iPhone hacker dream team edges closer to iOS6 jailbreak
A trio known for their prowess in hacking Apple's iPhone software indicated on Thursday they may be edging closer to breaking the improved security measures in iOS 6.
The hackers, who spoke at the Hack in the Box security conference in Kuala Lumpur, are famous for "jailbreaking" the iPhone's software, the term for using combinations of exploits to allow the installation of unauthorized software. Apple dislikes the practice, which is legal in the U.S. but can void warranties for modified devices.
The release of a new jailbreak is highly anticipated among the select group of iPhone users who resent the company's careful gatekeeping of applications it allows in its App Store.
But the process for creating a jailbreak has become much more difficult with each iteration of Apple's iPhone software, and many of the old tricks used to create jailbreak software in the past simply don't work anymore. French hacker Cyril, known by his Twitter handle "@pod2g," admitted that iOS6 so far has him stumped. Read more...
Google warns the operators of thousands of hacked web sites
The head of Google's Webspam team, Matt Cutts, announced on Twitter that Google has sent out a message to the webmasters of 20,000 sites informing them that their sites may have been hacked. In the email message, the company warns operators that the affected sites appear to be being used to redirect visitors to a malicious site. Read more...
Analysts wary of Iran’s spy drone hacking claims
Reports that Iranian electronic warfare experts may have succeeded in intercepting and capturing a sophisticated U.S. spy drone was received with some skepticism by security analysts.
While it is certainly possible that the drone was electronically ambushed as reported, more details are needed to know what exactly might have happened to the RQ-170 Sentinel drone, they said.
Christian Science Monitor this week reported that the recent U.S. spy drone captured by Iran may have been intercepted and tricked into landing in that country by Iranian electronic warfare experts.
The story quoted an unnamed Iranian engineer as saying that Iran was able to cut off the communications links to the Lockheed-Martin-made drone and reconfigure its GPS coordinates to trick it into landing in Iran. Read more...
AT&T reports attempted customer data hack
AT&T today notified customers that there had been an "organized and systematic" attempt to hack into their personal account information.
The company sent out an email to customers informing them of an "attempt to obtain information on a number of AT&T customer accounts" but also emphasized that it did "not believe that the perpetrators of this attack obtained access" to users' online accounts. The company said that the perpetrators had tried using "auto script" technology to "determine whether AT&T telephone numbers were linked to online AT&T accounts." AT&T said it is now focusing its efforts on finding out who attempted the hack and what their intent was for gathering customer information. Read more...
LulzSec claims it hacked FBI linked organization
Hacking group Lulz Security claimed it had hacked and defaced the web site of the Atlanta chapter of InfraGard, an organization affiliated to the U.S. Federal Bureau of Investigation, and leaked its user base.
The group said that they had hacked the InfraGard site after NATO and U.S. President Barack Obama had raised the stakes with regard to hacking, by treating it as an act of war. Read more...
Update: Sony Ericsson online store, Sony BMG Japan hacked
Sony Ericsson Canada today confirmed that it was hit by a security breach that allowed about 2,000 customer records, including first name, last name, email addresses and the hash of encrypted passwords to be illegally accessed.
No additional personal or credit card information was compromised, the company said in a statement to the IDG News Service this afternoon.
Earlier today, The Hacker News (THN) had reported that it received a tip from a Lebanese hacker who had breached the site and accessed email addresses, passwords and names of thousands of users of Ericsson's Eshop online store in Canada. The information was then posted on Pastebin.com. Read more...
Sony Denies PSN Hack, Confirms PSN Web Exploit
The PlayStation Network wasn't hacked so much as threatened yesterday when a password exploit accessible through its PSN web page login page came to light, claims Sony.
The PlayStation Network wasn't hacked so much as threatened yesterday when a password exploit accessible through its PSN web page login page came to light, claims Sony.
Sony spokesperson Patrick Seybold confirmed the exploit in an official PlayStation blog dispatch yesterday afternoon.
"We temporarily took down the PSN and Qriocity password reset page," wrote Seybold, quickly adding "Contrary to some reports, there was no hack involved."
The "exploit" involved the PSN web-based password reset page, where Read more...
Sony cuts off Sony Online Entertainment service after hack
The widely publicized hack of Sony's computer networks is worse than previously thought, also affecting 24.6 million Sony Online Entertainment network accounts.
Sony -- which has kept its Sony PlayStation Network offline for nearly two weeks as it investigates a computer intrusion -- took a second gaming network offline on Monday, saying it too appears to have been hacked. It said banking and credit card information belonging to more than 23,000 customers outside the U.S. may have been compromised.
The Sony Online Entertainment network, used for massively multiplayer online games like EverQuest, Star Wars Galaxies and Matrix Online, has been suspended temporarily, Sony said Monday. Add this to the 77 million accounts that may have been compromised last week, and Sony is responsible for one of the largest recorded data breaches. Read more...
Analysis: How MySQL.com and Sun.com got hacked
There are lots of red faces at Oracle this morning, as two of its sites, MySQL.com and Sun.com, were pwned over the weekend by veteran Romanian extremely-dark-gray-hat hacker TinKode and sidekick Ne0h. The sites were the victims of an as-yet-unidentified "blind" SQL injection technique -- the exact type of attack you'd think the devs and admins at MySQL would know how to protect against. Apparently, you'd be wrong.
Here's how it happened: Early on Sunday morning, Jackh4xor sent a message to the Full Disclosure mailing list explaining that MySQL.com was "vulnerable to blind SQL injection vulmerability." The message lists the target site as the MySQL.com customer view page. There's an impressive roster of databases, tables, and fields swiped from the MySQL.com site, as well as a short collection of usernames and passwords, both in their encrypted and unencrypted forms. Read more...
MySQL website falls victim to SQL injection attack
Oracle's MySQL.com customer website was apparently compromised over the weekend by a pair of hackers who publicly posted usernames, and in some cases passwords, of the site's users.
Taking credit for the hack were "TinKode" and "Ne0h," who wrote that the hack resulted from a SQL injection attack that they did not provide further details on. The vulnerable domains were listed as www.mysql.com, www.mysql.fr, www.mysql.de, www.mysql.it and www-jp.mysql.com. Read more...