hackers
Latest
Now that the Wii's been hacked, what's next?
Remember those dudes that hacked the Wii? Brushing, the guy who presented the exploit at 24C3, was recently interviewed about his future plans for the system. The natural first step, according to him, is to implement a version of SDLoad for the Wii. Then, once that's out of the way, he would like to see a Linux Channel for the console. Still, Brushing notes that it will probably take a while before he and the groups he worked with are able to reach these goals.Also, if you're worried about this development opening the floodgates for piracy on the Wii, don't be. Brushing seems hesitant, at least for the time being, to release the hacked information and keys to the public.To read the full interview with the author of the Wii exploit, go here.[Thanks, Craig!]
Hackers get into Wii, hunt for Angelina Jolie begins
It would seem that the hacking community has finally cracked the Wii, as they've figured out a way to get code up and running on the console. It's a feat that hasn't been performed before and was accomplished after many Bothans people sacrificed time and energy to complete this task. See, inside of the Wii, the Hollywood chip doesn't just handle graphics, it's got a whole lot to do with authentication (you know, to make sure you've got a valid Wii or GC game disc in there). Well, these hackers have found out that upon booting up a GameCube game, this chip will turn off all of the cool Wii functionality (bluetooth, USB, etc.) and restricts the area of memory you're allowed to access. But, there isn't any kind of encryption dealing with the memory, so this is where the folks knew they should focus.Now, the next part gets too technical for us, but just know that they found a way to get these authentication codes from the memory and trick the Wii into believing it was loading a Wii game (in this case, Lego Star Wars). This then allowed them to load their own code into the Wii. Judging by the clapping in the video, it's a pretty big deal and means that homebrew on the Wii is that much closer to being a reality.Oh, and if you don't get the Angelina Jolie reference, head past the break.
Experts predict malware field day for iPhone in '08
Like Y2K and the end of rock and roll, pundits love to call out platforms that are ripe for a nightmarish, post-apocalyptic hell-on-earth sort of attack by the world's technologically inclined miscreants. In that vein, mobile phones have been billed for years as the next great frontier in virii, largely because they're getting smarter, more open, and more ubiquitous than ever before. We can buy that logic, but the waves upon waves of malicious code infecting the world's smartphones simply haven't happened. So at what point do we say that these analysts are crying wolf?Now might not be a bad time to start, as Arbor Networks' security group is calling the iPhone a likely target in 2008 by hackers who want to "be the first to hack a new platform." We wouldn't dare say that there won't be attacks on the iPhone's security holes next year and beyond, but we don't think users need to be scrambling to disable their data connections, either; Windows Mobile, Symbian, Palm OS, and everyone else have gotten along fine for years aside from the occasional malware blip on the radar that barely makes a splash and goes unnoticed by 99 percent of the world's users. Not to mention the fact that the opportunity to "be the first" to hack the iPhone has come and gone -- so to the hackers of the world who're thinking about diving into the wide world of iPhone hacking, may we suggest you put your brainpower to the forces of good, not evil?
iPod touch VOIP update: SIP signalization working
iPhone hacker eok writes to let me know that he and Samuel have gotten SIP registration and signalization working. They took a few mobile terminal shots, but the real work is being done via ssh. Samuel is working on connecting the audio in/out to the pjSIP. If you have iPhone or iPod touch coding skills and want to get involved in the project, connect to #touchmods on irc.undernet.org. It looks like most of the work will be done on European time. Oh, and if anyone is giving away free iPods to worthy developers? eok recommends that Samuel gets one first. He writes that Samuel has been the driving force behind the compilation.
