hacks
Latest
Today is Hardware Freedom Day, go learn how to build stuff
Looking for something to do on a lazy Saturday? You could always learn a little more about Open Hardware initiatives. Today, March 15th, is Hardware Freedom Day -- an annual celebration of open-source gadgetry and unrestricted hardware collaboration. The Digital Freedom Foundation created the event in 2012 to promote the idea of Open Hardware and give local hackerspaces a chance to interact with their communities. Local events are being hosted on almost every continent, exposing everyday folks to fabrication tools, Arduinos, Rasberry Pi hacks, 3D printers and more. Check out the official website at the source link below for details and event locations.
Blizzard update on dangerous Trojan
WoW Insider reported recently on a dangerous Trojan that was, at the time, not removable by any known antivirus program. Vigilance was advised by the Customer Support agents, and logs from anyone who was affected by the Disker trojan were requested. Thanks to the hard work of the Blizzard Support MVPs, a solution has been found. Kaltonis Our pleasure! To summarize for those of you that haven't read the green posts: -The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website. This site was popping up in searches for "curse client" on major search engines, which is how people were lured into going there. -At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. Should you still have issues, there is a more manual method that Ressie posted earlier in the thread. -Thanks to Ressie's efforts, most security programs should be able to identify this threat shortly, if not by the time I type this. -If you were compromised, follow the instructions here and we'll do our best to set everything right (as we always do). -For those of you interested in these MitM style attacks, this is the only confirmed case we've seen in several years outside of the "Configuring/HIMYM" trojan in early 2012 that hit a handful of accounts. These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe! source
Hackers reverse engineer Wii U GamePad to stream from PC (video)
Thought using the Wii U GamePad as a simple PC controller was a neat trick? Try this on for size: a small team of hackers has figured out how to stream PC games to the tablet-esque controller natively, circumventing its host console. The hack was shown this week at the 30th Chaos Communication Congress, where the group revealed how it reverse engineered the GamePad controller. After weaving a complex tale of dumped firmware, decoded video and buggy streams, the team showed a simple drawing app streaming from a laptop to the Wii U GamePad. Impressive? Sure, but the crowd didn't erupt into applause until they booted up a Gamecube emulated session of The Legend of Zelda: Wind Waker. Despite some crashes, the demo appeared to be fairly playable -- though the team warns that the available code is aimed primarily at developers. The group eventually plans to build user-friendly tools for Windows and OSX, as well as an Android port designed to allow users to substitute the Wii U GamePad with their own tablets, streaming from the console to the slate of their choice. It's not quite ready to replace your NVIDIA Shield, but the project is brimming with potential. Check out the presentation's slides at the source link below, or read on for a video of the hack in action (the fun starts about 47 minutes in).
WoW account thieves get fines, two-year prison sentences
WoW Insider reports on a group of 10 Chinese men who have received prison sentences for their roles in a World of Warcraft account-stealing scheme. The group compromised 11,500 accounts, some of which were purchased for $1 a piece before being emptied and having their virtual contents resold "for an average of $3 per account." The group's ringleader was found guilty and slapped with an $8,000 fine as well as two years of jail time, while his accomplices received $1,000 fines and "just under two years in prison."
Getting a 27-year-old Mac Plus onto the web
Released in early 1986 with a whopping 8 MHz processor and 4 MB of RAM, the Mac Plus doesn't have the makings of a machine meant to browse the web. But that didn't stop Jeff Keacher from amping up his trusty 27-year-old Mac Plus in an effort to get it up and running on the modern-day internet. With fascinating and precise detail, Keacher describes the inherent and head-scratching hurdles that arise when trying to modernize a computer that was released during the Reagan administration. In doing so, Keacher takes us down memory lane to a time when the Mac OS was still categorized by a single digit. To accomplish my goal, I needed a web browser, a TCP/IP stack, and some way to connect the Mac to my home network. The web browser was relatively easy to find thanks to guys running long-forgotten FTP sites in the dusty corners of the internet. MacWeb 2.0 was both old enough to run on my Plus and new enough to render HTML and speak HTTP. Sort of. But we'll get to that in a minute. ... Getting the Mac physically hooked to the network was a bigger challenge. The Mac Plus didn't have an Ethernet port, and things like WiFi were years from being invented when it was manufactured. A couple of companies made SCSI-to-Ethernet adapters about 15 years ago, but those were rare and expensive. I thought about the problem for a while, and it occurred to me that I could channel the early days again: I could use the serial port and PPP or SLIP to bridge to the outside world. Like dialup without the modem. With a little bit of coding, along with some software and hardware tinkering, Keacher was impressively able to get his Mac Plus up on the web. You can check out the full details behind his efforts over here. It's well worth checking out, if only to see how contemporary websites render on such an old machine.
