hackers

Latest

  • T-Mobile tweaks data breach statement again, now says nothing was compromised

    Once again, T-Mobile has released a statement regarding the alleged hack into its systems last weekend, and it's backtracked a bit from the last one -- now, it's starting to sound like no data was stolen at all. Here's what we've got this time around from a company spokesperson:"Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers' information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible."We're taking this as a good sign for customers at this point, but it's hard to say how many more statements we'll get before the matter's fully closed, so stay tuned.

    Chris Ziegler
    06.09.2009
  • T-Mobile thinks data leak "not enough to cause harm" to customers

    After news broke of a possible breach into T-Mobile's systems over the weekend, subscribers were understandably concerned over claims that personal information (among other things) may have been pilfered by the offenders who later offered the data for sale to the carrier's competitors. An investigation has been launched, and so far, it sounds like T-Mobile is admitting some data was taken -- but that it wasn't enough to be of any concern to its customers. Work is ongoing to determine exactly what the hackers got their hands on and how, but it's a promising sign that subscribers don't need to step up fraud monitoring on their accounts. The full statement is below:"To reaffirm, the protection of our customers' information and the security of our systems is paramount at T-Mobile. Regarding the recent claim on a Web site, we've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers. We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers' information and our systems are protected. At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."

    Chris Ziegler
    06.09.2009
  • WoW Rookie: Keeping your account safe and sound

    New around here? WoW Rookie points WoW's newest players to the resources they need to get acclimated. Send us a note to suggest a WoW Rookie topic.It doesn't take keyboard gymnastics to prevent your account from getting hacked. As a new player, you're bound to be concerned – and if you do any digging at all, you're also bound to uncover a tangle of acerbic, rather arcane-sounding comments (many of them on posts right here at WoW Insider) about what operating systems, browsers and browser add-ons are most secure.You really don't have to change your entire computer system simply to keep your WoW account safe. This week, WoW Rookie rounds up a selection of WoW Insider posts that show you how (and why) to keep your WoW account from being hacked and prevent your computer from spilling its beans to the world at large.

    Lisa Poisso
    05.06.2009
  • Nokia 1100 seemingly hackable, making a big comeback

    Apparently some shady hackers and cyber-criminals have recently started offering upwards of $30,000 for the Nokia 1100 which were manufactured at a specific plant in Bochum, Germany. You may ask yourself, "why?" Well, beyond the obvious answer (style), certain makes of the super-popular handset can apparently be reprogrammed to use someone else's phone number, allowing them to receive text messaged bank passwords (common in parts of Europe), thus making it much, much easier to steal people's money. The software flaw has been pointed out by Ultrascan Advance Global Investigations, who were contacted by police who had noted the curiously high offering prices on the old-timey candybar. Nokia has contended that it has not identified any software problems which would allow such use, so it's hard to say what exactly is going on at this point, but we'll let you know if we hear anything concrete.[Via SlashGear]

  • Leaders have questions, and Darkfall's Tasos Flambouras has answers

    Darkfall blogger extraordinaire Paragus recently sat down with some of the biggest alliance leaders of Agon, collecting questions to take back to Aventurine's very own Tasos Flambouras for answering.While not all of the questions are actually questions (we see those declarative statements, you can't hide them from our prying eyes), Tasos attempts to provide answers to some of Darkfall's biggest problems. Crashing during battles, game mechanics overthrowing battle strategies, six hour sieges, political options in the interface, inability to purchase the game, and the burning question of what Aventurine is doing to deal with cheaters are all covered in this lengthy two page interview.The entire interview has been posted to MMORPG.com. If you're looking for a peek inside of the mind of Aventurine, or the mind of Tasos, in the very least, don't hesitate to jump on over and catch his answers to some burning questions.

