Security Flaw Allowed The FBI To Create The iPhone Cracking Software

Apple vs the FBI looks liked it would never end, originally starting with the FBI requesting (and then a federal judge ordering) Apple’s support in unlocking and gaining access to an iPhone in a court case. Apple looked to defend itself and ultimately the FBI recalled its actions when it received support from an outside party. It has now been revealed how the tool used by the FBI gained access to the iPhone through the use of a security flaw.

The security flaw, one that was previously unknown to Apple, allowed the creation of a tool to crack the four digit pin used to protect the phone from 10 failed attempts to gain access to a phone. The group that provided the tool to the government was a group of “grey hat” hackers who actively seek out flaws in software to then sell on to groups such as the government.

The exposed flaw affects both the iPhone 5 and iOS 9 iPhones, and may not affect work on newer versions of both iPhones and the iOS operating system. With FBI director James B. Comey saying that they may or may not disclose the security flaw to Apple, but with the latest leak revealing where they need to focus, Apple may now fix the problem before others are able to exploit it.

3DM Claim to Have Cracked Denuvo

Video games are a tricky thing, with prices ranging from your quick sale buy to a full-blown new release (going upwards of £40 or even £50 now), you end up spending a lot of money to get the latest in entertainment. One way to get games cheap is to use a “cracked” version of them, this is when a game is altered so that people can play it without being caught by the DRM (digital right management), a system to make it so that only those who have purchased it (usually by linking the purchase to an account on a service) can play the game. Recently 3DM stated they would halt cracking in order to view how localization affects video game sales. That may not be the whole story as more news has been revealed.

This latest announcement relates to the news that some groups were finding Denuvo a little too hard to crack. Some of the latest games, including Tomb Raider, Just Cause 3 and FIFA 16 use Denuvo, but 3DM have now come forward and stated that they are on the “verge of cracking the latest Denuvo”. The announcement was made by Bird Sister the leader of 3DM via TorrentFreak and was explained that the statement was made to prove that the rumours they had  “abandoned cracking due to technical problems” was nothing more than just rumours.

Some use cracked software to test out a game before playing it, some use it to wait until they can buy the game, some just don’t like paying £40+ when they don’t even know if the game is worth the money. Will you admit to using cracked software? Do you like buying it once you are certain it is worth the investment?

Fallout 4 Pirate Learns Expensive Lesson as Bitcoins Go Missing

You should never pirate games or software in general, that is something that we all know. There are those who can’t resist that temptation now and the, but it can end very badly and end up costing you a lot more than just purchasing the game straight away. That was a lesson that was learned by Redditor arkanoah as he discovered that 4.88 BitCoin went missing from his wallet.

He took his problem to Reddit in order to try to figure out where his missing BitCoin were and how they got missing. Other Redditors were quick to notice the time of disappearance, November 11th, which coincides with the time that Fallout 4 was released. Asking the question if he had pirated that or another game was answered with yes and that’s most likely the way his BitCoin were stolen.

Cracked software is risky to download as it often contains malware in one form or another and it is the most likely scenario that this is the way that the 4.88 BitCoin went missing. The user originally scanned his download with antivirus software and later the system with Malwarebytes and GMER which both returned zero infections. So whether the attacker cleaned his tracks after downloading and cracking arkanoah’s BitCoin wallet or the mechanism used is so sophisticated that it isn’t being detected is up to everyone’s own guess, we most likely won’t find out. It is however most likely that the perpetrator cleaned his tracks before leaving the victim’s computer.

At the time, the 4.88 BitCoin were worth $1773, quite a bit more than the game would have cost him on Steam or other platforms. Lesson learned, I hope.

Microsoft Kills Support For Ageing DRMs with Windows 10

Windows 10 has been officially released for a while now and it still draws headlines for various reasons. Sometimes they aren’t the best, but mostly the release has been positive and well received. For the biggest part, Windows 10 will run anything that Windows 7 and 8 did, but there are a few very limited exceptions and two of those are aging DRM protections.

Securom and SafeDisk protected games won’t run in Windows 10 and they will never do so. If you wish to play older games that use this form of optical disk DRM, then you’ll need a no-CD crack or similar. Many older games have also been re-released on GOG and Steam where you can get them in working condition.

The reason behind the block is a basic restructuring of how everything works. It is a new operating system and it needs to adapt in order to close loopholes that can be abused. And that is the main reason for those two DRMs not to work anymore, they can be abused by malware as an attack point on your system.

“And then there are old games on CD-Rom that have DRM. This DRM stuff is also deeply embedded in your system, and that’s where Windows 10 says ‘sorry, we cannot allow that, because that would be a possible loophole for computer viruses,’ said Microsoft’s Boris Schneider-Johne in a video interview.

That’s why there are a couple of games from 2003-2008 with Securom, etc. that simply don’t run without a no-CD patch or some such. We can just not support that if it’s a possible danger for our users. There are a couple of patches from developers already, and there is stuff like GOG where you’ll find versions of those games that work.”

