Archive for the ‘Security’ Category

CR-48 Chrome OS Netbook Gets Android Install.

The special Chrome OS netbook Google developed specifically for testing Chrome OS functions and features also makes a nice little Android experiment. After releasing instructions on how to get several other desktop OS’s installed on the CR-48, hacker @Hexxeh moved on to Android. The how-to instructions for a self evaluation aren’t available yet, nor is a list of working/non-working features. But rest assured, once something is pushed out we’ll pass it along to you.

+Continue Reading

Geohot Releases Playstation Root Keys.

Playstation hackers have a new today. Infamous iPhone jailbreaker and PS3 hacker, Geohot, has released the PS3 root keys we’ve heard about over the last few weeks. The big draw of course is that now any version of firmware pushed out by Sony can be easily cracked and allow for custom operating systems, ROMs, and applications — in theory that is.

With that said, Geohot goes on to say that he doesn’t in any way condone piracy, while also tossing in a hint to Sony that he’d like to work for them. Well played Mr. Hotz.
+Continue Reading

Natural iOS Multitasking on Non-supported Apps With Go Native.

If you want real multitasking on an iPhone, you’re only solution is to jailbreak and install an app such as Backgroundr. Though now there’s another for those who don’t necessarily want full-on multitasking, but extended native “multitasking”/app switching as well. It’s called “Go Native”, and is a simple app which extends the iOS 4.x feature of simulated background running combined with the added battery benefits of Apple’s solution. With that said, the app doesn’t have any stand alone icon as it resides solely within the settings app — simple, quick, and easy.

You can find Go Native in Cydia under the BigBoss repo for free. Though take note, you’ll need an iPhone 3GS or iPhone 4 to run it.

+Continue Reading

WP7 App DRM Cracker Posts His Own Fix.

Late last week, a talented white hat hacker, “Tobias”, showed off his WM7 DRM hack that allowed him to crack any MarketPlace app available. Even more impressive/depressing was that the “Freemarketplace” crack Tobias developed took him a mere six hours and consumed a paltry 65.5KB of data.

But it appears that Tobias isn’t much for job security, as today he has revealed a partial fix by way of more code that can be inserted in WP7 apps to protect them from his own hack. The solution seems simple enough (shown above) and involves a few lines of code plus accompanying .xml file. It’s by no means a permanent fix as something a bit more secure and robust should be offered by Microsoft. But until then, it appears it’s the best we’ve got. Any WP7 developers care to weigh in?

+Continue Reading

Fail0verflow Pwn Ps3 Fo Realz - No USB Required #fail0verflow

Huge day, and huger*** days to come! With the teaser at this years Chaos Communication Congress from the ‘group’ fail0verflow, we have amazing news: The ps3 is hackable without that pesky USB dongle. The group — most of the HackMii group that work on the Wii(and DS) have been diligently spending countless hours fondling the newest Playstation member — and the fruits of their labor are paying off.

The group gave us a shot (if you were paying attention to the streams from the stage) of AsbestOS.PUP. If you aren’t familiar with what this means, the ps3 can be completely updated to a custom firmware, kinda like what the pwnage tool does for iOS. AsbestOS was created by marcan, and which is a Linux loader for the ps3. From what it looks like, it will load the homebrew applications and the ps3 will think it is an official Sony Signature. Once these keys are released, anyone out there will be able to mod their FW and play any game around, no more staying at an older firmware and losing out on some newer games just to have a hacked system.

More after the left mouse click…
+Continue Reading

Hack a GSM Network with a $15 Phone, Laptop, and Open Source Software.

We’ve heard tales of GSM’s rather weak security many times before. But the big kicker with such stories was that it was incredibly expensive to purchase all the required hardware and software. But at the recent Chaos Computer Club (CCC) Congress), a small group of researchers were able to crack GSM transmission with nothing more than (4) sub-$15 phones, a laptop, some open source software, and programming skills.

