There are increasing concerns about website attacks on the mind today, thanks to hackers’ takedown of high-profile sites during the Wikileaks cyberwar in particular, and the website defacements that often accompany political turmoil such as those that hit both Pakistanese andIndian government-run sites recently as well as some prompted by political issues here in the U.S. Sometimes the hacks are more akin topranks, while other times they serve as a way for those with strong opinions to express that sentiment anonymously. And sometimes, the hacks are initiated by spammers, instead of these sorts of political “hacktivests.”

To defend against this form of online vandalism, Google has announced it will begin to identify hacked sites, right in the Google search results.

According to news from Google’s Webmaster Central blog, the Internet search giant will begin warning Web surfers of sites that may have been hacked with a message that reads “This site may be compromised.” This will help protect those browsing the Web from becoming victims of malware, as is especially the case when sites are compromised by spammers, says Google.

Example of compromised websites in search results.

Users clicking the warning link will be directed to this page in Google’s Help Center that explains more about the notice and what it means, but Google will not stop you from clicking through on the search result itself, nor does it insert an additional warning after doing so, as it does with sites known to host malware.

Google says it will use “a variety of automated tools” to detect signs of hacked sites as quickly as possible and it will then add the notification and alert the site’s webmaster to the issue. Webmasters who are worried that the notices will negatively affect their search traffic can request a site review to accelerate the notification’s removal once this problem has been resolved.

The Pirate Bay

A series of attacks on The Pirate Bay, one of the most well known and controversial file-sharing websites has allowed a group of Argentinian hackers, headed by malware researcher Ch Russo, to access both the user database and the website administration panel of The Pirate Bay, comprising over 4 million usernames and email addresses in the process.

It is thought that the group first targeted the website administration panel on The Pirate Bay, the group succeeded and then employed a series of SQL injection vulnerabilities to gain access to the user database, where they were able to add and amend records and obtain information to identify trackers and torrents uploaded by specific users.

Ch Russo posted a cryptic message on his blog detailing reasons behind the attack:

As any other website, as any other system or mechanism, www.thepiratebay.org has robust parts and soft spots. We beleive that the people behind this comunity always acted with the local laws on their side, and so have we. The community caused problems to huge companies and corporations which turned into threats between this companies and them. What we have done, we did not do it with anger, or for commercial value. As always, we saw the change, the moment and decided to take it. The protocol or procedure done to achieve this wasn’t anything out of the ordinary.

As you can see, Russo acknowledges that the data would be of huge interest to anti-piracy groups like the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA). In a telephone interview with KrebsOnSecurity he said: “Probably these groups would be very interested in this information, but we are not [trying] to sell it,” adding “Instead we wanted to tell people that their information may not be so well protected.”

Screenshot of the backend of The Pirate Bay

According to Softpedia, the attackers have not been in contact with The Pirate Bay administrators since the attack but the offending weakness has since been identified and patched.

The FBI has launched an investigation into the exposure of email addresses of thousands of iPad customers on an AT&T website this week. Researchers with Goatse Security who this week revealed the weakness in the AT&T site — basically a business-logic flaw in AT&T’s app that was left available and accessible to the public — were able to get the email addresses of more than 100,000 iPad customers, including some high-profile people.

Escher Auernheimer, a security analyst with Goatse Security, said in an interview today that his firm “did the right thing” by going public about the hole in AT&T’s website.

UPDATE: AT&T sent a letter to Apple 3G iPad owners over the weekend that shed some light on AT&T’s position on the hack, according to a report in the New York Times. “On June 7 we learned that unauthorized computer ‘hackers’ maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service,” wrote Dorothy Attwood, a senior vice president and chief privacy officer at AT&T.

“The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity,” Atwood said.

Meanwhile, Goatse’s Auernheimer says the researchers went public with their findings via the Gawker website after AT&T fixed the flaw. They handed over the email address finds to Gawker, but stipulated that the site not publish the actual email addresses. “Our disclosure process was extremely proper and above and beyond,” Auernheimer says. “Many researchers do not wait for patches” before they disclose, he says.

“What influenced our decision was that there were so many people who were stewards of important infrastructure on the public and private list [exposed],” he says. “Someone else could have scraped this data.”

