hackers
Latest
PSP Brite is impervious to hackers
Sony's latest hardware revision, the PSP-3000 aka PSP Brite, is doing well in standing up against pirates, hackers and their tools. According to PSP World, previous exploits which allow access to kernel memory and firmware are now patched up -- no way getting in there now. Infamous hackers like Dark Alex have yet to find a way through the PSP Brite's new specs. Other hackers are getting frustrated; take Royginald from the Philippines who has swapped in the PSP Slim's CPU into a PSP Brite while keeping the screen and case intact. All that to run custom firmware and homebrew which doesn't even run properly because of signal output differences. We wonder if Sony has finally found a solution to its custom firmware woes.
Forum post of the day: Hilarious scam email
Have you ever wondered what one of those fake emails from "Blizzard" look like? The nastier ones are copies of real Blizzard emails, with the links subtly changed. Other scam emails are a bit more transparent, however. While we've identified some red flags for you before, let's add a few more, shall we?If the email refers to the patch you "must" download as "a mod one" then it might not be real. If they have moved said patch to an external website, then you might want to worry.If the reason for the move is because, "recently, Hackers have been trying to crack our folders and steal every future project" then it is time for you to roll on the ground laughing. Just hope that Hackers don't team up with the Boogeyman, or Terrorists!If you are referred to as one of their "lovely members who do not understand" you should get a medal, really. Their repetitiveness is dizzying. Luckily, they will "explain it shortly" for you. I think someone needs a thesaurus (or a brain).
India's Airtel claims "deadliest hackers" still can't crack its iPhone 3G
Hey, hackers! Now that we've got the attention of millions upon millions of incredibly talented individuals, here's your next challenge. India's Airtel -- which is offering Apple's iPhone 3G at a near-stratospheric price -- has claimed that "even the most deadly hackers on the planet won't be able to crack the codes that support the iPhone's Airtel applications with rival company SIMs." Just so you know, it appears that Airtel worked with Apple to develop "operator-specific iPhone applications," which is an interesting tidbit in and of itself. But let's focus on the task at hand here, and that's proving that making ridiculous claims about impenetrability always comes back to bite ya.[Image courtesy of Zedomax, thanks Akshay]
The Wii finally gets DVD playback -- no thanks to Nintendo
Carrying on the rich hacker tradition of picking up the slack for companies that are unwilling or unable to provide the functionality users need, a team of Wii coders have given the console what Nintendo could not: DVD playback. By installing a small, hidden channel on a system, this package blesses the console with a libdi file (DVD access library), and allows you to watch your favorite videos with the MPlayer application, an open source media player. The install file will run on modded and unmodded systems, and the software is also capable of playing media from SD cards (though it's experimental right now). Finally Wii owners can join the ranks of, well... pretty much everyone else.[Via TehSkeen; Thanks, brakken]
Authenticator ordering leads to unexplained refunds
We've already reported that the Blizzard Authenticator is sold out, but here's another twist to the story. WoW Insider reader Ryan told us that he placed his order last Monday, before the sell out was announced. However, instead of getting his Authenticator, he instead got an unexplained refund. With no other word from Blizzard, they simply canceled the order and refunded the money. He talked to a coworker who had also ordered the Authenticator and found that he had the same experience. As of yet, Blizzard has not explained the refund to him. It's likely that Ryan was simply unlucky enough to place his order after they'd sold out but before they'd officially announced it, but there's other somewhat unfortunate implications. If they're refunding his order instead of honoring it, it suggests that they don't expect to have any new Authenticators ready for quite some time.
Blizzard Authenticator adds new layer of security, for a price
When you play online games these days, you always have to be mindful that you don't leave yourself vulnerable to viruses, account fraud, and hacks. Something as seemingly simplistic as a hidden keylogger in a UI mod can open the floodgates to strangers to come on your computer and take your account information. Stories abound of players losing accounts they've dumped thousands of hours into because they didn't take the proper precautions. While some of the blame certainly lies with the players, there are some critics who have charge that the MMO industry doesn't do enough to prevent fraud.Enter the Blizzard Authenticator. This new keychain SecurID device can be attached to your World of Warcraft account, making it impossible for anybody to access it without the Authenticator plugged into the computer They'll be debuting the device at the upcoming Blizzard Invitational, but it should be available on Blizzard's online store soon at the low, low price of $6.50. It's a small price to pay for peace of mind.