The short version of the story goes like this: It’s far cheaper and faster to hack GSM devices in 2010 and beyond, though most of the security holes can be strengthened considerably. Simple things like randomizing “buffer bytes” (“Are you there” messages GSM networks constantly send to track devices) and stronger encryption would go a long way towards safer, more secure GSM networks.

Knowing the amount of secure transactions and conversations carried out over GSM as well as the pathetic security isn’t very reassuring. But hold off wide scale panic for now. First, check out the full article over at Wired before jumping to conclusions.

+Continue Reading

4chan Down: DDoS #4chan

According to 4chan’s standalone status page, the site that claims fame to various internet crusades by way of the DDoS attack is itself the victim of such things this morning. A simple update on their status page reads:

Site is down due to DDoS. We now join the ranks of MasterCard, Visa, PayPal, e al.-an exclusive club!

At least they’re taking it in stride…

+Continue Reading

McAfee: “Android, Foursquare, iOS, and OS X Big Security Targets for 2011″. #mcafee

If you’ve made a new home with one of the popular services and products including but not limited to iOS devices, OS X-powered computers, and location-based services such as Foursquare, the world is going to end in 2011. McAfee (recently acquired by Intel) released a forecast today naming various popular services and products that while currently low on the threat list, will grow increasingly murky as 2011 trudges on. Of course, coming from an arguably struggling virus software developer, such news of “impending attack” on numerous exploding platforms isn’t exactly all that surprising. In fact, it’s almost a cheap attempt to drum up fear and publicity in hopes of wooing a few new customers.

At this point, it shouldn’t be too hard to figure out that when tech products and services become popular and therefore increase in user base and potential cash flow, so do attempts to crack/hack them.

Should you be careful with your shiny new iPad while you update Foursquare? Of course. But don’t resort to fear mongering and paranoia. Security will become a growing issue with popular consumer electronics and services, though nowhere as much as McAfee is hyping. Be at ease.
+Continue Reading

Get MotoBLUR 3.0 on Your Droid 2 Now! #android

As the saying goes: The greatest things in life aren’t easy, require hard work, and don’t come cheap. In the world of smartphone hacking, their really isn’t any price to be spoken of, save for the cost of the hardware itself. However, some hard work is often in order. On that note, the Android rooting scene is alive and full of talent, pushing the platform a head. Part of that talent makes sure that aging hardware receives its rightful share of new software updates that carriers or manufactures may decline to provide.

On the topic Motorola’s re-designed MotoBLUR 3.0, the newer Droid Pro and Droid Global are blessed with the much more refined, less tacky UI while the Droid 2 has not yet received the same attention. Physically, there’s no reason for the discrepency — the hardware is essentially the same.

Nevertheless, the Android developer scene has come to the rescue once again, with MyDroidWorld holding a Droid 2-compatible .zip file of MotoBLUR 3.0. All you have to do is own a rooted phone and know the basic of installing .zip files from the SD card whilst in recovery mode. Sounds easy enough (and it really is).

If you want to take matters into your own hands, head on over to MyDroidWorld for the full list of instructions and needed files.

+Continue Reading

AMD 6950 Easily Modded Into 6970 Via Bios Flash. #amd

As any true PC enthusiast knows, it’s not the biggest, highest end, fastest piece of hardware that is most sought after. It’s the cheapest part you can snag that can be overclocked and hacked to run as fast or better than the high-end offering. In the world of custom computers, the two heaviest modded parts are easily processor and video card. Both pieces benefit greatly from faster clocks, unlocked cores, etc., etc. Today’s story of unlocking hidden potential comes by way of the recently released AMD 6950 and 6970 graphics cards. Would you believe you can get all the performance of the 6970 in the cheaper 6950?

Well, you can — because they’re the same exact card. The only difference the two cards is that the higher-end 6970 has a few more unified shaders unlocked — 1536 vs. the 6950′s stock count of 1408.

But the best part about this new-found power is that it’s easily obtained. A simple bios flash on your 6950 will get the job done. At this point, there is absolutely no reason to pay extra for the 6970. With that said, I can’t imagine AMD will be too happy to see such information released, that’s there fault for designing the card the way they did.

