Nintendo Japan has warned Club Nintendo users to change their passwords, after revealing that the member rewards site was hacked back in June, leading to tens of thousands of unauthorized logins. The first Nintendo realized of the compromised security was a dramatic increase in errors spotted on July 2, with subsequent investigation turning up 23,926 stolen logins and almost 15.5m attempts.
However, the first of the hacks apparently begin on June 9, continuing up to July 4, Nintendo Japan says. All passwords for the Club Nintendo service have been reset, and users will need to create new credentials when they next try to log in.
Club Nintendo is the company’s membership scheme, which offers rewards – including both in-game content, special limited edition games, warranty extensions, and real promotional gifts – in return for playing games on the Wii U, Wii, 3DS, and other Nintendo consoles. There’s no indication that Club Nintendo US or Club Nintendo UK have been compromised.
Fortunately, Club Nintendo never held any credit card data from its users, though the company says that it suspects names, addresses, phone numbers, and email addresses have all be taken. There’s currently no confirmation that any unauthorized use of Club Nintendo Points has taken place.
Nintendo is bulking up its security systems, in the hope of preventing something like this from happening again, but advises anyone who used the same credentials – such as email address, username, or password – for other services to change them there, just in case. It’s also sensible to be on the lookout for a potential increase in phishing attempts, which often follow email address thefts.
Google’s recent XE7 update for its Glass Explorer Edition already shows signs of an unactivated locking system for the wearable, as well as a “Boutique” app store and media player. The official changes in XE7 include a web browser – which you can see demonstrated after the cut – using physical head movements to navigate pages, along with boosts to search, contacts, and other features. However, some digging through the update itself has revealed a number of much-anticipated extras that Google hasn’t mentioned publicly.
Zhuowei worked his way through the code, and found a number of dormant or work-in-progress features. Most topical, perhaps is the provision for locking Glass, an absent feature which has meant that, so far, anybody stealing the wearable off your head (or from your bag) can instantly gain access to whatever data it has saved on its roughly 8GB of onboard storage.
Google’s system for dealing with that appears to be coding Glass with a swiping lock with four components. The lock screen code suggests wearers would flick between each of the four lock IDs with swipes up and down on the side touchpad, then set each pattern with swipes left and right.
We’ve seen a similar approach from non-official Glass locking app Bulletproof. That also included the proviso to only turn on the lock if the wearable’s motion sensors showed that it had been removed – either taken off and put down to recharge, perhaps, or pulled off in a theft – rather than demanding an unlock every time the user wanted to activate it.
Google Glass XE7 wearable web browser demo:
Google had already confirmed it was working on a lock system for Glass, as part of the company’s response to a US congressional committee concerned about privacy and security. For the moment, though, Google suggests those who lose their Glass can remotely reset it from the web interface.
However, it’s not the only change spotted in the XE7 code. There’s evidence of the Glass Boutique, what appears to be a version of the Android Market for Glassware apps for the wearable. Not yet usable in XE7 – there’s mention of the Boutique, but not the actual code for it – it appears that the store will allow synchronization to Glass of Glassware and native APKs, which also implies native app support is also on the cards.
That would mean another way of running software on the wearable beyond the existing Mirror API, which basically acts as a conduit between Glass and web-based software. Google currently has Glass locked down, with the only way to install local software being an unofficial hack. Instead, the Mirror API works as a route for Glassware to communicate with the headset – as Google explained using cats back at I/O – while keeping local processing (and thus battery consumption) to a relative minimum.
Other new features center on multimedia. There’s a new set of cards mentioned – though, again, not the code for the actual functionality – for a music player, with the usual play/pause/next/previous skipping support, and album/artist information on-screen; a video player also gets a terse mention, though there’s even less detail around it. Functional already, though (even if it requires a little modification in order to activate it) is a volume control, adding a new option to the Settings that allows adjusting the volume of Glass’ bone-conduction speaker.
The remaining changes are either minor, mysterious, or both. A new, red microphone icon has been added, along with a package installer – not yet functional – that looks like it might eventually permit downloaded APKs to be loaded onto the headset. The ability to only see timeline cards from a specific contact is also hinted at, though again doesn’t yet work; there’s also what appears to be a version of the new contact list – which now includes all of your Gmail contacts rather than just ten as Glass originally supported at launch – that can be navigated by head movements, just as with the new browser.
