Obviously, Apple isn’t pleased with the crazy-easy way to get free in-app purchases in iOS. It’s doing its best to shut down Russian hacker Alexy Borodin’s scheme, but right now, it’s just chasing shadows. More »
The strange nature of the relationship between Anonymous and WikiLeaks has been detailed in a report from International Business Times. Members of the group spoke to IBTimes following a Twitter row over the leaked emails from Syria, with one individual saying the relationship between the two entities is “complex.” As it turns out, there’s crossover between both groups, with some individuals working on both sides to gather and expose information.
Anonymous and WikiLeaks are said to have similar aspirations, hence the heavy crossover between the personnel: “Both groups are first and foremost information activists, so there is a common ground between us.” One member of Anonymous went on to detail the work behind the Syria email leaks, saying the group working tirelessly to breach “multiple domains and dozens of servers.” While the information was handed off to WikiLeaks, the organization didn’t reveal its relationship with Anonymous.
The hacktivist group doesn’t seem to mind, however: “Nor would they be expected to reveal their source that is after all what WikiLeaks is all about.” There’s also the fact that WikiLeaks seems to have no qualms about releasing any information. Anonymous is said to have negotiated with Al-Jazeera regarding the release of the email dumps, but “no suitable disclosure agreement could be negotiated.”
Still, Anonymous is looking ahead to the future. Members of the group have recently launched their own version of Wikileaks, dubbed Par:AnoIA. The site is designed is host Anonymous leaks, and is said to have been created to gain better media coverage for highly sensitive dumps and expose information faster than WikiLeaks.
Anonymous and WikiLeaks relationship detailed is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
It’s been a harrowing few days for Yahoo. Earlier this week, the Yahoo Contributor Network became the victim of an SQL injection attack, with the hackers taking 450,000 email addresses and passwords with them when they left. Today, Yahoo says that it has put additional security measures in place in the aftermath of the attack, and gave us a better idea of who is at risk now that this information is out in the open.
According to Yahoo, the passwords and emails that were stolen belonged to members who signed up for Associated Content prior to May 2010, which is when Yahoo purchased Associated Content and turned it into the Yahoo Contributor Network. If you are one of those longtime users and signed up for Associated Content with a Yahoo email address, Yahoo asks that you log into that account, where you’ll be greeted by a number of account authentication questions. Obviously, if you use the same email address and password across multiple online accounts, it’s probably a good idea to go and change those too.
In a statement made today, Yahoo says that it has identified and fixed the vulnerability that allowed the hackers access in the first place. The company has also “deployed additional security measures for affected Yahoo users, enhanced our underlying security controls” and is currently in the process of notifying users who were affected by the attack.
The hackers said that they wanted this to serve as a wake-up call for those involved. With Yahoo scrambling to beef up security and keep the negative buzz to a minimum, it looks like their plan worked.
[via CNET]
Yahoo strengthens security in aftermath of password breach is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
That didn’t take long. The boys behind CyanogenMod promised a quick turnaround for its upcoming JellyBean-based update and are already teasing workable CM10 ROMs. CyanogenMod’s Ricardo Cerqueira tossed a video of an early CM10 build on his YouTube page, declaring “it lives!” The early build is running on an LG Optimus 4X HD, and runs through unlocking the screen and recording and playing back a video. The build is still having some trouble with Google’s revamped search integration, but considering Android 4.1’s source code was released only days ago, the quick development is promising. Check out Cercuiera’s quick demo for yourself after the break.
Continue reading CyanogenMod developers slap Jelly Bean on an Optimus 4X HD, tease CM10 (video)
Filed under: Cellphones, Software
CyanogenMod developers slap Jelly Bean on an Optimus 4X HD, tease CM10 (video) originally appeared on Engadget on Fri, 13 Jul 2012 10:58:00 EDT. Please see our terms for use of feeds.
Permalink 
PhoneArena, AndroidCentral | 
Ricardo Cerqueira (Google+) | Email this | Comments
It wasn’t long after the introduction of the App Store on iOS before a separate app store for hacked apps appeared. Now it looks like the in-app purchasing system may have been circumvented without requiring a jailbreak. A Russian developer has created two certificates that can be installed on an iOS device that tricks apps into believing in-app purchases have been made, all without contacting Apple’s servers.