MMO security irresponsibly bad, experts claim
MMO players have more to fear than simply kobolds and virtual super villains. According to several security engineers interviewed by TechNewsWorld, gamers face greater risks than many of them realize, as lax security measures on the part of publishers expose players to identity theft, malware, and potential hack attacks. And as persistent online worlds continue to grow in size, they only become more lucrative targets for online ne'er-do-wells. They attribute much of the risk to the fact that so much of the actual game software lies on users' home computers, and is not adequately shielded by firewalls and other protective measures.Unfortunately, the solutions posed by the so-called experts betray an obvious lack of experience with MMOs and the people who play them. They cite enterprise networks as an example of having the kind of network security that gamers need to ensure that they're protected from intrusive attacks... So they suggest that people play games from work to alleviate the risk. While I'm enthusiastic about such a prospect personally, I highly doubt that most employers are too keen on the idea of their employees logging in while on the clock and using up company bandwidth to grind for Sporeggar rep. They also suggest purchasing expensive security products, but that's not something I'd imagine most people haven't considered and disregarded already.A more prudent suggestion, though not one explicitly cited in the article, is to instead be extremely mindful of what kind of mods you download for your favorite games, and from where you download them. If you don't give hackers an open door to your system, than there's probably not too big a cause for concern, unless you're unlucky enough to have bought pre-hacked products.
PSP firmware upgraded to 3.72
Big news! Hackers have cracked the brand new PSP fir-- No, wait, sorry. We got our posts out of order. What we meant to say is that Sony has just released the brand new PSP firmware: Version 3.72. If you're interested, you can get the fresh new firmware through the PSP's "Network Update" feature.If you don't have a PS3 though, it may not be worth your time, as it seems like the only functionality it adds is expanded support for PlayStation Network titles. We'd bet there's some under-the-hood type stuff designed to thwart hackers once and for all hidden within though, if you're a glutton for futility.
Switched On: iPhone SDK won't chase hackers away
Each week Ross Rubin contributes Switched On, a column about technology, multimedia, and digital entertainment: The better part of a trade show keynote and six months of anticipation preceded the iPhone's launch, but a casual post on Apple's Web site signaled its relaunch as a platform supported by third-party native applications. Apple's attempt to protect the security of a wireless network by encouraging Web 2.0-based applications taking advantage of Ajax technologies could not realistically mimic the capabilities provided by native applications, at least without some way to provide offline functionality using developing technologies such as Google Gears. Furthermore, there were a host of utilities that have evolved on other smartphones (such as system-wide search or alternative input methods) that were beyond the scope of such an approach.So, come February, Apple will return to its PC heritage and extend its party to third parties. Developers get their iPhone. Users get their applications. And normally reticent bloggers emerge from their keyboards and podcasting microphones like woodland creatures after a storm, just a little more likely to share their timid opinions with the world. Unfortunately, the rationale of all iPhone hackers cannot be swept away as easily as a fingertip switches among open Web sites in the iPhone's Safari browser.
Switched On: Touched by a hacker
Each week Ross Rubin contributes Switched On, a column about technology, multimedia, and digital entertainment: I glanced at the clock, 1:36 PM. Perhaps I should not have gotten my hopes up. For weeks I'd been exchanging e-mail with an elite hacker who promised to speak with me about the latest attempt to free hardware from the shackles of manufacturers that bind it, sticking it to such companies by making their products more desireable. Just then, Skype lit up like a flaming notebook battery. It was the notorious hacker 5m0kNcR4K. A shadowy figure in the videoconferencing window spoke in a disguised voice. "I'm in ur Skype, grantin' ur interview. Do not try to identify me. By using advanced digital video effects, I have pixelated my facial image, put myself in silhouette, and added a big blue dot in front of my face." "What video effect makes it look like you have bunny ears?" "Oh, that's just a mask I picked up at Party City." "We could have just spoken by phone, you know. Or just used VOIP. Besides, I thought we were set to talk at 1 PM." "I thought 13:37 would be more appropriate."
iPhone: How many Hackers?
