hackers
Latest
Why Blizzard can't (and won't) sell gold
In any discussion concerning botting, farming, hacking, or gold-buying, someone inevitably makes the argument that Blizzard should cut out the middlemen and sell gold to players themselves. I wanted to use this article to explain why this would not necessarily be a good idea. We don't need to get into the legal situation, or examine why assigning a real-world price to in-game currency edges us closer to a world where in-game property can be taxed. All I have to do is tell you a story from the not-too-distant past that involves: Prices that would make Zimbabwe look like a model of inflationary restraint, and: What happens when money -- in this case, gold -- loses meaning.
Microsoft tells IE faithful on Windows XP to avoid F1 key
Still hanging around on Windows XP? Perfectly acceptable. Still using Internet Explorer to browse the world wide web? Just a wee bit less forgivable, but we understand that some of you simply can't get around it. If we just rung your bell, you might want to rip the F1 key right off of your keyboard (at least temporarily), as a recently discovered vulnerability in VBScript -- which can only bother Windows 2000, Windows XP and Windows Server 2003 -- could allow malicious code to weasel its way right into your life with a single keystroke. As the story goes, some ill-willed web sites are encouraging users to smash the F1 key in order to access a Microsoft Help file, and when said key is depressed, "arbitrary code could be executed in the security context of the currently logged-on user." Microsoft has promised to fully investigate and resolve the issue in due time, but 'til then, we'd highly suggest avoiding your F1 key like the plague switching to Firefox.
Debunking another hacked authenticator story
One of our readers, Bill, sent us a tip about a WoW account issue on The Consumerist. It seems that the ownership of Anonymous's friend's account is under dispute and Blizzard won't let him use it in the meantime. The ownership became disputed after the account was allegedly hacked, even though there was allegedly a mobile authenticator on the account. His friend has given up on the account, complete with Val'anyr, and has created a new one. We can't confirm any of the facts in this case. I am willing to believe that Anonymous is truly upset and believes the story he tells to be true, even though he is posting anonymously. There are some serious red flags, however, that seem to point to Anonymous not having all of the facts:
Warhammer Online developer diary on combat with hackers
Hackers, as everyone knows, were scheduled to be the mirror class to Choppas... wait, no, that's not right. We're not talking about one of the classes of Warhammer Online, we're talking about that scourge of the paying and fair-playing populace of every MMO. The most recent developer diary on the game's official site is with John Cox, development manager, discussing some of the ways and means that allows Mythic to fight against the scourge of hacking and try and keep the game on the level. Cox discusses a number of techniques, starting with the most obvious: that several people working on fighting the hacks are part of hacking communities, observing silently and sometimes even testing them internally to develop a response. He also discusses why some of the progress on fighting illegal behavior is a bit slower than the community would like, and why it's not always as possible to shut things down straightaway on the server end. With a discussion of some of the holes in detection, which includes an explanation of why the game briefly had Vista users almost universally flagged as hackers, it's an interesting look behind the scenes at Warhammer Online's efforts to fight the good fight. (That is, the one not involving Order versus Destruction.)
How to protect yourself from Xbox Live hackers
There's an interesting piece over at InternetNews.com about how hackers target Xbox Live accounts, and from it, we were able to get some good tips on how you can protect yourself from a similar threat. While you aren't able to hide your gamerscore, you can make your account a bit less desirable on the black market by hiding the games you've been playing. Avoid services like Mygamercard.net that promote your gamerscore and, in doing so, make you a larger target. Put fake information in your Xbox Live account, then use pre-paid cards to buy things and pay for the service, thereby making identity theft less damaging. No, we don't actually do any of these things, but if you're a worrywart you can't say we don't have your back.
Movie Gadget Friday: Weird Science
Ariel Waldman contributes Movie Gadget Friday, where she highlights the lovable and lame gadgets from the world of cinema. We last left off on the cyberpunk streets of LA in Strange Days. This week, in honor of the loss of the man behind so many 1980's icons, Movie Gadget Friday is paying homage to filmmaker John Hughes with a look into the 1985 cult-classic Weird Science. Tapping into the geek-fiction fantasies of most tinkering teenagers, real-life gadget specs are stretched to surreal capabilities to create the ultimate female bombshell. It's without surprise that the character's name, Lisa, was inspired by the Apple Lisa, Apple's first GUI computer.
