A hacker in the Netherlands broke into some jailbroken iPhones and sent text messages to the owners asking them to pay to find out how to secure their phones, according to postings in a Dutch forum called Tweakers.net.
One of the victims posted a screenshot from his iPhone of the SMS received. It said: "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."
The URL provided now displays a message indicating that it was reported for spam or phishing abuse and has been deactivated.
Ars Technica reports that before the page was removed, it asked that victims send 5 euros ($7.36) to a PayPal account and then await an e-mail with instructions on how to secure the phone. The fix probably would involve restoring the factory settings, according to the Ars Technica post.
"If you don't pay, it's fine by me," the hacker's page said. "But remember, the way I got access to your iPhone can be used by thousands of others--they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."
... Read moreUpdated 4:30 p.m. PST with latest Microsoft comment.
Some Xbox Live players are finding that winning has its drawbacks.
Microsoft said it is investigating reports that people are using malicious software to disrupt Xbox Live players' Internet connections in malicious attacks.
"In our continued effort to help provide a safer and more secure experience for our community of more than 17 million members, we are investigating reports of a malicious Web site that attempts to lure Xbox LIVE members into providing personal information," Microsoft said in a statement on Friday.
"Phishing is an unfortunate and common threat on the Internet, and this problem is not related to the Xbox LIVE service," the statement said. "We encourage people to only do business with trusted Web sites and never enter personal information on unfamiliar sites."
Malicious software is being used by attackers to do things like temporarily shut down a game player's console or even an entire game with a denial-of-service attack targeting the IP address, according to Chris Boyd, director of malware research at Facetime Communications, the BBC News reported on Friday.
Sophisticated hackers are selling their Xbox Live attack services to others via the Internet underground for as little as $20, the report said.
Updated 10:50 a.m. PST December 2 to correct that Apple previously recommended antivirus software to Mac users, and at 1:50 p.m. PST with call back from Apple and link to 2002 Apple anti-virus item. A follow-up blog will be posted that goes into more detail about the coverage.
Apple is recommending that Mac users install antivirus software.
But don't read this as an admission that the Mac operating system is suddenly insecure. It's more a recognition that Mac users are vulnerable to Web application exploits, which have replaced operating system vulnerabilities as the bigger threat to computer users.
On November 21 Apple updated a technical note on its Support Web site that says: "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult."
The item offers three software suggestions: Intego VirusBarrier X5 and Symantec Norton Anti-Virus 11 for Macintosh, both available from the Apple Online Store, and McAfee VirusScan for Mac.
MacDailyNews unearthed the same note posted by Apple in June 2007 and published it on Tuesday,a long with a link to a March 2002 note from Apple urging people to use an anti-virus program.
Apple representatives did not respond to e-mails seeking comment on Monday, but did return a call on Tuesday. A spokesman said he would look into the matter.
Brian Krebs, who first reported on the Apple antivirus recommendation Monday in his Security Fix blog at The Washington Post, said an Apple store employee told him he didn't need antivirus software when he purchased a MacBook three months ago.
... Read more
USB thumb drives are convenient, popular and often free--and they're spreading viruses like sailors on shore leave.*
The US-CERT (Computer Emergency Response Team) issued a warning on Thursday that malicious code is increasingly propagating via USB flash drive devices.
Meanwhile, the U.S. Department of Defense has temporarily banned the use of thumb drives, CDs, and other removable storage devices because of the spread of the Agent.bzt virus, a variant of the SillyFDC worm, according to Wired.
We've seen this before with portable external storage devices. Floppy disks were the culprit in the early 1990s, followed by CDs. The fact that USB thumb drives are being used by so many people makes them an attractive target for virus writers.
"The bad guys are intentionally developing new flavors of malware designed to propagate through USB devices," said Gunter Ollmann, chief security strategist for IBM's ISS security division. "They are today's floppy drives."
(Credit:
CNET News/James Martin)
But USB drives are even handier. Their small size makes them easy to slip into a pocket or carry on a lanyard around your neck. A common swag item in the tech industry, they also are mainstream consumer storage devices. They literally litter my desk drawers.
There are a couple of ways USB thumb drives can be used to spread viruses and other malicious software.
... Read more
CNET News reporter Elinor Mills knows what it's like to feel frustrated by computer glitches.
(Credit: James Martin/CNET News)When faced with a technology breakdown, levels of optimism and frustration vary depending on age and gender, according to a new study to be released on Sunday.
That's the straight lead. The one I was pondering writing is:
I'm a late-baby-boomer woman and I hate technology.
That's not entirely true. I love technology when it works and is easy to use. But I get annoyed when my computer gets jangy or my wireless goes down. And apparently, I'm not unusual for my demographic.
"Younger users are generally much more optimistic than older adults when their gadgets fail," says the Pew Research Center's Internet & American Life Project which sponsored the survey of 2,054 U.S. adults.
"Although young adults age 18 to 29 years old are no more likely to be able to fix devices on their own, they were significantly more likely to be confident that they were on the right path to fixing it, and they were significantly less likely than older adults to feel discouraged or confused about fixing devices," according to the report.
There is no data on whether they were successful in fixing the devices, only that they thought they could. (Elsewhere, the data shows that of the 52 percent of tech users who are comfortable learning to use new devices on their own, 35 percent fix broken technology on their own.)
