Exploit discovered in Siri servers, promises cross-platform access to the foolhardy
Exploit discovered in Siri servers, promises cross-platform access to the foolhardy originally appeared on Engadget on Mon, 14 Nov 2011 18:29:00 EDT. Please see our terms for use of feeds.
LetterBomb does game-free Wii hacking for System Menu 4.3
The myth of the unhackable Wii has long since been put to rest, but that hasn’t stopped intrepid homebrew enthusiasts from coming up with new exploits. Case in point: LetterBomb. This particular Wii hack is a follow-up to BannerBomb, which was billed as a replacement for Twilight Hack — all of which are capable of launching the homebrew channel sans hardware mods. BannerBomb stopped short at Menu 4.2, but LetterBomb is carrying the exploit banner, so to speak, for the next generation. Utilizing the console’s Message Board, the hack requires an SD card, a Wii running System Menu 4.3, and a Wii MAC address. If you’re looking to get your game-free Wii hack on, check out the source link for the full rundown.
LetterBomb does game-free Wii hacking for System Menu 4.3 originally appeared on Engadget on Wed, 10 Aug 2011 21:22:00 EDT. Please see our terms for use of feeds.
Permalink | 
HackMii | Email this | Comments
Android Network Toolkit lets you exploit local machines at the push of a button
Defcon 2011 is in full hacking swing, and Itzhak Avraham — “Zuk” for short — and his company Zimperium have unveiled the Android Network Toolkit for easy hacking on the go. Need to find vulnerabilities on devices using nearby networks? The app, dubbed “Anti” for short, allows you to simply push a button to do things like search a WiFi network for potential targets, or even take control of a PC trojan-style. To do this, it seeks out weak spots in older software using known exploits, which means you may want to upgrade before hitting up public WiFi. According to Forbes, it’s much like Firesheep, and Zuk refers to Anti as a “penetration tool for the masses.” Apparently, his end-goal is to simplify “advanced” hacking and put it within pocket’s reach, but he also hopes it’ll be used mostly for good. Anti should be available via the Android Market this week for free, alongside a $10 “corporate upgrade.” Consider yourself warned.
Android Network Toolkit lets you exploit local machines at the push of a button originally appeared on Engadget on Mon, 08 Aug 2011 02:18:00 EDT. Please see our terms for use of feeds.
Permalink | Forbes | Email this | Comments
Microsoft offers ‘mad loot’ Bluehat prize to entice security developers (video)
Mere numbers aren’t enough to describe cash prizes for Microsoft, it seems. The firm’s inaugural Bluehat security competition’s introduction video opted for a clearer term: “mad loot, lots of it.” The big M hopes the hefty first prize of $200,000 will inspire the creation of the next generation of defensive computer security technology. The most innovative “novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities” (phew!) will take home the aforesaid mad loot, while second and third places will receive $50,000 and an MSDN Universal subscription, respectively. The winner won’t be announced until Blackhat 2012, of course, and applicants have until April to submit their prototypes and technical descriptions. Hit the break for the official announcement video, complete with CG backgrounds and prize euphemisms.
Continue reading Microsoft offers ‘mad loot’ Bluehat prize to entice security developers (video)
Microsoft offers ‘mad loot’ Bluehat prize to entice security developers (video) originally appeared on Engadget on Fri, 05 Aug 2011 09:22:00 EDT. Please see our terms for use of feeds.
Permalink | Microsoft | Email this | Comments
Microsoft to malware: your AutoRunning days on Windows are numbered
Beware, malware. The Windows AutoRun updates for Vista and XP SP3 that Microsoft released in February have so far proven successful in thwarting your file corrupting ways. Although Windows 7 was updated to disable AutoPlay within AutoRun for USB drives — freezing the ability for a virus to exploit it — the aforementioned versions had remained vulnerable up until right after January. Fast-forward to the period between February and May of this year, and the updates have reduced the number of incidents by 1.3 million compared to the three months prior for the supported Vista and XP builds. Amazingly, when stacked against May of last year, there was also a 68 percent decline in the amount of incidents reported across all builds of Windows using Microsoft’s Malicious Software Remove Tool. There’s another fancy graph after the break to help illustrate, and you’ll find two more along with a full breakdown by hitting the source link down under.
Continue reading Microsoft to malware: your AutoRunning days on Windows are numbered
Microsoft to malware: your AutoRunning days on Windows are numbered originally appeared on Engadget on Sat, 18 Jun 2011 21:17:00 EDT. Please see our terms for use of feeds.
Permalink 
CNET | Microsoft | Email this | Comments
Sony Pictures hacked by Lulz Security, 1,000,000 passwords claimed stolen
Oh, Sony — not again. We’ve just received numerous tips that Lulz Security has broken into SonyPictures.com, where it claims to have stolen the personal information of over 1,000,000 users — all stored (disgracefully) in plain text format. Lulz claims the heist was performed with a simple SQL injection — just like we saw the last time around. A portion of the group’s exploit is posted online in a RAR file, which contains over 50,000 email / password combos of unfortunate users. We’ve downloaded this file (at our own risk, mind you) and can verify these sensitive bits are now in the wild, though it remains unclear if what’s published matches reality. In addition to user information, the group has blurted out over 20,000 Sony music coupons, and the admin database (including email addresses and passwords) for BMG Belgium employees. Fresh off the heels of the PlayStation Network restoration, we’re guessing the fine folks in Sony’s IT department are now surviving solely on adrenaline shots.
