Hasta La Gadget!

Here’s something that’s rather interesting: Anonymous is claiming that it has hacked the PlayStation Network, making off with information on 10 million accounts. Anonymous announced the hack on its Twitter account just over an hour ago (though that tweet has since been removed), and someone claiming to be “the man behind Anonymous” posted this list of emails and encrypted passwords reportedly stolen from PSN as proof of the attack.

Reports of a new PSN security breach make us immediately recall the bad memories from spring 2011, but there may not be reason to worry just yet. The list which was posted to Pastebin is apparently just a duplicate of a list posted back in March. Kotaku says that SCEA’s Shane Bettenhausen has stated on Twitter that claims of the hack are “totally fake,” but that tweet appears to have been taken down too.

It’s all very confusing, but at the moment, it seems that the PlayStation Network is safe. It’s a good thing too, because PS3 owners definitely still remember last year’s attack all too well. The attack was severe enough that Sony had to take PSN down for a month as it worked on boosting security and investigated what all was stolen. When Sony reported that credit card details may have been stolen in the attack, that made things go from bad to worse, and Sony had to do a lot to restore faith in the company.

Luckily, it seems that history won’t be repeating itself quite yet, but with Sony claiming that it greatly improved security after the first attack, you know that there are plenty of hackers trying to bring PSN down for a second time. With that in mind, it seems that it’s only a matter of time before someone gets in, but who knows? It could be that Sony’s defenses are as strong as the company says. In any case, we’ll be bringing you more information as this rather strange story develops, so keep it tuned here to SlashGear!

Anonymous claims new PSN hack, Sony says it didn’t happen is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Diablo developer Blizzard has warned gamers that their personal information may have been leaked, after the company was the target of a network hack. No financial information is believed to have been stolen, Blizzard said in a statement on the data breach, but some email addresses, personal security question answers, and authentication details for some types of connections were all extracted before the unauthorized access was blocked.

The investigation is still ongoing, Blizzard concedes, but so far has found “no evidence that financial information such as credit cards, billing addresses, or real names were compromised.”  What did get poached were cryptographically scrambled versions of Battle.net passwords for those on North American servers, which includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia.

“We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password … Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well” Blizzard

According to an FAQ on the breach, the most likely result is that users could see an uptick in phishing emails as the list of addresses is worked through. Only China-based accounts are unaffected; all accounts outside of the country saw email addresses leaked, and those on the North American servers had the most data leaked:

• Email addresses
• Answers to secret security questions
• Cryptographically scrambled versions of passwords (not actual passwords)
• Information associated with the Mobile Authenticator
• Information associated with the Dial-in Authenticator
• Information associated with Phone Lock, a security system associated with Taiwan accounts only

Blizzard will be automatically prompting those on North American servers to change secret questions and matched answers in the coming days, while those using mobile authenticator will get an update. Although actual passwords have not been leaked, it’s perhaps advisable to change those too: you can do that here.

The attack was first identified on August 4, Blizzard said, with the company then working “to re-secure our network” before proceeding “simultaneously on the investigation and on informing our global player base.” Blizzard is working with law-enforcement agencies and security experts to investigate the potential hackers and look at further securing systems to avoid repeats of the breach in future.

Blizzard hacked: Battle.net leaks emails and more is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Putting Google’s latest candy-coated OS update on the very first Android phone? We’ve got a guy for that. Jcarrz1, the same wizard from XDA-Developers who ported Ice Cream Sandwich to the HTC G1, has managed to port a buggy build of CyanogenMod 10 to the handset — which puts Jelly Bean on the oldest hardware possible. Sadly, the old handset isn’t up to Project Butter’s 60FPS interface, but brave tweakers can still use the device’s touchscreen for apps, CM10 features and a partially functional Google Now. WiFi is also up and running, but cellular data is MIA. Check out the video above to see the pre-alpha build in action, or try it out for yourself at the source link below.

Filed under: Cellphones

HTC G1 auditions CyanogenMod 10, runs Jelly Bean at a snail’s pace (video) originally appeared on Engadget on Thu, 09 Aug 2012 03:07:00 EDT. Please see our terms for use of feeds.

Permalink   |  XDA-Developers  | Email this | Comments

The hack performed against Wired writer Mat Honan serves as a cautionary tale for others to ensure they back up their data, but what about the security issues found with the companies that helped facilitate the crime? Amazon fixed its own security hole yesterday, and now Apple has blocked customer service representatives from issuing password changes over the phone for Apple IDs.

According to an Apple employee that spoke to Wired, the company has placed a 24 hour freeze on any new over-the-phone password changes in order to give the team more time to think about and implement new security measures. When Wired once again tried to duplicate the social engineering used against Apple customer service representatives, they were told that the systems were prevented from resetting passwords, and that users had to do so via Apple’s website instead.

There’s still no official comment from Apple regarding the freeze, however, and it’s not yet clear what the company intends to do to prevent similar situations from occurring in the future. Amazon quietly fixed its own security issue yesterday, with a new policy in place that prevents callers from simply providing a name, email address, and home address to gain access to an account.

The hacker who reset Honan’s various Apple devices first went after his Amazon account, providing the easily gathered information to customer service representatives over the phone in order to gain access. Once the hacker managed that, the last four digits of Honan’s credit card were displayed in his account, information that Apple representatives happily accepted as proof as identity, allowing the individual to perform a password reset and gain access to the iCloud account.

Apple freezes over-the-phone password resets is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

By now, you may have heard the story of the identity ‘hack’ perpetrated against Wired journalist Mat Honan. Using easily obtained data, an anonymous duo bluffed its way into changing his Amazon account, then his Apple iCloud account, then his Google account and ultimately the real target, Twitter. Both Amazon and Apple were docked for how easy it was to modify an account over the phone — and, in close succession, have both put at least a momentary lockdown on the changes that led to Honan losing much of his digital presence and some irreplaceable photos. His own publication has reportedly confirmed a policy change at Amazon that prevents over-the-phone account changes. Apple hasn’t been as direct about what’s going on, but Wired believes there’s been a 24-hour hold on phone-based Apple ID password resets while the company marshals its resources and decides how much extra strictness is required.

Neither company has said much about the issue. Amazon has been silent, while Apple claims that some of its existing procedures weren’t followed properly, regardless of any rules it might need to mend. However the companies address the problem, this is one of those moments where the lesson learned is more important than the outcome. Folks: if your accounts and your personal data matter to you, use truly secure passwords and back up your content. While Honan hints that he may have put at least some of the pieces back together, not everyone gets that second chance.

Filed under: Internet

Amazon, Apple stop taking key account changes over the phone after identity breach originally appeared on Engadget on Tue, 07 Aug 2012 23:40:00 EDT. Please see our terms for use of feeds.

Permalink   |  Wired (1), (2)  | Email this | Comments