Large Scale iTunes Fraud Underway, Once Again

iTunes Back in July, we reported that several iTunes accounts were compromised by hackers who went on to make fraudulent purchases on the user’s behalf. Although Apple clamped down on the hackers, and promised security improvements after widespread criticism from bloggers, hackers seem to have one-upped them once again.

TechCrunch is reporting that another large-scale iTunes scam is underway, and several iTunes account holders have already lost thousands of dollars. The problem seems to be due to a security hole in iTunes accounts linked to PayPal. One affected user, Joey Bruce tweeted, “Someone hacked my iTunes/PayPal acct and drained everything from my bank account. Life is kicking me in the balls while I’m down”.

Given iTunes’ abysmal security track record, we strongly recommend against permanently storing any financial information (i.e. linking with your credit card or PayPal). PayPal is aware of the issue; however, none of the involved parties have issued a statement.

In related news, 12 people have been charged with fraud and money laundering offences related to iTunes. Apparently, this gang uploaded tracks to Amazon and iTunes and used stolen credit cards to purchase them.

Researcher Who Exposed Vulnerabilities in India’s Electronic Voting Machine Arrested

Recently, a group of researchers, Hari Prasad, Rop Gonggrijp and J. Alex Halderman, demonstrated serious security vulnerabilities in the electronic voting machines (EVMs) being used by India. The EVMs, which were introduced by the Election Commission in 2004, were found to suffer from serious weaknesses that can be used by anyone with physical access to manipulate the outcome of the election. In spite of working demonstrations by the researchers, the Election Commission still maintains that the EVMs are secure and tamper proof.

Unfortunately, being ignorant and blind isn’t the Indian government’s biggest crime. Halderman revealed in a blog post that his colleague, Hari Prasad has been arrested by the police. The authorities appear to be interested in uncovering the source who supplied the voting machine to the researchers. Halderman maintains that the voting machine was supplied by an anonymous source who had rightful access to it. The EVM in question was earlier reported as stolen by the Collector’s office at Mumbai.

On inquiring with the officials there, it was learnt that Waimuru brought the machine himself and the channel had nothing to do with it. It was also learnt that Waimuru had gone to Nashik earlier this year. He met a local leader and a social activist there who gave him the machine. Moreover, it came to light that a government official believed to be working in the Old Customs House had given the said machine to the local leader,an official informed DNA. Hari Prasad has been remanded to the police custody till August 26.

While the Indian police is quite possibly well within its rights to try and track down the source of the leak, there is a real possibility that the government is simply trying to silence its critics. The researchers exposed the Election Commission and broadcasted their ignorance, incompetence and stupidity to the world. I can’t help by notice that the government is being more proactive in closing the source of leak than rectifying the serious problems plaguing the EVMs.

Swedish Authorities Issue Arrest Warrant Against WikiLeaks Founder on Rape and Molestation Charges

WikiLeaksJulian Assange, the enigmatic founder of WikiLeaks has always been a controversial personality. He has been hailed by many as a savior of free speech, criticized by Cryptome for money laundering, and now accused by the Swedish Police of rape and molestation.

WikiLeaks is a controversial secretive organization that takes pride in exposing confidential documents of public interest. The award winning organization came under the mainstream spotlight after leaking the Baghdad Airstrike video (showing civilian casualties) and the Afghan war chest.

According to the Swedish daily Expressen, he met with these women last week, when he was in Sweden to apply for a publishing certificate that will enable the website to advantage of Swedish laws providing protection to whistle-blowers.

WikiLeaks tried to downplay the charges as “dirty tricks”. In a statement issued over the micro blogging website, Julian Assange said, “The charges are without basis and their issue at this moment is deeply disturbing”.

Update: The Swedish authorities have withdrawn the rape charges and dropped the arrest warrant.