When Google might go live with any of these newly-spotted features – if, indeed, they ever graduate to public functionality – remains to be seen. However, it’s a sign that Glass is slowly progressing from a wearables novelty to a more legitimate mobile platform in its own right.
If you’ve ever signed up for a Uplay account, your information could now be in the hands of criminals. Ubisoft’s confirmed that a security breach at one of its sites, now closed, has granted hackers access to sensitive user data (i.e., usernames, emails and passwords). Critically, no actual financial information was leaked, owing to the fact that Ubisoft doesn’t retain personal credit or debit card account numbers on its servers. Regardless, the Assassin’s Creed developer is taking proactive measures, contacting account holders directly and strongly advising them to update any related passwords. You can find the full email just after the break.
Sony’s upcoming Honami Android smartphone, tipped to pack a 20-megapixel camera, has prematurely donated its camera app for other Sony Xperia devices, courtesy of a leaked app. The hack, handiwork of xda-developers‘ krabappel2548, works on Sony’s Xperia Z, ZL, or Tablet Z, and includes Timeshift burst photos, augmented reality effects, and more. Like Instagram, there
Conventional wisdom would suggest that making a for-real Katamari Damacy ball would be tricky, but that didn’t stop Chris McInnis, Ron LeBlanc and Tom Gwozdz from taking up the challenge. As part of the Nuit Blanche festival in London, Canada (which also included some building-projected gaming), they were able to fashion their very own Katamari ball from a yoga ball, some stickers, wood, an Arduino microcontroller, several optical mice and a dissected DualShock 2 controller. See how it steers after the break.
Chalk up one more reason to check out Windows 8.1 Preview when it becomes available on June 26th. Today, Microsoft announced that it’ll pay up to $100,000 in cash to those who discover and report novel security exploits within its latest OS revision, along with up to $50,000 in bonus loot for defensive suggestions that relate to the attack. But wait… there’s more. Starting on June 26th and running through July 26th, the Redmond outfit will also pay up to $11,000 toward the discovery of critical vulnerabilities within Internet Explorer 11 Preview (Windows 8.1 Preview). Whether you’re motivated by your bank account or the good of humanity, you can start taking your best shots at Microsoft’s latest code just one week from now.
iPhone and iPad users who use their iOS device to share a 3G/4G connection are being advised to change the default Mobile Hotspot password, after researchers showed it was possible to crack them in under sixty seconds. Apple supplies mobile hotspot users with a preconfigured password when they enable the feature, but the default is
Anyone who’s tried to tether to their iPhone or iPad will recall how iOS manages to craft its own passwords when used as a personal hotspot. The aim is to ensure that anyone sharing a data connection will get some degree of security, regardless of whether or not they tinker with the password themselves. However, three researchers from FAU in Germany have now worked the structure behind these auto-generated keys — a combination of a short English word and a series or random numbers — and managed to crack that hotspot protection in under a minute. To start, the word list contains about 52,500 entries, and once the testers were able to capture a WiFi connection, they used an AMD Radeon HD 6990 GPU to cycle through all those words with number codes, taking just under 50 minutes to crack with rote entry. Following that, they realized that only a small subset (just 1,842) of the word list was being used.
With an even faster GPU — a cluster of four AMD Radeon HD 7970s — they got the hotspot password cracking time to 50 seconds. The Friedrich-Alexander University researchers added that unscrupulous types could use comparable processing power through cloud computing. “System-generated passwords should be reasonably long, and should use a reasonably large character set. Consequently, hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters,” says the report, which outlines the trade-off between security and usability. However, as ZDNet notes, Apple’s cycled password approach still offers more protection than static options found elsewhere. Check out the full paper at the source.
Sony has thrown open its SmartWatch to support alternative firmware, with the company hoping the Open SmartWatch Project will kickstart wearable development and maybe even give it a few new ideas itself. The new scheme – which, unsurprisingly, voids your SmartWatch warranty – allows coders to access the wearable’s hardware in new and unusual ways,
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
