Hasta La Gadget!

Yahoo! has reportedly suffered a huge user account security breach, with login credentials for in excess of 453,000 users having been released into the wild. Details of which of Yahoo!’s services has been hacked have not been released, though TrustedSec speculates that it is Yahoo Voice based on some of the subdomains included with the leaked list of 453,492 accounts.

The login details were released by a hack collective calling itself D33Ds Company, which claimed to have accessed the usernames and passwords with a union-based SQL injection, Ars Technica reports. Such an attack overloads a poorly-secured server with database commands; “By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information” Ars says.

However, D33Ds Company claims to have mitigated the potential damage of the leak by purposefully withholding more sensitive data. ”We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure” the group wrote. “Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

Yahoo! is yet to comment on the breach, though it’s not the first embarrassing security gaffe at the company. Back in March, the company’s new Axis browser for iOS, PC and Mac was identified as having a potential loophole through which malware could install in the user’s browser.

453,000 Yahoo! accounts reportedly hacked is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

So, that first round of Nexus Q hacks? Impressive in terms of turn around time, not so much when functionality is your primary metric. But, a couple of weeks with the gorgeous, if questionably useful device, has started to produce some truly exciting results. The one that has our tinkering fingers itching most, puts a launcher and apps right at your finger tips… well, mouse pointer. The hack is hardly for the meek but, if you’re already in possession of a Nexus Q, we’re sure pushing a few .apks via adb won’t unsettle you too much. The solution is far from perfect, but the Android foundation is able to recognize keyboards and mice it seems without issue. What really makes this a great hack, of course, is the ability to install apps like Netflix and Angry Birds finally freeing the Q from its arguably artificial shackles. If you’re looking for something a little less involved (and decidedly less cool) there’s also QRemote, an .apk you can push to your Q that lets you control it via a web browser. It doesn’t expose any additional functionality, but at least it lets you skip tracks from your PC or other non-Jelly Bean device. You can see both in action after the break, and all the relevant files and accompanying instructions live at the source links.

Continue reading Nexus Q hacked to launch apps, gets remote control web app

Filed under: Software

Nexus Q hacked to launch apps, gets remote control web app originally appeared on Engadget on Tue, 10 Jul 2012 16:37:00 EDT. Please see our terms for use of feeds.

Permalink   |  XDA Developers Forum, bliny.net  | Email this | Comments

The Nexus Q is an odd little piece of hardware, filling a very small niche rather expensively. It could, however, turn out to be more useful than first thought, because a simple hack seems to bring it to life with the Android launcher, apps and as a result—you guessed it—Netflix. More »

Verizon cleared up its stance on locking the bootloaders in phones using its network earlier this year. In short: it encourages OEMs to do so, to keep its network humming along as Big Red feels it should. Well, it seems that VZW Support is telling a different story, as it’s laid blame for the Galaxy S III’s closed bootloader squarely at Samsung’s feet, claiming that it’s locked “per the Manufacturer.” Now, that doesn’t explicitly state that VZW had no part to play in denying users access, but it surely seems like this is a game of PR pass the buck to us. Of course, as we reported earlier, there’s a workaround to be had by rooting the GSIII, which revealed a vulnerability allowing non-stock ROMs to be flashed to the device. But it’s only a partial workaround, as the kernel’s signed and implementing a full custom ROM experience is neither for the unskilled nor the faint of heart. We reached out to both Verizon and Samsung for comment on the matter, but have yet to hear back. While you wait for official word, feel free to check out the ongoing conversation at the source link below.

[Thanks, @supercurio]

Update: Seems that Verizon’s still singing the same tune it was back in February, claiming that unauthorized software brought by open bootloaders could harm the overall network user experience:

Verizon Wireless has established a standard of excellence in customer experience with our branded devices and customer service. There is an expectation that if a customer has a question, they can call Verizon Wireless for answers that help them maximize their enjoyment and use of their wireless phone. Depending on the device, an open bootloader could prevent Verizon Wireless from providing the same level of customer experience and support because it would allow users to change the phone or otherwise modify the software and, potentially, negatively impact how the phone connects with the network. The addition of unapproved software could also negatively impact the wireless experience for other customers. It is always a delicate balance for any company to manage the technology choices we make for our branded devices and the requests of a few who may want a different device experience. We always review our technology choices to ensure that we provide the best solution for as many customers as possible.

Filed under: Cellphones, Software

Verizon support blames Samsung for locked bootloader in Galaxy S III (updated) originally appeared on Engadget on Mon, 09 Jul 2012 13:48:00 EDT. Please see our terms for use of feeds.

Permalink   |  @VZWSupport (Twitter)  | Email this | Comments

Almost as a dare, Shoryuken (SRK) challenged its fans to produce a fighting game-style controller for Starcraft II. Mauricio Romano took them up on that contest and won with a surprisingly polished arcade stick of his own. Its cornerstone is a heavily modified Ultrastik joystick that’s turned into an on-controller, two-button mouse. You didn’t think a PC gamer would cling to a plain joystick, did you? In the process, the usual 101 keys of a typical keyboard have been pared down to a set of 26 buttons most relevant for Blizzard’s real-time strategy epic. Packaged up in a single, polished USB peripheral, the one-off prototype’s design is good enough to imagine a Major League Gaming pro taking it out on the road. We’d put that idea on ice for now, though: as Mauricio shows in the video below, the learning curve is steep enough that most players won’t be fending off diamond-league marine and zergling blitzes anytime soon.

Continue reading SRK contest produces a 26-button Starcraft II arcade controller, probably won’t stop Zerg rushes (video)

SRK contest produces a 26-button Starcraft II arcade controller, probably won’t stop Zerg rushes (video) originally appeared on Engadget on Fri, 06 Jul 2012 05:02:00 EDT. Please see our terms for use of feeds.

Permalink Joystiq  |  Shoryuken  | Email this | Comments