TUG suffers from DDOS attack
"Relentless" attacks against fledgling sandbox TUG are being addressed by the team and its security measures, Nerd Kingdom wrote in a forum post yesterday. Players noticed something wrong when they couldn't log into the game yesterday, and a developer confirmed that a DDOS attack was in the works and was being combated. She said that there is no ETA for a fix but that players who have applied for testing keys need not worry about losing theirs due to the issue. "Yeah, the attacks started during the weekend and they've been pretty relentless. Luckily our security measures are working. We just need to do some tweaking now," developer Dee posted. "While it sucks that it's happening, it's better to have these things happen now, while we're in the alpha stage when stuff's supposed to break, than later when it might've been much more of a problem to iron out." [Thanks to Sounder for the tip!]
Apple TV hacker discovers how to add custom sites on older firmware
David Schuetz, an Apple TV hobbyist, has been exploring some interesting behavior on pre-iOS 7 Apple TVs. After a bit of hacking, he discovered a way to enable an Add Site feature. This feature opens the possibility of adding custom sites to the Apple TV menu, letting him hook up a Raspberry Pi media server to his ATV. [The iOS 7-equivalent build of the Apple TV OS, released in September, is version number 6, as the ATV is a version number behind the iPhone and iPad. This hack works on v5.x and earlier-build Apple TVs. -Ed.] He wrote up the details of his discovery on his company website and posted a Github repository containing a talk he recently gave on the subject. Although Schuetz points out the hack does not require a jailbreak, this approach is not suitable for either the weak of heart or (currently) those who have upgraded to the latest Apple TV firmware. Although I suspect the Add Site button is meant for Apple's internal development team and not planned for eventual public use, it's pretty cool stuff. A video demo follows.
How to create nested folders on iOS 7
Nested folders (or, folders within folders) are one of the most useful features of iOS 7. Unfortunately, it's more of a glitch than anything Apple intended to include, so there's no official guide from Apple on how to do it. But don't worry; we're here to help. Placing folders within folders is a fantastic way to clean up your home screen, and it can be a godsend if you want to send unwanted, undeletable apps into a dark, unseen corner. Here's how to pull it off: We'll start with these four apps, but you can use absolutely whatever apps you want. 1. First, we combine two apps to create a folder, and then combine the remaining two apps to create a second folder. 2. Now, hold a finger on one of the folders so that it becomes grayed out. 3. As soon as it does this, press the Home button twice to bring up the multitasking menu. This trick will not work if the apps begin to wiggle (when they enter the organization mode) before you hit the home button. You have about a half a second to get this right. 4. From the multitasking menu, click on the home screen. You should see the folder icon remains enlarged and grayed out, and also that the folders are now wiggling. 5. Now, click the destination folder (the one you want to add the first folder to). You should see the icon of the first folder hovering above. 6. Now, click the home button once. Ta-da! You now have a folder within a folder. The best part is that these folders work flawlessly, and you can navigate through them, launch apps from within them and remove apps just as you would otherwise. You can use this trick to further nest additional folders, and I've been able to create five folder levels before eventually stopping, though I'm pretty sure you can just keep going until you get bored. This glitch was first noticed during the iOS 7 beta, and though I'm sure Apple is aware of it, they haven't taken any steps to correct it, and as of the current iOS 7.0.1, it still works perfectly. In fact, during the beta phase, any nested folders you had created would reset to the home screen after a device restart, but that's been changed, leaving all nested folders in place when the phone is power cycled. That said, the company could squash this at any time, so if you really fall in love with nested folders (as I have) take care before updating. Update: How to add apps to already nested folders You can add apps to already nested folders very simply, though it's slightly more complicated than just dragging the app to the folder. First, highlight the app you wish to move by holding your finger on it and then immediately double-tapping the home button, just as you did in Step 3 above. Now, from the multitasking menu, click on the home screen. Then, click on the first folder (the one holding the nested folder you want to move the app to), and then click on the nested folder. Once inside the nested folder, click the home button once and the app will relocate itself. Easy!