The iPhone appears to have an installed base somewhere upwards of one million units according to Apple's official numbers. A majority of those units have been sold to early adopters; that is people with a certain adventurous spirit, not just those who got to the story early. Some have been hacked by hand, others through tools like AppTapp. Hard data on the number of hacked units is indirect. I haven't been able to get in touch with "lg", the man behind AppTapp/Installer.app but I was able to talk to other developers: there have been over 70,000 Open SSH downloads and upwards of 600,000 unique visits to the SMXY repository this month. Since only a portion of Installer.app users will install SSH, that hints at a much bigger base. What is my best guess? I'm thinking conservatively that between 10-20% of early adopters have hacked their iPhones for third party software and that a similar number are unlocking their iPhones for non-AT&T service; and, no, I'm not sure what the overlap might be. Either way, I expect the software-hacks to plunge as we enter the holiday season where most purchases will be from less adventurous customers and the unlock percentages to rise as the iPhone hits Europe. Thanks to Shaun Erickson and Nate True.Update: The fabulous Drudge has uploaded a complete breakdown for his most popular hosted packages. In addition, he reports nearly 800,000 unique visits between the Conceited and SMXY repositories. Even taking EDGE into account, that's a lot of visits. "Kroo" lent his able assistance to the stats gathering effort.
Making the impossible possible: iPod Touch VOIP
One of the very first questions that popped into my head after hearing, during the liveblog last week, that the iPod Touch had wireless capability was how soon the hackers would get wifi VOIP running on it. Michael over at the Apple Gazette had the same thought, and he's even got a plan on how to do it-- if the iPhone's mic-enabled headphones work in the iPod Touch, we're golden.Unfortunately, I agree with what Erica said on the last Talkcast-- it's probably not that easy. But even she agreed that if someone can hook the dock connection up to a microphone, then we might be in business. Skype is already working (in some form) on the iPhone, and considering the iPod Touch and the iPhone are as similar as Apple says they are, the software shouldn't be a problem. Getting the audio in and out to the right places is where the trouble lies.But after everything we've seen come down on the iPhone, you won't catch me betting against the hackers. If there's a will, there's a way, and so if you really want to get your iPod Touch running wifi VOIP (like some kind of psuedo iPhone clone), my guess is that you'll eventually be able to do it.[ via Macenstein ]
'Speed' in a grocery store? FBI investigates telecommuting robbers
High-tech foreign criminals may have hacked into retail security systems in order to remotely monitor customers and employees in the course of at least 12 bold robberies in as many states during the past week, officials say. FBI agents are seeking an individual or group of conspirators who have been calling stores and banks from Texas to Kansas to Rhode Island on pre-paid, overseas cellphones and informing whomever picks up that a bomb will be detonated at the location if funds are not wired to a specific offshore account. What's more, the caller claims to have visual surveillance of the premises and proceeds to give certain accurate details about the environment -- in one case attempting to get a hostage to cut off another's fingers, and in another forcing everyone in the store to strip naked. CNN is reporting that at least $13,000 has been extorted so far -- though the total is likely much higher -- and that investigators are now pursuing a suspect in Portugal "who appears to be linked to the account number" that the money is being transferred to.Read- CNNRead- KPHO[Via Slashdot]
Nintendo teams up with customs to crack down on Wii modders
Hide away that soldering iron, Nintendo is on to you crazy kids. The company has issued a press release "in support of" recent raids by US Immigrations and Customs Enforcement agents, which executed 32 search warrants in 16 states to weed out those responsible for the distribution of "illegal modification chips." Apparently this is the largest enforcement action taken against video game piracy, and Nintendo has been working hand in hand with the Department of Homeland Security to pull it off. Since April, Nintendo claims to have seized more than 91,000 counterfeit (er, "backup") Wii discs globally. Of course, the whole issue of whether mod chips, when used harmlessly to enable homebrew and backups, should be illegal in the first place is still a sticky issue (the DMCA seems to frown on the idea), but it looks like if you are indeed trading in the illicit stuff, Nintendo and the fuzz are hoping to track you down for a little chat.Update: Looks like Wii modders aren't the only ones on the run. No console is safe!
