Hasta La Gadget!

Cisco and company, you’ve got approximately seven days before a security researcher rains down exploits on your web-based home router parade. Seismic’s Craig Heffner claims he’s got a tool that can hack “millions” of gateways using a new spin on the age-old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week. He’s already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G (pictured above) and devices running certain DD-WRT and OpenWRT Linux-based firmware. To combat the hack, the usual precautions apply — for the love of Mitnick, change your default password! — but Heffner believes the only real fix will come by prodding manufacturers into action. See a list of easily compromised routers at the more coverage link.

Researcher will enable hackers to take over millions of home routers originally appeared on Engadget on Wed, 21 Jul 2010 06:33:00 EDT. Please see our terms for use of feeds.

Permalink Forbes, Ars Technica  |  Black Hat 2010  | Email this | Comments

So you’ve got a nice secure thumbdrive, but did you ever think to lock its port? Engineers at the Royal Military College of Canada say the plug and play functionality built into most computers automatically trusts whatever’s plugged into the USB slot. That doesn’t just go for flash drives left out on the street, but all manner of other peripherals as well, as the trio of triumphant researchers demonstrated when they (presumably) infiltrated colleagues’ offices with a totally sweet spy keyboard. That particular device flashed an LED or made the mark’s sound card warble to covertly transmit stolen data, but such exotic methods are reportedly not required — so you’ve yet another reason to cringe when your coworker trots out his Humping Dog.

Researchers say any USB peripheral could steal your data, even a coffee-cup warmer originally appeared on Engadget on Mon, 05 Jul 2010 05:09:00 EDT. Please see our terms for use of feeds.

Permalink Switched  |  New Scientist  | Email this | Comments

Whatever the reason HTC instituted that 30fps cap on the EVO’s graphical output, the issue has just been remedied by — surprise, surprise — coders over at xda-developers. We’ve come across video evidence of the EVO 4G rolling along at a swift 54fps average clip, and another motion picture reel shows the positive effect this has had on the touch-tracking of the handset. Check them both out after the break and hit the source to get educated on how to make this happen on your own EVO. You should be warned that there are still some issues to resolve before the whole thing’s buttery smooth, but hey, it’s still a lot better than waiting for HTC to do it.

[Thanks to everyone who sent this in]

Continue reading EVO 4G loses 30fps limit thanks to devoted community (video)

EVO 4G loses 30fps limit thanks to devoted community (video) originally appeared on Engadget on Wed, 23 Jun 2010 05:24:00 EDT. Please see our terms for use of feeds.

Permalink   |  xda-developers  | Email this | Comments

Man, one day you have the whole world’s ear to talk about slack network security, and the next you’re in the joint. Andrew Auernheimer, Goatse Security’s hacker-in-chief and a key player in the unearthing of a major security flaw exposing iPads surfing AT&T’s airwaves, is today facing felony charges for possession of a variety of potent drugs. That wouldn’t be such intriguing news by itself, but the discovery was made by local law enforcers who were in the process of executing an FBI search warrant. Hey, wasn’t the FBI going to look into this security breach? Yes indeedy. While nobody is yet willing to identify the reasons behind this warrant, it’s not illogical to surmise that Andrew’s crew and their online exploits were the cause for the raid. So there you have it folks, it’s the first bit of advice any publicist will give you: if you’re gonna step out into the glaring light of public life, you’d better clean out your closet first.

Update: Before y’all get in an uproar about “white hacker this” and “Police State that,” let’s keep in mind that this Andrew Auernheimer character (a.k.a. “Weev”) is one unsavory dude (not to mention a raving anti-Semite): check out this New York Times piece on Internet Trolls if you don’t believe us. After all, it’s not really a stretch that law enforcement might be after someone who’s in possession of ecstasy, cocaine, LSD, and various other pharmaceuticals.

AT&T hacker’s home raided, drugs found, dude detained (update) originally appeared on Engadget on Wed, 16 Jun 2010 06:34:00 EDT. Please see our terms for use of feeds.

Permalink CNET  |  Washington County Sheriff’s Office  | Email this | Comments

When Adobe said Flash gives you the full web experience, it meant it. Part and parcel of the web, as we all know, is the good old hacking community, which has been “actively exploiting” a vulnerability in Flash Player 10.0.45.2 (and earlier versions) and Adobe Acrobat and Reader 9.x to overtake people’s machines and do hacky stuff with them. This so-called flaw also causes crashes, but that’s probably not what’s worrying you right now. Adobe says the 10.1 Release Candidate for Flash Player looks to be unaffected, while versions 8.x of Acrobat and Reader are confirmed safe. To remedy the trouble, the company advises moving to the RC for Flash, and deleting authplay.dll to keep your Acrobat from performing undesirable gymnastics. Oh boy, Steve‘s gonna have a field day with this one.

Adobe’s Flash and Acrobat have ‘critical’ vulnerability, may allow remote hijacking originally appeared on Engadget on Sat, 05 Jun 2010 17:45:00 EDT. Please see our terms for use of feeds.

Permalink CNET  |  Adobe  | Email this | Comments