In addition, users are required to change the DNS settings of their WiFi connection on iOS to make the hack work. When users go to purchase content, the in-app prompt is replaced with a message asking the users to “like” the website. The app is then fooled into thinking the transaction has gone through, with purchased content then able to be used. The hack gathers a whole host of information too, including the GUID of your iDevice and application version numbers.
Apple has provided the following statement on the situation:
“The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating.” -Apple Representative
The developer is accepting donations on his website in an effort to spur momentum for the project, as currently it doesn’t work with every app in Apple’s library. While the developer encourages users not to pirate apps or abuse the tool, he reportedly helps those who are running into trouble with in-app purchases that aren’t working with the hack.
[via 9to5Mac]
Russian developer circumvents iOS in-app purchase system [UPDATE: Apple responds] is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Bad news from the land of Tegra. NVIDIA has shut down its Developer Zone forums after noticing what it calls “attacks on the site by unauthorized third parties.” While the nature of the attacks isn’t clear, what’s troubling is that these attackers “may have gained access to hashed passwords.” Users are of course encouraged to change their secret codes and, with all the hackery going on lately, we might recommend you just go ahead and change them all — just in case.
[Thanks, Alfredo]
Filed under: Internet
NVIDIA Developer Zone shut down, may have been hacked originally appeared on Engadget on Fri, 13 Jul 2012 07:09:00 EDT. Please see our terms for use of feeds.
Permalink | | Email this | Comments
Phandroid has announced that a hacker has recently accessed its user database, making off with usernames, email addresses and hashed passwords—and the problem looks like it could affect all of its one million-plus users. More »
Google’s mysterious, if not ominous Nexus Q has already been hacked to launch apps of varied origins, but there’s one particular app that stands above all: Pong. Or, Brick Defender — you know, what’s a generic title amongst friends? BrickSimple managed to hack the Q for Pong playback, using the spinning top (read: volume wheel) to move the lower bar in the game. We’ll let you get right to the action; the video’s embedded after the break, and the code snippet necessary to duplicate it is there in the source below.
Continue reading Nexus Q repurposed to play Pong, games with your heart (video)
Filed under: Misc. Gadgets, Gaming
Nexus Q repurposed to play Pong, games with your heart (video) originally appeared on Engadget on Fri, 13 Jul 2012 04:15:00 EDT. Please see our terms for use of feeds.
Yeah, you love your dog, but is he or she really pulling his or her weight? A new project from Adafruit brings an on-board computer to your roaming canine, tracking the distance to your and your pup’s goal with a progress bar. The project is pretty simple, and Adafruit offers up most of the supplies, including the GPS and Atmega32u4 breakout boards — though you’ll have to procure your own fabric to make the big flower and some black nail polish to blot out the bright LEDs. The functionality isn’t quite as advanced as, say, products from Garmin — nor is it going to fill up your Twitter stream, but the collar does have the potential to track your mutt’s walks around the neighborhood with a few tweaks.
Continue reading DIY GPS dog collar helps your pup fulfill its mobile computing potential
Filed under: GPS
DIY GPS dog collar helps your pup fulfill its mobile computing potential originally appeared on Engadget on Thu, 12 Jul 2012 22:38:00 EDT. Please see our terms for use of feeds.
Permalink | Adafruit | Email this | Comments
Online account security breaches are seemingly commonplace these days — just ask LinkedIn or Sony — and now we can add Yahoo’s name to the list of hacking victims. The company’s confirmed that it had the usernames and passwords of over 400,000 accounts stolen from its servers earlier this week and the data was briefly posted online. The credentials have since been pulled from the web, but it turns out they weren’t just for Yahoo accounts, as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login info was also pilfered and placed on display. The good news? Those responsible for the breach said that the deed was done to simply show Yahoo the weaknesses in its software security. To wit:
We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.
In response, Yahoo’s saying that a fix for the vulnerability is in the works, but the investigation is ongoing and its system has yet to be fully secured. In the meantime, the company apologized for the breach and is advising users to change their passwords accordingly. You can read the official party line below.
At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.
Filed under: Internet
Yahoo confirms server breach, over 400k accounts compromised originally appeared on Engadget on Thu, 12 Jul 2012 14:41:00 EDT. Please see our terms for use of feeds.
Permalink | TechCrunch, New York Times | Email this | Comments
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
