Sentence derided as 'vengeful, spiteful act'
Hacker Jeremy Hammond has been dealt a 10-year prison sentence for his role in the 2011 theft of emails and credit card data from intelligence company Strategic Forecasting (Stratfor). The sentence was handed down in a federal court in Manhattan, where the 28-year-old pleaded guilty to violating the Computer Fraud and Abuse Act (CFAA).
Classic programs re-created in HTML5 for web play
In unrelated developments, two recent "recreations" of former Mac and Nintendo classics have made their way into "web app" versions, bringing back familiar software for those of a certain age, providing a "living" demonstration of "old-school" programs and games and at the same time offering a showcase for the growing flexibility of web technologies. The year-old "CloudPaint," a tribute to the Macintosh's original graphics program MacPaint, has recently been updated with five levels of "undo" -- and another site offers a fully-playable HTML5 version of Super Mario. Both are available for use free of charge.
Airplane Mode, lack of warnings identified as soft spots
A new SRLabs video demonstrates one possible method of getting around both Touch ID and Activation Lock on a stolen iPhone 5s. The video points out that while Apple lets users locate and/or remotely wipe a device using the Find My iPhone app, a 5s can be set to Airplane Mode without unlocking if lockscreen access to Control Center is left enabled. Since Find My iPhone can only perform a wipe if a device is connected to the Internet, that may give a thief enough time to lift and mold a fingerprint to bypass TouchID, and begin hijacking Apple, Google, and other online accounts.
Patch fails to resolve lockscreen vulnerabilities
A newly-documented technique lets people bypass the lockscreen in iOS 7.0.2 and dial any phone number, not just emergency numbers. The method involves waiting for a notification, or forcing one by sending a text message or ejecting the SIM card. Once the notification pops up, a hacker has to swipe right on it while simultaneously swiping up on the Camera icon. While keeping a finger on the Camera icon, a person must then slide to unlock and tap the Emergency Call button. After dialing, hitting the Call button quickly two or three times should crash Springboard, but allow the call to go through once Springboard restarts.
Hacker group offering unusual reward for breaking iOS authentication
A group in German claims to have successfully worked around Apple's new Touch ID biometric system, albeit using an extremely elaborate system to do so, involving a high-resolution lifted fingerprint and creating a "fake finger" that mimics a real one that has the lifted fingerprint printed onto latex milk or wood glue and then applied -- and of course physical access to the iPhone that utilizes that particular fingerprint. A different hacker group is offering a reward for such a solution, including cash, Bitcoins, liquor and books as a reward.
Mimics previously-documented vulnerabilities
[Update: Apple acknowledges issue, says fix is on the way] A newly-documented technique lets people bypass an iOS 7 device's security to look at personal photos, according to accounts. Several steps are involved: swiping up Control Center from the lockscreen, opening Stopwatch, opening the Alarm Clock, holding down the power button until the "Power Down" prompt appears, then finally tapping Cancel and double-tapping the home button twice, but slightly longer on the second press. This opens up the multitasking menu, from which point a person can jump into the Camera app and browse or share a person's photos.
Command server down; risk low, but points out potential vulnerability
A file that looks like a image file and bears a camera-like filename with the extension not visible by default has been discovered to actually be a rogue application that could install a permanent "backdoor" on Mac systems and triggers Preview to open an image, fooling the user into thinking it was simply an unusual picture file. The purpose of the Trojan appears to be supportive of the hacker Syrian Electronic Army, which is in league with the totalitarian regime of Syria's present government. It is currently considered low-risk for a number of reasons.
Developer criticizes Google
Google has allegedly disabled media streaming capabilities for certain third-party apps available for the company's Chromecast dongle. Developer Koushik Dutta claims the company intentionally disabled his AllCast app, which allowed users to wirelessly stream a wide range of content, including locally stored media files, via HDMI.
Already in iOS 7 beta; hack demonstrated earlier today
Apple says it has already fixed an obscure security flaw that could have allowed hackers to access data on an iOS device through the use of a specially-designed custom USB device that looks like a charger but in fact contains a tiny Linux-powered computer designed to insert malware. The fix is already present in the most recent iOS 7 beta and will be incorporated into the OS when it is released to the public this fall, the company says, and involves notifying users whenever they connect to another computer, even through the power adapter.
