Using nothing more than a few common tools, hackers can reportedly recover credit card numbers and other personal information from used Xbox 360 consoles even after they have been restored to factory settings. Researchers at Drexel University say they have successfully recovered sensitive personal data from a used Xbox console, and they claim Microsoft is doing a disservice to users by not taking precautions to secure their data. ”Microsoft does a great job of protecting their proprietary information,” researcher Ashley Podhradsky told Kotaku in an interview. “But they don’t do a great job of protecting the user’s data.” In order to avoid potential data theft, Podhradsky recommends users remove the hard drives from their consoles and wipe them while connected to a PC using special software. The Drexel researcher warns that not taking this precaution could have serious consequences. ”A lot of [modders and hackers] already know how to do all this,” she said. “Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone’s identity.”
Archive for March, 2012
Tags: gaming, Hacking, technology, xbox
Tags: British High Court, government, High Court, ISP, o2, Porn, UK
British ISP O2 was ordered by the Chancery Division of the British High Court to hand over the customer details belonging to a portion of 9,124 IP addresses. These addresses supposedly used BitTorrent clients to illegally download porn created by the British Ben Dover Productions and 12 smaller porn copyright holders.
The claim for all 13 production companies was made by a copyright holding company called Golden Eye International Ltd. Lindsay Honey, co-founder of Ben Dover productions, happens to be a 50 percent owner. A consumer rights watchdog, Consumer Focus, represented the intended defendants (the so-far anonymous users of the 9,124 IP addresses).
The Honourable Mr Justice Arnold rejected the claims of infringement made by the 12 smaller production companies, in part because he thought the partnership between Golden Eye and the other claimants existed only to make money off the High Court’s litigation. The Justice noted accepting the partnership between the smaller 12 companies “would be tantamount to the court sanctioning the sale of the Intended Defendants’ privacy and data protection rights to the highest bidder.”
Golden Eye primarily exists to hold copyright ownership and seek litigation against peer-to-peer file sharing networks. The company’s home page reads, “If you are reading this, then more than likely you have infringed our rights already.”
Golden Eye compiled the list of the more than 9,000 IP addresses it claims have illegally downloaded its copyrighted material. With the 12 smaller production companies’ claims thrown out, however, Golden Eye will be sending letters only to those O2 customers that may have illegally downloaded Ben Dover Productions films—likely a much smaller pool of potential defendants.
Golden Eye demanded the right to ask for £700 per illegal downloader, but the High Court refused. The court decided Golden Eye must allow O2 customers the opportunity to show they have not committed copyright infringement. If they indeed illegally downloaded Ben Dover Productions’ porn, remittance for infringement would be negotiated on a defendant-by-defendant basis.
O2 is one of the six largest ISPs in the UK, run by Telefonica UK Ltd. Golden Eye hoped that if they could not demand £700 per infringing IP address, O2 would throttle the user’s traffic. However, Consumer Focus successfully argued that since the bill payer or subscriber may not be responsible for the infringement, such an award would be considered unfair.
Tags: Free, Geek, kids, linux, software
Believe it or not, there are several distributions of Linux intended for use by children as young as 3 years old. Child-oriented Linux distros tend to have a simplified interface with large, “chunky”, colorful icons and a specialized set of programs designed with kids in mind. Some of the better-known distributions aimed at children include:
- Sugar, the operating system designed for the One Laptop Per Child project. Sugar is a radical departure from traditional desktops, with a strong emphasis on teaching programming skills, but is very strongly geared towards classroom use. Although I’m pretty comfortable using Linux, I’m afraid Sugar might be too different for me to help my nephew and niece make use of it.
- Edubuntu is based on the popular Ubuntu distribution. Designed to be easy to install and very Windows-like in its operation, Edubuntu would be my first choice if I were using newer hardware. With its rich graphical interface, though, I worry that these years-old PCs, neither of which have graphic cards, will lag running Edubuntu. And given kids’ attention spans, I’m afraid that would be a major barrier to getting them to use it.
- LinuxKidX uses a KDE-based desktop highly customized for children, and is based on the Slackware distro. The only drawback for me is that most of the support material is in Portuguese (although the distro I linked to is in English), making it hard for me to be confident about my ability to help if there are any problems.
