German software maker Ashampoo offers a wide range of system utilities and applications ranging from DVD burning software to 3D CAD tools. The only problem is some Ashampoo customers might be getting more than they bargained for. In a letter posted on its website, Ashampoo said that hackers gained access to one of its servers, stole customer names and email addresses, and have been sending out malware infected files to said customers.
Update: Hotz has made a post on his blog clarifying the whole situation. "Factually, it's true I'm in South America, on a vacation I've had planned and paid for since November. I mean, it is Spring break; hacking isn't my life. Rest assured that not a dime of legal defense money would ever go toward something like this," he said. So then, case closed on that front. As for the whole PSN account thing, Hotz remained tight-lipped. Or tape-mouthed, as it were.
Original Article: The ongoing saga of Sony vs. Geohot has now gone international, according to court documents filed by Sony USA. The case revolves around George "GeoHot" Hotz, and his hacking of the PS3 which allowed unsigned software to be run. Sony sued under the DMCA, and the case has been turning against Hotz in recent weeks. Sony has been granted access to IP logs and Hotz's own electronic gear. Now Hotz has allegedly taken off for South America.
Under the heading of "things we wish we had thought of", observe as a clever hacker manages to take over any and all video screens in Times Square with only an iPhone and some video transmission hardware. Any video on the phone can be thrown up on a screen without any wires, overriding the video it is supposed to be playing.
Apple earlier today updated its Safari browser to version 5.0.4, plugging up 62 security holes in the process. Even so, it took French security firm Vupen just 5 seconds to exploit the browser and take home a $15,000 bounty from TippingPoint for doing so. This marks the first time in four years that Charlie Miller, an analyst with Security Evaluators, wasn't first to crack the Safari browser in the annual Pwn2Own contest. And what of Microsoft's IE8 browser? It didn't fare much better.
Online reports suggest Nintendo's upcoming 3DS console may be able to detect when users try to play an illegal flash cart on the device. In such a scenario, Nintendo could implement special firmware that would disable the console from working, basically bricking your $250 mobile gaming system. More than a theoretical possibility, at least one website is reporting that's exactly what Nintendo intends to do.
Microsoft is either supremely confident in it’s latest revision of Internet Explorer 8, or they’ve already come to terms with the reality that if you put enough hackers in one room, no amount of patching will save them. Either way the software giant announced on March 4th that it wouldn’t be issuing any security patches before the annual Pwn2Own hacking event which runs from March 9th to 11th in Vancouver Canada. If this holds true, they will be the only major browser contender to do so.
McAfee has published a new report that details a string of cyberattacks targeting global oil, energy and petrochemical companies. Dubbed “Night Dragon” by the security company, the attacks have been on its radar since November, 2009. While hackers have used a wide assortment of hacking techniques for attacking these companies in a very “targeted” fashion, McAfee’s vice president of threat research Dmitri Alperovitch described the hackers themselves as being sloppy, unsophisticated and mistake prone.
Shhhh ... very quietly hit the jump to read more about the covert attacks that are still continuing.
Online dating site eHarmony revealed that a hacker made off with some user info, including user names, email addresses, and hashed passwords, but said the site itself was not hacked. Even with the information obtained, eHarmony said it has a number of safeguards in place -- like state-of-the-art firewalls, load balancers, SSL, and other sophisticated security approaches -- that make it difficult for hackers to actually break into the site. It's a point eHarmony seemed intent to drive home.
Sony is turning up the heat on the hacking community as they seek to eradicate the PS3 jailbreak from the Internet, reports Wired. Sony is now promising to sue anyone that posts or links to the code in question. To those ends, Sony is seeking to force Google to turn over the IP addresses of people that viewed or commented on the YouTube video made by George Hotz (often called Geohot) explaining the hack. It doesn't even stop there.
In the grand scheme of things, relatively few people ever claim $20,000 for a day's worth of work. You can be one of them, provided you put your hacker hat on and attend the Pwn2Own contest next month. Google's challenge is this: Be the first to "pop [the Cr-48's Chrome] browser and escape the sandbox using vulnerabilities purely present in Google-written code" and the bounty, as well as the laptop, are both yours to keep, TippingPoint said in a blog post.
"If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope," TippingPoint said.
TippingPoint has put up a total cash pool of $125,000 in this year's Pwn2Own contest, with only $20,000 coming from outside funding (Google). This is the first time Google has offered a cash prize as part of the event, though it's worth mentioning that Chrome was the only browser to remain unscathed during last year's contest.