The Queue: Nuts and bolts
Oh boy. Most of us are the walking dead after BlizzCon, but let's get back to something resembling normalcy with a Queue. We're going to start off today with an important matter concerning authenticators and account security, then move on to a bit of WoW.com business and Onyxia. I'd also like to direct attention to two really good comments from the last column re: technical issues, Shadow's and Logarth's.Zerounit asks... I recently got an Authenticator in the mail and I noticed something while I was inspecting it: there appears to be no way to open it short of cracking it open with large objects. Is there a battery life on these? If it stops giving me my magic codes, will I have to get a new one? I got an authenticator for my own use recently and have to admit I hadn't thought to look into the battery life, which is a very good question indeed. A dead authenticator means you have no way of getting into the game (or even into your online account) without official help from Blizzard. Turns out the little security doodads are manufactured by a company named Vasco, and after poking around their website, I'm reasonably certain that Blizzard authenticators are a variant of Vasco's DIGIPASS GO 6 model. What makes me so sure? The GO 6 model page is the only one accompanied by an article on fraud and hacking in online gaming. They don't come right out and say that Blizzard is a customer, but unless Hello Kitty Online is a bigger hive of scum and villainy than even we gave it credit for, you don't have to be a genius to figure out that World of Warcraft figures prominently in MMORPG account theft.
Apple keyboard gets hacked like a ripe papaya, perp caught on video
As far as Apple is concerned, the Black Hat 2009 hackers conference didn't end soon enough. Having promptly patched the iPhone vulnerability, Cupertino is facing another security hole, this time in its keyboards. A hacker going by the pseudonym of K. Chen has come up with a way, using HIDFirmwareUpdaterTool, to inject malicious code into the keyboard's firmware. While it's not yet possible to perform this hack remotely, the fact it occurs at the firmware level means no amount of OS cleanser or anti-virals will remedy it -- which might be a bit of a bother to MacBook owners who can't simply swap to an uninfected keyboard. Panic is hardly advisable, as Chen is collaborating with Apple on a fix, but if you want to be freaked out by his simple keylogger in action, hit up the video after the break.
Mysterious cyber-attacker hits at federal websites, crisis averted?
It looks like a nefarious cyber-attack which affected several federal websites in the United States was a little more far-reaching than initially thought. The attack -- which started on the 4th of July -- targeted websites in both South Korea and the United States, including the Treasury Department, Federal Trade Commission and Secret Service. Various problems were still being reported days later, and while there's no official word on who the attackers were, those "people familiar with the matter" we know and love seem to be pointing their fingers at North Korea. So far as we know, no irreparable damage has been done, but we're not sure anyone would tell us if it had.
Palm's webOS root image leaks out, code enthusiasts reschedule their normal nightly plans
Looks like Palm's webOS Reset Doctor, intended for resetting Pre smartphones with a mangled system, has been outed to the public at large along with a very special bonus for hackers and other programming enthusiasts: a complete 195MB root image of webOS itself. Code-inclined individuals on the PreCentral forums have already cracked open the ROM and are getting an unfettered glimpse at the Palm's new platform, which for the layman means it should open the doors for some crazy Pre hacking and possibly hint, by way of unfinished / unused code, of what's to come for the platform -- and if we're really lucky, maybe someone will be able to look at this and move us one step closer to an unlocked Pre that could jump onto Verizon's network. Amusingly, you also get to see all the comments left by the devs in the code, guaranteeing a few good chuckles from others who can relate. Intrepid computer science-ers can hit up the read link to find the appropriate .jar file or just follow along with all the fun in the forum discussion.
