An Android developer by the name of Koushik Dutta is building an alternative Android app store which will house the apps that have been banned from Google’s official Android Market. These will include the custom ROMs (customized versions of the Android OS), classic gaming emulators pulled due to copyright complaints, unofficial tethering apps removed at the behest of mobile operators, Visual Voicemail apps, one-click rooting apps, and more. → Read More
Customers who used the self-checkout lanes at Lucky Supermarkets have been hacked. The grocer, which operates stores in California, says some of their credit card machines have been altered with sniffers to capture credit and debit card numbers. Lucky, owned by parent company Save Mart, is telling customers who used those machines to close their bank and credit card accounts. At least 80 at-risk accounts have been identified and the supermarket chain has gotten calls from more than 500 calls from customers who fear they are victims of fraud. → Read More
A hacking group calling themselves “Team Swastika” posted what they claimed was over 10,000 comprised Facebook accounts to Pastebin, a service that serves as an online clipboard. However, according to statements from Facebook PR, these email and password combinations don’t actually represent live Facebook accounts. Instead, it appears that the hackers obtained the accounts using common phishing techniques, where users were tricked into giving away their personal information. → Read More
Austrian blogger and developer Florian Rohrweck recently discovered a lot of Google+’s upcoming features just by digging around in the source code for the new social networking service. He was one of the first (but not the only one), to reveal Google+ Games before its launch, for example, as well as still unreleased features like “Shared Circles” and social search, among other things.
Now, it seems, Google has had enough of Rohrweck’s snooping. It’s hiring Rohrweck to help secure the code instead.
→ Read More
Apple has just hired yet another member of the iPhone jailbreaking community, Nicholas Allegra, also known as “@comex” on Twitter. Allegra is best known for the JailBreakMe website which made the process of jailbreaking the iPhone as simple as visiting a webpage using mobile Safari.
The 19-year old hacker from Chappaqua, New York, posted the news of his hire on Twitter, stating that he will be starting an internship with Apple week after next. → Read More
The bounty to get a workable version of the Android operating system installed on the now-discontinued HP TouchPad is up to $2,000+, as of today.
As we previously reported, the goal of this project is to get some version of Android 2.x onto the TouchPad and, most importantly, stable. If successful, this effort will help keep the HP tablet a little more relevant to those unfortunate early adopters who have been left with a mobile operating system whose future is decidedly uncertain. → Read More
They’re out there. Be afraid. They could be anywhere, everywhere, anyone. They are shadowy, deadly, mysterious, guided by intellects vast and cool and unsympathetic. Security consultants and antivirus firms whisper legends of them to their clients to scare them straight. They’re the Voldemort of online security, except that everyone is all too eager to say their name: the Advanced Persistent Threat. Hide your children! You cannot stop them!
…well, actually you probably could, and pretty easily too, but apparently most folks can’t be bothered.
Vanity Fair just wrote breathlessly about “Operation Shady RAT”, which featured, quote, “a species of malware that had never been seen before: a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loaded a malicious program—a remote-access tool, or rat—onto the victim’s computer.” Military-industrial standard-bearer Northrop Grumman is “constantly under attack by cyber-gangs.” A few months ago Security firm RSA’s SecurID systems were the victim of “an advanced persistent threat, a slow and consistent attack used by hackers to obtain specific information.” The Pentagon is alive to the APT threat, and says it is beginning to focus more on deterrence than on defence, because “each year, a volume of intellectual property exceeding the size of the Library of Congress is stolen from U.S. government and private-sector networks.” Why, just this week, San Francisco’s government-owned BART system was hacked by -
…waaaaaait a minute. → Read More
There’s just no way around it. Sony really screwed up. And not just in the way they consistently have in the past. I mean big time. The outage that started last week and was finally addressed yesterday is worse than anyone expected, and naturally, someone has already sued. The lawsuit alleges that Sony was both remiss in its security responsibilities and its duty to inform its customers of the problem. I think it’s got legs. → Read More
Unfortunately for PlayStation Network and Qriocity services users, it looks like the widespread network outages will continue.
Since Sony’s PlayStation and music networks went down two days ago, there has been a fair amount of public speculation over the cause of the outage. (Largely due to Sony’s tight-lipped handling of public relations.) Many blamed vengeful gremlins loose in Sony’s server clusters and datacenters, while others immediately pointed the finger at Anonymous, the merry band of hackers that metastasized out of 4chan.