Can affect Messages app thanks to group MMS, SMS use
While under normal circumstances most users would never see an unwanted or "spam" message in the OS X and iOS program Messages, Apple has now set up abuse reporting mechanism to help deal with those who have the issue. Using the email address email@example.com, users can send a screenshot of the unwanted message, phone number or email address of the spammer or harrasser, and time/date info on the message. Unwanted or spam SMS and MMS messages should still be reported to users' cellular providers rather than Apple.
Hacking attack has prompted changes, systems will be rolled out soon
MacNN has received reports that iTunes Connect, a crucial part of Apple's crippled Developer channel, is now online after an unprecedented week of closure following a hacker attack by a security researcher that exposed some data. While the attacker, Ibrahim Balic, has claimed he was just doing "security research," the company shut the system down and said it has been "working around the clock" to overhaul developer systems, update server software and rebuild the entire database to close vulnerabilities. Apple has launched a new "system status" page for the Developer Center.
AT&T equivalent harder to manage
A new hack should allow T-Mobile subscribers to use iOS' personal hotspot feature for free without jailbreaking, says the workaround's creator, iTweakiOS. A component buried in iOS, CommCenter, normally checks the signatures in carrier PLIST files and prevents those files from being usably edited. The T-Mobile hack is said to bypass CommCenter checks while also being relatively easy to apply.
Also promises HSPA speed boost for iPhone 4S
An updated hacked carrier profile for AT&T unlocks early access to HD Voice for the iPhone 4S and 5, among other features, says developer iTweakiOS. The update is moreover said to enable faster HSPA speeds on the iPhone 4S, up to 21Mbps down, as well as early access to disaster and Amber alert systems. Troubleshooting efforts deal with unstable HSPA+ connections and iPad users losing signal entirely with a previous update.
iFixit holding giveaway in the spirit of Independence Day
Today, iFixit, the self-repair advocate and tutorial site, announced its upcoming event, Liberation Week, running from July 1-5, 2013. iFixit seeks to combat planned obsolescence by giving users access to the information needed to repair and upgrade products. Citing Independence Day, iFixit will be giving away free iPhone Liberation kits - tools to open one's iPhone for self-repair access - to the first 1776 claimants. Stating that the consumer should have the right to open their phone, the kits includes a pentalobe screwdriver, so that users can replace the original screws with ones with standard Phillips head screws provided. Pentalobe screws are intended to be tamper-resistant, as there are no readily available screwdrivers with a compatible head. Also in the kit is a #00 Phillips screwdriver, to use in future openings of one's iPhone.
Some will be driven to distraction by 'unanswered call' in music
Indie LA-based band Mars Argo have prominently used the iPhone's distinctive "Marimba" ringtone -- the default one that relatively few owners ever change -- as the basis of an entire song for their latest single, ironically titled "Don't Call Me." While many will find the gimmick catchy in the effervescent pop song, iPhone owners who are Pavlovian in their response to a ringing iPhone should likely approach the song with caution -- the tone is used continuously throughout the track, though there are sections where it fades into the background.
iFixit's tear down reveals one of Apple's most repairable products
Tech site iFixit has uploaded a new teardown for the latest AirPort Extreme, Apple's first 802.11ac wireless base station. Opening the device revealed an interior space to allow for a hard drive to be installed, however hopes of at-home storage upgrades were dashed by no available plug-in options on the logic board. The AirPort Extreme offers a Delta Electronics 12V, 5A power supply, much akin to Mac Mini technology. Thanks to a simply disassembly iFixit staff have categorized the wireless base station, along with Apple TV and Mac Mini, as the most repairable Apple product in recent history.
Bigger-capacity battery, dual mics, Samsung-provided storage
Two initial teardowns of the latest MacBook Air model by Mac specialists OWC and iFixit have revealed a number of small changes but mostly similarities between the latest revision and the current model. Overall, no huge changes were made to the interior layout of the 11-inch device, apart from a completely redesigned Airport card and other minor tweaks. The investigation did turn up that the battery in the unit features a 6.7 percent capacity increase in the same space, aiding the dramatically increased battery life.
Leaked documents allegedly cover PRISM, supporting systems
More documents allegedly related to the National Security Agency (NSA) and its data harvesting activities has surfaced, courtesy of hacking collective Anonymous. The group released a total of 13 documents that it claims "prove that the NSA is spying on you," and that its spying activities are not just covering Americans, but also people in over 35 different countries.
Charges of widespread monitoring follow discovery of Verizon NSA data collection
Just a day after respected UK newspaper The Guardian reported that a leaked secret US court order showed that the National Security Agency (NSA) was harvesting millions of phone records and "telephony metadata" from Verizon customers, a new report from The Guardian and the Washington Post has charged that the NSA is further using a secret program called PRISM to harvest usage data from the internal servers of most of America's major tech companies -- including Apple, Google, Microsoft and many others.