T-Mobile tweaks data breach statement again, now says nothing was compromised
Once again, T-Mobile has released a statement regarding the alleged hack into its systems last weekend, and it's backtracked a bit from the last one -- now, it's starting to sound like no data was stolen at all. Here's what we've got this time around from a company spokesperson:"Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers' information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible."We're taking this as a good sign for customers at this point, but it's hard to say how many more statements we'll get before the matter's fully closed, so stay tuned.
T-Mobile thinks data leak "not enough to cause harm" to customers
After news broke of a possible breach into T-Mobile's systems over the weekend, subscribers were understandably concerned over claims that personal information (among other things) may have been pilfered by the offenders who later offered the data for sale to the carrier's competitors. An investigation has been launched, and so far, it sounds like T-Mobile is admitting some data was taken -- but that it wasn't enough to be of any concern to its customers. Work is ongoing to determine exactly what the hackers got their hands on and how, but it's a promising sign that subscribers don't need to step up fraud monitoring on their accounts. The full statement is below:"To reaffirm, the protection of our customers' information and the security of our systems is paramount at T-Mobile. Regarding the recent claim on a Web site, we've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers. We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers' information and our systems are protected. At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."
WoW Rookie: Keeping your account safe and sound
New around here? WoW Rookie points WoW's newest players to the resources they need to get acclimated. Send us a note to suggest a WoW Rookie topic.It doesn't take keyboard gymnastics to prevent your account from getting hacked. As a new player, you're bound to be concerned – and if you do any digging at all, you're also bound to uncover a tangle of acerbic, rather arcane-sounding comments (many of them on posts right here at WoW Insider) about what operating systems, browsers and browser add-ons are most secure.You really don't have to change your entire computer system simply to keep your WoW account safe. This week, WoW Rookie rounds up a selection of WoW Insider posts that show you how (and why) to keep your WoW account from being hacked and prevent your computer from spilling its beans to the world at large.
Nokia 1100 seemingly hackable, making a big comeback
Apparently some shady hackers and cyber-criminals have recently started offering upwards of $30,000 for the Nokia 1100 which were manufactured at a specific plant in Bochum, Germany. You may ask yourself, "why?" Well, beyond the obvious answer (style), certain makes of the super-popular handset can apparently be reprogrammed to use someone else's phone number, allowing them to receive text messaged bank passwords (common in parts of Europe), thus making it much, much easier to steal people's money. The software flaw has been pointed out by Ultrascan Advance Global Investigations, who were contacted by police who had noted the curiously high offering prices on the old-timey candybar. Nokia has contended that it has not identified any software problems which would allow such use, so it's hard to say what exactly is going on at this point, but we'll let you know if we hear anything concrete.[Via SlashGear]
Leaders have questions, and Darkfall's Tasos Flambouras has answers
Darkfall blogger extraordinaire Paragus recently sat down with some of the biggest alliance leaders of Agon, collecting questions to take back to Aventurine's very own Tasos Flambouras for answering.While not all of the questions are actually questions (we see those declarative statements, you can't hide them from our prying eyes), Tasos attempts to provide answers to some of Darkfall's biggest problems. Crashing during battles, game mechanics overthrowing battle strategies, six hour sieges, political options in the interface, inability to purchase the game, and the burning question of what Aventurine is doing to deal with cheaters are all covered in this lengthy two page interview.The entire interview has been posted to MMORPG.com. If you're looking for a peek inside of the mind of Aventurine, or the mind of Tasos, in the very least, don't hesitate to jump on over and catch his answers to some burning questions.
iTunes gift cards cracked
This seems like bad news for Apple, to say the least. A few Chinese websites are now selling $200 gift certficates to iTunes for less than a few bucks, which means that it's likely hackers have figured out the algorithm to determine gift codes on Apple's music store. As with most online codes, iTunes gift certificate numbers are generated by a formula somewhere -- figure out the formula, and you can generate your own codes (though it's of course tough to do and highly illegal).The good news is that this might be an easy fix for Apple: they'll just have to re-figure the formula. The tougher thing to do will be to determine which of the old codes to honor -- they'll want to make sure to approve all of the cards on the shelves at Best Buy right now, while still trying to catch all of the illegal codes generated by hackers.But then again, we're talking about a digital store that's already making cash hand over fist. Maybe even if one hacker on a shady website has figured out how to generate iTunes codes, Apple isn't too concerned about losing a few thousand dollars when they're still selling millions of dollars worth of music and content legitimately.
