Tag Archives: Hacks

Android 3.0 Honeycomb Ported to the NOOKColor.

Although it does not really work yet. So do not get hyped yet.

XDA member deeper-blue ported the preview SDK version of the next iteration of Google’s mobile OS Android 3.0 on the Barnes & Noble eBook reader, the NOOKColor. Android 3.0, codenamed Honeycomb has been developed with tablets in mind. This means that when properly streamlined and optimized for tablet computers, Honeycomb will take the mobile computing scene to newer heights.

Nook

Deeper-blue initially described his port of Honeycomb on his NOOKColor kernel as a zombie. That was because although the system booted and ran fine, there was no touch input or hardware acceleration. So… not only was it incredibly slow, it could not have been useful at all.

However deeper-blue managed to hack away at the code and managed to get the touch input, orientation sensor and even the graphics libraries in order. So, for now, the NOOKColor can be used to some extent.

Needless to say, he/she has the entire XDA forum (composed mostly of geeks, technophiles, hackers and other synonyms for technology-lovers) drooling. If deeper-blue manages to successfully port Honeycomb on the NOOKColor, it could very well be the cheapest Android 3.0 tablet in existence as well as being the only Android 3.0 tablet in existence, for now. Ha!

How Safe is Gmail, Twitter and Facebook? Is HTTPS Safe? We Show You How It Isn’t

Hey, isn’t HTTPS the most safe and secure way to access a website? Not exactly, here is where we show how people can use a simple method to crack , and .

hacked

So you think you can’t be hacked? Well, think again, you can be hacked using a simple image and JavaScript on a secure HTTPS. Before I go ahead on this, watch a video below created by our author Amit Banerjee which shows you how vulnerable you are on the Internet.

As you can see from the above video, it is very easy for anyone to know when you are logged into Gmail, Twitter and Facebook without having to place any suspicious code on your PC. All you need to do is visit a website to check whether or not you are logged in on these sites. Your information can be tracked, no matter whether it uses HTTPS or not and whether you visit the website or not.

This is basically very scary because this is a cross-platform hack and is done through a image which is hosted by these services. Though, I do know that on how this is done, I don’t have any solutions to negate this problem right now,  but I am really trying to figure out one. Till then there is nothing you can do about it. Fun right?

I have reached out to Gmail, Facebook and Twitter about this and am awaiting a response. Will update this post once I get one. Till then, you are not safe on the internet.

The hack basically uses the HTTP status code to find out whether you are logged in or not into these services. Since these images are hosted on Gmail, Twitter and Facebook a user basically has to log in to view them, so it becomes easy to figure out when you are logged in or not. If you are curious to see this in action, visit this page.

For more information, check out Hack A Day on how HTTP Status codes can be abused.

(Video and most of the reporting done by Amit Banerjee)

Mark Zuckerberg’s Facebook Fan Page Hacked, Are We Safe On Facebook?

I have written about various Facebook scams in the past, most of them were not harmful, but they definitely showed how unsafe was. Now, what if the account of the Facebook founder Mark Zuckerberg was compromised? Would you be able to trust the company? Would you be able to really put your private information on the website?

Mark Zuckerberg Facebook Fan Page Hacked

In what could be a embarrassment for Facebook, the fan page of Mark Zuckerberg; the founder of Facebook, was recently hacked. The person who hacked the account wasn’t as nasty as the Bristol Palin Twitter hacker, but he did leave a message on the Facebook fan page reportedly from Mark Zuckerberg.

The message as seen in the screenshot above was spotted by TechCrunch, however, within a few minutes or so the fan page for Mark was taken down. The message that was left says:

Let the hacking begin: if facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a "social business" they way Nobel Price [sic] winner Muhammad Yunus described it? What do you think? #hackercup2011.

The message was definitely not left by Zuckerberg and even if he did, the entire Facebook page would not be taken down. So if the company’s founders account can be hacked, are we safe enough on Facebook? Can we trust them to take care of our private information? Would the recent security measures at Facebook change any of these things?

It is time to question what you put on Facebook. In the end no one’s account is safe.

Sony Aims to Send Harsh Message to Security Researchers

The hot topic in the Sony PlayStation community has been the security breach of the PS3 devices by computer security analysts and hackers as was revealed in the Chaos Communication Congress. When hacker George Hotz (of the legalizediPhone jailbreak fame) managed to use root keys to make the PS3 run unauthorized code, there was havoc. Geohotz’s method allows anyone with a PS3 to use his hack to run homebrew games or applications (software that is not authorized by Sony) and pirated games. While Geohotz claims that the purpose of his hack was to enable the running of homebrew software something the PS3’s smaller sibling, the PlayStation Portable, is highly sought-after for the inevitability of piracy landing on the unhackablePS3 is quite obvious.