Enables use with third-gen Apple TV
A new hack dubbed PlexConnect allows the third-party Plex media server to run on second- and third-generation Apple TVs without jailbreaking, the creators of Plex say. The technique involves running a program on a computer which disguises itself as the Trailer app; changing a setting on the Apple TV is then all that's needed to put everything into motion. The Plex team notes that PlexConnect uses the latest transcoder, supports iTunes DRM, and can also handle AC3 5.1 sound when using the current preview release of Plex.
Apps claimed to be compromised, Sky advises apps safe
British broadcaster Sky is the latest victim of hacking by the Syrian Electronic Army. Just as in previous attacks, one of its Twitter accounts was taken over by the hackers, but in an unusual maneuver, SEA also managed to gain access to the corporation's Android app listings, replacing the app descriptions on Google Play with "Syrian Electronic Army was here."
Does not require jailbreaking, doubles throughput rates
An altered carrier update that has been modified by two hackers successfully increases the bandwidth available for iPhone 5 units on T-Mobile's US network, tests have found. The patch to the carrier update file, which was originally distributed to add LTE signal to the iPhone 5 using T-Mobile's 1900MHz band, works on both unlocked AT&T units as well as "native" T-Mobile iPhone 5 devices without requiring a jailbreak, though instructions vary for customers using jailbroken iPhones.
Rogue broker ruins own firm, defrauds another in bad bet
David Miller, a former stock trader who brought down his employer in a bet on Apple stock, has pleaded guilty to wire fraud and conspiracy in a plea deal reached with prosecutors. The incident began when Miller improperly bought 1,000 times the number of shares requested by a customer, expecting Apple's stock price to rise and then selling off the excess stock and pocketing the profit before the fraud was noticed. He had been facing up to 25 years in prison for the fraud, but instead will likely see a five-to-eight year sentence.
Jailbreak devs targeted, reveals flaw in Messages app
A flaw in the Messages application used widely on iOS devices has been revealed through a denial-of-service (DoS) attack on a group of jailbreak app developers. The program is subject to simple "flood" type attacks in which an attacker automatically sends messages incredibly rapidly, effectively rendering an account useless. Grant Paul, who goes by "chpwn" on Twitter and was one of the half-dozen victims in the attacks, said that the problem is that "Apple doesn't limit how fast messages can be sent," thus filling up the inbox and requiring the user to clear notifications and text in order to use the app.
Requires unlocked model
A new hack allows a current-generation AT&T iPhone 5 to operate on the 1700MHz band of T-Mobile's network, reports claim. The method involves a custom carrier file, and demands an unlocked A1428 model of the phone, whether with AT&T or officially unlocked by Apple. Once active the hack only provides access to LTE, and not T-Mobile's HSPA+ network.
Amazon adds X-Ray functionality to popular TV shows
Amazon has updated the X-Ray feature of its Instant Video service to now include television shows. The update will allow users to view IMDB information for individual episodes of programs, including the names of actors, what other shows they have appeared in, and other similar content. Expanding what the company has done to movies in the last six months since the feature's launch, X-Ray is available to use for a number of popular TV shows on the Kindle Fire, Kindle Fire HD, and the Amazon Instant Video app on the Wii U.
Quick response prevents any reports of actual account compromises
A security flaw exposed earlier on Friday has already been fixed, just hours after it was discovered, according to Apple. The issue, which could have allowed malicious users to hijack and lock out the legitimate owners, just by knowing the email address and exact birthdate of a victim. In response, Apple temporarily took its "iForgot" password-resetting service offline while it resolved the issue.
New updates patches six exploits, breaks evasi0n jailbreak
In closing six potential exploits in the security-oriented iOS 6.1.3 update released earlier today -- and simultaneously breaking compatibility with the evasi0n jailbreak -- Apple has acknowledged the contributions of the Evad3rs team behind the jailbreak with finding four of the six flaws that, in the wrong hands, could have lead to an increased risk of malware rather than just a path to unofficial apps and customizing. Though the jailbreak hack no longer works, the team suggest that other flaws still exist.
Users can collect unused data for later; 30 percent already on board
FreedomPop, a cellular internet service provider and maker of an iPod Touch case that can turn it into a full working smartphone, has just implemented a new "data rollover" feature for its plans, which let users keep unused data from month to month. The service, which offers 500MB of monthly WiMAX and LTE cellular data for free following the purchase of one of its custom sleeves for iPhones or iPod touch models, allows users to share data with friends and earn additional free data through referrals. It provides either mobile or home internet service.