Meet “STAMP”: The $50 Tablet from India

Last month, the Indian government made headlines by announcing the $35 tablet. While the hands-on demo by the Indian HRD minister Kapil Sibbal might have allayed fears that the tablet will turn out to be another vaporware from the Indian government, it is still a year away from mass production. In the meantime, Bangalore based Allgo Embedded Systems has created their own prototype tablet, which should cost around $50.

The tablet, which is being called “STAMP“, will sport a 7 inch touchscreen, and run Android or Linux. K. Srinivasan, the founder of Allgo said, “We have developed the prototype for which the material costs are $35 and are currently in talks with manufacturers”.

Stamp is still just a prototype. According to the estimates provided by Srinivasan, Stamp’s cost can be brought down to $45 if 100,000 units are manufactured and $40 if 1,000,000 units are manufactured.

Spice Launches Affordable Android Mobile Phone, Announces Two Tablets

Last month, we reported that Google is working with manufactures like Huawei to introduce cheap Android handsets in parts of Asia. Following in Huawei’s footsteps, Spice has launched its own affordable Android powered mobile phone in India.

Spice-Mi-300-Android

The Spice Mi-300 sports a 3.2 inch HVGA capacitive display with a resolution of 320×240. It runs on Android 2.1 and is powered by the Qualcomm MSM7227 chipset. Supported connectivity options include 3G (HSPA enabled), Wi-Fi, and Bluetooth. The handset features a 5 megapixel camera capable of recording 720p HD videos. Although the ROM offers just 156 MBs of space, microSD cards up to 32 are supported. The Mi-300 is now available in stores across India for Rs. 9,990.

Spice Mobile has also announced two Android powered tablets for computing on the go. The first of them is the Mi-410, which is powered by Qualcomm Snapdragon MSM8255. The Mi-410 is a micro-tablet with a 4.1 inch HVGA capacitive screen. The second tablet, which was announced by Spice, is Mi-700. This tablet will run on a Qualcomm MSM7227 chip and feature a 7 inch capacitive touchscreen. The tablets are expected to be launched in October-November.

PS3 Jailbreak is Finally Here

PS3-Jailbreak

An Australian hardware modding unit called OzModChips is claiming that the PS3 has finally been jailbroken. If true, this is indeed quite an achievement, since Sony’s PlayStation 3 is a heavily locked down platform that is renowned for excellent security. The jailbreak will enable owners to back-up their games and even run pirated games.

The solution being tested by OzModChips basically requires you to purchase an USB dongle called PS Jailbreak. When plugged into the PS3 and booted, the utility present in the dongle is executed and the PS3’s security measures are deactivated. The developers are claiming that this won’t brick the system and since the PS3’s seal isn’t tampered with, warranty will also remain valid.

The final retail units of PS Jailbreak are ready and more information is available at psjailbreak.com. PSXScene is vouching that PS Jailbreak is the real deal. It will be interesting to see how Sony reacts. According to unconfirmed reports, PS Jailbreak is generated with Sony’s official SDK (Software Development Kit) that makes it illegal to share. A lawsuit or two are definitely in the realm of possibilities. However, it might be difficult for Sony to shackle modders around the world, once the cat is out of the bag.

Facebook Caught Plagiarizing Open Source Code in the Official iPhone App

One of the many nifty features present in the official Facebook app for iPhone is the “Pull to Refresh” functionality, which was pioneered by Tweetie. This UI (user interface) element is derived from the open source TTTableHeaderDragRefreshView class created by Enormogo. Unfortunately, it appears that Facebook was using third party open source code without proper attribution.

Obviously, folks at Enormogo weren’t pleased when they discovered the similarities between their code and Facebook’s implementation. Shaun from Enormogo wrote in a blog post, “To find out that they took our code, re-released it as their own, and take credit for it though? That’s not cool Facebook. Not cool at all”.

Before the daggers come out, it’s worth noting that this was most probably an honest mistake by Facebook. Here is the statement issued by David Recordon, the head of open source programs at Facebook:

Back in February a developer outside of Facebook sent a GitHub pull request which included this pull to refresh functionality. At the time we believed that the developer wrote the code themselves and thus didn’t realize that it actually came from Shaun’s open source library EGOTableViewPullRefresh. I’m sorry that we messed this one up. Three20 has over a dozen different contributors (http://github.com/facebook/three20/blob/master/AUTHORS) and we try really hard to give credit where it is due.