  • iTunes gift cards cracked

    This seems like bad news for Apple, to say the least. A few Chinese websites are now selling $200 gift certficates to iTunes for less than a few bucks, which means that it's likely hackers have figured out the algorithm to determine gift codes on Apple's music store. As with most online codes, iTunes gift certificate numbers are generated by a formula somewhere -- figure out the formula, and you can generate your own codes (though it's of course tough to do and highly illegal).The good news is that this might be an easy fix for Apple: they'll just have to re-figure the formula. The tougher thing to do will be to determine which of the old codes to honor -- they'll want to make sure to approve all of the cards on the shelves at Best Buy right now, while still trying to catch all of the illegal codes generated by hackers.But then again, we're talking about a digital store that's already making cash hand over fist. Maybe even if one hacker on a shady website has figured out how to generate iTunes codes, Apple isn't too concerned about losing a few thousand dollars when they're still selling millions of dollars worth of music and content legitimately.

    Mike Schramm
    03.11.2009
  • Account security is your responsibility, not Blizzard's

    PlayNoEvil recently published an article explaining why they think it is that hackers target gamers by stealing their passwords and other account information. While there is some truth in the premises offered, articles like this one only serve to fuel conspiracy rumors and encourage players to think of themselves as victims rather than take responsibility for their own account security. Gaming companies do place some of the blame for a compromised account on the account holder, and for good reason. The hacker certainly didn't gain access to your computer because of their actions, and their computers that store your information are as yet untouchable.The browsers you use, sites you visit, firewall settings, anti-virus software and update practices are just a few of the ways that you contribute to your own hacking experience. Sharing your account information with your lover, best friend and mother may sound safe, but you don't control the security of their computers, or their friends' computers. The majority of people I know who have been hacked signed into their accounts on their sibling's computer or a publically shared machine. In fact, NASA ended up with a keylogger targeted at gamers on the International Space Station. It traveled aboard on the laptop of one of the astronauts. You just can't trust any computer that isn't your own.It may be hard to hear, but a hacked account is because of something you did, whether it was an unfortunate stroke of luck, such as stumbling onto a redirect on a legitimate website in the small window before the site addresses it, or a serious oversight in security on your part.

    Amanda Miller
    02.27.2009
  • Hackers booting people off of Xbox Live

    Denial-of-service attacks are nothing new on the web, but the BBC reports that it's becoming an increasingly large problem on Xbox Live, where hackers are using the attacks to kick other players out of games. Not to get too technical, but the DoS attack basically works like this: Angry data takes your pipes from fat to skinny, so the pictures of aliens getting shot and the sounds of guns firing at said aliens can't get through them. Confusing for the common man, we know, but that's why we went to blogging college.Microsoft says that it's investigating the attacks. Have any of you been victims?

    Justin McElroy
    02.20.2009
  • PlayStation 3 used to hack SSL, Xbox used to play Boogie Bunnies

    Between the juvenile delinquent hordes of PlayStation Home and some lackluster holiday figures, the PlayStation has been sort of a bummer lately, for reasons that have nothing to do with its raison d'etre -- gaming. That doesn't mean that the machine is anything less than a powerhouse -- as was made clear today when a group of hackers announced that they'd beaten SSL, using a cluster of 200 PS3s. By exploiting a flaw in the MD5 cryptographic algorithm (used in certain digital signatures and certificates), the group managed to create a rogue Certification Authority (CA) which allows them to create their own SSL certificates -- meaning those authenticated web sites you're visiting could be counterfeit, and you'd have no way of knowing. Sure, this is all pretty obscure stuff, and the kids who managed the hack said it would take others at least six months to replicate the procedure, but eventually vendors are going to have to upgrade all their CAs to use a more robust algorithm. It is assumed that the Wii could perform the operation just as well, if the hackers had enough room to spread out all their Balance Boards.[Via ZD Net]

