to handling sensitive data, thereby freeing up the other cores to execute normal functions. And, because TCB consists of just 300 lines of code, it leaves a smaller "surface" for cybercriminals to attack. When put to the test, the SICE architecture used only three percent of overhead performance for workloads that didn't require direct network access -- an amount that Ping describes as a "fairly modest price to pay for the enhanced security." He acknowledges, however, that he and his team still need to find a way to speed up processes for workloads that do depend on network access, and it remains to be seen whether or not their technique will make it to the mainstream anytime soon. For now, though, you can float past the break for more details in the full PR.
F-Secure reports Mac trojan poses as PDF
Security firm F-Secure has unearthed a troubling trojan for Macs that hides itself as a PDF, only waiting until the file is opened up and displaying some Chinese characters before it dives into your Mac's hard drive and sets up a backdoor control. Currently, according to F-Secure, the backdoor doesn't actually do anything harmful, but obviously that could change in the future, either if the original hackers take advantage of the trojan, or if someone else does. F-Secure says that the trojan currently doesn't have an icon associated with it, so in the current spotted form, it should be pretty easy to identify as a virus (especially if it shows up in just a random email). But if the trojan is embedded in a file with an extension and an icon that matches a familiar document type (like a PDF, or any other kind of file you'd open in everyday use), it's possible that the backdoor could get installed. In other words, you've got to do what you should always do on any computer: beware of any file downloaded from an untrusted source on the Internet, or any email attachments coming from a sender you don't know or recognize.
Team-Touchdroid dual boots Android on TouchPad -- touchscreen not included
The race to get Android working on the now budget-friendly HP TouchPad is on. We've already heard rumors of the little green robot coming pre-installed on the ill-fated slate and we've seen the first CM7 boot, but no one's gone all the way quite yet. While progress is slow, a team of dedicated TouchPad hackers, calling itself Team-Touchdroid, is now showing off a dual-boot configuration with Android 2.3.5. As with CM7, the touchscreen still doesn't work, but the demo video is quite dramatic -- that is until the credits stop rolling. If early-stage flip-flopping OSs are your thing, hop on past the break, but don't say we didn't warn you: it's going to get weird.
MIT research team improves wireless security, is starting with the man in the middle
Now that they've finished building a robot capable of making cakes, MIT's researchers can get on with the serious business of improving our wireless security. In a new study it reveals a technique dubbed tamper-evident pairing that stops so-called man-in-the-middle attacks. Put simply, a hacker intercepts your wireless communications, reads it and passes it onto the recipient, pretending to be you. Because the hacker controls the flow of information between the two parties, it's difficult to detect. MIT's process randomizes and encrypts the data with silence patterns and strings of additional information, which a hacker won't be able to replicate. The best part is that the added security measures only add 23 milliseconds of time onto each transmission. As fixing our wireless security problems is now out the door, the team are probably off to solve some more giant Rubik's cubes.
PSA: Bethesda reports possible security breach, changed your password
Hackers may have infiltrated the Bethesda forum database Friday morning, causing Bethesda to reset all user passwords. Forum user passwords were encrypted and Bethesda has not confirmed any information was taken, but is taking this precaution regardless. If you have an account on the forums, Bethesda recommends changing your password to something more secure than the name of your first dog and favorite number (Bubbles69) on all sites you have an account with. This is Bethesda's second hacker scare since June, so if you didn't change your information then, you might want to do it this time. Fool me once, and all that. [Thanks, Kevin!]
LetterBomb does game-free Wii hacking for System Menu 4.3
The myth of the unhackable Wii has long since been put to rest, but that hasn't stopped intrepid homebrew enthusiasts from coming up with new exploits. Case in point: LetterBomb. This particular Wii hack is a follow-up to BannerBomb, which was billed as a replacement for Twilight Hack -- all of which are capable of launching the homebrew channel sans hardware mods. BannerBomb stopped short at Menu 4.2, but LetterBomb is carrying the exploit banner, so to speak, for the next generation. Utilizing the console's Message Board, the hack requires an SD card, a Wii running System Menu 4.3, and a Wii MAC address. If you're looking to get your game-free Wii hack on, check out the source link for the full rundown.
Ten-Year-Old Hacker presents iOS game exploit at DefCon
A 10-year-old hacker who goes by the name CyFi uncovered a new exploit in iOS and Android games. The time-based exploit lets you advance in a game by adjusting the clock on your phone or tablet. The California girl discovered the flaw while playing an unnamed farming game. Tired of waiting ten hours for some corn to grow, she advanced the device clock ahead and discovered an exploit that forced the game to advance prematurely. Several games are vulnerable, but their names are being withheld so the developers can apply a patch. Though they may be patched, she has reportedly looked into a few tweaks that may get around this fix. CyFi presented this information to DefCon Kids, a part of the popular DefCon hacking conference dedicated to the budding, young hacker.
Android Network Toolkit lets you exploit local machines at the push of a button
Defcon 2011 is in full hacking swing, and Itzhak Avraham -- "Zuk" for short -- and his company Zimperium have unveiled the Android Network Toolkit for easy hacking on the go. Need to find vulnerabilities on devices using nearby networks? The app, dubbed "Anti" for short, allows you to simply push a button to do things like search a WiFi network for potential targets, or even take control of a PC trojan-style. To do this, it seeks out weak spots in older software using known exploits, which means you may want to upgrade before hitting up public WiFi. According to Forbes, it's much like Firesheep, and Zuk refers to Anti as a "penetration tool for the masses." Apparently, his end-goal is to simplify "advanced" hacking and put it within pocket's reach, but he also hopes it'll be used mostly for good. Anti should be available via the Android Market this week for free, alongside a $10 "corporate upgrade." Consider yourself warned.
