Sony’s not having a good morning. In addition to having to recall 1.6 million Bravia TVs, it’s also been forced to temporarily lock 93,000 customers out of their PSN and Sony Online Entertainment accounts. You won’t be surprised by the reason: an attempt by hackers to “test a massive set of sign-in IDs and passwords” against Sony’s network database. Some of the affected accounts showed “additional activity prior to being locked” and are being investigated. On the flip-side, Sony’s Chief Information Security Officer, Philip Reitinger, stressed that most of the hackers’ details resulted in failed logins and in any case credit card details are not at risk. Users are being told to expect an email if they’ve been affected, which will contain further instructions. Has Sony finally realized the value of timely communication?
Sony locks 93,000 PSN and SOE accounts due to ‘massive’ hack attempt originally appeared on Engadget on Wed, 12 Oct 2011 07:51:00 EDT. Please see our terms for use of feeds.
, playstation network
We’ve already seen SCADA systems controlled by Google Search, and now the Black Hat Technical Security Conference is offering up yet another slice of cringe-inducing hacker pie. A pair of pros from iSec Partners security firm was able to unlock and start the engine of a Subaru Outback using an Android phone and a process they call war texting. By setting up their own GSM network, they were able to snatch up password authentication messages being sent from server to car, allowing them the option to ride off in a brand new crossover. Apparently, your car isn’t the only thing in danger of a war-texting takeover, however, as the team says there are a slew of devices and systems, accessible over telephone networks, that are vulnerable to similar attacks, including A-GPS tracking devices, 3G security cameras, SCADA sensors — and thus the power grid and water supply — home automation, and urban traffic control systems. Somehow this group of otherwise innocent looking New York texters appears a whole lot more sinister now.
Hackers break into Subaru Outback via text message originally appeared on Engadget on Thu, 04 Aug 2011 17:17:00 EDT. Please see our terms for use of feeds.
Tags: black hat
, text message hack
The long arm of the law may have finally caught up with some of the hackers behind the recent (and seemingly endless) PSN outage. Authorities in Spain say they have arrested three members of the hacktivist collective Anonymous and seized at least one computer used in the attacks on Sony. Those arrested are believed to have been important in coordinating the group’s activities in the country and to have distributed the Loic DDoS tool to others. Now, of course, the Spanish government will have to be on high alert — if we know one thing about Anonymous, it’s that it is not trigger shy when it comes to exacting revenge.
Three suspected members of Anonymous arrested in Spain originally appeared on Engadget on Fri, 10 Jun 2011 12:42:00 EDT. Please see our terms for use of feeds.
, playstation network
Did you think maybe HTC would change its ways after locking down the bootloader on the Thunderbolt and Incredible S? Sorry, no. The upcoming Sensation looks to have been similarly afflicted, with Android Police bringing the bad news that its internals are protected by HTC’s private key. This will definitely prove to be an issue for those looking to run custom ROMs that are clean as a whistle, but something tells us the hackers shall overcome. They usually do.
HTC Sensation looks to have signed bootloader, custom ROMs look to be bummed originally appeared on Engadget on Fri, 13 May 2011 09:32:00 EDT. Please see our terms for use of feeds.
Android‘s has already hit the set top box world with the Google TV, but that isn’t true Android. This is, packing Android 2.2. Or, at least, it will be when it ships sometime toward the middle of the year. It’s the Nixeus Fusion XS, a Marvell 88DE3010-powered media streamer with 2GB of flash memory and 512MB of RAM, and unfortunately a little processor fan that hopefully doesn’t make too much noise. That’s the same Armada processor that drives the OnLive MicroConsole and hopefully it’ll give enough oomph for FroYo to serve up HD video content, including BD-ISO support and whatever else the little, ebony thing can pull down over USB or Ethernet, spitting it back over composite and optical audio output or on one string of HDMI. It’s looking rather less powerful than the similarly Android-powered Xtreamer PVR, but its anticipated cost of $170 should be a good bit lower. Oh, and we can’t wait to see what the hackers do with it either.
