UPnP-enabled routers allow attacks on LANs

Routers from various manufacturers support UPnP (Universal Plug and Play) on their WAN interfaces, which apparently makes it possible for attackers to reconfigure them remotely via the internet and, for example, misuse them as surfing proxies or to infiltrate internal LANs. The problem was discovered by IT security specialist Daniel Garcia, who has developed the Umap tool to demonstrate the problem; the tool is available to download free of charge.

Umap detects UPnP-enabled end devices such as DSL routers and cable modems on the internet by directly retrieving the devices’ XML descriptions. The required URLs and ports for some models are hard-coded into the tool. This enables the software to bypass the usual restriction that only allows UPnP to search for compatible hardware via multicast in local networks. Garcia says that entire device series by Edimax, Linksys, Sitecom or Thomson (SpeedTouch) respond to UPnP requests on their WAN interfaces.

Since UPnP isn’t designed to include any authentication, the XML description can always be retrieved. Garcia said that, by performing an internet scan, he managed to detect 150,000 potentially vulnerable devices within a short period of time. Once initial contact has been made, the scanner sends such UPnP commands as AddPortMapping or DeletePortMapping to the devices via SOAP requests. LAN devices usually use these commands to access the internet via NAT. However, the devices from the manufacturers in question allow the port to be opened – and redirected to any other LAN device – via the WAN interface. Umap attempts to guess the internal IP address that is required to do so.

This allows attackers to scan the LAN and access devices on the internal network. Garcia says that mapping is even possible with IP addresses on the internet, enabling attackers to redirect someone else’s internet connection via umap and, for instance, misuse it to surf the net anonymously or to download illegal content. As a protective measure, Garcia recommends that UPnP be disabled at least for the WAN interface. If this isn’t possible, the only other option is to disable the technology completely – which may, however, disrupt the internet connections of such devices as games consoles.

51.526392 -0.091389

BlackBerry Playbook v1.0.7

BlackBerry Playbook users have one more reason to cheer up as RIM or Research in Motion recently announced software update for their tablet OS. It is v1.0.7.2942 and has brought differential updates to this tablet.

The feature of differential updates lets users update only the sections of the tablet that needs to be updated. This means that the updates will be smaller in size and hence the update process will be completed faster. The download costs too will be reduced.

The Wi-Fi connectivity to the WEP or Wired Equivalent Privacy networks has been updated for providing better security. This update also gives you faster pairing between BlackBerry smartphone and PlayBook tablet through BlackBerry Bridge app.

For making optimum use of BlackBerry PlayBook update, the manufacturer has given an update for BlackBerry Bridge app too. It is recommended that you install it on the smartphone too for better compatibility. You can get this update in App World or you can click here for it.

BlackBerry PlayBook tablet users must have BlackBerry Tablet OS v1.0.7.2670 installed for getting the differential updates. If you haven’t updated your device yet, you can click here for doing it.

Existing users can upgrade their BlackBerry PlayBook tablet OS to v1.0.7.2942 over the air or it can be done from here . Users who are buying BlackBerry PlayBook from now will get a prompt for installing the update automatically on their tablet.

51.526392 -0.091389

Apple getting Sued Again

SEOUL, South Korea — A group of some 27,000 South Koreans is suing Apple for $26 million for what they claim are privacy violations from the collection of iPhone user location information.

Each person in the suit is seeking 1 million won ($932) in damages, Kim Hyeong-seok, one of their attorneys, said Wednesday. He said they are targeting Apple Inc. and its South Korean unit to “protect privacy” rights.

Apple spokesman Steve Park in Seoul declined to comment.

Apple has faced complaints and criticisms since it said in April that its iPhones were storing locations of nearby cellphone towers and Wi-Fi hot spots for up to a year. Such data can be used to create a rough map of the device owner’s movements.

Apple also revealed that a software bug caused iPhones to continue to send anonymous location data to the company’s servers even when location services on the device were turned off.

The company has said it will no longer store the data on phones for more than seven days, will encrypt the data and will stop backing up the files to user computers. It also has fixed the bug with a free software update.

Kim, the lawyer, took Apple to court earlier this year over iPhone privacy and was awarded 1 million won.

The Korea Communications Commission, South Korea’s communications regulator, earlier this month ordered Apple’s local operation to pay a 3 million won fine for what it said were violations of the country’s location information laws.

Oh Byoung-cheol, a professor of information technology law at Seoul’s Yonsei University law school, said that the KCC ruling is likely to bolster the plaintiffs’ allegations of illegality by Apple and that could have an impact on possible cases in other countries.