According to Auernheimer, his team got the data without a password or actual breach/intrusion. The researchers wrote a PHP script that grabbed the email addresses from the errant AT&T script. “It’s not uncommon to see this type of vulnerability,” he says.

The FBI’s involvement could be due to the high-profile iPad customers whose email addresses Goatse discovered, Auernheimer says. “We haven’t had any contact” with the FBI, however, he says. Meanwhile, the FBI issued this statement: “The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat.”

Among the email addresses Goatse was able to access were that of White House Chief of Staff Rahm Emanuel, New York City Mayor Michael Bloomberg, U.S. Air Force Col. William Eldridge, and New York Times Co. chief executive Janet Robinson, according to Gawker.

Security experts at Praetorian published the script written by Goatse. It basically grabs email addresses via the integrated circuit card identifiers that associate the iPad SIM card to a subscriber: “An e-mail address gets returned in the successful iterations (active ICCID) and parsed. There’s no hack, no infiltration, and no breach, just a really poorly designed web application that returns e-mail address when ICCID is passed to it,” Praetorian’s Daniel Kennedy blogged on Wednesday.

Meanwhile, Auernheimer has taken issue with AT&T’s claims that his firm acted maliciously. He says he released a semantic integer overflow exploit for Apple Safari in March, which was later patched on Apple’s desktop Safari but has not yet been fixed for the iPad.

“This bug we crafted allows the viewer of a webpage to become a proxy (behind corporate and government firewalls!) for spamming, exploit payloads, password bruteforce attacks and other undesirables. The kicker is that this attack cannot be detected by any current IDS/IPS system,” he blogged yesterday. “We released this in March, mind you, and Apple still hasn’t got around to patching this on the iPad! I know through personal experience that the patch time for an iPad vulnerability is over two months and counting. Given that, the number of parties which probably have active iPad exploits likely numbers in the hundreds, if not the thousands. The iPad simply is not a safe platform for those that require a secure environment.”

A hacker named Kirllos has a rare deal for anyone who wants to spam, steal or scam on Facebook: an unprecedented number of user accounts offered at rock-bottom prices.

Researchers at VeriSign’s iDefense group recently spotted Kirllos selling Facebook user names and passwords in an underground hacker forum, but what really caught their attention was the volume of credentials he had for sale: 1.5 million accounts.

IDefense doesn’t know if Kirllos’ accounts are legitimate, and Facebook didn’t respond to messages Thursday seeking comment. If they are legitimate, he has the account information of about one in every 300 Facebook users. His asking price varies from $25 to $45 per 1,000 accounts, depending on the number of contacts each user has.

To date, Kirllos seems to have sold close to 700,000 accounts, according to VeriSign Director of Cyber Intelligence Rick Howard. Hackers have been selling stolen social-networking credentials for a while — VeriSign has seen a brisk trade in names and passwords for Russia’s VKontakte, for example. But now the trend is to go after global targets such as Facebook, Howard said.

Facebook has more than 400 million users worldwide, many of whom fall victim to scams each day. In one such scam, criminals send out messages from a compromised account, telling friends that the account’s owner is trapped in a foreign country and needs money to get home.

In another, they send Web links that lead to malicious software, telling friends that it’s a hilarious or sensationalistic video.

“People will follow it because they believe it was a friend that told them to go to this link,” said Randy Abrams, director of technical education with security vendor Eset. Once the malware gets installed, criminals can steal more passwords, break into bank accounts, or simply use the computers to send spam or launch distributed denial of service attacks. “There’s just a plethora of things that people can do if they can trick people into installing their software,” he said.

Kirllos’ Facebook prices are extremely cheap compared to what others are charging. In its most recent Internet Security Threat Report, Symantec found that e-mail usernames and passwords typically went for between $1 to $20 per account — Kirllos wants as little as $0.025 per Facebook account. More coveted credit card or bank account details can go for much more, ranging between $0.85 to $30 for credit card numbers to $15 to $850 for top-quality online bank accounts.

On April 1, Sony removed one of the PlayStation 3′s original features, the option to install an alternate operating system such as Linux, with its latest firmware (version 3.21). Today, one man claims to have reinstated that feature.