Thankfully, after 24+ hours of communication silence, Sony has updated its blog and ended the speculation. According to the electronics colossus, “an external intrusion” is responsible for the ongoing outages of the PlayStation Network and Qriocity. (It probably sounded like this at Sony headquarters. Or this.) → Read More
McAfee, the computer security company, has issued a fresh warning to the world’s corporations and other large organizations. The firm has warned that hackers now have these bodies fully in their sights, and that a combination of the de-centralization of the workplace (thanks to to proliferation of mobile devices and the like) and the move to the cloud means in-house security technicians have their work cut out for them. And since there’s a market out there for stolen corporate secrets, you can bet that the bad guys aren’t going to stop anytime soon. → Read More
That didn’t take long. Yesterday, we reported that hacker @koush had successfully made the Xoom moddable by installing his ClockworkMod Recovery ROM manager. At that point root access was not achieved, but, no less than a day later he made it happen. → Read More
In a move that will surely only help move more Windows Phone 7 handsets, Microsoft have met with the team behind the WP7 Jailbreak, Chevron, and the results appear to be positive.
Writing on their blog yesterday, Rafael Rivera, Chris Walsh, and Long Zheng have revealed what they can (outside of the NDA they voluntarily signed) about the 2 days of meetings, and are “genuinely excited” about what lays in store for the platform. → Read More
Darn shame that none of us thought to attend the Chaos Communication Congress in Berlin. Why cover fun stuff, right? Thankfully PSGroove made it out there, and came away with video of a video game console security discussion. The Wii has been “broken” (hackable, in other words) pretty much since Day One; the Xbox 360 has been hackable for a few years now (JTAGing is the way to go these days); and the PS3′s security is dead as disco. This, despite all of Sony’s huffing and puffing, particularly with regard to its stance toward Linux. In other words, Sony’s security can now be considered an “epic fail.” Note to self: do not get on the Linux’s community’s bad side. → Read More
KrebsOnSecurity has a fascinating look at ATM skimmers. After approaching a Russian skimmer “salesperson,” Brian Krebs asked about the latest and greatest in skimmer technology. His recommendation? A GSM-based SMS transfer system that blows out the contents of your card’s magnetic stripe whenever you swipe it. Because it’s inexpensive to build and install, you can even leave it if the feds find out because all the data is safe on your home servers. Get a pre-paid SIM card to grab the SMSes and you’re set! Instant Christmas miracle. → Read More
China Telecom, alleged to have hijacked all that Internet traffic back in April, has denied any wrongdoing. Meanwhile, the Chinese government has not commented on the matter. Hmm… → Read More
Reminds me of that Penny-Arcade strip… → Read More
This is probably a case of where the idea is sound but humans will no doubt muck everything up. Thirty-three states here in the good ol’ U.S. will allow military and overseas citizens to vote via the Internet beginning with the mid-term election in November. This is being done in part to ensure that overseas voters’ votes, you know, count. I don’t know how many of y’all have ever lived overseas, but it’s probably easier to find Jay Leno funny than it is to obtain a ballot, then have it count. It’s 2010 and we still don’t have simple things like voting figured out. Amazing. → Read More
There’s a trend that’s been disturbing me lately. When the topic of modding or jailbreaking comes up — say, in the wake of the iPad announcement, or Sony’s restrictive PS3 update — there is an outcry. Who am I to tell Apple what’s best for their devices? How can I in good conscience urge others to void their warranties or break license agreements? And why should anyone care when only a small proportion of people hack or jailbreak their devices? These questions are natural, because a few years ago they wouldn’t even be possible. What reason would you have for breaking open an first-generation iPod, or hacking an original Playstation? The question of “unauthorized software” on System 9 and Windows XP was plainly moot. But as the capabilities of the PC, console, and phone have expanded, so have their magisteria. And as their power grew, so did their chains. These chains were so light before that we didn’t notice them, but now that they are not only visible but are beginning to truly encumber our devices, we must consider whether we are right to throw them off. The answer, to me at least, seems obvious: no company or person has the right to tell you that you may not do what you like with your own property. → Read More
Pretty much spot-on, this. There’s an op-ed in The Wall Street Journal that argues that Americans should badger Congress and the president, asking them to hold off on doling out stimulus dollars to electronic medical record systems that don’t have appropriate privacy safeguards in place. As it stands, electronic medial records aren’t exactly sealed—insurance companies can peek at them, as can pharmaceutical companies. So, let’s instead focus on creating an electronic medical record system that’s as foolproof as possible. Slight issue: when is your data, medical or otherwise, ever truly secure? → Read More
