hacking
Latest
VHS casette hacked into USB drive? Yes, please
Don't bother asking questions, just admit to yourself that you really might want one (if not several) of these. Using very few materials, you can make yourself a USB storage device which looks just like a VHS tape with a giant wire sticking out of it! It's not a terribly complicated affair -- connecting the USB cable to a thumb drive inside the tape, some simple circuit board wiring -- and presto! If you're willing to spend three or four hours and around $10-15 a pop, you could finally make use of your lonely, disused 227 collection. Check out an informative, educational video of the process after the break.
You wouldn't like Aventurine when they're angry...
Aventurine smash! Well, they smash people who attempt to impersonate GMs and cheat in their game, at least.Over at Hardcore Casual, Syncaine has put up a post discussing Aventurine's hardline attitude to players in their game, Darkfall. The company has already said, straight out, that they will ban players for an offense like attempting to impersonate a GM or cheating in their game. No warnings, no temporary boots, we're talking a full ban on the first offense.What is unclear, from the perspective of a player, is how well Aventurine is implementing their own policies. From one player's perspective, it seems that the GMs are certainly on the ball and are dealing with people who attempt to use joke names. But as to how many people may have been banned by Aventurine's staff? Well, that's an unknown number that most likely will never be released outside of the company.Even so, a hardline stance like the one Aventurine is taking isn't seen very often in MMOs. Companies worry about alienating their player base with moves such as those.Interested in the full post? Check it out over at Hardcore Casual.
How to make the most of your hotel television
We've covered a number of newer hotel chains that actually recognize the importance of delivering HDTV programming and HD VOD to guests, but for the vast majority of places still living in decades past, there's Gadling's latest how-to guide. If you're sick and tired of checking into hotels with ancient TVs and lackluster programming, there actually are some options. For one, it's always smart to carry a bit of media on a PMP and bring along every connection cable you can imagine. Furthermore, those with Slingboxen and other place-shifting solutions can usually pipe their content from laptop to TV with the right connections. If you're looking to get schooled in the ways of good travel, hit that read link and open wide.
Australian ratings board website now classified as 'hacked'
The website for the Office and Film and Literature Classification, the Australian ratings body that assigns age-based content ratings to media -- including, most importantly to us, games -- has been hacked by jerks. The website has been temporarily taken down.The hackers added a message to the front page that said "This site contains information about the boards that have the right to CONTROL YOUR FREEDOMZ," according to GameSpot. "The Classification Board has the right to not just classify content (the name is an ELABORATE TRICK), but also the right to DECIDE WHAT IS AND ISNT APPROPRIATE and BAN CONTENT FROM THE PUBLIC [sic]." The attack could be in response to last night's ABC Q&A show, in which Minister for Communications Stephen Conroy spoke about a plan for mandatory Internet filtering.While we don't necessarily agree with that plan, we really don't agree with any response that leads to the inaccessibility of the OFLC website. Did the hackers even consider for a moment how their actions would affect our ability to learn about unannounced games?
Guardian talks to Chinese goldsellers and UK buyers
UK paper The Guardian has a look at what life is like at a Chinese goldselling company. It's interesting, but we've basically seen it before -- the small room of young people working almost 24/7 to make and deliver gold in-game, the concerns about worker livelihood and the supposedly large amounts of money going through these businesses (there's one figure quoted of £700m, which is about $980 million, but that's an estimate -- no one really knows how much these companies are making).But what's really interesting about this piece is that it seems to treat goldselling as more of an "opportunity" than anything else. The people running the companies are making money, the employees are getting a roof over their head and a steady paycheck, and even the guy making the film talks about how governments should start taking a cut of this industry. Nowhere is it actually mentioned that Blizzard considers these companies to be against the terms of service, or that many times the gold obtained by these companies isn't earned through simple grinding, but by hacking, keylogging, and exploiting. Even if (emphasis on the if) these companies are making millions of dollars a year, they're stealing accounts and cheating in-game to do it.Rowenna Davis also did interviews with both the gold farmer and a player in the UK buying money from him (bannz0red?), but again, there's no insight at all from the player whose account was hacked and bank was looted, or the player who is able to earn as much gold as they need and have a life outside the game (there are plenty of those to go around). Would have been nice to see the issue from players who aren't actually breaking the game's terms of service.Thanks, Bryn!