DARPA aims to create virtual environment for cyberwar simulations
Considering that mechanical beings will be fighting our real wars here in just a few years, it's no shock to see more focus placed on the areas where actual humans will still be the ones waging. DARPA is looking to create what it calls a National Cyber Range, which would essentially act as a training ground for cyber warriors. The setup would enable defense gurus to simulate battle against attacks our on nation's most highly prized data, and of course, give victors over virtual phishing scams immense bragging rights. Come to think of it, Estonia could have totally benefited from something like this last year. [Via Information Week, image courtesy of Sandia]
Account thieves make mainstream news
Some determined hackers have gone to great lengths to steal MMO accounts. So much so that they've managed to get noticed by the mainstream news outlets. We guess that's what happens when you hack over 10,000 websites just to get your hands on somebody else's MMO account.Essentially, these guys hacked into thousands of websites and added a small amount of code that redirects users into an invisible attack from some China-based servers. Apparently if you've got your antivirus program of choice up-to-date you shouldn't worry. Although the article points out that some of these attacks are directed at ActiveX controls, so update that as well if you haven't recently.We all know how terrible it would be to have our accounts hacked into and stolen. Many of us spend hundreds of hours in our favorite worlds, which many of us also pay for through our credit cards. Strangely enough, Lord of the Rings Online is mentioned as one of the games targeted by the hackers.[via TenTonHammer]
WoW Ace Updater ad banners may contain trojans, claim some users
While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here. Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems. This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here. I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.
Incgamers.com malware mixup fixed
Yesterday, I reported to you that Google (via Stopbadware.org) had marked wowui.incgamers.com (which redirects to wowui.worldofwar.net) as a bad site. Today, the site is reported as clean according to the same report (you can check it out here). Rushter of Incgamers.com explained to us on the comments of the previous article that the problem was with a seperate attack on a different hosted site (which was quickly dealt with, and unrelated to worldofwar.net, says Rushster), but Google marked the whole site as bad. The worldofwar.net UI database was unaffected, he says, and after some back and forth, Google has now dropped the warning. Of course, it's still always a good idea to check your computer for viruses, trojans, and keyloggers regularly, and realize that no website is completely safe (though having a good defense always helps). That said, at the moment it looks like wowui.incgamers.com, also known as wowui.worldofwar.net, is a safe spot to grab your addons from.
Wowui.incgamers.com invaded by malware?
Here at WoW Insider, we've noticed an unusual and disturbing glut of people having trouble with being keylogged or otherwise hacked soon after installing new addons lately (which wouldn't be a surprise -- lots of people were grabbing addons after patch 2.4, so that makes them a likely route for attackers). While it's too early to make any definite connections, It seems like there's one new lead that's just popped up: popular addon site wowui.incgamers.com (not linked for obvious reasons) is apparently passing off bad files, according to reports from Stopbadware.org and other anonymous sources. If you've been using the site for your addons, especially in the past week or so, it might be a good idea to exercise some caution and run your favorite anti-virus or anti-malware program. The site has already been in trouble recently with reports that their UICentral addon updater (now discontinued) was using copyrighted code, and now it looks like there's more trouble abrewing for them. Update: Wowui.incgamers not infested with malware. Full story here.
Anti Keylogger Shield may offer some protection for your account
Hackers are getting more and more brazen lately, hiding various trojans and keyloggers not only in random forum links, but in ad banners and even in electronic devices. Even common sense avoidance of suspicious links and websites doesn't always seem to work anymore. Luckily, there are other tools you can use, such as the Noscript extension for the Firefox browser. Lifehacker reported on a new one yesterday as well: Anti Keylogger Shield for Windows. This freeware program purports to work not by blocking installation of keyloggers, but by preventing them from logging your keys once installed. Lifehacker tested it by loading a keylogger and reported that it seemed to work, at least in that case, as the keylogger's log file was completely empty. Of course, you probably shouldn't just install this program and go off clicking strange links willy nilly, but it does look like it could be one more line of defense in the ever escalating battle to protect your computer and your account from those who would steal it. Plus, it's free, so that's even better. [Thanks for the forward, DrDiesel!]