[Thanks to everyone that sent this in]
Sony Pictures hacked by Lulz Security, 1,000,000 passwords claimed stolen originally appeared on Engadget on Thu, 02 Jun 2011 17:47:00 EDT. Please see our terms for use of feeds.
Adobe dominates Kaspersky Lab’s top ten PC vulnerabilites list
Being number one is usually an honor, but not when it comes to Kaspersky Lab’s top ten PC vulnerabilities list. Unfortunately for the software giant, Adobe took top dishonors for Q1 this year, pulling in five total spots on the list, including the top three. According to the security firm, all of the vulnerabilities appearing on the list allowed cyber-criminals to control computers at the system level. The number one spot was occupied by a vulnerability in Acrobat Reader that was reportedly detected on 40 percent of machines running the application, while Flash Player flaws took second and third. Other dishonorees included the Java Virtual Machine, coming in at fourth and fifth place, Apple QuickTime, Winamp, and Microsoft Office. That ain’t bad, considering Microsoft ruled the vulnerabilities roost in 2010.
Adobe dominates Kaspersky Lab’s top ten PC vulnerabilites list originally appeared on Engadget on Thu, 19 May 2011 21:19:00 EDT. Please see our terms for use of feeds.
Permalink The Inquirer | Kaspersky Lab | Email this | Comments
Adobe dominates Kaspersky Lab’s top ten PC vulnerabilities list
Being number one is usually an honor, but not when it comes to Kaspersky Lab’s top ten PC vulnerabilities list. Unfortunately for the software giant, Adobe took top dishonors for Q1 this year, pulling in five total spots on the list, including the top three. According to the security firm, all of the vulnerabilities appearing on the list allowed cyber-criminals to control computers at the system level. The number one spot was occupied by a vulnerability in Adobe Reader that was reportedly detected on 40 percent of machines running the application, while Flash Player flaws took second and third. Other dishonorees included the Java Virtual Machine, coming in at fourth and fifth place, Apple QuickTime, Winamp, and Microsoft Office. That ain’t bad, considering Microsoft ruled the vulnerabilities roost in 2010.
Adobe dominates Kaspersky Lab’s top ten PC vulnerabilities list originally appeared on Engadget on Thu, 19 May 2011 21:19:00 EDT. Please see our terms for use of feeds.
Permalink The Inquirer | Kaspersky Lab | Email this | Comments
PSN logins exploited again, Sony takes pages offline
This isn’t as bad as it could have been — Sony’s PSN hasn’t exactly been hacked again — but what can only be described as a glaring oversight looks to have forced the company into hastily switching off PSN logins on its websites. The issue? If you legitimately forget your password and need to reset it, previously all you had to do was type in your e-mail address and date of birth, then choose a delightfully cunning new password. Sounds good? The problem is that if you were a PSN member before the hack then both your e-mail address and your date of birth (plus a lot of other frightening stuff) is known to the hackers. So, whoever has the millions of rows of data that were exposed could, in theory, re-exploit any account. Sony was made aware of the issue and those pages are now offline again, which should make the Japanese government feel just a little big smug.
Update: Sony has confirmed that there was “a URL exploit that we have subsequently fixed.” However, the company indicates there was “no hack involved.” So, remember kiddies: exploits are not hacks — not until someone starts having fun with them, anyway.
PSN logins exploited again, Sony takes pages offline originally appeared on Engadget on Wed, 18 May 2011 10:12:00 EDT. Please see our terms for use of feeds.
Permalink MCV | Nyleveia | Email this | Comments
Adobe finds another ‘critical’ flaw in Flash, Steve Jobs smiles smugly
Hey, guess what? Adobe has found yet another serious security flaw in Flash. We can already hear the iOS fanboys warming up their commenting fingers. The vulnerability affects all platforms, including Android, though only attacks on Windows have been seen in the wild so far. Just like last month’s exploit, this one is spreading via malicious .swf files embedded in Office documents, only this time it’s Word instead of Excel being targeted (a hacker’s gotta keep it fresh, after all). Once again Reader and Acrobat are also vulnerable, but attacks can be thwarted using Reader’s Protected Mode. When exactly Adobe plans on plugging this hole is anyone’s guess, so when a deposed Nigerian prince tells you about the fabulous sum of money he’d like you to transfer, you’ll have yet another reason not to open the Office attachments in his email.
Adobe finds another ‘critical’ flaw in Flash, Steve Jobs smiles smugly originally appeared on Engadget on Tue, 12 Apr 2011 16:41:00 EDT. Please see our terms for use of feeds.