Hacker George “Geohot” Hotz says he has, as promised, implemented a workaround that will let users enjoy the most recent version of the PS3′s firmware while keeping the “Install Other OS” option available. The catch, before homebrew and Linux enthusiasts get too excited, is that if you’ve already installed 3.21, you’re out of luck.

Hotz writes: “This can be installed without having to open up your PS3, just by restoring a custom generated [PlayStation 3 Update File] file, but only from 3.15 or previous. It’s possible this [custom firmware] will also work on the slim to actually *enable* OtherOS.” The redesigned PlayStation 3 slim model shipped without the option to install another operating system.

Hotz offers his version of video proof in a YouTube clip that purports to show his custom firmware working and booting Linux.

Sony Computer Entertainment said the decision to remove the feature was “due to security concerns.”

It appears that Hotz hasn’t made his custom firmware available publicly. Also note that Hotz’s video demonstration could realistically be faked. But for the PlayStation 3 owner soured by Sony’s decision to drop support for other operating systems, it at least provides some hope.

More computers are hacked in China than anywhere else in the world, a new report from security firm McAfee revealed.

In the last three months of 2009, about 1,095,000 computers in China were hacked, and 1,057,000 in the United States – this on top of the 10 million or so machines already infected in each country. An estimated $1 trillion in intellectual property was stolen worldwide in 2008 through hacking, McAfee estimated.

In China, hacked computers often are clustered into “botnets,” a.k.a. battalions of corrupted computers commandeered to attack websites and spew spam. The growing presence of botnets is yet another sign of network insecurity – already a huge concern for both business and government. The news comes just after China closed down Black Hawk Safety Net, the country’s biggest training website for hackers. The site signed up some 12,000 paying subscribers, providing them with both primers for cyberattack and Trojan software, which hackers use to illegally control computers. The report also comes after Secretary of State Hillary Rodham Clinton’s historic Jan. 21 speech on Internet freedom, where she announced: “An attack on one nation’s networks can be an attack on all.”

China produced 12 percent of the world’s botnet “zombies,” as they’re called. The U.S. was second on the list with 9.5 percent – down from the top spot (and 13.1 percent) in the previous quarter. The rest of the top five:Brazil, Russia, and Germany.

It’s not necessarily the Chinese themselves who are causing the problems. “Just because the attacks original from China doesn’t mean the people behind the attacks are Chinese or even physically in China,” Gideon Lenkey, founder of protection company Ra Security, told Internetevolution.com. ”China’s Internet is very closed off from the rest of the Internet so it’s a great position to attack from.”

Other findings from the report:

• A drop in spam: Levels dropped from a record 175 billion a day in the third quarter of 2009 to 135 billion, a 24 percent decline. Don’t get too excited – the “overall historical trend still points upward,” said the report. “Compared with the fourth quarter of 2008, volume is up 35 percent.”  For the record, there were about 135.5 billion spam emails sent every day in 2009, compared with 122 billion a day in 2008 and 76.5 billion a day in 2007. The U.S. is the world leader in spam production, but Brazil and India are fast catching up.

• Malware threats are on the rise, nearly doubling over the year. It was a “transformative and evolutionary year for computer threats,” the report said, with portable storage devices becoming a very popular target. This is partly because the hardware is so popular, but also because so many PCs use the Windows autorun feature – meaning no user action is required to become infected.

• Last year saw an increase in bogus  antivirus software that convinces web users their PC is infected and asks them to pay for equally bogus security software. Thanks to the growing popularity of Adobe applications, there also was a rise in attempts to exploit vulnerabilities in Flash and Acrobat reader.

Last month a report from McAfee and the Ce nter for Strategic and International Studies revealed a growing threat of cyberattack, with widespread attacks on critical systems.

A new injection attack that redirects users’ Web search queries is in the wild, and researchers at Websense believe it may have already affected more than 40,000 sites. In a blog posted yesterday, Websense researchers indicated that more than 40,000 legitimate sites have been compromised with “obfuscated code that leads to a multilevel redirection attack, ending in a series of drive-by exploits which, if successful, install a Trojan downloader on the user’s machine.”