Markee Dragon taken offline, MMOwned moving
We've received an interesting report on the WoW Insider Tip Line today. Two large World of Warcraft hacking and account trading websites, Markee Dragon and MMOwned, are offline. Article Update: According to MMOwned, they are moving servers, which is the reason their site is offline for some.Attempts to reach the sites prove unsuccessful.This is a good thing for everyone that wants to have a more legitimate gameplay experience in WoW, as both of these sites actively encouraged people to exploit bugs, break the ToS, and do all other sorts of tom-foolery that destroyed the game for legitimate players.Our tipster mentioned that these sites were taken down in part by action taken by Blizzard, however we don't have any proof of that.I've selected the angry baby picture for this article, since that's how the exploiters and account traders are feeling right now. Buh-bye.
Rumor: Band of Brothers breaks apart in EVE, GoonSwarm responsible
var digg_url = 'http://digg.com/pc_games/Band_of_Brothers_breaks_apart_in_EVE_GoonSwarm_responsible'; One of the oldest and best known alliances has broken apart in EVE Online today. Band of Brothers (BoB) has disbanded, or been disbanded, under circumstances which have not fully yet come to light. Band of Brothers is well-known for their role in "The Great War" in EVE for their fierce opposition to GoonSwarm alliance and their allies over the years. Through that war they claimed such firsts as the first Titan ship kill through their conflict with Ascendant Frontier, and have been well-known amongst the media.Current rumors suggest that this was a GoonSwarm infiltration, but as of this posting this is unconfirmed. Multiple sources suggest that a director of the alliance has defected to GoonSwarm, stealing billions worth of assets, and compromising the sovereignty that Band of Brothers had previously established.Massively.com will keep you up to date as more information is known about this major EVE event.Update: GoonSwarm has released a audio file (NSFW), allegedly explaining what happened. This account is still, however, unconfirmed.(Thanks, Six Strangelove!)
PlayStation 3 used to hack SSL, Xbox used to play Boogie Bunnies
Between the juvenile delinquent hordes of PlayStation Home and some lackluster holiday figures, the PlayStation has been sort of a bummer lately, for reasons that have nothing to do with its raison d'etre -- gaming. That doesn't mean that the machine is anything less than a powerhouse -- as was made clear today when a group of hackers announced that they'd beaten SSL, using a cluster of 200 PS3s. By exploiting a flaw in the MD5 cryptographic algorithm (used in certain digital signatures and certificates), the group managed to create a rogue Certification Authority (CA) which allows them to create their own SSL certificates -- meaning those authenticated web sites you're visiting could be counterfeit, and you'd have no way of knowing. Sure, this is all pretty obscure stuff, and the kids who managed the hack said it would take others at least six months to replicate the procedure, but eventually vendors are going to have to upgrade all their CAs to use a more robust algorithm. It is assumed that the Wii could perform the operation just as well, if the hackers had enough room to spread out all their Balance Boards.[Via ZD Net]
Internet Explorer exploit targets game passwords
Is anyone still using Internet Explorer on a computer where they have control of the software? The browser is so targeted and so flawed, and there are so many worthwhile and free alternatives that it's almost silly to continue using Microsoft's monster of a browser. But if you still are, watch out -- the BBC says that Microsoft has announced another vulnerability, and this time it could be used to obtain "game passwords," like your account information for World of Warcraft.The good news is that, like most virus scares (ever notice that all of the virus warnings come from companies that happen to make their money on antivirus software? In this case, it's Trend Micro, spreading as much FUD as they can), this warning is probably overblown -- even if you are using a browser full of holes like IE, you have to wander off your beaten path of trusted sites to get in trouble. So don't click random links or follow spambait on the forums or in your email, and you'll probably be fine. But again, installing and using another browser is so easy (and will help you so much in the long run) that you might as well give up IE anyway.Thanks to everybody who sent this in! And yes, I used the old login screen for this post's picture. But don't you kind of miss it?