Vulnerability comes from carrier, enterprise configuration profiles
An Israeli security firm has published a proof-of-concept pointing a weak link in Apple's otherwise very tight security for its mobile platform iOS -- mobileconfig files. The profiles, which are often installed by carriers or enterprise device management solutions, can be downloaded from unencrypted websites, reports Skycure Security. If users were tricked (through social engineering or redirected websites) into installing a malicious profile, it would configure system-level settings to allow attackers access to several key iOS services.
Firefox, older 32-bit browsers may avoid worst effects
On the heels of more problems with browser plug-ins such as Java and Flash, a newly-discovered flaw in HTML5 -- used throughout the web and a fundamental part of all modern browsers -- can be used maliciously to fill hard drives to capacity with junk data. The exploit can be demonstrated on a website set up to document the flaw, called Filldisk. All browsers are susceptible to it -- though Mozilla's Firefox features a hard cap of 5MB of such data and thus mitigates the effect, while some older 32-bit browsers may crash rather than fill up the drive.
Service available over 29 counties across NY, CT, NJ, PA
Aereo today announced that its Internet-repeating television service is now available to the more than 19 million people living in the New York City metropolitan area. The region includes 29 counties across New York, New Jersey, Connecticut and Pennsylvania. Previously, Aereo was only available to residents of New York City's five boroughs.
Could potentially force hackers to start 'from scratch' on new app
iOS 6.1.3 beta 2 -- seeded to developers late last week -- wrecks the evasi0n jailbreak, one of the members of evad3rs tells Forbes. David Wang elaborates that it closes at least one of the five exploits evasi0n currently depends on, specifically a glitch in iOS' timezone settings. Wang says he is still testing v6.1.3, but notes that if "most" of the v6.1.2 exploits have been fixed, evad3rs will have to start "from scratch" on opening up the new firmware.
Third emergency update may be the charm for recent malware issues
Oracle has once again released an updated version of Java SE 7 in order to combat serious vulnerabilities that have resulted in malware attacks on both Macs and Windows PCs. The new version, Update 15, comes less than three weeks after the previous patch, and follows an Apple-issued update to Java SE 6 in the wake of hacker attacks against Apple's own employees' work Macs. The new update is said by Oracle to "enhance security" as well as improve performance and stability.
All devices supported by original hack still usable with update
Holding true to a promise made on evasi0n spokesperson "planetbeing's" twitter feed, the iOS jailbreak tool has been released enabling support for the new 6.1.2 OS update. No bug fixes are noted for the release, or specific notes on what the group had to modify to enable the hack.
Not yet spotted 'in the wild' but could become a threat
Anti-malware software maker Intego is confirming reports of a new OS X-based malware it called "Pintsized" that uses a modified version of OpenSSH to potentially set up a remote connection into Mac accounts, whereupon it could be used to snoop for private owner information. Though not yet seen "in the wild," the malware attempts to disguise itself by using filenames that appear as part of the normal OS X printing system, and sets itself to launch on startup.
Algorithms protect against spammers
Google has claimed victory against account hijackers, claiming the number of legitimate accounts compromised by spammers has dropped by 99.7 percent since 2011. The company's latest security protocols have been developed in response to a surge in account hijacking starting in 2010, as cyber criminals began using stolen passwords to distribute spam from legitimate accounts in an attempt to bypass ever strengthening spam filters, according to a blog post from Google security engineer Mike Hearn.
Expected to fix Exchange glitches, lockscreen vulnerability
iOS 6.1.2 is already in development and should go live early next, say sources for German website iFun. The site adds that the firmware will probably go live before February 20th, and that it's expected to close the lockscreen vulnerability discovered in iOS 6.1, along with Exchange problems. It could conceivably fix other issues as well, but these aren't mentioned by iFun.
Not first instance of lockscreen glitch
(Updated with Apple response) A vulnerability in iOS 6.1 allows people to bypass the iPhone's lockscreen without entering a passcode, reports say. To accomplish the hack, a person has to go to the Emergency Call screen, begin to power off, but then cancel and make a call which should also be cancelled. The phone next has to be put into standby, woken up, and then swiped; the bypass is finally possible by tapping the Emergency Call button after holding down the power button for three to four seconds. The home button has to be hit right away to prevent the phone from shutting off, and users are still blocked from email, messaging, and browsing.
