A worldwide team of crackers managed to generally attack the Pace iLok dongle security system. An automized unwrapper for protected applications has surfaced on the net. The unwrapper is compatible to MacOS X 10.6 (Slow Neopard) and works for the Intel based part of universal binaries only.
The Pace iLok dongle is mainly used by music applications and music plugins. As this market is a little one, the impact of the generic unwrapper is not predictable at the moment. Anyway we suppose, that producers and studios – hopefully – do use legally licensed software and that this unwrapper is used for try before buy possibilities. Marketpenetration comes with confirmed habit of users.
Although some iLok protected applications are offered as trial, forum users say trial times are much too short and having to register a Pace iLok account is considered to not be comfortable for the average user.
Anyway, forum reports indicate that many developers using the Pace iLok dongle have applied additional custom protection layers, which render the Pace iLok unwrapper not useful at least for the average John Doe. It is expected that iLok will very soon add new encryption layers for improved security.
The servers have so far not been confiscated. We decided, however, to disable all services (OpenVPN, PPTP VPN, L2TP/IPSec VPN, SOCKS5, SQUID) in Erfurt temporarily in order to give those of our members, who have elevated security needs, time to read this announcement and to evaluate the risks. It is not known to us whether the authorities initiated measures such as telecommunication monitoring in Erfurt. (..)
It is not known (..) whether the authorities initiated measures such as telecommunication monitoring in Erfurt.
Users with security concerns better do not connect via Erfurt at the moment.
Consumers and organizations that currently use the “Other OS” feature can choose not to upgrade their PS3 systems, although the following features will no longer be available;
Ability to sign in to PlayStation Network and use network features that require signing in to PlayStation Network, such as online features of PS3 games and chat
Playback of PS3 software titles or Blu-ray Disc videos that require PS3 system software version 3.21 or later
Playback of copyright-protected videos that are stored on a media server (when DTCP-IP is enabled under Settings)
Use of new features and improvements that are available on PS3 system software 3.21 or later
For those PS3 users who are currently using the “Other OS” feature but choose to install the system software update, to avoid data loss they first need to back-up any data stored within the hard drive partition used by the “Other OS,” as they will not be able to access that data following the update.
On the Black Hat 2010 conference in Crystal City notorious smart card hacker Christopher Tarnovsky explained how he managed to hack current Trusted Platform Modules by Infineon.
This time Tarnovsky managed to read secured data from TPM chips like RSA and DES crypto keys. His approach took six months and a lab consisting of devices for about US$ 200,000. After having found out the exacty way to compromise Infineon’s chips it took only six hours to compromise an XBox 360’s TPM chip.
On the Black Hat 2008 in Amsterdam Tarnovsky said he was offered US$ 100,000 to crack the Xbox 360’s TPM:
A Microsoft engineer is wondering: “Did you take an interest in the processor of our Xbox360 game console?” – “I was offered 100’000 dollars to break it”, says Tarnovsky. “But I replied that that wasn’t enough.”
For people generally interested in approaching smart card security check this article with a video Wired.com featuring Tarnovsky in his security lab.
Apple must be pleased about this news. They haven’t become tired in telling the people that jailbreaking the iPhone seriously compromises user security.
And now a worm developed by Ashley Towns from down under is nothing else but attacking jailbroken iPhones whose Secure Shell has not been disabled or where the default root password (“alpine”) is in place.
Luckily the first version of the worm was almost imperfect as it just changed the background wallpaper to a photograph of Rock Astley – yes rickrolled again. Anyway ITBusinessEdge now reports that a second version of the worm has been seen in the wild. This new version of the worm gives no indication that it has successfully compromised your jesus phone. Beware guys.
Now, will we get virus scanners for our jailbroken iPhones? Will it be necessary to run firewalls?
It seems like irony, but it seriously looks like that all the probs Microsoft’s operating systems have had for years with viruses and worms – just because Windows is the most widespread desktop operating system – are now coming to the iPhone.
GeoHot posted a picture showing that he managed to run custom commands on iBoot. This seems to be the first major step for a jailbreak. Moreover GeoHot also managed to find the key for the Ramdisk while MuscleNerd of the iPhoneDevTeam obviously has already found the vfdecrypt key.
All this is good news. Anyway aswell as GeoHot and the DevTeam will have lots of work to do. Don’t expect anything soon, since GeoHot also found a new security addition called ECID, which obviously gets generated by Apple’s servers and which seems to be unique to every iPhone. Every restore seems to have to be validated by Apple’s servers. And this is bad news.
It is commonly known that Apple’s products don’t belong to the safest products in the computer industry. For quite some time now: Botnet builders are using the well known zombie technique to gain control over AppleTV to use it in botnets. This is due to AppleTV’s large market share (of about 0,5%)… Yes…
This is how these Botnet builders do it:
they walk into stores and buy newly released blurays like “I am Legend”
they illegally decrypt it
convert it to x264 for better compatibility as eMail-attachments (we all know: many providers only allow 10GB per attachment)
then they modify the x264 headers to include buffer overflows adjusted to work on AppleTV only.
For several years now bad guys were sending prepared x264 movies as email-attachments. But now the time is up. Apple released a security update for AppleTV, that prevents buffer overflows. All our AppleTVs will from now on be safe from bad botnetters…
The truth behind it
Ok, you got us here. Besides from kidding: there is no need for this update. The only reason in our opinion is: they wanna stop people using AppleTV for more than the allowed things. There are no buffer overflows that we are aware that are being used by botnetters currently. Since AppleTV’s market share is so low, this wouldn’t even make any sense from an economical point of view for the botnetters.