The required attribution has already been added by Facebook and will be committed to the GitHub soon.

Trillian Beta for Android Released: It is Awesome

Trillian has long been one of the best multi-protocol instant messengers for Windows. However, Cerulean Studios has no intention of being limited to the PC or the Mac. It has already has already released Trillian for the Blackberry and the iPhone, both of which have been lauded by critics. In fact, Trillian is regarded by many as the best IM app for the iPhone, along with Beejive. Now, Cerulean Studios is bringing the same awesomeness to Android users.

Trillian-Android-Contacts

Trillian for Android supports AIM, Facebook, Google Talk, ICQ, Jabber, Windows Live Messenger, MySpace and Yahoo. The support for Facebook Chat should earn Trillian brownie points from Android users, since the official Facebook app is yet to implement this feature. Existing Trillian users will be pleased to know that the Android version also features cloud synchronization of contacts and accounts.

Trillian-Android-Accounts

Trillian’s interface is simple but functional. The home screen displays all online contacts, grouped according to existing categories and the messaging service. Pressing a contact opens up the tabbed chat interface with landscape mode support. I was impressed to discover that Trillian already supports supports photo transfers, emotions and even buzz.

Trillian-Android-Tabbed-Chat

Download-Trillian-AndroidTrillian for Android is still in beta, and as expected, there are a few niggles here and there. Nevertheless, it is still very much usable. In fact, Trillian already has its fair share of handy features like push mail notification for IMs when Trillian is suspended and automatic away mode.

Users on Android 1.6 and above can download time restricted beta build of Trillian from here.

Intel Acquires McAfee for $7.68 Billion

McAfeeIn an interesting move, Intel has announced that it will be buying the security software firm McAfee for $7.68 billion. This acquisition comes close on the heels of McAfee’s acquisition of tenCube – the developer of WaveSecure.

At first glance this might appear to be a strange acquisition, given that Intel is mainly a hardware manufacturer, whereas McAfee is a software developer. However, as Intel goes on to explain in the following statement, McAfee will help Intel in its goal of providing on-chip security.

The acquisition reflects that security is now a fundamental component of online computing. Today’s security approach does not fully address the billions of new Internet-ready devices connecting, including mobile and wireless devices, TVs, cars, medical devices and ATM machines as well as the accompanying surge in cyber threats. Providing protection to a diverse online world requires a fundamentally new approach involving software, hardware and services.

The price offered by Intel amounts to $48 per share, which is a 60% premium on the value of McAfee’s stock. Intel obviously wants McAfee pretty desperately, since McAfee hasn’t traded at the quoted price since 1999. The acquisition will make McAfee a wholly owned subsidiary of Intel and is expected to be finalized after shareholder approval, regulatory clearances and other customary conditions specified in the agreement.

Trojan Uncovered In an Innocuous Snake Game for Android

One of the biggest attractions of Android is its open Market, which houses a wide range of apps that can be used for anything from listening to music to overclocking the processor. However, as mentioned earlier, Android’s biggest strength might also turn out to be its biggest weakness. The open Market means that it’s a lot simpler for malware developers to target Android handsets than the highly locked down iPhone.

Android-Snake-Tap

F-Secure is now reporting that Tap Snake – a popular Snake game for Android, is actually a client for a spying app. During installation, this game requests full network access as well as access to your GPS sensor. Once installed, it runs in the background and secretly reports your location every 15 minutes.

Fortunately for users, the game itself is simply acts as a client or s front-end. In order for the actual spying to occur, the handset must also have a paid application called GPS SPY. Moreover, GPS SPY must be registered to the same email address as TapSnake. This obviously makes it much harder to actually spy on any user, since physical access to the device or extreme gullibility on behalf of the user is be required.