When users visit one of the infected sites, they are redirected through a series of different sites owned by the attacker and brought to the final landing page containing the exploit code, the researchers say. The final landing page records the visitor’s IP address. When the site is visited for the first time, the user is directed to the exploit payload site. But if the user returns from the same IP address, he is simply directed to the benign site of Ask.com, the researchers report. This one-time download strategy may make the redirects less obvious and harder to detect, they say.

According to a spokesman, the labs first detected what appeared to be benign redirects embedded in compromised Web sites that sent users to Ask.com. “At that time, it seemed likely that hackers were looking to compromise as many sites as possible, getting their foot in the door before activating the campaign with a redirect to a malicious payload site,” he says. The attackers used polymorphic code to avoid detection in these early stages. Now the researchers understand that the malicious campaign actually began simultaneously with the Ask redirect, and the malicious payload site ninetoraq has been infecting users with malware.

Once the user’s computer has been redirected from a compromised site to ninetoraq, the site attempts multiple exploits through obfuscated code targeting vulnerabilities in MDAC, AOL SuperBuddy, Acrobat Reader, and QuickTime, the spokesman says. If it finds an open hole, it drops a malicious PDF file or a Trojan that is designed to steal the user’s information.

Most antivirus applications will not detect either one of these pieces of malicious code, Websense says. One of the exploits is detected by only three of the 41 most commonly used AV programs.

“The obfuscation code injected into these legitimate Web sites is somewhat random, but the deobfuscation algorithm is consistent amongst all the infections,” the researchers say. “The algorithm uses the JavaScript method ‘String.fromCharCode’ to convert a chunk of decimal values to a string. The string obtained after deobfuscation is an iFrame that eventually leads to an exploit site.”

The Websense researchers say the new attack is distinct from Gumblar or Beladen, two other injection attacks that have been redirecting users’ search queries in the past month. It is possible that the same hackers might be developing the different attacks, they say. So be careful when you are out there on the web, cause it seems the bad guys just keep thinking up new and more dangerous stuff everyday!

More than 40,000 websites worldwide have fallen under the spell of a sneaky piece of attack code that silently tries to install malware on the machines of people who visit them, security experts from Websense have warned. The mass attack has been dubbed Beladen because beladen.net is one of the internet domains used to unleash a swarm of exploits that target unpatched vulnerabilities in the Internet Explorer and Firefox browsers and programs such as Apple’s QuickTime. It plants highly obfuscated javascript on the bottom of websites that’s slightly different each time, making it impossible to spot infected sites using search engines.

The compromised websites are operated mostly by smaller businesses and government agencies, and so far security researchers have been unable to identify a common component that is being targeted. That leaves everyone guessing that the sites were penetrated by sneaking key-logging programs onto the PCs of people who maintain the sites.

“It’s all that we can assume because there is no common injection amongst all these 40,000″ sites, Chenette explained. “The only other possible explanation is the website owners have basically had their FTP credentials or account credentials compromised.”

It remains unclear how many end users are being affected, however. Mary Landesman, a researcher at ScanSafe, said less than 0.03 percent of its customer base tried to visit a site infected by Beladen in the entire month of May. That compares with more than 37 percent of its customers trying to visit sites hit by another mass infection that goes by the name Gumblar. Like Beladen, it attempts to install malware on the PCs of people visiting affected sites.

But that doesn’t mean Beladen isn’t important. Beyond it’s demonstrated ability to sneak itself onto so many webservers, it’s also notable because the attack bears the hallmarks of Russian mobsters. Before users are redirected to beladen.net, they are taken to one or more other addresses such as googleanalytlcs.net (note that “analytlcs” is spelled with an l instead of an i), which are attack sites designed to appear connected to Google Analytics.

Those same sites have been used in the past by the cybercriminals known as the RBN, or Russian Business Network. The group is known for producing highly sophisticated malware and offering a network of highly reliable webservers and other infrastructure used to deliver potent attacks. It has largely stayed out of the public eye since being outed in a series of articles by The Washington Post. Beladen may be a sign that the RBN is taking a more active role again.

Beyond that, it’s clear the attackers have taken painstaking steps to ensure the stealth of Beladen. In addition to javascript that is put through multiple layers of obfuscation, the attackers have also covered their tracks by shunting victims through a series of intermediary servers before arriving finally at beladen.net. In an attempt to thwart researchers, the servers check the previous site visited to make sure visitors have been referred by compromised server. I first read about this infection Friday where it had hit about 30,000 sites. It’s ability to grow by a third in less than 72 hours is worth taking seriously.