WoW Rookie: Account Security Basics
Recently we've had several posts about being hacked, guild banks assaulted, and Blizzard's typical response. The Customer Service Forum is filled with threads started by desperate World of Warcraft players seeking the return of their accounts and belongings as a gesture of goodwill. It is our responsibility to keep our accounts safe from hackers. I speak from experience when I say that being hacked is just dreadful. Although it is usually possible to have your account returned, there is usually significant damage done in the process. In the past, even Blizzard employees have had their accounts compromised. This post is designed to help you do the best you can to protect your World of Warcraft investment.
Hacked and robbed blind, one guild's cautionary tale
Our Guild had been going downhill for a while now. At the beginning of the year, key officers and members, cornerstones of our raiding team, quit the game for one reason or another. Some of our members got hacked, just like WoW Insider's Amanda Dean. This took the wind out from under our sails, despite great success in Serpentshrine Cavern and Tempest Keep. As 2007 closed, I envisioned us taking down Vashj and Kael within the first quarter of 2008. I was stoked. There were good times when we'd take down two new bosses a week. Of course, Murphy's Law happens. While key team members quit the game, others took extended (sometimes unannounced) leaves of absence, and with diminishing raid attendance and obviously performance, other members looked elsewhere for better raiding opportunities. And when it rains, it pours.A little over a week ago our Guild bank was robbed. It was cleaned out -- so empty I could almost imagine the sound of flies buzzing about -- well, okay, it wasn't that empty. On the third tab, the robber was kind enough to leave us ten stacks of Roasted Clefthooves. At first it struck me as odd because we had fixed our Guild permissions somewhat after our GM left the game to take a shot at a relationship and play with his Nintendo Wii. In what order exactly, I can't be sure. He passed the mantle off to one officer who passed it to another officer who later passed it on to me. So for a while, I was GM of a Guild that wasn't quite doing anything but waiting on people to come back to the game. So imagine my shock (more like anesthetized indifference, to be honest) when I was going to deposit items into the Guild bank only to find that it had nothing. Well, nothing but those clefthooves.
Fear of hackers may make me play WoW on a Mac full-time
I use a Mac as my production machine. I don't want to get this too much into a Mac v. PC war, so lets just leave it with this: I find I am more productive with my workflows in OS X, and I have the added bonus of not worrying too much about what nasties are included in my downloads. I've been drinking Apple Kool-Aid from a sippy cup for over 10 years, so for me playing WoW on the Mac isn't some life-altering decision. My PC is nothing more than a game/media conversion console. But this whole hacking thing is making me think seriously of playing WoW on the Mac full-time. Sure, I've had WoW sessions of a decent length on my Mac, but not complete PC abstinence. In full disclosure mode, I've worked in IT for over ten years, and many of those years with a dotted-line relationship helping out our Security group. So, I've got a decent understanding of How Not Do Stupid Things On Your PC.Back in my EverQuest days, we had "hacking" problems, but usually those could be traced back to someone doing stupid with his or her account: they used a powerleveling service or gave their password to a brother or guildie who then did something bad. With WoW, though, it seems much more nefarious. Sure, you give your password away you don't have much of a leg to stand on; I'm not going to say anyone deserves anything, but you've got no moral right to get indignant. Am I just reacting to this with a "oh noes, the sky is falling!" paranoia. Maybe. But when you hear of guild websites getting hacked to install keyloggers, peripherals shipping with keyloggers/viruses installed, it's tough to blame the user. There are always two sides to every story, but I'm getting the feeling there are a lot more true innocents in this battle, including our own Amanda Dean.