- Foresight for Kids is based on Foresight Linux, a distro distinguished by the use of the Conary package manager. Conary is intended to make updates and dependencies much easier to manage than other package managers – in English, it should be easier to install and update software. On the other hand, finding software packaged for the Conary installer might be a challenge, though I expect the most popular programs are being adapted by the Foresight team.
- Qimo is another system based on Ubuntu, but designed to be used by a single home user instead of in classroom instruction. The system requirements are fairly low, since it’s designed to be run on donated equipment which Qimo’s parent organization, QuinnCo, distributes to needy kids.
Given the low specs of the equipment I”m working with, Qimo seems idea for me, but since most of these will run from either a Live CD or a USB memory key, there’s no reason not to download them all and give each a try to see what you – and, more importantly, your kids – like best.
Linux Software for Kids
In addition to the kid-friendly interface, all of the distributions above come with an assortment of software that’s either designed especially for kids or has special appeal for kids. This includes specifically educational software intended to teach math, typing, art, or even computer programming; typical productivity applications like word processors and graphics programs; and, of course, games. Of course, Linux doesn’t have nearly the range of games that are available for Windows PCs, but my thinking is, the games are good enough for younger kids, and older kids will gravitate towards consoles (my brother and sister-in-law have a Wii).
Some of the software available for kids includes:
- GCompris, a set of over 100 educational games intended to teach everything from basic computer use to reading, art history, telling time, and vector drawing.
- Childsplay is another collection of games, with an emphasis on memory skills.
- TuxPaint, an amazing drawing program filled with fun sound effects and neat effects.
- EToys is a scripting environment, more or less. The idea is that kids solve problems by breaking them down into pieces, scripting them, and running their scripts – the same way programmers do. But the goal doesn’t seem to be to teach programming but rather to provide an immersive learning environment in which kids learn foundational thinking skills.
- SuperTux and Secret Maryo are Super Mario clones, because kids love Super Mario. You already know that.
- TomBoy, a wiki-like note-taking program.
- TuxTyping, a typing game intended to help develop basic typing skills.
- Kalzium is a guide to the periodic table and a database of information about chemistry and the elements. Great for older students.
- Atomix, a cool little game where kids build molecules out of atoms.
- Tux of Math Command is an arcade game that helps develop math skills.
Not all distros come with all of these games, but they are easy enough to install from the online repositories if your chosen distro doesn’t come with one or more of them. Of course, most distros also come with standard Linux programs like OpenOffice.org (an Office-like suite of productivity apps), AbiWord (a Word-like word processor), GIMP (a powerful image editor), Pidgin (a multi-account IM client), and Firefox.
Linux is a complex operating system, but it’s also a highly customizable one – for kids, that means a system that can grow as they do and a powerful learning environment. Of course, children’s computer use should not be totally unsupervised – any kid can stumble across Web content that might be pretty uncomfortable for mom and dad to have to explain – but kids should have a chance to explore the possibilities of today’s technology and get their hands dirty, like kids do. And worst-case scenario – your 6-year old borks the operating system and you re-install. Wouldn’t you rather it was on the Edubuntu system, rather than on your mission-critical work PC? (Make sure you back up the /home directory regularly so you don’t lose all your kids’ drawings, poems, stories, or whatever.)
Tags: Amazon, earth, Google, nature, outdoors, street view
Last summer, Google took its Street View camerasto the Amazon, looking to capture the same 360-degree vistas that have made the technology so useful in cities all over the world. Yesterday, the project went live. There goes the rest of your week.
You can now wander around the Amazonian jungle — exploring its rivers, forests, and even remote villages — all from your computer. Says Google:
Take a virtual boat ride down the main section of the Rio Negro, and float up into the smaller tributaries where the forest is flooded. Stroll along the paths of Tumbira, the largest community in the Reserve, or visit some of the other communities who invited us to share their lives and cultures. Enjoy a hike along an Amazon forest trail and see where Brazil nuts are harvested. You can even see a forest critter if you look hard enough!
Click through to the Amazon section of the Street View Gallery to get an idea of what’s available to explore, or start up your copy of Google Earth and get up close and personal with South America’s Amazon Basin. (Looks like you’ll need Google Earth version 6 to explore.)
Tags: 3D, gadgets, gaming, helmets, image projector, Microsoft, patent, technology
Tech manufacturers are toying with all sorts of new ways we can interact with hardware, software and the real world. And now, according to a recently surfaced Microsoft patent, the company could be looking into reinvigorating the gaming space with displays built into eyewear and helmets.