Sadly, Websense has had little success reaching the owners of the compromised websites.

“Half of the websites that have email addresses listed don’t respond to any security notification,” researchers from Websense said. “Many users think they can throw up a website and that’s the end of the day. They have to be more responsible in understanding that they have to protect the users of that site and the content.”

Website owners who suspect they have been hacked should inspect the source code on the site’s front page. If there’s a block of strange-looking code that mysteriously showed up recently, there’s a decent chance it’s Beladen. So keep your antivirus software up-to-date because even websites that you frequent could have been infected without anyone knowing. The only good thing with this type of infection growing, is that the security companies that produce antivirus software will respond quickly and have ways in their software to keep you safe.

A new attack that peppers Google search results with malicious links is spreading quickly, the U.S. Computer Emergence Response Team warned on Monday. The attack, which has intensified in recent days, can be found on several thousand legitimate Web sites, according to security experts. It targets known flaws in Adobe’s software and uses them to install a malicious program on victims’ machines, according to CERT.

The program then steals FTP login credentials from victims and uses that information to spread further. It also hijacks the victim’s browser, replacing Google search results with links chosen by the attackers. Security experts started tracking the attack in March, when it had infected several hundred Web sites, but in recent weeks the number of infected sites has jumped dramatically. The attack has been called Gumblar because at one point it used the Gumblar.cn domain, though on Monday it had switched to a different one.

Security vendor ScanSafe has counted more than 3,000 infected Web sites, up from around 800 just over a week ago. That kind of continued growth is unusual, according to senior security researchers with ScanSafe. Attackers have launched many widespread Web attacks over the past few years, but after a few months the total number of infected sites usually drops as Webmasters clean up their servers.

With Gumblar, more and more sites are now being infected. It is believed that it’s because Gumblar’s creators have been good at obfuscating their attack code and making it harder to spot on infected sites. And because they’ve been stealing FTP login credentials, they’ve been able to use a few new tricks to get their software onto the sites. They’re doing things like changing folder permissions … and leaving behind multiple ways that they can get back into the server which can make it difficult to clean up.

Still, Web attacks have become so widespread that Gumblar remains a relatively small-scale phenomenon, according to Symantec Security Response Product Manager John Harrison. Last year, Symantec counted 18 million online attacks against its customers. With Gumblar, it has counted 10,000. “It’s really just another day with drive-by downloads,” he said. “There really are so many of these.” Security experts say that if you’re using a fully-patched system with up-to-date security software, you should be protected from these attacks. To date, they’ve worked by hitting the victim with malicious PDF or Flash files.

For the icing on the cake today at work while I was working on cleaning up a pretty severe malware infection, I came across this infection on the system (which was easy caught and cleaned by a couple of my scanning tools) just hours after first reading about it. This itself was enough to make me put together this article to try and let everyone know!

An investigation into allegations of Chinese cyberwarfare against the Tibetan community has led to the discovery of a more widespread cyber-espionage network that also has targeted high-profile diplomatic, military, political, and economic systems worldwide.

The Munk Centre for International Studies at the University of Toronto today released a research report based on 10 months of investigating what it calls “GhostNet,” a cyberespionage operation that has netted stolen documents and gained full control of some of the systems it has breached. GhostNet has infected nearly 1,300 computers in 103 countries — mostly in Asia, but also in Europe as well as a NATO system. Around 30 percent of the infected machines were “high-value” targets, including foreign affairs ministries in Iran, Bangladesh, and Latvia; embassies for India, South Korea, Indonesia, Romania, Thailand, Taiwan, Germany, and Pakistan; as well as the Asian Development Bank and several news organizations.

The attackers use a Trojan program called gh0st RAT, which can take full control of a targeted machine. Gh0st RAT has the ability to search and download files and operate any devices attached to the targeted system, including Web cameras and microphones. Users get infected by opening targeted, spear-phishing type email carrying malware and the Trojan itself, which exploits vulnerabilities on the machine. GhostNet then can listen in on conversations taking place at the infected computer’s site, although researchers said in a separate published report that they couldn’t confirm whether the attackers had actually used this feature.