In the meantime, I suggest you hop to it. Who knows how long AMD will let this hack run rampant. I’m sure a future update will some how block the feature highlighted above. But as we’ve seen today, the PC enthusiast crowd is persistent and determined. Another cat and mouse game in the making?

Get the full list of instructions and needed files over at Tech Power Up.
+Continue Reading

MuscleNerd and iPhone Dev-Team Save the Day. Promise “Backup” Untethered Jailbreak by Christmas Weekend. #ios

Yesterday, iPhone hacker @Comex tweeted that he was uncertain of the Christmas timeline for a true, untethered jailbreak for iOS 4.2.1 on later devices. Such news was obviously disappointing. Though there was some hope brought forth by iPhone Dev-Team’s @MuscleNerd. MuscleNerd stated that they (Dev-Team) had a “Plan B” backup solution in case Comex could come through.

Today, that plan is now public. While the inner workings of the backup jailbreak aren’t known, the more important fact to highlight is release date, — MuscleNerd is we’ll all see it sometime this weekend

In the meantime, MuscleNerd is requesting some beta testers of the new jailbreak before things go completely public to ensure nothing blows up or turns into shiny bricks of uselessness. Some words from MuscleNerd:

Over the Christmas weekend we’ll be releasing a version of redsn0w that implements the “backup plan” to the 4.2.1 untethered jailbreak. We’re seeking your help to test this redsn0w and find any bugs before we do a general release!

(If you have an iPhone 3G, or an old-bootrom ipt2g or iPhone 3GS, you already have an untethered jailbreak! Just use the latest public redsn0w.)

To keep things manageable, this will be a Mac-only test program. We also request that any volunteers *NOT* need the ultrasn0w unlock (in case things go very wrong).

Right now, the “backup plan” requires that you have the 4.2b3 IPSW on your Mac, and that Cydia has your 4.2b3 SHSH hashes. Please don’t pirate that 4.2b3 IPSW! (We’re also working on a way that this technique might apply to all those with 4.1 IPSWs, but that’s not the first goal right now.)

If you fit all the above qualifications, please follow @redsn0w_testers on twitter for announcements, and use the comments section here for feedback. Thanks very much for your help, and Happy Holidays!

We’ll be sure to update you when it drops. Stay tuned!

+Continue Reading

SHAtter Jailbreak Exploit Leaked! #shatter

Tonight, the jailbreaking scene for end users and jailbreak developers alike received a crush kick in the pants. Someone close to the hacking scene has leaked the SHAtter exploit. For one very short second, this sounds like a good thing. But in fact it is very, very bad. Now that there are two jailbreak exploits in the wild, Apple has a chance to patch both with the next firmware/hardware update meaning jailbreak devs will have to start all over from scratch. That very same ideology is the sole reason why SHAtter-based exploits were witheld win Geohot went public with his own personal exploit back in October.

Further adding to the drama is a miniature spat between Chronic-Dev team’s @P0sixninja and iPhone Dev-Team’s @MuscleNerd over who supposedly leaked the SHAtter exploit. P0sixninja is saying MuscleNerd did it. MuscleNerd meanwhile claims he’s innocent and that it was one of the other 15-20 people in attendance the day that the SHAtter exploit was shown off by “pod2g”. Regardless of who leaked the exploit, the next update will ruin everyone’s fun.

Twitter exchange showcasing the drama is after the break…
+Continue Reading

iOS 4.2.1 Untethered Jailbreak Delayed? #ios #jailbreak

Looks like pro-Jailbreakers looking for an iOS 4.2.1 untethered jailbreak will be having a much less “Merry” Christmas after seeing Comex’s latest tweet above. No reason was given as to why the iOS hacker is going to miss his deadline — only that he is. There’s talk of an iPhone Dev-Team “Plan B”, though their method is supposedly not as efficient as Comex’s. And the wait continues…

+Continue Reading