Account security is your responsibility, not Blizzard's
PlayNoEvil recently published an article explaining why they think it is that hackers target gamers by stealing their passwords and other account information. While there is some truth in the premises offered, articles like this one only serve to fuel conspiracy rumors and encourage players to think of themselves as victims rather than take responsibility for their own account security. Gaming companies do place some of the blame for a compromised account on the account holder, and for good reason. The hacker certainly didn't gain access to your computer because of their actions, and their computers that store your information are as yet untouchable.The browsers you use, sites you visit, firewall settings, anti-virus software and update practices are just a few of the ways that you contribute to your own hacking experience. Sharing your account information with your lover, best friend and mother may sound safe, but you don't control the security of their computers, or their friends' computers. The majority of people I know who have been hacked signed into their accounts on their sibling's computer or a publically shared machine. In fact, NASA ended up with a keylogger targeted at gamers on the International Space Station. It traveled aboard on the laptop of one of the astronauts. You just can't trust any computer that isn't your own.It may be hard to hear, but a hacked account is because of something you did, whether it was an unfortunate stroke of luck, such as stumbling onto a redirect on a legitimate website in the small window before the site addresses it, or a serious oversight in security on your part.
Hackers booting people off of Xbox Live
Denial-of-service attacks are nothing new on the web, but the BBC reports that it's becoming an increasingly large problem on Xbox Live, where hackers are using the attacks to kick other players out of games. Not to get too technical, but the DoS attack basically works like this: Angry data takes your pipes from fat to skinny, so the pictures of aliens getting shot and the sounds of guns firing at said aliens can't get through them. Confusing for the common man, we know, but that's why we went to blogging college.Microsoft says that it's investigating the attacks. Have any of you been victims?
PlayStation 3 used to hack SSL, Xbox used to play Boogie Bunnies
Between the juvenile delinquent hordes of PlayStation Home and some lackluster holiday figures, the PlayStation has been sort of a bummer lately, for reasons that have nothing to do with its raison d'etre -- gaming. That doesn't mean that the machine is anything less than a powerhouse -- as was made clear today when a group of hackers announced that they'd beaten SSL, using a cluster of 200 PS3s. By exploiting a flaw in the MD5 cryptographic algorithm (used in certain digital signatures and certificates), the group managed to create a rogue Certification Authority (CA) which allows them to create their own SSL certificates -- meaning those authenticated web sites you're visiting could be counterfeit, and you'd have no way of knowing. Sure, this is all pretty obscure stuff, and the kids who managed the hack said it would take others at least six months to replicate the procedure, but eventually vendors are going to have to upgrade all their CAs to use a more robust algorithm. It is assumed that the Wii could perform the operation just as well, if the hackers had enough room to spread out all their Balance Boards.[Via ZD Net]
WPA cracked in 15 minutes or less, or your next router's free
They always knew it could be done; that a hacker with enough time and processing power could watch your WPA-protected wireless network and, eventually, decrypt your precious datas. In under 15 minutes, though? "Inconceivable!" those hypothetical security experts would say -- but they're about to get a lesson from WiFi wizard Erik Tews. He'll be giving a presentation next week at the PacSec Conference in Tokyo, describing the "mathematical breakthrough" that, he says, enables him to crack WPA-TKIP in 12 to 15 minutes. There are some limitations, as the data sent from a connected device to the compromised router is apparently still safe, but anything headed t'other way is wide open, and could even be supplanted by bogus bits sent from a Cheetos-munching hacker slouching in a rusty Ford Taurus in the parking lot. Don't believe us? Tews was the guy able to crack WEP in under a minute last year, ironically advising people to switch to WPA ASAP at the time. We can only assume WPA2 is next.