The main target appears to be the Dalai Lama and related Tibetan operations, according to the Munk Centre report. The researchers found evidence that GhostNet had hacked into computers containing personal and sensitive information in the Dalai Lama’s and other Tibetan offices.

Researchers at F-Secure posted screen shots and comments on gh0stRAT and other tools used by the attackers. Gh0stRAT is basically a version of the notorious Poison Ivy backdoor-hacking tool, according to F-Secure. Although most of the systems controlling Gh0stNet hail from China, the researchers warn that this doesn’t necessarily mean it’s state-sponsored. And they say their research raises more questions.

“…It is not clear whether the attacker(s) really knew what they had penetrated, or if the information was ever exploited for commercial or intelligence value,” they wrote. “This report serves as a wake-up call. At the very least, a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet.”

It would seem that the vast majority of people out there (even in important positions) still don’t realize the danger of this type of stuff and need to make sure networks of great importance are actually protected like they should be!

Move over TJ Maxx, payment processor Heartland Payment Systems has potentially leaked up to 100 million credit and debit accounts into the black market. That number, if verified, would make this the largest data breach on record. It also means the United States has managed to set two national records in the same day. Guess which one folks are paying attention to? Awful convenient, that. 

Heartland’s problems began late last year when the company began to receive reports of fraudulent activity. There is no hard evidence that the company’s data leak was responsible for the sudden surge of mysterious microtransaction fees we reported in early December, but the timing is extremely coincidental. The December attacks were never successfully attributed to any single company or credit card, but instead affected a seemingly unrelated group of people with different banks, credit cards, and online shopping habits.

Heartland may—and I do stress may—have been the hidden link between them. The company’s website suggests that it serves a wide range of small business customers, a perception that’s reinforced by comments company president and CFO Robert Baldwin made to The Washington Post. “No merchant of ours represents even [one-tenth of one percent] of our volume, and to put out any name associated with what is obviously an unfortunate incident is not fair,” Baldwin said. “Their customers might end up having their cards used fraudulently, but that fraud might turn out to have come from their store, or it might be from another Heartland store and no one will ever really know.”

Malware in the system 

The list of facts Heartland does know is depressingly small. Once it discovered the breach (date unknown), the company reported it to the US Secret Service and brought in multiple forensics teams. The actual source of the breach, however, wasn’t discovered until last week. One of the systems in the payment processing chain had been infected with an unidentified bit of malware designed to track and report the magnetic information stored on the back of a credit card as that data was sent through the processing, err, process.

Heartland was able to determine that no personally identifiable information (PII), including social security numbers, addresses, or telephone numbers was stolen. PIN numbers, likewise, remained safe. Although the lack of address and (possible) lack of CVN codes would have made it more difficult for thieves to use the cards online, there’s no reason why the magnetic information couldn’t be transferred to a new physical card. If Heartland’s breach and the microtransactions we tracked in December are connected, there’s evidence that this, in fact, occurred.

Unfortunately, the above summarizes what Heartland knows to date. The company has no information on which transactions specifically went through the infected system, how many transactions occurred while the system was compromised, when the system was compromised, or which of its customers’ (think restaurants, hotels, etc) customer’s (individuals) data was actually sent back to the thieves on the other end of the line.

Baldwin told The Washington Post that Heartland had no obligation to offer individuals credit or identity theft protection. “Identity theft protection is appropriate when there is enough personal information lost that identity theft is possible,” he said. “In this case, the amount of information we know they did not get is long enough that except in very circumscribed cases identity theft is just not possible. At the same time, we recognize and feel badly about the inconvenience this is going to cause consumers.”

Heartland, it’s good to know you feel bad for the “inconvenience this is going to cause consumers.” Now how about some information on how you plan to track data going forward? If you can receive a data stream, process it, and authorize payment you can also keep a record of exactly how that payment was processed through your own system. I’ll admit, there’s still a question of how to match that data up with particular people, but these sort of vague warnings when tens of millions of records are (or may have been) compromised are unacceptable, particularly when the company in question refuses to divulge its list of customers.