But any South Korean court decision on damages is unlikely to have much effect elsewhere given differences in international tort law, he said.

South Korean courts “tend to be stingy with damages for mental suffering,” he said.

If the court in the southern city of Changwon rules in favor of the plaintiffs, the total award could come to about 27.6 billion won ($25.7 million). Cupertino, California-based Apple — the most valuable company in the United States — earned $7.31 billion in its fiscal third quarter.

Kim said he expected the first hearing in the new case to take place in October or November.

Jung Ogk-taek, an official at the Changwon District Court, said it was not clear how much time would be needed to reach a verdict.

Kim said 26,691 plaintiffs were listed in the civil suit filed Wednesday. Another 921 are minors and lawyers need to obtain the consent of their parents before they can join, Kim said. He expects that to take about two weeks.

Lawyers are soliciting more participants between now and the end of this month to join the case.

51.526392 -0.091389

Hacking Your Wii – The Easy Way

Hacking your Wii hasn’t been difficult, but it has required a somewhat detailed process. Now we have LetterBomb, which is an incredibly simple way to hack your Wii. It only takes about five minutes to accomplish. Here’s how to do it.

First things first, you’re going to need the following:

• A Nintendo Wii, obviously, but make sure it’s running System Menu 4.3
• An SD or SDHC card with some free space—it can have other stuff on it.

Step One: Get Your Wii’s MAC Address

Before we can do anything, we need to go find your Wii’s MAC Address. Go to your Wii’s home screen and click the Wii Options button. Once it loads, choose Wii Settings. From there, navigate to the second page and click the Internet button. Finally, click the Console Information button and you’ll have your Wii’s MAC address. Either write this down or just leave it up on your screen.

Step Two: Generate the LetterBomb.zip File

Now get on your computer and go to please.hackmii.com and enter your Wii’s MAC address. You’ll also need to type in what you see in the captcha image. Once you’ve filled those things out, cut the red or the blue wire. It doesn’t really matter. This will generate a LetterBomb.zip file that will start downloading.

Step Three: Prepare the SD Card

Now insert your SD or SDHC card into your computer, because we’re going to need to copy some files onto it. First, unzip the LetterBomb.zip file on your computer. Next, drag the contents of the zip to your SD or SDHC card. When it’s done copying, eject it, and put it in your Wii.

Step Four: Open the LetterBomb

Back on the Wii, head on over to the Wii Message Center. There’s going to be a new message for you with a bomb in it, but where that message is going to be will depend on your time zone and when you generated the file. In most cases, it will be in yesterday’s mail, but it could be today or a couple of days ago. You’ll know when you see it. When you’re ready to pull the trigger, just click on the LetterBomb message icon. The process will take about a minute, so be patient. You’ll have a hacked Wii when it’s done.

If you run into any issues along the way it’s probably because you don’t have the right version of the Wii System Menu. If you try to use LetterBomb with the wrong version, it’ll freeze your Wii. Not to worry—just force-reboot your Wii, make sure you update properly, and try again. Obviously you want to do the update beforehand, but in the event you forget it’s not really a big deal.

Step Five: Install BootMii and the Homebrew Channel

Once LetterBomb has done its thing, it’ll tell you to press 1 to continue. Do that and you’ll be able to use your WiiMote to start installing things. What you’re really interested in is the Homebrew Channel, but BootMii will provide you with some extra features (like backup). Once everything is installed, you’ll be all set.

If you would like to see this process as a video have a look at this You Tube video> HERE

51.526392 -0.091389

Find You IP Address Using Linux

In Windows, we use the command-line program ipconfig to find out our IP address. How do you find it in Ubuntu?

We will show you two locations easily accessible through the GUI and, of course, a terminal command that will get your IP address in no time.

The first location, and the easiest in most cases, is found by right clicking the network icon in the notification area and clicking Connection Information.

This brings up a window which has a bunch of information, including your IP address.

The second location, which shows you more detail than this first method, is at System > Administration > Network Tools.Select the right network device, and you’ve got a ton of information at your fingertiFinally, if you can’t tear yourself away from a terminal window, the command to type in is:

ifconfig

Yes, it’s only one character different than ipconfig. Who would have guessed?

As it turns out, you’re always a few clicks or keystrokes away from finding your IP address in Ubuntu. Isn’t choice great?

For some excellent tutorials have a look at www.howtogeek.com

51.526392 -0.091389