  • WPA cracked in 15 minutes or less, or your next router's free

    They always knew it could be done; that a hacker with enough time and processing power could watch your WPA-protected wireless network and, eventually, decrypt your precious datas. In under 15 minutes, though? "Inconceivable!" those hypothetical security experts would say -- but they're about to get a lesson from WiFi wizard Erik Tews. He'll be giving a presentation next week at the PacSec Conference in Tokyo, describing the "mathematical breakthrough" that, he says, enables him to crack WPA-TKIP in 12 to 15 minutes. There are some limitations, as the data sent from a connected device to the compromised router is apparently still safe, but anything headed t'other way is wide open, and could even be supplanted by bogus bits sent from a Cheetos-munching hacker slouching in a rusty Ford Taurus in the parking lot. Don't believe us? Tews was the guy able to crack WEP in under a minute last year, ironically advising people to switch to WPA ASAP at the time. We can only assume WPA2 is next.

    Tim Stevens
    11.06.2008
  • PSP Brite is impervious to hackers

    Sony's latest hardware revision, the PSP-3000 aka PSP Brite, is doing well in standing up against pirates, hackers and their tools. According to PSP World, previous exploits which allow access to kernel memory and firmware are now patched up -- no way getting in there now. Infamous hackers like Dark Alex have yet to find a way through the PSP Brite's new specs. Other hackers are getting frustrated; take Royginald from the Philippines who has swapped in the PSP Slim's CPU into a PSP Brite while keeping the screen and case intact. All that to run custom firmware and homebrew which doesn't even run properly because of signal output differences. We wonder if Sony has finally found a solution to its custom firmware woes.

    Majed Athab
    10.30.2008
  • Forum post of the day: Hilarious scam email

    Have you ever wondered what one of those fake emails from "Blizzard" look like? The nastier ones are copies of real Blizzard emails, with the links subtly changed. Other scam emails are a bit more transparent, however. While we've identified some red flags for you before, let's add a few more, shall we?If the email refers to the patch you "must" download as "a mod one" then it might not be real. If they have moved said patch to an external website, then you might want to worry.If the reason for the move is because, "recently, Hackers have been trying to crack our folders and steal every future project" then it is time for you to roll on the ground laughing. Just hope that Hackers don't team up with the Boogeyman, or Terrorists!If you are referred to as one of their "lovely members who do not understand" you should get a medal, really. Their repetitiveness is dizzying. Luckily, they will "explain it shortly" for you. I think someone needs a thesaurus (or a brain).

    Amanda Miller
    09.02.2008
  • India's Airtel claims "deadliest hackers" still can't crack its iPhone 3G

    Hey, hackers! Now that we've got the attention of millions upon millions of incredibly talented individuals, here's your next challenge. India's Airtel -- which is offering Apple's iPhone 3G at a near-stratospheric price -- has claimed that "even the most deadly hackers on the planet won't be able to crack the codes that support the iPhone's Airtel applications with rival company SIMs." Just so you know, it appears that Airtel worked with Apple to develop "operator-specific iPhone applications," which is an interesting tidbit in and of itself. But let's focus on the task at hand here, and that's proving that making ridiculous claims about impenetrability always comes back to bite ya.[Image courtesy of Zedomax, thanks Akshay]

    Darren Murph
    08.23.2008
  • The Wii finally gets DVD playback -- no thanks to Nintendo

    Carrying on the rich hacker tradition of picking up the slack for companies that are unwilling or unable to provide the functionality users need, a team of Wii coders have given the console what Nintendo could not: DVD playback. By installing a small, hidden channel on a system, this package blesses the console with a libdi file (DVD access library), and allows you to watch your favorite videos with the MPlayer application, an open source media player. The install file will run on modded and unmodded systems, and the software is also capable of playing media from SD cards (though it's experimental right now). Finally Wii owners can join the ranks of, well... pretty much everyone else.[Via TehSkeen; Thanks, brakken]

    Joshua Topolsky
    08.13.2008
  • Authenticator ordering leads to unexplained refunds

    We've already reported that the Blizzard Authenticator is sold out, but here's another twist to the story. WoW Insider reader Ryan told us that he placed his order last Monday, before the sell out was announced. However, instead of getting his Authenticator, he instead got an unexplained refund. With no other word from Blizzard, they simply canceled the order and refunded the money. He talked to a coworker who had also ordered the Authenticator and found that he had the same experience. As of yet, Blizzard has not explained the refund to him. It's likely that Ryan was simply unlucky enough to place his order after they'd sold out but before they'd officially announced it, but there's other somewhat unfortunate implications. If they're refunding his order instead of honoring it, it suggests that they don't expect to have any new Authenticators ready for quite some time.