Because of the computational power of today’s GPUs, GPUs are starting to be harnessed more and more to help out CPUs with some hardcore number crunching. That is the concept behind Nvidia’s CUDA, ATI’s Stream, and Apple’s OpenCL frameworks. There aren’t many apps available yet that take advantage of these relatively new technologies, but the ranks are slowly growing. The latest GPU-assisted app to come available is one designed for IT managers to make sure their wireless networks are secure–and inevitably for hackers to try to break into wireless networks.

Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0, which can take advantage of both Nvidia and ATI GPUs. ElcomSoft claims that the software uses a “proprietary GPU acceleration technology,” which implies that neither CUDA, Stream, nor OpenCL are being utilized in this instance. At its heart, what ElcomSoft Wireless Security Auditor does is perform brute-force dictionary attacks of WPA and WPA2 passwords. If an access point is set up using a fairly insecure password that is based on dictionary words, there is a higher likelihood that a password can be guessed. Brute force attacks that send random dictionary words to an access point can eventually successfully guess the password, if given enough time–the more computational power behind it, the faster the software can send passwords attempts and possibly guess the password. *

“Advanced dictionary attacks with deep mutations attempt multiple variants and combinations of each dictionary word. The mutations can be fine-tuned to employ all or some of the settings such as different letter cases, number substitutions, changing the order of characters, using abbreviations and vowel mutations; 12 configurable mutation settings altogether.”

ElcomSoft positions the software as a way to “audit” wireless network security. However, we’re fairly certain that at least some users will use the software for more nefarious means, such as trying to break into someone else’s wireless network. If you manage a wireless network, you should use passwords that use a combination of upper and lower-case letters, numbers, and symbols (if it supported), use relatively long passwords, and avoid dictionary words–in fact, this is good advice for nearly any type of password–not just for wiresless access points. ElcomSoft Wireless Security Auditor runs on Windows NT SP4, Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. The software ordinarily sells for $1,199, but is currently selling at half price ($599.5) until March 1, 2009.

Google used its booth at Macworld this year to show off some of the things it was working on with Apple, particularly for the iPhone. But the coolest thing at their booth didn’t have much to do with Apple at all: A hacked Nintendo Wii Balance Board (from the game Wii Fit) used to control Google Earth.

Using the Google Earth application programming interface (API), a Google engineer was able to get the Balance Board to talk to the program after decoding the Bluetooth packets being sent from the board (that’s how the device wirelessly interacts with a machine like the Nintendo Wii). The result (which you can see in the video below) allows users to move forward by leaning forward, move backwards by leaning back, etc.

The developer says he made this neat little demo to inspire others to code their own programs using these open source methods. Hopefully, someone comes up with a hack to make it so I can use a Wiimote to control my TV, because that would be awesome!

This is pretty cool stuff and seems to work awesome! I can only imagine how excited Wii fans and Google Earth fans are. Even though I haven’t personally used Google Earth, this is still really cool stuff because if this can be done, its only a matter of time before other stuff like this starts popping up! So Enjoy!

So it seems that a group of hackers have finally found something that the Playstation 3 is useful for other than watching Blu-Ray movies. They claim that they have beaten SSL using a farm of 200 PS3s which take advantage of a flaw in the MD5 cryptographic algorithm SSL uses. Check this out:

Between the juvenile delinquent hordes of PlayStation Home and some lackluster holiday figures, the PlayStation has been sort of a bummer lately, for reasons that have nothing to do with its raison d’etre – gaming. That doesn’t mean that the machine is anything less than a powerhouse — as was made clear today when a group of hackers announced that they’d beaten SSL, using a cluster of 200 PS3s. By exploiting a flaw in the MD5 cryptographic algorithm (used in certain digital signatures and certificates), the group managed to create a rogue Certification Authority (CA) which allows them to create their own SSL certificates — meaning those authenticated web sites you’re visiting could be counterfeit, and you’d have no way of knowing. Sure, this is all pretty obscure stuff, and the kids who managed the hack said it would take others at least six months to replicate the procedure, but eventually vendors are going to have to upgrade all their CAs to use a more robust algorithm. It is assumed that the Wii could perform the operation just as well, if the hackers had enough room to spread out all their Balance Boards.

This is actually some pretty big news not only because they were able to use the power of the PS3 to crack SSL, but for the fact alone that they were able to do it. Since it is known widely now that it can be done, I am sure we will start to see quite a few more hackers out there trying to also break the MD5 cryptographic algorithm to use it for phishing scams or other not-so-nice purposes online!