Keyloggers 2, Blizzard employees 0
There was a weird development on the keylogger front tonight, as Blizzard community managers Drokthul and Nethaera apparently got their accounts hacked and started posting keyloggers on the forums. And of course, because Blue posters are assumed to be trustworthy, many people clicked the links. I personally thought the whole thing was a photoshop hoax until I read Tyren's comment, "Folks, we're definitely dealing with the issue at hand with the greatest amount of speed and care. We always appreciate our community's support when it comes to alerting us about key loggers on the forums and we hope you'll continue to do so. This is a good chance to remind our players to always check a URL before clicking on it." It sounds like Blizzard is taking this seriously. Eyonix later noted that he kind of enjoyed banning his coworkers. Hopefully, this will help Blizzard finally do something about the keyloggers and hackers infesting this game. While I realize that it's our own responsibility to keep from getting hacked, if two Blizzard employees can get logged, it can happen to just about anyone. I clicked a keylogger link once myself, back before they became so common on the forums, but my antivirus program caught it before it could do any harm. As Eliah posted, Blizzard is considering disabling links on the forums. While this may cause many to miss the many new "hot sex girls" and "Ashbringr secrits" that are posted on the forum daily, it may be a risk we'll have to take.
Sony vows legal action against hackers and pirates
SCEA has declared that they will "actively pursue" legal action against hackers that attempt to crack the PS3 anti-piracy software. This announcement arrives just after recent news that hackers were close to completely cracking the PS3 anti-piracy software found in firmware versions 1.10 and 1.11. Their progress on the crack would allow pirated PS3 games to boot, but they still were not playable. The homebrew community is also still waiting in the wings, as even this latest attempt still prevents any type of homebrew gaming on the PS3 console. Obviously, SCEA hopes to stalwart further progress and deter hackers from completely subverting the anti-piracy measures completely, because saying "please" just doesn't carry the same weight as legal action. Dave Karraker, SCEA spokesperson says, "the best we can do as a company, is to make our security that much stronger and aggressively pursue legal action against anyone caught trying to use an exploit in an illegal manner." The pirates who want to burn and run copied PS3 disks? Yeah, they're bad. Bad, bad. Spankings all around kind of bad. And if you're thinking of doing it, you shouldn't. Go find someone to deliver a spanking for even thinking such thoughts. On the homebrew front, we're kind of indifferent. Now, we're stepping out on a very thin limb here, but maybe, just maybe if Sony was a little bit more organized in lining up a steady stream of content for thirsting PS3 owners, we wouldn't have hackers so interested in cracking the PS3 for homebrew. What do you think?
Windows update software used to compromise security
After you've done the delicate Windows Validation dance, but before you actually get the latest automatic update, there's a background component running in Windows called BITS (Background Intelligent Transfer Service), tasked with acquiring the key updates that keep your system protected. So you can imagine how security analysts are very interested by Elia Florio's (of Symantec) new paper, outlining security compromises bypassing firewalls via BITS -- but there's a catch. BITS itself isn't compromised, per se, it's just a content acquisition service for Windows. In other words, your machine already has to be compromised for BITS to bypass your firewall; this kind of hack just helps whichever Trojan / worm / virus you've become infected with acquire more software components to aid in its intrusion. So the next time your mom or dad sends you bits-hack-RUN-ME.exe, think twice.[Thanks, Philip]
WEP security gets busted yet again
It's no secret that WEP isn't quite the cat's pajamas anymore when it comes to WiFi security, but the aging protocol is still used in a good many networks -- 59% in a recent survey of a large German city -- and has just been hacked beyond repair by a few security analysts. Back in 2001 when WEP was originally hacked, it took around 4 million packets of data to crack a security key. Later hacks have managed to use significantly less packets and hack a system in minutes. However, a recent development by the folks at Darmstadt University of Technology in Germany have managed to extract a 104-bit WEP key in three seconds, using a 1.7GHz Pentium M processor. It takes under a minute to collect the necessary 40,000 - 85,000 packets of data, and the hack could potentially be carried out by a strolling cellphone or PDA user. The obvious move is to switch your network to WPA, but if you've got old school hardware holding you back, there are a few security programs that can foil the attack on WEP -- for now.