League of Legends compromised; North American accounts and transactions accessed
Riot Games has just issued a letter to League of Legends players revealing that North American account information has been compromised by hackers. According to the message, usernames, email addresses, "salted password hashes," and real names were accessed. Riot insists that password information is unreadable but that players with easy-to-guess passwords might be at risk. Also accessed were hashed and salted credit card numbers from around 120,000 transactions made in 2011. Riot noted that the payment system in question has not been used since July of 2011 and that it is "taking appropriate action to notify and safeguard affected players." If your information was affected, you will receive an email from Riot. All North American players will be required to change their passwords "to stronger ones that are much harder to guess." In the meantime, keep an eye on your accounts for any suspicious activity.
DevJuice: Third-party MobileDevice framework debuts
It is way early days yet, but the SDMMobileDevice project is now available publicly on github. Meant to provide an open-source, public alternative to Apple's private MobileDevice framework, this OS X project enables you to detect attached iOS devices and communicate with them. With it, you can query connected devices for their software and hardware configurations, communicate with services, access sandboxed applications and perform file transfers and application installations. Developer Sam Marshall is hard at work at toughening up the codebase (it's still early alpha) and providing a more intuitive, delegate-based Objective-C approach to using it.
Club Nintendo Japan hacked
Japan's Club Nintendo service was hacked following thousands of unauthorized accesses across the last month. Nintendo announced that an internal investigation confirmed just under 24,000 illegitimate logins between June 9 and July 4, from over 15 million attempts. As translated by Kotaku, Nintendo said customer information compromised in the attack includes full names, phone numbers, and home and email addresses. Happily, the service doesn't hold credit card information. Kotaku notes the attack is apparently limited to Japan's Club Nintendo, and other countries don't seem to be affected. Unsurprisingly, Nintendo is strengthening Club Nintendo's security as a result, starting off with making users' old passwords invalid and requiring them to make new ones.
Make an SSB with Chrome on the Mac
A site-specific browser (SSB) is a great way to "package" a web app you use every day into a dockable, clickable app that maintains its own cookies, settings and preferences versus your everyday web browser config. On the Mac, the easiest way to make an SSB is via the handy Fluid app, which supports independent prefs in its paid version. Chrome's preliminary "packaged app" support, which will take the SSB concept to the next level, has been supported via dev builds on Windows and Linux since the beginning of the month; you can get a sneak preview of the App Launcher on the Mac, but actual packaged app support is still TBD. If you love the Gmail-savvy simplicity of Mailplane, but can't quite get around the price tag, you might consider an SSB for Gmail, which gives you some of the same functionality. Unfortunately, Fluid builds its SSB support on top of Safari and Webkit, which means your SSB won't be quite as Gmail/Google Docs-savvy as it would be if you were using Chrome. (Try printing a font-heavy Google Docs file from Safari.) There is a way out of this pickle: build an SSB using Chrome as the underlying engine instead. With a quick script and a few Terminal tweaks, you can make a double-clickable fresh Chrome SSB that keeps its own profile well clear of your normal settings. Don't like shell scripts? The CreateGCApp utility packages up the script and does all the work for you. Having a separate instance/SSB of Chrome is particularly handy if you have trouble with Gmail's multiple-account support in your regular browser, as sometimes can happen if one account uses single sign-on via a third party. Once upon a time, you could make SSBs with Firefox via Prism, but that project has been left to wither on the vine. [via Lifehacker & Bracken King]
Timed command-line screenshots
A TUAW staffer recently asked if there were a way to snapshot the exact same region of the screen over and over at timed intervals without buying third-party software. There is, but it depends on your comfort with the command line. If you're experienced in Unix scripting, read on. If not, you may want to investigate standalone screen-capture apps instead. I pointed him to /usr/sbin/screencapture. This built-in OS X utility allows you to specify a screen region to capture. For example, to capture a 50x200 rectangle starting at the point 200, 200, you'd say: % /usr/sbin/screencapture -R"200,200,50,200" ~/Desktop/foo.png You can easily apply a Unix shell script to create numbered output files. Unix commands will also enable you to sleep and repeat the capture requests over time. The utility is Retina-ready. Since it captures in points (and not pixels), the results are twice as big in each dimension when run on Retina systems.
