Hasta La Gadget!

A high-profile case of cloud hijacking and data vandalism has thrown new attention on iCloud, Amazon, Google and other big online names, as gaps in the ways security is handled potentially allow for hacking. Flaws in how Apple and Amazon handle account recovery have been blamed for the “digital destruction” of journalist Mat Honan’s online life, following hackers’ successful attempts to crack security on his iCloud account, gain access to his Gmail and Twitter, and then remotely lock and delete his MacBook, iPhone and iPad.

[Image credit: Louis Argerich]

At fault – at least in part – was the inexact overlap between recovery policies for Apple and Amazon accounts, Honan writes. Although he himself shoulders the blame for the ensuing permanent loss of data – which comes down to not doing enough backups – a difference in opinion on how important the final four digits of a credit card number can be between Apple and Amazon proved the key with which the hack was achieved.

“Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification” Mat Honan

Apple gave Honan’s hackers a temporary password to iCloud after they supplied his billing address and the last four digits of his credit card; the former was accessed from a WHOIS search, as Honan had used the address to register his personal site, and the latter through a manipulation of the Amazon account recovery system which reveals those digits of each saved card. The iCloud email account in question was identified via Gmail which, as Honan did not have two-factor authentication turned on, showed the partial recovery email address – m****n@me – which proved easy to guess in its entirety.

Those details allowed for unofficial iCloud access, and then everything in Honan’s OS X and iOS connected life was up for grabs. The hackers locked him out of his devices and then wiped his data using the very tools provided in Find My Mac intended to help legitimate owners protect their information.

“If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life” Mat Honan

Although each company with a cloud service worth mentioning has its own data protection policies, few users stick solely to one provider. Apple claims that some aspects of its security polices “were not followed completely” but would not say if it was reconsidering how Find My Mac or other aspects of its iCloud security works; Amazon is yet to comment.

The takeaway for most users is to backup – preferably using local and/or separate cloud storage from other cloud data services relied upon – and to turn on two-step verification on Google accounts. Don’t link important accounts together, and consider having a completely separate account for recovery purposes.

When iCloud becomes the Perfect Storm is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

The Raspberry Pi is already considered a hacker’s paradise. However, that assumes that owners have all the software they need to start in the first place. Adafruit wants to give the process a little nudge through its Raspberry Pi Educational Linux Distro. The software includes a customized distribution of Raspbian, Occidentalis, that either turns on or optimizes SSHD access, Bonjour networking, WiFi adapter support and other hack-friendly tools. The build further rolls in Hexxeh’s firmware and a big, pre-built 4GB SD card image. Before you start frantically clicking the download link, be aware that the “educational” title doesn’t refer to a neophyte’s playground — Adafruit still assumes you know enough about Linux and Raspberry Pi units to be productive (or dangerous). Anyone who was already intrigued by the Raspberry Pi by itself, though, might appreciate what happens when it’s tossed into a fruit salad.

Filed under: Misc. Gadgets, Software

Adafruit launches Raspberry Pi Educational Linux Distro, hastens our hacking originally appeared on Engadget on Fri, 03 Aug 2012 19:38:00 EDT. Please see our terms for use of feeds.

Permalink   |  Adafruit  | Email this | Comments

There are masochists, and then there are masochists. We’d have to put French hackers Dyak and Furrtek in the latter category. The two ingenious and self destructive modders tweaked the beloved Sega Genesis to send signals to a pair of controllers any time the player takes damage. That signal doesn’t produce rumbles or blinking lights, however, it’s passed through a port to a shock collar meant for dogs. That’s right, every time you get hit, you get zapped. The jolt of electricity you receive is hardly deadly, but it’s certainly not pleasant, as you can tell from the barrage of obscenities bleeped out of the above video. The hack isn’t exactly easy but, if you’re bold, and don’t mind a bit of pain, you’ll find full details of the mod at the source link.

Filed under: Gaming

French hackers connect a shock collar to a Sega Genesis, let obscenities fly (video) originally appeared on Engadget on Fri, 03 Aug 2012 13:59:00 EDT. Please see our terms for use of feeds.

Permalink NoWhereElse  |  Furrtek  | Email this | Comments

Facebook is not exactly doing gangbusters on the stock exchange at the moment, and in a weird twist of fate, it was reported recently that more Zuckerbergs work over at Google instead of for Facebook. Trivia aside, here we are with news that late this evening, a bunch of baseball teams’ (from the major league) Facebook pages were hacked, with the San Francisco Giants being among other luminaries such as the Miami Marlins, Chicago White Sox, San Diego Padres, Washington Nationals, Los Angeles Angels, Atlanta Braves, New York Yankees and Chicago Cubs.

The Chicago White Sox, which is President Barack Obama’s favorite team, was hacked to endorse Republican presidential candidate Mitt Romney, while the Washington Nationals’ page claimed that the team was moving back to Canada, posting, “We’re going back to Montreal. SEE YA SUCKERS!!!!!!” These messages were removed in a jiffy, and most of the teams did post up notes to explain the hacking. It is a shame, really for hacks like this to still happen in this day and age. Ah well, at least it was not the Olympics, right?

By Ubergizmo. Related articles: Student hacker penetrated Facebook, Facebook used to hack bank accounts,

If you’re the type that enjoys tweaking or hacking your Android smartphone or tablet, Motorola’s been known to make that a pretty difficult process. Same goes for developers wanting full access to their smartphones because Motorola locks the bootloader on all their devices. After multiple comments on the matter and promising unlocked bootloaders last year, they are finally coming.

Today Motorola made a very small and brief announcement on their blog that starting with the just announced Motorola PHOTON Q 4G LTE they’ll be allowing bootloaders to be unlocked. HTC and ASUS have both took similar steps after initially locking down their devices from developers, so it’s good to see Motorola finally coming around.

For months now we’ve been working closely with our developers and carrier partners to provide users a way to to unlock the bootloader on their Motorola Mobility device while keeping the networks secure and satisfying carriers’ requirements. And we’ve finally found a solution.

What we can expect is locked down devices that ship to users, but Motorola will release some sort of unlock tool for those who are willing to void their warranty and unlock their device. HTC and ASUS both offer a similar tool (and the warranty disclaimer) so that is what we’re expecting from Motorola. Now that Google bought up Motorola Mobility and is taking over the reins, we could be seeing more moves for the better this like one coming soon.

The PHOTON Q 4G LTE will be the first phone with this option, and Motorola stated “other products will have this option too in the future.” Stay tuned for more info once Moto confirms all the details.

[via Android Community]

Motorola to unlock bootloaders starting with the PHOTON Q is written by Cory Gunther & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.