    Daniel Whitcomb
    07.07.2008
  • Blizzard Authenticator adds new layer of security, for a price

    When you play online games these days, you always have to be mindful that you don't leave yourself vulnerable to viruses, account fraud, and hacks. Something as seemingly simplistic as a hidden keylogger in a UI mod can open the floodgates to strangers to come on your computer and take your account information. Stories abound of players losing accounts they've dumped thousands of hours into because they didn't take the proper precautions. While some of the blame certainly lies with the players, there are some critics who have charge that the MMO industry doesn't do enough to prevent fraud.Enter the Blizzard Authenticator. This new keychain SecurID device can be attached to your World of Warcraft account, making it impossible for anybody to access it without the Authenticator plugged into the computer They'll be debuting the device at the upcoming Blizzard Invitational, but it should be available on Blizzard's online store soon at the low, low price of $6.50. It's a small price to pay for peace of mind.

    Chris Chester
    06.26.2008
  • DARPA aims to create virtual environment for cyberwar simulations

    Considering that mechanical beings will be fighting our real wars here in just a few years, it's no shock to see more focus placed on the areas where actual humans will still be the ones waging. DARPA is looking to create what it calls a National Cyber Range, which would essentially act as a training ground for cyber warriors. The setup would enable defense gurus to simulate battle against attacks our on nation's most highly prized data, and of course, give victors over virtual phishing scams immense bragging rights. Come to think of it, Estonia could have totally benefited from something like this last year. [Via Information Week, image courtesy of Sandia]

    Darren Murph
    05.09.2008
  • Account thieves make mainstream news

    Some determined hackers have gone to great lengths to steal MMO accounts. So much so that they've managed to get noticed by the mainstream news outlets. We guess that's what happens when you hack over 10,000 websites just to get your hands on somebody else's MMO account.Essentially, these guys hacked into thousands of websites and added a small amount of code that redirects users into an invisible attack from some China-based servers. Apparently if you've got your antivirus program of choice up-to-date you shouldn't worry. Although the article points out that some of these attacks are directed at ActiveX controls, so update that as well if you haven't recently.We all know how terrible it would be to have our accounts hacked into and stolen. Many of us spend hundreds of hours in our favorite worlds, which many of us also pay for through our credit cards. Strangely enough, Lord of the Rings Online is mentioned as one of the games targeted by the hackers.[via TenTonHammer]

    Kyle Horner
    04.22.2008
  • WoW Ace Updater ad banners may contain trojans, claim some users

    While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here. Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems. This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here. I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.

    Daniel Whitcomb
    04.16.2008
  • Incgamers.com malware mixup fixed

    Yesterday, I reported to you that Google (via Stopbadware.org) had marked wowui.incgamers.com (which redirects to wowui.worldofwar.net) as a bad site. Today, the site is reported as clean according to the same report (you can check it out here). Rushter of Incgamers.com explained to us on the comments of the previous article that the problem was with a seperate attack on a different hosted site (which was quickly dealt with, and unrelated to worldofwar.net, says Rushster), but Google marked the whole site as bad. The worldofwar.net UI database was unaffected, he says, and after some back and forth, Google has now dropped the warning. Of course, it's still always a good idea to check your computer for viruses, trojans, and keyloggers regularly, and realize that no website is completely safe (though having a good defense always helps). That said, at the moment it looks like wowui.incgamers.com, also known as wowui.worldofwar.net, is a safe spot to grab your addons from.

    Daniel Whitcomb
    04.15.2008