800px-PS3Versions

Thus, Sony is suing George Hotz, and some other security analysts under certain laws of the Digital Millennium Copyright Act (DMCA). The DMCA is supposed to be a champion for the cause of intellectual property rights and royalty rights, and is also the key support on which Digital Rights Management (DRM) stands.

However, the Electronic Frontier Foundation, an organization that tries to preserve our rights of speech and privacy in this age of electronic devices and networks, has always warned the general public about the DMCA. Corrynne McSherry and Marcia Hofmann of the EFF write:-

For years, EFF has been warning that the anti-circumvention provisions of the Digital Millennium Copyright Act can be used to chill speech, particularly security research, because legitimate researchers will be afraid to publish their results lest they be accused of circumventing a technological protection measure. We’ve also been concerned that the Computer Fraud and Abuse Act could be abused to try to make alleged contract violations into crimes.

The DMCA is also strangely inconsistent. While Geohotz is being tried under this law, earlier he was released by the same law when he allowed the jailbreaking of Apple’s iPhone. Sony also words its complaint harshly stating that Hotz and his defendants breached the Computer Fraud and Abuse Act as well:

by transmitting in interstate and foreign commerce a communication containing a threat to obtain information from a protected computer without authorization, or to impair the confidentiality of information obtained from a protected computer.

(The entire lawsuit is embedded below)

Complaint

How Sony will ever remove the hack from the depths of the internet is something that will keep the tech world interested in the coming days. It would be the nearest that the net will come to seeing a slapstick comedy performed live by a huge technology company.

BREAKING: Bristol Palin’s Twitter Account Hacked

With all the hoopla going around today about Todd Palin scandal/affair; who happens to be Sarah Palin’s husband and Bristol Palin’s father, the account of Bristol Palin seems to have been hacked by someone.

Bristol Palin Twitter Account Hacked

If you visit the compromised account of Bristol Palin, you will see her image replaced with the one posted above. In addition to that the hacker has also taken over her timeline posting updates on her behalf. Well, anyone reading that would be able to figure out that the account has been compromised.

Bristol Palin Timeline Compromised

As of few minutes ago, the hacker is still posting updates on Bristol Palin’s account. We have reported the account to Twitter and are awaiting further updates.

More to come…

(h/t @shahpriya)

Minecraft + Kinect = Internet Glory

The Microsoft Kinect motion-sensing gaming system is probably one of the finer and sharper tools in comparison to the blunt, uncivilized clubs that are the PSMove and Wiimote. Actually no; I was kidding in a bid to start a console war on the comments thread of this post. In fact the Kinect is the most different piece of equipment in that it uses a infrared depth sensing camera (and some other technological wizardry) so that your movements in front of the camera translate into movements in the game.

Minecraft, on the other hand is E Lego, as my friend eloquently put it. You have blocks, lots and lots of blocks and you can build a lot of things from within the game world. The maximum surface area achievable on Minecraft is eight times that of the surface area of the Earth. People have been busy building a lot of absolutely gorgeous automated machines, gargantuan sculptures and horsing around with the source code to make ducks sound like they hate you.

minkin2

That is all very cool but what have the hackers been up to? More importantly, what is the connection between the previous two paragraphs? The title puts it well, I believe. Nathan Viniconis, a retro cool Python programmer (retro cool was our addition) did something completely awesome. He took a Kinect and made it take a picture of him. He then made Python scripts to import a pixel version of the 3D image into Minecraft, resulting in some gloriously blown up sculptures of him and people/things around him.

minkin3

Hit up his website (which is under severe pressure from RPS, Kotaku and Reddit) to get the code. Also, tell us if you actually implemented all that Python-fu!

Mac App Store Cracked

It seems that the Mac App Store, which was launched on January 6, has been cracked already. The crack will not be available until February 2011 though, according to Dissident, the hacker who created the hack – Kickback.

Mac App Store Crack

We don’t want to release Kickback as soon as the [Mac App] Store gets released. I have a few reasons for that.

Most of the applications that go on the Mac App Store [in the first instance] will be decent, they’ll be pretty good. Apple isn’t going to put crap on the App Store as soon as it gets released. It’ll probably take months for the App Store to actually have a bunch of crappy applications and when we feel that it has a lot of crap in it, we’ll probably release Kickback.