Lately it seems as though people are finding ways to do more and more with their iPhones. Well I am starting to believe this statement as it seems that there has been a successful port of the 2.6 Linux Kernel working on the iPhone! Although they haven’t gotten all of the drivers functioning yet I can bet that it will only be a matter of time before they get more and more stuff working which is simply amazing in my book. Even more cool this works on both generations of the iPhone as well as the first generation of the iPod Touch! If I can ever get around to getting my hands on one of these suckers I defiantly plan on trying it out since I have become somewhat of a Linux fan as of late!

What we have:

- Framebuffer driver
- Serial driver
- Serial over USB driver
- Interrupts, MMU, clock, etc.

What we have in openiboot (but hasn’t been ported yet):

- Read-only support for the NAND

What we don’t have (yet!):

- Write support for the NAND
- Wireless networking
- Touchscreen
- Sound
- Accelerometer
- Baseband support

Here is a video of a short demonstration:

Here is a LINK to download the files needed! Also, here is a LINK to the readme.txt if you would like to try it for yourself! So enjoy!!

Ok, so it has bugged me for quite some time that Microsoft kind of “limits” what themes you can use with Windows XP without going all out and changing everything. I’ve always just wanted something different from the plain old green and blue start bar down at the bottom. When I recently reformatted due to getting a new motherboard I decided to have another go at it and see how things were now and if there were some more themes out there I could grab and take advantage of. Sadly I was let down and Microsoft still locks it down with the themes having to link up with a certian system file (uxtheme.dll).

So, today at work since my co-worker was at the store re-installing his XP install on his personal machine, who found out just as I did about the themes and as not too happy, we both decided to hunt around and find a hack for this little problem to let us do what we wanted and use some cool custom themes for XP.

After much searching we finally did find a fix! Which I am going to share with everyone reading this because I know how annoying it can be stuck with the 1 or 2 themes that Microsoft provides you by default. This fix works only if you have Service Pack 3 installed so if you don’t have it yet… you need to get it (not only for this fix) and update your Windows so it is up-to-date. You can download that here! Ok, so lets get started!

1. Download the xp_theme_fix.
2. Extract the contents of the .zip to your desktop and open the “Replacer” folder.
3. Run the file named “Replacer” in that folder and follow the instructions. It is going to ask for the original uxtheme.dll file which can be found in your “C:\Windows\system32\” folder.
4. Do what it tells you to replace the original with the one provided in the “Replacer” folder. (don’t worry it makes a backup of your original for you.)
5. Reboot when asked to do so by the program.
6. You may now use your custom themes that may not have worked before! Theme’s folders are placed in the “C:\WINDOWS\Resources\Themes” directory!

I also included in this .zip file another .rar file of the Zune Theme which has 8 different colors for you to pick from and use! This method worked like a charm for me so if you have any problems or questions feel free to leave a comment and I will help anyway I can! Enjoy!

Ok, so this is one thing that has really bugged me since I got my SCH-i760.  I will connect it to the internet and check my email, or look at something online such as the weather or google maps, and close it down and continue on my way.  But what I forgot was the fact that I didn’t manually shut off the data connection and for the rest of the day it has eaten my battery life alive!  After a while I found alittle program called “BandSwitch” but even it was not free and only a trial of the program.  So last night I decided to do some digging since I couldn’t sleep!

After about an hour of hunting around I was able to dig up a very cool registry edit for my phone (and any phone using wm5 or 6) that simply changes one value in the registry to turn on this auto disconnect idle data connections feature.  Below are links to the .CAB files to change it for you as well as what to do if you want to edit the registry yourself.

HKEY_LOCAL_MACHINE\Comm\ConnMgr\Planner\Settings\
SuspendResume = GPRS_bye_if_device_off
CacheTime = xxx (where xxx are seconds before auto disconnect, for me the best value is 60)

Auto disconnect GPRS after 1 minute idle time
Auto disconnect GPRS after 5 minutes idle time

There you have it, I don’t take credit for this just trying to spread the love alittle because I know this can be a real bother when your phone’s battery life is eaten up when you forget to turn off your data connection…. so ENJOY!