Where the above quote is directed at Securom, it isn’t any different for SafeDisk. The company behind it says that they won’t update it to work with the newer Windows version and says that it’s Microsoft’s job to fix it. Long story short, SafeDisk won’t work with Windows 10 either.

Windows 10 is a great operating system and there isn’t any doubt about how popular it will get any more. I can also add the bonus information, as a lot of people still are misinformed on the issue, that Windows 10 won’t disable your cracked games or disable the system for unauthorized hardware. That paragraph in the ToS has nothing to do with Windows 10 but is instead directed at the Xbox and Microsoft Services. This fact is still being misrepresented by a lot of sites and you can read the real story here.

Government Looking for Exploits in Anti-Virus Software to Use Against You

Snowden’s latest leaked documents point to government agencies such as the NSA and GCHQ taking an interest in tracking user activity and spying on networks. However, to do that, they have to get one piece of software out-of-the-way; the anti-virus. This also seems to link with an earlier incident at Kaspersky Lab, where their headquarters was hacked by an unknown and well-equipped group.

The government agencies are said to be using a process named Software Reverse Engineering to gain access to vulnerabilities still present in current anti-virus products. One of the latest warrants GCHQ wants to approve, according to The Intercept, even states that Kaspersky poses a threat to its SRE program.

Other methods of intercepting and gaining access to anti-virus software databases consist of finding and exploiting employee emails that work in anti-virus companies. In addition, user PCs are targeted for HTTP requests sent to anti-virus headquarters, containing relevant security vulnerabilities found by their anti-virus suites.

To support the above claim, The Intercept also came across a GCHQ presentation where it shows that around 100 million malware events are flagged daily by the government agencies. The same approach might be found in every government agency, so at least we get another peek at what’s going on and how ’secure’ we are.

In the end, is targeting and ‘cracking open’ anti-virus software really a good solution? From my point of view, the GCHQ should hire Kaspersky Lab to design their network security if they are as good as they say they are. What do you think?

Thank you TechCrunch and The Intercept for providing us with this information

Guy Makes Device Which Can Open Combination Locks in a Matter of Seconds

Not really what you were looking to hear if you have a locker at work or school that relies on combination locks to keep people from snooping through your personal belongings, huh? Well, someone was bound to do something like this sooner or later and it’s not like combination locks were the best security option on the planet anyway.

This new high-tech process looks to follow the manual process used by experienced crackers, but drastically reducing the process with the help of computerized algorithms. The device is made out of a stepper motor, a servo motor, a 3D printed harness and an Adruino to help with the AI/computerized side of things.

But now to the real question… how useful is the process? Well, not that useful. Experienced crackers can open these type of locks in a matter of seconds too (not as fast as a robot, but pretty fast nonetheless). So that’s why combination locks are made to keep out nosy people from snooping through your personal stuff and not keep your family values safe.

Still, this can be useful when you really have no experience and desire to learn how to crack these things and want to prank your friends. You can watch the video below to see how it is made and tested.

Thank you TechCrunch for providing us with this information

Image courtesy of Amazon

Corning Announces Gorilla Glass 4

Corning has announced its next ‘version’ of Gorilla Glass that supposedly “survives up to 80 percent of the time”.

The new glass is touted to be 2 times stronger than any other competing glass product, and has been designed with intention of saving your screen from a big drop. They say it uses their “proprietary fusion draw process” to keep the glass thin, while ensuring its strength.

Gorilla Glass is undoubtedly the most popular type of strengthened glass used on our smart devices, they say that “over 40 manufacturers have designed Gorilla Glass into a total of 1,395 product models”.

Those manufacturers include Apple, who is notable for recently making attempts to move away from the product to sapphire. Its believed that project fell apart after its sapphire supplier, GT Advanced, failed to produce enough of the material to be usable in the iPhone 6 and 6 Plus.

Source: PC World

Russian Interior Ministry Offers £65.5k for Tor Crack

 

The Tor Network has been a huge thorn to most governments and anyone else trying to control the flow of information. We’ve read lot about both the US and UK governments and security agencies and their view on the Tor network. Now Russia has entered that list of governments seeking out ways to decrypt the Tor traffic they intercept.

The Russian Interior Ministry takes a different approach than the rest, offering up a tender to find a solution for decryption of the intercepted traffic. They are offering 3.9 million ruble, that’s around £65.5k or $111k. The tender only seems to be open to organisations that already do secret work for the government, so this isn’t for everyone.

The Tor network is a great tool for the citizens of countries like Russia where free speech is still seriously limited, but as so many great tools it can also be used for bad things. Criminals of all sorts hide behind it on the same level as those who just don’t want to get tracked and spied on.

There have also been huge botnets hiding within the Tor network sending out spam and malware to the rest of the world. Many of those are originating from Russia, so there might very well be genuine police and security concerns at hand too.

