Posted 11/20/09 at 08:04:13 AM by Paul Lilly

In what's turning out to be a game of cat and mouse, Apple last week disabled support for Intel's Atom processor through a Snow Leopard update, a tactic the Hackintosh community insisted would present only a temporary setback. They were right, thanks to a Russian hacker known as "teateam," who says he has restored support for Atom-based Hackintoshes running Snow Leopard 10.6.2.

"The problem originates in a revision to the kernel in 10.6.2. The changes Apple made to the latest mach_kernel removes support for [Atom] processors, leaving updated netbooks in a useless state," InsanelyMac member "blkhockypro19" explained in a forum post.

TeaTeam's hack appears to address the issue, though Jeff Porten of MacWorld warned that performing the crack is not something to be taken lightly.

"You'll need to roll up your Terminal sleeves for a few simple steps here," said Porten. "And, of course, replace the kernel of your operating system -- the fundamental code that underlies everything else in Mac OS X -- with a file you've downloaded from the Internet."

Not only that, but it's only a matter of time until Apple releases another update that, in all likelihood, breaks support again. Apple hasn't been sympathetic to the Hackinstosh community, and even went so far as to serve Wired.com a cease and desist order after the tech site posted a video with instructions on how to hack a netbook to run Mac OS X.

Read More

Posted 11/04/09 at 09:02:40 AM by Paul Lilly

There's a lot you can do with a jailbroken iPhone, and apparently, there's a lot others can do with your hacked smartphone as well. A hacker from the Netherlands made it his mission to alert modified iPhone owners via SMS that their security wasn't up to snuff.

The SMS contained a link to http://doiop.com/Hacked, which has since been eradicated from the Web. But before it was taken down, the site asked victims to send 5 euros (about $7.56 USD) to a Paypal account and then sit tight for email instructions on how to secure the hacked phone.

"If you don't pay, it's fine by me," the hacker's page said. "But remember, the way I got access to your iPhone can be used by thousands of others -- they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intentions of harming you or whatever, but some hackers do! It's just my advice to secure your phone."

According to ArsTechnica, the hacker used port scanning to identify jailbroken iPhones on the T-Mobile network in the Netherlands with SSH running. The hack also relied on unchanged root passwords to gain access, which is where the real security risk came from.

So what can you do to secure your phone? The same hacker who tried to make a quick buck has apologized for his actions, promised to return what money he's made, and posted steps to secure your jailbroken iPhone, which you can find here.

Read More

Posted 10/05/09 at 01:54:56 PM by Paul Lilly

One surefire way to egg on the hacking community is to place ever increasing restrictions on your product, essentially daring black hat coders to find a back door. Nvidia is finding this out the hard way, after the GPU maker modified its latest PhysX drivers to prevent any non-Nvidia GPU from working, says news and rumor site The Inquirer.

And if that weren't enough, the latest version of PhysX also prevents physics processing unit (PPU) cards from working if it detects a non-Nvidia card in the system. That may have been the proverbial straw that broke the hacking community's back, and a hacker who goes by the handle GenL has put together some experimental code that stops Nvidia's drivers from shutting everything down when it detects a Radeon card.

We haven't tried it ourselves, but if you're feeling adventurous, rebellious, or both, you can grab the code here.

Read More

Posted 08/24/09 at 09:52:31 AM by Paul Lilly

Good news today for Terry Childs, a former network administrator accused of hijacking San Francisco's computer network he designed and maintained. A judge has dropped three tampering charges against Childs, leaving just the sole charge of denying city authorities access to the network.

Childs, who has been in custody since July 2008, was working at San Francisco's Department of Telecommunication Information Services for five years before allegedly being disciplined for poor performance. Superiors also accused him of electronically spying on his supervisors and their attempt to fire him. Among the allegations, Childs is said to have refused to surrender secret codes that would allow access to the system, but ultimately coughed them up to San Francisco Mayer Gavin Newsom in a secret meeting after spending a week in jail.

According to Child's attorney, his client was only trying to protect the network from incompetent city officials who were trying to force him out of a job and that there was no malice involved. Childs is currently being held on $5 million bail.

Read More

Posted 08/05/09 at 09:58:10 AM by Paul Lilly

Jailbreak your game console and no one is likely to take notice. But make a home business out of jailbreaking consoles for others and you may draw the attention of Homeland Security.