Anti-gold-seller FAQ page goes up at the official EU site
World of Warcraft's European site has posted a new page of their FAQ aiming to describe the effects and consequences of third party gold selling, also known as RMT (Real Money Trade or Real Money Transactions). There doesn't seem to be a similar page added to the American site yet, but we've seen enough to know very well that they disapprove as well. The page mostly focuses on the more underhanded tactics the companies use to get money, such as keyloggers and trojans, or simply stealing the accounts of people who paid for powerleveling, and using them as farming bots, or spamming in high traffic areas on level 1 characters with hard to spell names. It's a good start, and certainly reminds people of the harm that these gold farmers do, and how it can hit close to home. As a veteran MMORPGer who's watched Johnathan Yantis and Brock Pierce practically invent the industry and most of the dirty tricks it pulls, I'm glad to see Blizzard continue to make a stand against these types of leeches and hope they continue to do so. I'd love to see them explain more fully how the constant amount of kill stealing and spawn and AH camping they do hurts the game. A campaign of information might be just what we need to stop the gold farmers once and for all. Legal measures and community shame (and thus shrinking of their customer base) for a one-two punch? Here's hoping! Thanks for the heads up, Richard!
Hackers run retail PS3 games on HDD [Update]
[Update: This will only work on test PS3 systems. This will NOT work on retail systems. Sorry for the confusion.] Yup, you heard it right: hackers have discovered a way to run retail PS3 games off the PS3's internal HDD and off external USB HDDs. While this is quite a neat trick, it might not be all that useful considering how much data is stored on a single layered Blu-ray disc -- about 25 gigabytes. That precious HDD space will probably end up being devoured in no time. More tech-savvy gamers out there who want to know more about this development can go check out the tech mumbo-jumbo here. We're pretty sure this high-level jargon will scare away most. What countermeasures can Sony take to ensure this doesn't become an even larger problem? Rampant piracy has always cast its dark shadow over the PSP ... will the PS3 be next? Let's hope not. [Via Maxconsole]
Hackers reportedly targeting cities' power systems
We know, hackers tend to get a pretty bad rap these days, but with some of 'em out there creating ginormous gridlocks in Los Angeles and shutting down networks in enemy territories, we sort of understand the sentiment. Most recently, it seems that hackers are being blamed for "penetrating power systems (sound familiar?) in several regions outside the US, and in at least one case, causing a power outage affecting multiple cities." That's according to Tom Donahue, a CIA official, who failed to dole out critical details such as where or when the attacks occurred nor how many folks were actually left in the dark. 'Course, Bruce Schneier, CTO of security firm BT Counterpane, warns that these attacks could in fact be aided by individuals with administrative access to said systems, implying that "human vulnerability" could share at least some of the blame. Don't worry guys, we're faxing CTU right now, they'll be right on it within 72 business hours.[Image courtesy of WPS]
Teen hacks tram system, derails trains
In yet another "innocent prank" that turned out to have very real-world effects, a 14-year-old Polish boy has admitted to modifying a TV remote in order to manipulate the junction-switching devices on the Lodz tram system, resulting in four derailed trains and 12 injuries. According to reports, the teenager snuck onto tracks to study the switching mechanisms, and used the resulting knowledge to re-direct trains "like any other schoolboy might a giant train set," as a police spokesman put it. The young man now faces charges in juvenile court for endangering public safety.
Security researchers warn of dangers in online games
Always on the lookout for new opportunities, criminal elements have been interested in MMO players for some time now. A great 'in' to credit card records and personal information, player accounts are also ripe with virtual goods that can be easily liquidated into in-game currency and then resold for real funds. A warning last year about hackers interested in World of Warcraft accounts has been mirrored in recent weeks by researchers cautioning players of Korean and Japanese titles.Security software groups Ahnlab and Symantec have both seen increased reports of criminal hackers working to gain access to eastern MMOs in recent months. For more on this subject, the site SecurityFocus has up a recent interview with the writers of the book Exploiting Online Games, discussing the reality of security research as it pertains to Massive titles. The authors indicate that MMO development houses are still a ways off from fully appreciating the dangers of lax security measures managing these systems.