We will probably never know the real truth and full story on this and personally I think the reward offered is pretty low for what is asked of you.

Thank you Hexus for providing us with this information.

Image courtesy of Tor.

Yahoo! Mail Suffers Unknown Number Of Stolen Email Accounts And Passwords

Since the massive Yahoo! ad-malware problem was not enough, apparently Yahoo! Mail got hit ‘big time’ recently, leading to an unknown number of Yahoo mail user account names and passwords stolen.

Yahoo mail users seem to be the most recent victim of mass data theft. Yahoo, in a security update posted today, claims to have “identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts.” This really does not come as a surprise, but a question to Yahoo!’s credibility. First malware attacks, now this? Yahoo! might be standing in the same boat as Google with all their late ‘misfortunes’.

The company took action on behalf of its users, prompting them to reset passwords on the breached accounts. So far, Yahoo’s investigation the list of usernames and passwords uses in the attack were harvested from a third-party with access to Yahoo credentials. The company believes that “the information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.”

Up until now, Yahoo! has not released any comments or an estimated number of affected accounts implicated in the attack. Federal law enforcement has been notified of the attack, and Yahoo has “implemented additional measures to block attacks against Yahoo’s systems.”

Thank you Electronista for providing us with this information

NSA Reportedly Can Bug Computers Before They Reach Buyers

Apparently the NSA does not have to wait until people are using technology to start snooping on it. Spiegel has obtained documents which claim that the agency’s Tailored Access Operations (TAO) group can intercept computer equipment orders and install tracking hardware or software before the shipments even reach their buyers. The division can target a wide array of hardware, too. Another NSA section, ANT, reportedly has a catalog of tools that can install back doors in everything from Cisco and Huawei network systems through to hard drives from most major manufacturers, including Seagate and Western Digital. Some of these bugs can give the NSA “permanent” access, since they’re designed to persist if the owner wipes a device’s storage or upgrades its firmware.

The leak suggests that the targeted manufacturers aren’t aware of what’s happening; Cisco and other firms tell Spiegel they don’t coordinate with the NSA. These hardware interceptions are also limited in scope next to remote surveillance programs. The agency isn’t confirming any specifics, but it maintains that TAO is focused on exploiting foreign networks. Whether or not that’s true, the discoveries show that the NSA’s surveillance can reach the deepest levels of many networks.

Thank you Endgadget for providing us with this information
Image courtesy of Spiegel

Microsoft Cracks Down On Windows 8.1 Piracy – KMS Only Lasts 6 Months

Softpedia reports that Microsoft is cracking down on the way it deals with pirated copies of Windows 8.1. Typically Microsoft had been lenient on the pirate community and copies could be easily activated and manipulated by a variety of crack tools (RemoveWAT, WATFix, Windows Loader, Auto KMS, etc). These pirated copies which could be easily activated/cracked are still entitled for Windows updates, as Microsoft decided not to block updates to these pirated users. On Windows 8.1 this may change.

Microsoft is targeting the KMS activation technique which currently allows Windows 8.1 users to activate their Windows free of charge with a custom host and a few lines of command. However, Microsoft has ensured this KMS fix isn’t as long term and easy as it previously has been. Now the KMS will only last 180 days, 6 months, essentially acting as an extended trial version. Furthermore, Microsoft is apparently considering blocking custom hosts in KMS activation to prevent the exploitation of the system for piracy. Microsoft are still yet to comment on what the situation is with KMS activation so we will be sure to bring you their response when we see it.

Image courtesy of Faikee on WinClub

People Are Spying On You And Hacking Your Computer

How safe are you while you are on the computer? Using your anti-virus, and your firewall, perhaps other methods of keeping you safe, like keeping all of your software up to date will keep you fairly secure. Not everyone does this though, not keeping software up to date, or even your operating system. If you don’t update some vital software that you run on your computer when there is an update it can compromise all security on your machine, giving a hacker full access to your system, even giving them the ability to hack your webcam and see you while you are sitting at your computer.

https://www.youtube.com/watch?v=Yb9b_LzM1U8

Mark Ward of the BBC wrote an article showing us one vulnerability that some people have when they don’t keep Java up to date. You can view his article Licensed to hack: Cracking open the corporate world HERE. He shows us how he was able to inject coding into a website which notified him when someone had viewed the page and then gave him full access to their computer. This isn’t just for some kid sitting in their moms basement writing code, or anything, this is also for big corporations which have loads of hits each day. Corporations are able to easily gain control of users computers, accessing files, spying on them, and giving them an inside edge to their customer base.

The only suggestion I can give you to prevent this from happening is to make sure that your computer, and everything running on your computer is 100% up to date, though it doesn’t seem like that will prevent someone from gaining access to your computer, it is just one preventative measure that you are able to take.

Image courtesy of  Security Blog

Source