Android and Marvell to join forces in the Nixeus Fusion XS media streamer originally appeared on Engadget on Mon, 14 Mar 2011 13:02:00 EDT. Please see our terms for use of feeds.
, google tv
, media streamer
, nixeus fusion xs
Palm’s always been pretty cozy with the homebrew community, and now, with a donation to WebOS Internals, HP’s showing that they’ve got love for hackers, too. Just in time for the lover’s holiday, HP announced plans to donate a ProLiant DL385 server to the independent developer’s resource — a gift worth $10,000 and packing 32GB of RAM and 8TB disk space. Considering all the new devices we saw at the webOS event this week, the added capacity comes at just the right time. We always thought diamonds were a nice gesture, but we suppose, in this case anyway, nothing says I love you like an HP ProLiant.
HP donates server to WebOS Internals, makes homebrew its boo originally appeared on Engadget on Fri, 11 Feb 2011 21:40:00 EDT. Please see our terms for use of feeds.
, hp proliant
So far, Chrome is the only browser of the big four — Safari, Firefox, and Internet Explorer being the other three — to escape the Pwn2Own hacking competition unscathed the past two years. (Sorry Opera aficionados, looks like there’s not enough of you to merit a place in the contest… yet.) Evidently, its past success has Google confident enough to pony up a cool $20,000 and a CR-48 laptop to anyone able to find a bug in its code and execute a clean sandbox escape on day one of Pwn2Own 2011. Should that prove too daunting a task, contest organizer TippingPoint will match El Goog’s $10,000 prize (still $20,000 total) for anyone who can exploit Chrome and exit the sandbox through non-Google code on days two and three of the event. For those interested in competing, Pwn2Own takes place March 9th through 11th in Vancouver at the CanSecWest conference. The gauntlet has been thrown — your move, hackers.
Google’s paying $20,000 to hack Chrome — any takers? originally appeared on Engadget on Thu, 03 Feb 2011 20:33:00 EDT. Please see our terms for use of feeds.
We’ve seen hackers use keyboards to deliver malicious code to computers, and we’ve seen smartphones used as remote controls for cars and TV — but we’ve never seen a smartphone disguised as a keyboard used to control a computer, until now. A couple folks at this year’s Black Hat DC conference have devised a clever bit of code that allows a rooted smartphone — connected to a PC through USB — to pose as a keyboard or mouse in order to attack and control the computer. The hack takes advantage of USB’s inability to authenticate connected devices coupled with operating systems’ inability to filter USB packets, which would enable users to thwart such an attack. While utilizing a digital costume to hack a computer is a nifty idea, it doesn’t pose much additional risk to users because the method still requires physical access to a USB port to work — and most of us would probably notice someone plugging a smartphone into our laptop while we’re using it.
[Image Credit: Angelos Stavrou / CNET]
Hackers disguise phone as keyboard, use it to attack PCs via USB originally appeared on Engadget on Sun, 23 Jan 2011 02:02:00 EDT. Please see our terms for use of feeds.
Two arrests have been made connected to the security breach that exposed thousands of iPad users’ email addresses and other info last year. Daniel Spitler and Andrew Auernheimer (yeah, that guy again) have been taken into custody and charged with conspiracy to access a computer without authorization and fraud, for allegedly using a custom script (built by Spitler) called iPad 3G Account Slurper to access AT&T’s servers, mimic an iPad 3G, and try out random ICC identifiers. Once a valid ICC was found, one could harvest the user’s name and email address. Of course, the hackers maintain that this was all done to force AT&T to close a major security flaw, and we’ll be interested to see what exactly the company does to make things right.
Two arrested for iPad security breach originally appeared on Engadget on Tue, 18 Jan 2011 14:07:00 EDT. Please see our terms for use of feeds.
Tags: apple ipad
, data security
, goatse security