So we’re not going to release Kickback until well after the store’s been established, well after developers have gotten their applications up. We don’t want to devalue applications and frustrate developers.

It has already been widely reported that the security of the Mac App Store is very easy to circumvent. The team that developed Kickback is a part of the Hackulous community that cracked Apple’s DRM system for iOS.

via GadgetsDNA

Google Cr-48 Hacked To Run Windows 7 and Mac OS X

Google Cr-48, which is a pilot netbook running seems to be quite hackable. It provides users with an Easter egg in the form of developer mode and several eager developers and geeks have made use of it to do things the netbook was not supposed to do.

Windows 7 Running on Cr-48

Earlier, some geeks had managed to run Ubuntu on the device, however, here is something much more interesting. A users has managed to install and run both and Max OS X on the Chrome Cr-48 laptop.

Yes, the hardware specs and storage space might not be that great on the Cr-48, but it can definitely run these OS. Watch a video of the Google Cr-48 running Mac OS X below.

Click here if you can’t watch the video.

(Source: Engadget)

How to: Get a Homebrew Enabler on your PSPGo (or PSP 3000 with Firmware 6.20)

So you got that Sony PlayStation Portable as a Christmas present, but aren’t all that interested in using it like normal gamers? You want to play homebrew games games that were designed by independent developers such as Troubles of Middle Earth and Cave Story? Most of you PSP 3000 and PSPGo owners must know that most Homebrew Enablers (HEN) do not work on your system if your firmware is higher than v5.50. So, those of you on higher firmware such as v6.20 or so did not have any option to play homebrew games.

hbl_logo_tiny

I’m here to tell you that there is a way to do that on your PSP 3000 or PSPGo. But before that, a short history lesson.

However, along came a Mr. Wololo, who along with others, creating the Half Byte Loader (HBL) that allowed users with the PSP 3000 (and eventually the PSPGo) with firmware 6.20 to play homebrew games and applications via a hacked Patapon 2 save game (a save exploit). While this was a great advancement for the PSP 3000 homebrew scene it was still not a complete enabler. It was a tedious process to run a homebrew game. You had to launch the Patapon 2 Demo, then load an exploited save file and then choose a homebrew. If, by chance you chose the wrong homebrew game, you had to go through this entire process again.

Then came a Frenchman called Total_Noob (TN). He figured out a kernel exploit (an exploit that allows you to run unsigned code directly via the XMB) that could be activated via the Half Byte Loader. In plain terms, this means that you would have to enable the exploit once via the Patapon 2 save game and until you completely shut down your PSP, you could directly launch homebrew via the normal user interface.

In effect, TN had made a HEN, now known as TN HEN.

hen620

This is what we are interested in, aren’t we?

Wololo testing the TN HEN on his PSP Go

Now that the short history lesson is done with, the beefy how-to part comes in.

Things you will need:

A PSP or PSP Go with Official Firmware 6.20 (or less).
An unpatched Patapon 2 Demo
Wololo’s crafted save for Patapon 2, HBL and TN’s HEN (the link contains all three in one archive)
Some homebrew games to play.

Things you will have to do:

1. Download the Patapon 2 Demo and place it in the PSP/GAME folder of your PSP’s memory stick. (Also make sure some other homebrew games are also in this PSP/GAME folder)

2. Unpack the HBL+HEN archive to your memory stick’s root. (Make sure all the files and folders are merged properly).

3. Run the Patapon 2 Demo from your PSP.

4. Select the HEN 6.20 save file (you will know which one it is by its logo)

5. Press the right shoulder button twice. The screen will go black and some code will start executing. Wait for it to finish. It will automatically return to the XMB interface.

6. Now run any homebrew game you want directly from the XMB.

Congratulations! You now have a homebrew enabled PSP 3000/Go!

Do leave a few comments if this method does not work for you!

CBI Website Down After Being Hacked by PCA

Earlier today, the CBI website was hacked by Pakistani Cyber Army in retaliation against the hack by Indian Cyber Army on 35 Pakistani government websites. However, it looks like the CBI website is currently not functioning and has been taken down.

cbi_website_down

The Pakistani Cyber Army had intimated us through email about the CBI website being hacked along with 270 other smaller Indian websites. The CBI website was the only government website to be hacked and there were no other causalities.

It is not clear whether the CBI website was taken down intentionally or whether their servers had issues because of the heavy traffic they got because of the CBI website being hacked news.

We will keep you updated on how things progresses so stay tuned for it.