Microsoft’s system, a virtual image projector, could be built into helmets, goggles, and other types of eyewear. It would involve two different images, one projected in front of each eye, providing a stereoscopic 3D experience.
The projectors would be partially transparent, so you could play a game while still seeing a semblance of your natural environment. Alternately, a game could merge the real world with a virtual world beamed in front of your retinas.
There’s one fundamental problem of having a display projected so close to your eye, though: The human eye can’t focus on images less than an inch or two away. Microsoft’s patent solves this problem by projecting the image as if it’s viewed at arm’s length. Projected scenes appear to be 21 inches in diagonal with a 16:9 aspect ratio.
Such “wearables” are commonly regarded as the next frontier of tech. Google has reportedly been working on a sunglasses-like heads-up display (HUD) unit that could go on sale before the end of the year. Apple has also dabbled in eye-worn displays, if past patents are any indicator. Other types of wearable technology could be built into clothing, or even be embedded in your flesh.
As for the helmet, the more awkward potential implementation of this projector technology, Microsoft envisions it could be used in aviation applications in addition to gaming.
for more info Patent Bolt
Tags: Android, linux
The latest refresh of the Linux kernel, 3.3, is now available, and the second release of 2012 brings with it the long-awaited merging of code from Google’s little side project. While that is particularly interesting to developers looking to boot Android or run apps on the stock Linux kernel (FYI: optimized power management and other infrastructure that didn’t make it this time will arrive in the next release, 3.4) and represents a resolution to the issues that kept the two apart for so long it’s not the only new feature included. There are improvements to file systems like Btrfs, memory management, networking, security and much, much more. Hit the source link below for the full changelog or grab the code and from the usual locations and get your compile on directly.
Tags: Anonymous, Cyber Crime, Hacking
Yesterday, we learned Anonymous put out their very own hackeriffic OS—a tricked out version of Linux filled with tools for mischief. Oops! It’s filled with trojans instead. Get used to more of this.
Word of the malware-filled pile word came from the AnonOps Twitter feed, one of the group’s quasi-official mouthpieces:
The Anon OS is fake it is wrapped in trojans. RT
Is it wrapped in trojans? Maybe! It wouldn’t be a novel occurrence; earlier this month, Symantec documented how many Anon groupies were tricked into downloading a trojan as part of Megaupload reprisal attacks. It’s happened before. Either way, we’re sure as hell not downloading it, and don’t recommend you do either.
But one thing that’s certain is that it’s not is fake. It’s very much a real thing. And whether it belongs to Anonymous or not is at the heart of an existential crisis that makes the group more unpredictable—and threatening—than ever.
For as long as we’ve been covering Anon, they’ve held steadfast to the tenet that the group has no leadership, there is no one in charge, there are no rules; Anonymous is everyone and no one. It’s just an idea. Of course, this was false: there was an Anonymous elite—for a time more or less lead by turncoat Sabu—which was eventually betrayed and arrested. Now they’re gone, and a power vacuum has taken their place. Inadvertently, that means Anonymous has realized its ideal: now nobody is in charge, and it’s kind of ugly.
Without at least a spiritual leader like Sabu to keep a consistent ethos, Anonymous is truly whatever its members want it to be. Spreading viruses to be jackasses? Sure! How about being an asshole and leaking the names of abortion clinic patrons, all in the name of Anonymous? Who’s going to stop someone like that? Who’s going to disavow it?
The truth is that Anon always fed off some general principles. Loose, at times juvenile principles, but principles: corporations and governments are generally awful. Privacy is sacred. Populism is essential. You can read these tenets—if you squint—in most of Anonymous’ greatest attacks, and they were handed down directly from the group’s elite. Now most of that aristocracy is either arrested, scared, or disillusioned by Sabu’s sellout to control much of anything. Goodbye tenets, hello Linux downloads full of malware—the Anonymous that Anonymous always wanted to be.