SOE's advice on keeping your account safe from theft
We can't stress it enough, but most account theft is preventable. Whether you've let your significant other borrow your account for a day, or your password is "12345", just like it is on your luggage, you've probably had a hand in your own account's demise in one way or another.Over at SOE, they're trying to make the whole process a bit smoother by informing players on the dangers of account theft and how serious it can be. They've heard the stories of emptied guild banks, disbanded guilds and stripped characters, which they say is often the direct result of sharing account information. Check out the entire article for more of their tips and recommendations for keeping your account safe, and making their job a bit easier....And change the combination on your luggage!
iPhone hackers achieve a milestone: Linux boot
Call it the Touchable Penguin. OK, the touchscreen drivers aren't there yet, but the simple, scrolling shell output of a Linux kernel running on the iPhone represents a big achievement for the iPhone Dev Team and dev lead 'planetbeing.' The build is far from complete -- no wireless networking, no sound, no writeable support for the NAND flash memory -- but it's still very cool, and the effort involved was substantial (the team had to reverse-engineer the iPhone's boot loader so they could write their own). Having a working Linux kernel on jailbroken iPhones and iPod touch handhelds might seem frivolous, but imagine the ability to run other touch phone OS platforms on top of an iPhone (like, perhaps, Android)... very tempting. You can see more of the rationale behind the Linux-on-iPhone project here, or you can skip to the second half of this post to see the video. [via Engadget & Erica]
Open source "Game Boy" has five awesome parts, zero games
The Arduino-based, DIY GamePack is sort of like the Mignon Game Kit we saw in 2005, but it definitely looks much, much radder. For a mere $249.93, all the necessary parts -- CPU, "Inputshield" customizable, vibrating controller / button component (say, for right or left-handed configurations), "TouchShield Stealth" OLED display unit, and "MeCap" lithium battery pack -- can be yours. Once you've cobbled it together, of course, the real fun begins -- it's pretty much a blank slate with little more than code for a color-changing dot to start with, so if you want to play any "games" on that new "Game Boy" of yours, you're going to have to write them yourself. See a video of the device in action after the break.[Via technabob]
Princeton publishes how-to guide for hacking Sequoia e-voting machines
If you're American, it's nearly time to do your civic duty and pick the lesser of two evils for the greater good... and then to wonder if that vote actually got counted. With Diebold admitting its own machines are utterly insecure, competitor Sequoia is now under the microscope and, after a little quality time with the company's machines, Princeton researchers have filed a 158 page report on the ease of replacing their ROMs and winning yourself an election. Okay, we know what you're thinking: "Hacking hardware isn't exactly easy when the computer is in a locked box." Amazingly, it is. A researcher was able to bypass the physical security mechanisms in 13 seconds, despite never having picked a lock before. Now you're thinking: "But you'd need to do that on hundreds of them!" Not so; once infected that malicious code can spread itself to others, and, with no paper trail and an easily bypassed internal audit system, you're well on your way to whatever dark corner of Washington, D.C. you care to occupy![Via Ars Technica]
Superthreats: Outlaw Planet and Generation Exile
Outlaw Planet Superthreat"In 2019, the mobile internet and sensor networks we rely on to hold our societies together are being hacked, griefed, and gamed."The effects of technology turned against us impacts the democratic process, social networks, and every institution connected to the internet. Sophisticated criminal groups employ 'transparency bombs' in online banking attacks (and "World of Starcraft" players no less). The target financial institutions are major players in the virtual currency market, but the issues resulting from this undermined security affect private citizens as well as the banks.Superstruct Challenge: How can we come together to secure our assets, both real and virtual?
WoW Insider interviews Blizzard on security
Big concerns require authoritative answers, and to get those, you often have to go to the top. That's what our friends at WoW Insider have recently been able to do, getting answers straight from Blizzard, the masters of World of Warcraft. As issues go, it's pretty damn big: not concerns about class balance or content, but about the basic security of your account, the protection currently being provided against hacking, and what the Authenticator key actually does.Blizzard, who actively sought an interview with WoW Insider following a (since contested) report of a customer allegedly having his account hacked while using one of the new Authenticators, explain the specific steps the technology takes to ensure security. They also address player concerns about how reliable the Authenticator is. The bottom line: '... we have no verified occurrences of an account being compromised that has a Blizzard Authenticator attached to it.' The full interview can be read at WoW Insider.For those that don't know, the Authenticator is an optional item (now available through the Blizzard store) that adds an extra layer of security to one or more World of Warcraft accounts. 'It supplies a random digital code that must be entered at login, providing an additional layer of security to help prevent unauthorized account access. Each code is valid for a limited time and can only be used once, so the Blizzard Authenticator must be in the possession of the account holder to log in to the account.'