At least that's the case for Matthew Crippen, a 27-year-old Cal State Fullerton liberal arts student who was arrested by Homeland Security authorities on Monday. Crippen was picked up for allegedly violating the Digital Millennium Copyright Act (DMCA).

"Defendant Matthew Crippen willfully and for purposes of commercial advantage and private financial gain, circumvented a technological measure that effectively controlled access to a copyrighted work, more particularly, used software to modify a Xbox machine's Optical Disc Drive so it would circumvent the anti-piracy measures contained on the original unmodified Optical Disc Drive,"  U.S. attorney Thomas P. O'Brien wrote in the indictment (PDF).

In a telephone interview with Wired.com's Threat Level, Crippen maintains the purpose of his jailbreaking business was to allow patrons to make "legally made backups," not for piracy.

The indictment charges Crippen with two counts, and if convicted, he could face up to 10 years in prison.

Read More

Posted 07/23/09 at 09:00:31 AM by Paul Lilly

Forget about sophisticated attacks and increasingly complex malware schemes, the biggest threat to a company's security might be social networks and the employees who use them.

So says security firm Sophos, who reports that 63 percent of sysadmins worry about employees sharing too much information on Facebook, MySpace, and other social networking portals, ultimately putting their corporate infrastructure -- and the sensitive date on it -- at risk.

"Evidence shows that their worry is justified," Sophos wrote in the July 2009 update to its Security Threat Report. "In June 2009, the personal information belonging to the incoming head of MI6 was exposed to the entire Facebook network, when his spouse allowed members of the 'London' network to view her profile."

Sophos listed several other examples to back the claim, including a MySpace user losing over $210,000 in an email scam after his "Nigerian cyber-pal started asking for money to help her ailing mother."

But Sophos was quick to warn that completely denying access to social networking sites isn't the answer. Doing so runs the risk of driving employees to find a way around the ban, creating an even bigger risk and less oversight by the IT staff.

Read More

Posted 07/17/09 at 08:54:45 AM by Paul Lilly

Last month, a hacker calling himself Hacker Croll infiltrated an administrator's email account who works for Twitter, gaining access to the employee's Google Apps account, where Twitter shares spreadsheets and documents outlining business ideas and various financial details, said Biz Stone, a Twitter co-founder.

After doing so, the hacker sent all sorts of confidential documents to a pair of news blogs: TechCrunch and Korben. While the breach and subsequent sharing of information might have been embarrassing for Twitter, analysts say the attack highlights the bigger problem of people using the same password for ever site they visit.

According to security firm Sophos, 40 percent of Internet users use the same password for every website. And with so many personal details floating around social networking sites, it makes it that much easier for hackers to breach someone's account.

"A lot of the Twitter users are much living their lives in public," said Chris King, director of product marketing at Palo Alto Networks, which creates firewalls. "If you broadcast all your details about what your dog's name is and what hour hometown is, it's not that hard to figure out a password."

This won't come as a surprise to power users, but to avoid being hacked, use strong passwords that combine letters and numbers, change your passwords often, and don't use the same password for every site you visit.

Read More

Posted 07/13/09 at 04:58:58 PM by Andy Salisbury

According to a recent article by Network World, hackers have figured out a new technique to log your keys that involves either cheap lasers or power outlets.

The power outlet method works by keylogging the electrical impulses created with each keystroke, allowing would-be hackers to see everything you type, simply because you’ve decided to juice up your machine. However, you’re safe should you be running on battery power – and this is where the lasers come in.

The second method works by pointing a cheap laser, one that’s slightly better than a laser pointer, at a shiny part of a laptop. A receiver is then aligned to capture the reflected light beam, and record the vibrations that are caused by striking each key. The vibrations are then fed into a sound card, where “the vibration patterns received by the device clearly show the separate keystrokes.”

While I’m a bit skeptical of the second method (with all the different variations in keyboards, builds, sizes, and shapes of laptops, it’s got to be difficult to hammer out a foolproof system), they’re both something to look out for. In order to cover your back, it’s suggested that you “make sure there is no line of sight to the laptop, move position frequently while typing and pollute the signal by striking random keys and later deleting them with the backspace key.”

Read More