Hackers get AppleTV running WoW
Reader Randomdruid sent along this tip that might interest you if you've picked up Apple's new AppleTV set-top box (I'm too busy working on Sha'tar rep to watch TV, but our good friends at Engadget and TUAW have been doing almost nothing but since the thing came out). Apparently, hackers have already gotten WoW up and running on it.It's not too big a deal, since I'm pretty sure the box is running a specialized version of OS X anyway, and of course WoW runs on that. The guys at Tutorial Ninja have worked up detailed instructions on how to get any number of applications working on the AppleTV (including Firefox and Centerstage, the open source Mac media center). Scroll down to the middle of the page there, and on the list of "confirmed working apps," you'll find World of Warcraft.But there is one catch: it looks like pretty much everything has to be installed onto the hard drive by plugging it into another computer. So not only will you have to crack open your pretty new AppleTV, but odds are that you'll have to somehow run WoW from a text interface. And I don't know how you'd actually play it even if it is running-- one of TN's goals is to "get USB working so people can play WoW comfortably." So it's not as easy as throwing the WoW disc in and jumping into Azeroth.Of course, if you're someone with the time and talent to do all this, you're probably not playing WoW anyway. But if you've got an AppleTV and are already cracking it open to put all the other cool stuff on it, it's good to know that you have the option to get WoW running on your TV screen. Now all we have to figure out is how to get WoW on the iPhone...
Hackers attempt to break the internet, fail miserably
Alright folks, you should all be well aware by now that the internet ain't nothin' to mess with, but apparently a few folks in the South Korea area have just learned that the hard way. In what is being called the most severe attack on the web since the barrage of 2002, the same 13 "root servers" were targeted within the past 24 hours in a presumed attempt to disrupt global network traffic. Hackers were able to "briefly overwhelm" three of the 13 computers managing virtual thoroughfare with a series of "powerful attacks lasting as long as 12 hours," and while even the Homeland Security Department confirmed that it had witnessed "anomalous" internet traffic, most of the digital world hummed along without a care. Motives for the attack still aren't clear, but initial reports are suggesting that extortion of data or other malicious intent is probably unlikely, and what's more probable is a few folks trying to disguise data coming from South Korea were just having a bit of frowned-upon fun. Now, who else in the world thinks they can single handedly dismantle the internet?
Hackers enable GPS on HTC Trinity
It seems like nowadays, a hacker's work is never done and with a little time and know-how, anything is possible. Does everyone remember when the HTC Trinity first appeared on our radar? It had all the makings of a great one less being shipped with the GPS receiver in a dormant state. Lucky for us all it took was a few well-skilled hackers and some determination to come up with how to enable it. Looking at the instructions, seems like a pretty simple procedure. If anyone is brave enough to try it, drop us a line and let us know the outcome. [Thanks, Chymmylt]
Apple modifies Public Source License to thwart hackers
The InsanelyMac Forum has a post concerning an apparent modification Apple made to their Public Source License, the license that guards the open source portions of Mac OS X such as its Unix kernel, called Darwin. The changes the InsanelyMac Forum cite seem to have been made to set up another roadblock for those who are trying to hack Mac OS X to work on non-Apple hardware, though Apple's site for the license say the latest version is dated August of 2003. Semantics aside, the changes quoted in the forum reflect the application of another fine-toothed comb to what users are not allowed to do with the source they download from Apple's site. Too bad; with Vista receiving mixed reviews, I'm sure Michael Dell would still be interested in offering customers a better choice.