PS3 backup hack kinda clarified, still kinda sketchy
There was (and still is) plenty of buzz surrounding StreetskaterFU's recent hack that enabled Blu-ray games to be played back from the PlayStation 3's internal hard drive, and now it seems like details are beginning to seep out. Fellow hacker ATOC has released an admittedly sketchy step-by-step guide for getting a number of backups to boot from the PS3, though it has only been thoroughly tested on Warhawk and Call of Duty 3. Hit up the links below for instructions, but think long and hard before you make any irreversible decisions and come dangerously close to destroying the universe.[Thanks, Bob]
Unloved e-voting machines cluttering warehouses, losing value fast
Just as the world's landfills could soon see an influx of unwanted televisions, many American warehouses are packed with e-voting machines that once held promise for a better way to vote. Instead, they turned into a multi-year fiasco, with hackers figuring out how to do everything save for their income taxes on 'em and states reverting back to less vulnerable methods. Now, many states are scrambling for ways to recoup costs, even for outlets that will take them in for recycling. Oddly, Ohio cannot ditch the systems it purchased until a couple of related lawsuits get dealt with. The result? Buckeyes will probably still be using e-voting machines come November.[Via Slashdot, image courtesy of BradBlog]
Authenticator failure revisited, Blizzard responds
We created a lot of waves with this post about Blizzard's Authenticator key allegedly failing -- as you know if you've been listening to the podcast, lots of people have emailed us with their own input on the situation, alternately thanking us for making it known that the Authenticator wasn't 100% secure, and lambasting us for being "ignorant" about how Blizzard's security token works. At the base of the story, there are two things we know are true: that someone was using the Authenticator on their account, and then was subsequently hacked. For that reason, we've stood by the "Authenticator fails" story -- while having an Authenticator on your account is a helpful line of defense, it, like all other computer security measures, isn't a 100% guarantee against getting hacked.Most people agree on that. Where opinions differ are in how the account was hacked -- originally, we and a few other sources speculated that the Authenticator had been somehow removed from the account in question. But now Belfaire has responded (we believe to the incident in question, though a link to our story was removed from the original post), and says that as far as he can tell, the Authenticator was not removed from the account. In fact, after the password was changed back, the Authenticator's serial key was asked for and given, so the Authenticator remained attached to the account the whole time.Of course, that just leaves the most important question: how did the account get hacked? We've heard all kinds of various insights as to how the Authenticator works (it only lasts for 60 seconds, supposedly each key can only be used once, so there's no way a keylogger could nab the Authenticator code and reuse it), but the fact remains that the person we're talking about was using the key, and still got hacked. One hack out of all the Authenticators sold so far is a terrific record, and could prove that, statistically, an Authenticator is good as 100% security. But the fact remains that this person got hacked while using the key (however it was done), and if security can be broken once, it will be broken again.
Nintendo files suit against five DS hacking firms
"Touching is good," but hacking? Not so much. Nintendo has gone on the war path against five Japanese companies that make their living helping users rip off DS games. Of course, a primary use for such hardware -- such as the R4 Revolution, pictured -- is homebrew and emulation, but good luck convincing Nintendo (or any large console manufacturer) of that. Details of the actual lawsuit are slim, but Nintendo has brought along with it 54 Japanese software makers to lend a bit of gravitas to the suit. If you haven't managed to hack your DS yet, now might be a good time to score the requisite hardware -- we might be facing a scarcity before too long.[Thanks, Michael]
How to reveal blocked caller ID info: a video guide to risky behavior
Let's say for some reason someone has his or her caller ID blocked and is calling you all the time. Let's then say you really want to know who that person is for, you know, whatever reason -- not that we'd know anything about that. Some crafty phreaker types have come up with a way to do this using an enterprise-spec asterisk box and a SIP trunk provider. In a demonstration video, a hacker tweaks said asterisk box with some new configurations to strip out privacy flags, forward the call to another number, and ultimately reveal caller ID information which, surprisingly, is still available. This isn't meant to be easy, but if the terms "prepend," "SIP trunk," and "asterisk box" don't scare you away, go ahead and watch the video after the break. Big disclaimer: we're not responsible for your broken gear, jail time, or restraining orders.