Keyboard support extends to aTV Flash features
Developer FireCore has released updated versions of aTV Flash (black) and Seas0nPass for people hoping to jailbreak Apple TVs running the new v5.2 firmware. While Seas0nPass is simply the required jailbreaking utility, aTV Flash adds new functions, such as web browsing and wider format compatibility. FireCore notes that the Bluetooth keyboard support in v5.2 carries over to Flash's features.
Update for iPhone 4S broke compatibility with hack
The team behind the Evasi0n jailbreak for devices running iOS 6.0 and later have unveiled an updated version in order to fix some bugs that appeared with the original release as well as re-add support for iPhone 4S devices that were updated to iOS 6.1.1, released yesterday. Apple released iOS 6.1.1 as a fix for problems with v6.1 on the iPhone 4S, including unusual battery drain and 3G connectivity issues. The updated Evasi0n tool (now at version 1.3) tackles other problems.
May make software most quickly-adopted for jailbreaks
Almost 7 million iOS devices have been jailbroken since evasi0n was released earlier this week, according to Jay Freeman, administrator of the Cydia app store for jailbreakers. Cydia tracking has so far recorded about 5.15 million iPhones, 1.35 million iPads, and 400,000 iPod touches. Freeman claims that the numbers make evasi0n the most rapidly-adopted jailbreak utility to date.
Users were having issues with weather, boot times, more
Following the popular release of the evasi0n "jailbreak" tool for devices running iOS 6 and higher, the team behind it have released at least two updates to fix problems caused by the jailbreak, which has been claimed to have been downloaded more than 1.5 million times since its release on Monday. The most common bug was that the jailbreak caused the stock Weather app to crash or (on iPads) revealing a hidden but outdated iPhone version of the app.
Most iOS devices supported
The Evad3rs hacking team has released its promised jailbreaking tool for iOS 6 devices. Known as evasi0n, the software supports any version of iOS 6 through 6.1, and is available in Mac, Windows, and Linux editions. It's also untethered, meaning that it doesn't require connecting to a computer and reapplying the jailbreak if an iOS device is rebooted.
Creators start to wobble on firm release date, however
A "supergroup" of well-known iOS hackers now called the Evad3rs have launched an official website to promote the team's jailbreak for a wide variety of iOS devices running iOS 6 or 6.1, the latter of which was just released on Monday. The jailbreak should enable most recent iOS devices to be able to further customized and let users install apps unavailable from the official App Store -- but as with any jailbreak, the exploit required for it to work could be used for pirating and malware as well.
Final version of iOS 6.1 could arrive as soon as today
A public jailbreak for iOS 6 could be coming soon, according to tweets by prominent hackers. One hacker, planetbeing, says that "tons of progress" has been made in recent days, and that "the future is looking bright for jailbreaking." He claims in fact that an exploit of his is already working, but that he's been testing it to ensure no "unpleasant side-effects."
Community events to use released government data to help nation
The White House has announced an event that will encourage US residents to make use of government data. The National Day of Civic Hacking on June 1-2 will see 27 cities play host to community events where publicly-released data will be used to create "solutions for problems that affect Americans."
Oracle raises default security settings in Java security patch to High
Oracle has issued an emergency patch for Java, its popular web technology. Security researchers last week uncovered a zero-day exploit that is being exploited by hackers in two malware tookits prompting the US government to issue a warning to PC owners. Although the patch addresses certain holes, Reuters reports that a security analyst still believes that the platform remains vulnerable.
Open webOS port slow, incomplete, but works
A developer working over winter break from his college has managed to get Open webOS -- the descendant of the operating system that powered Palm and HP's ill-fated mobile devices -- to work on the Asus-produced Nexus 7 tablet from Google. The port is still in alpha stages, showing some lag and freezing while running on the Nexus 7, but the developer was able to get Wi-Fi and Internet browsing working on the device. Thanks to prior work done porting Open webOS to Samsung's Galaxy Nexus, the device even supports a "virtual gesture area," allowing it to retain the gesture-driven interface that was a signature of Palm's defunct operating system.
Reasons for shutdowns disputed
Two important sites for pirated iOS apps -- Hackulous and Apptrackr -- have suddenly announced their closures over the weekend, notes AppleInsider. A statement from Hackulous claims that the site's community has become "stagnant," and that its forums "are a bit of a ghost town." In spite of this, the site's owners say that it's become hard to keep the forums online and well-moderated.