Tags: Anonymous, Cyber Crime, cyber security, Hacking, hacks, twitter
With the huge popularity of smartphones, two-dimensional barcodes called QR codes are beloved by marketers and are being targeted by hackers and spammers. A user simply scans the QR code with a mobile device and is then directed to a website. The QR codes may be linked to coupons or special offers, but “if people see a random QR code that’s not connected to anything, just a sticker on the wall, they’re going to scan it because they want to know what the heck it is.” Damon Petraglia, Chartstone director of forensic and information security services, told Dark Reading, “The biggest risk is that people cannot deny their own curiosity.” As is becoming increasingly common, “attackers depend on that curiosity and the innate obfuscation of QR codes to craft their attacks.”
Curiosity is exactly what “pro-American hacker” The Jester was banking on when he changed his Twitter avatar into a QR code attack. There’s been plenty of ire and support in the past for what @th3j35t3r tweeted. The “hacktivist for good” is best known for DDoS attacks to disrupt pro-Jihadist sites as well as his contempt for Anonymous. The Jester blogged, “Anyone who scanned the QR code using their mobile device was taken to a jolly little greeting via their device’s default browser hosted on some free webspace. The greeting featured my original profile pic and the word ‘BOO!’ directly below it.”
He claims to have exploited the open-source software Webkit which is built into web browsers for mobile phones. This is precisely the same vulnerability exploited in Mobile Rat, turning Android into the “ultimate spy tool” as was demonstrated at the RSA conference. The Jester called the hack “a highly targeted and precise attack, against known bad guys.” The Register reported, “‘Enemies’ of the hacker listed as targets included @AnonymousIRC, @wikileaks, @anonyops, @barretbrownlol (the Twitter address of sometime Anonymous spokesman Barrett Brown) and @RepDanGordon (Rhode Island State Representative Dan Gordon) and others. Gordon made it onto The Jester’s hit list for his comments on Twitter referencing Anonymous in what The Jester saw as a sign of approval for the hacktivist group.”
“Creepy? Only if you are naughty,” The Jester blogged. The “‘curiosity pwned the cat’ sting went on for 5 days un-noticed,” during which the QR code was scanned over 1,200 times and “over 500 devices reverse shelled back to the listening server.” The hacker added this was a “Proof of Concept QR-Code based operation against known bad guys, the same bad guys that leak YOUR information, steal YOUR CC nums, and engage in terror plots around the world.” The Jester posted an encrypted 143-megabyte file with all the extracted data to the file-sharing site MediaFire.
“As far as LEA’s [law enforcement authorities] taking an interest in me, we will have to wait and see,” he told SecurityNewsDaily. After being “reminded that Twitter was receiving subpoenas for information on users, The Jester replied, ‘There is no identifying information held in my profile, and I never connect even close to directly. It’s a rule of mine’.”
It’s a hoax, a mind game, all “bluff and bluster,” Heise Security reported. “The technical details of the hack given are, however, not credible. The security vulnerability he claims to have exploited, CVE-2010-1807, has been in the public domain since autumn 2010 and was fixed in most browsers shortly thereafter. That does not sit well with his claimed success rate of 40 per cent of visitors. Similarly, he claims that a single exploit was able to bypass the security mechanisms present in multiple versions of iOS and Android. A more likely explanation is that The Jester is playing mind games with his enemies.”
But it’s not impossible as mobile malware via tainted QR codes have been spotted in the wild. AVG Technologies chief technology officer, Yuval Ben-Itzhak said, “Putting a malicious QR code sticker onto existing marketing material or replacing a website’s bona fide QR code with a malicious one could be enough to trick many unsuspecting people.”
Tomer Teller, security evangelist at Check Point Software Technologies, said it’s basically a “drive-by-download attack, where a user scans a bar code and is redirected to an unknown website. This website hosts modified exploits of the original jailbreak. Once visited, the user phone will be jailbroken and additional malware could be deployed [such as keyloggers and GPS trackers].” Teller told Dark Reading the attacks work against iOS and Android, but the Android “is more susceptible to QR code attacks.”
Tags: Downloads, enterprise-it, Microsoft, microsoft baseline security analyzer, microsoft network monitor, software, Tools, Windows
Microsoft Network Monitor
Microsoft Network Monitor is a network protocol analyzer that lets you capture, view, and analyze network traffic. Version 3.3 of Network Monitor is available in 32- and 64-bit versions. Download it now.
Microsoft Baseline Security Analyzer
The Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed to help administrators of small and medium-sized businesses ensure that their Windows-based computers are secure. You can use MBSA to determine the security state of your computers in accordance with Microsoft security recommendations. MBSA also offers specific remedia¬tion guidance for security problems it detects, such as misconfigurations and missing security updates.