Prosecutors laugh last, Lulzsec hackers sentenced
The Lulzsec hackers responsible for a string of 2011 cyber attacks that targeted game companies including Sony, Nintendo, Epic, Bethesda, and Mojang have been sentenced to jail time. Gamespot reports that Ryan Cleary, Jake Davis, Mustafa al-Bassam, and Ryan Ackroyd pled guilty last month. The BBC says that the men could also face extradition to the United States due to various indictments. Lulzsec targeted a number of high profile corporations during the summer of 2011. The attacks resulted in Sony Online Entertainment MMOs and Sony's PlayStation Network going offline for several weeks.
You probably can't leap over this six-foot homemade Piranha Plant (nor should you try)
We'd probably say something like, "I always thought it would be cool to build a giant fire breathing piranha plant," and then promptly forget about following through. Also, hey, that sounds dangerous! Hack-a-day's Caleb Kraft, however, doesn't allow silly things like fear of seared human flesh get between him and his dreams. (This is the same man who created an incredible Portal gun, in case you forgot the name.) Kraft created a six-foot tall, fire-breathing "piranha plant" -- also known as "that bastard plant hiding in Super Mario World's pipes" -- using PVC pipe, butane and a whole mess of other materials. The results are -- well, we can think of a variety of adjectives that'd fit perfectly well here, but you'll likely come up with a few of your own after watching the video of it in action below the break.
Watch out: Most game hacks are actually malware
We know that all of our readers are swell guys and gals who would never cheat at World of Warcraft, but just in case you needed another reason to avoid that kind of thing, anti-virus maker AVG is reporting that 90% of game hacks contain malware. And beyond the fact that using a hack will get your account banned by Blizzard, malware has a good chance to steal your WoW account and other sensitive information -- like bank account information or credit card numbers. We know it seems to take forever to grind for gold or levels sometimes, but if you see something offering to get you gold, levels, achievements, or anything else with the click of a button -- don't click! If these things sound too good to be true, they probably are. So instead, keep your account secure by avoiding hacks and being sure you only download addons from trusted sources. Your account, safe and secure, will thank you! [Via The Escapist]
Oculight LED hack gives the Oculus Rift a hint of peripheral vision (video)
Although the Oculus Rift is one of the more ambitious attempts at making virtual reality accessible, its lack of peripheral version is all too familiar -- it's much like staring into a pair of portholes. Rather than let the disorientation persist unaltered, though, Hack A Day has taken matters into its own hands. Its Oculight hack puts an RGB LED strip inside the headpiece, with the colored lighting set to match the edge of the screen through Adalight code. The result is much like Philips' Ambilight, but arguably more useful: the virtual world's light "leaks" into the wearer's real peripheral view, adding to the immersion. Oculight clearly isn't for sale and needs a refined installation to create the ideal effect, but the readily available resources will let anyone with an Oculus Rift development kit build their own solution.
PBS shows how hacking is reclaiming its good name after a bad rap (video)
Hacking is still a loaded concept for many, often conjuring negative images of corporate espionage, fraudsters and prank-minded script kiddies. PBS' Off Book wants to remind us that hacking wasn't always seen this way -- and, thanks to modern developments, is mending its reputation. Its latest episode shows that hacking began simply as a desire to advance devices and software beyond their original roles, but was co-opted by a sometimes misunderstanding press that associated the word only with malicious intrusions. Today, hacking has regained more of its original meaning: hackathons, a resurgence of DIY culture and digital protests prove that hacks can improve our gadgets, our security and even our political landscape. We still have a long way to go before we completely escape movie stereotypes, but the mini-documentary may offer food for thought the next time you're installing a custom ROM or building your own VR helmet.
Six cool upgrades for an old iPod
If you have an old iPod kicking around, TechHive has some ideas that'll help you breathe some new life into these vintage devices. Each upgrade mentioned in the post are warranty-voiders, but that doesn't matter anymore because the devices are so old. The lists of mods include changing the backlit LED, swapping out the drive and installing the Rockbox firmware. You can check out the full list on TechHive's website. If you have some mods of your own, please share them in the comments.
The War Z attacked, then attacked again
The beat continues for embattled zombie title The War Z. Last night, a Hammerpoint community rep posted on the game's forums regarding a series of ongoing hack attempts. "First we were hit with an attack that would [reset] our DNS IP so that you could not connect," the company said. "This morning we are being hit, again, with a DDoS attack on our login server. We are implementing additional DDoS protection and hope to have this resolved asap. Unfortunately with these types of attacks it is very difficult to give a good time frame of when it will be resolved." If you're still playing The War Z, there are further status updates to be found on the game's official forums.