At the time of writing this, the current version was MBSA 2.1. This version is available in 32- and 64-bit versions, but it does not install on Windows 7. A new version that supports Windows 7 is due to be released sometime in the future. You can download the current version and get information regarding the a version for Windows 7 at microsoft.com/mbsa/.
Microsoft IPsec Diagnostic Tool
The Microsoft IPsec Diagnostic Tool helps network administrators troubleshoot network-related failures, focusing primarily on Internet Protocol security (IPsec).The tool checks for common network problems on the host machine and, if it finds any problems, it suggests re¬pair commands. The tool also collects IPsec policy information on the system and parses the IPsec logs to try to determine why the failure might have happened. The tool also provides trace collection for virtual private network (VPN) connections, the Network Ac¬cess Protection (NAP) client, Windows Firewall, Group Policy updates, and wireless and system events. The diagnostic report generated by the tool is derived from the system logs collected by the tool during its analysis phase. Download it now.
Windows Sysinternals Suite
The Windows Sysinternals Suite is a set of advanced tools for troubleshooting issues with Windows-based computers. These tools were originally developed by Winternals Software LP, which Microsoft acquired in 2006. Some of the useful and popular tools included in this suite are:
- Autoruns This tool lets you see what programs are configured to start up automati¬cally when your system boots. It also displays the full list of registry and file locations where applications can configure autostart settings.
- BgInfo This tool automatically generates desktop backgrounds that include important information about the system, including IP addresses, computer name, network adapt¬ers, and more.
- Process Explorer This tool lets you find out what files, registry keys, and other objects that your processes have open, which dynamic-link libraries (DLLs) they have loaded, and who owns each process.
- Process Monitor This tool lets you monitor the file system, registry, process, thread, and DLL activity on your computer in real time.
- PsTools This set of command-line tools can be used for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and performing other tasks.
- RootkitRevealer This tool lets you scan your system for rootkit-based malware.
- ShellRunas This tool allows you to launch programs as a different user using a shell context-menu entry.
- TCPView This tool lets you view active sockets on the computer in real time.
Tags: anti-virus, AV, Duqu, Trojan, virus
The mystery of the Stuxnet-like ‘Duqu’ Trojan has deepened with the news that elements of its payload appear to have to have been written in an unidentifiable programming language.
An on-going analysis effort by Kaspersky Lab researchers has now uncovered much of the inner programming structure of the software, overwhelmingly written quite conventionally in C++.
However, delving inside the Payload.dll, the team discovered a section of the code dedicated to stealthy communication with the Trojan’s command and control servers that defied their analysis.
Dubbing it the ‘Duqu Framework’, the team has not been able to go much further than identifying it as an object-oriented language of considerable sophistication.
“The mysterious programming language is definitively NOT C++, Objective C, Java, Python, Ada, Lua and many other languages we have checked,” said Kaspersky Lab engineer, Igor Soumenkov.
Payload.dll looks to be a critical element of the program. According to Kaspersky, it is used to receive instructions from remote servers but also to relay stolen data, and can operate completely independently of the rest of the program. It was also important for spreading the Trojan to other Windows machines.
“Given the size of the Duqu project, it’s possible that an entirely different team was responsible for creating the Duqu Framework as opposed to the team that created the drivers and wrote the system infection exploits,” said Kaspersky’s chief security expert, Alexander Gostev.
“With the extremely high level of customisation and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the C&Cs, but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program.”
Discovered by Budapest University security researchers last September, Duqu’s provenance, intention and design matters because it has been plausibly connected to the infamous Stuxnet malware that many believe was created to disrupt vulnerable SCADA systems connected to Iran’s nuclear enrichment program.The connections between the two programs are contentious but eery, based on the two programs’ use of common elements. What is clear is that Duqu is sophisticated enough to be the work of a well-resourced and skilled team trying to cover its tracks.In that they have failed as they were always doomed to do. The more sophisticated a piece of software, the more unusual its programming design and structure is likely to be and the more this very expert-level complexity draws attention to itself, raising suspicions.Despite turning itself into the expert hub on the Trojan, Kaspersky has now appealed to programmers for help in identifying the programming language used to create the Duqu Framework.