Meanwhile, the gap between the percentages feeling confident when their devices fail versus discouraged and confused narrowed as the age ranges went up.
Now for gender-based differences:
... Read more
Toronto police launched an innovative gun amnesty program on Wednesday. It's dubbed Pixels for Pistols, and through it, police are offering to give out a Nikon digital camera to anyone turning in a firearm.
Hand over your gun, get a camera--and photography classes.
(Credit: Nikon)A handgun or assault rifle is worth a $400 Nikon Coolpix S52 and a shotgun nets a $250 Nikon Coolpix P60. The deal includes free photography lessons.
The amnesty program will run for four weeks, according to Henry's camera store, which is providing the cameras.
This might be a good idea for U.S. cities with a lot of street crime. Other amnesty programs offer cash ($100 assault rifles, $50 for shot guns in Washington, D.C. last year) but cameras of much greater value might be just the enhanced financial incentive, and possible artistic motivator, that some gun owners need.
(Thanks to Byron Ng)
The iPhone is recording everything users see and do on their devices for caching purposes, an iPhone hacker says.
The device records screenshots of a user's most recent action so that it can achieve that cool effect of applications fading away when the home button is clicked, according to Jonathan Zdziarski, who wrote the forthcoming book iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets.
The screenshots are presumably deleted after the application is closed, but they can be recovered with forensics techniques just like data deleted from most any storage device can be reconstructed for purposes of law enforcement, he said in a Webcast on Thursday in which he demonstrated how to break into password-protected iPhones.
"There's no way to prevent it," Zdziarski said of the screenshot caching, according to a Wired report. "I'm kind of divided on it. I hope Apple fixes it because it's a significant privacy leak, but at the same time it's been useful for investigating criminals."
Meantime, breaking into a passcode-locked phone took him nearly an hour to demonstrate and required creating a custom firmware bundle, the report said. The issue is different from a security hole discovered last month that allowed people to get access to e-mail, text, and voice messages on password-protected phones.
Apple representatives did not respond to an e-mail seeking comment for this story.
Some airlines have been allowing BlackBerrys to be used as electronic boarding passes and soon standard cell phones will follow.
Now there is news of the iPhone being used to board a plane. Blogger Gerald Buckley writes about how he was allowed to board an American Airlines flight from San Antonio to Dallas by having the gate agent scan the bar code of the ticket on a PDF displayed on his iPhone.
Don't think you can waltz quickly to the gate by flashing your iPhone, though. Buckley makes it clear that he showed TSA his paper boarding pass to get through security.
TipSoft SMS lets you send an anonymous text message about crimes to police.
(Credit: Anderson Software)You see a crime, what do you do? Most people would just dial 911. But if you want to remain anonymous and there's no no pay phone around, you can now send a text message to the authorities.
A company called mBlox, which operates a mobile transaction network, and Anderson Software, provider of law enforcement tip management software, have launched a service that lets people send in anonymous tips via SMS.
The TipSoft SMS service provides an alias for the tipster and allows for two-communication without sharing the tipster's phone number with authorities. The text messages are encrypted and routed through secure servers.
The anonymity will likely mean more tips to police, which is good. But there's also the chance there will be pranks pulled and people ratted out for unwarranted activities, which is not so good.
TipSoft is already available in 16 cities in Canada, is launching in 32 U.S. cities, and will be available in the U.K. soon, the companies said.
Forget about MySpace. Music groups are now turning to branded search engines to reach their fans online.
By using the special search engines, fans earn points that can be redeemed for band swag, like T-shirts, posters, and autographed guitars, as well as etched iPods and other electronics, movie tickets, music, and books.
Ted Nugent fans can even win a hunting trip with the carnivorous rocker.
"It makes the bands look tech-savvy. They don't look so old and legacy-like," says Hab Haddad, vice president of business development at music management firm McGhee Entertainment. The firm represents Ted Nugent, Hootie and the Blowfish, and KISS, a favorite among Internet searchers, apparently.
Barry Manilow's site is also pretty popular, says Ron Leshem, vice president of marketing at Prodege, the firm that creates and markets the sites. KISS and Manilow are each "getting a check every month in the multiple thousand-dollar range," he says.
The KISS search site has a nice big picture of the photogenic band in all their face-painted glory, and a search box for Web, news, images, or video searches for anything your heart desires. The results are powered by Google and Ask. It gets about 20,000 unique visitors a month, according to Leshem.
KISS has a custom, branded Web search site where you can earn band swag for searching.
(Credit: KISS/Prodege)You earn "Swag Bucks" as you search on the site, or any of the other approximately 80 celebrity-branded search sites, which include Beyonce, Wynonna Judd, Willie Nelson, Hilary Duff, the Indiana Pacers, the Indianapolis Colts, and New England Patriots wide receiver Randy Moss.
For 45 Swag Bucks you can get a $5 credit at Starbucks; 325 Swag Bucks gets you KISS fragrance for men; and for 2,500 Swag Bucks you can get a Gene Simmons Gold Record (Rare Production Sample).
It's unclear how many searches you have to conduct to get a point. People tend to win about five times a day, and you can get matching Swag Bucks for referring friends, according to Leshem.
For the band management firms, signing up for a branded search site is a no-brainer. They earn, on average, 15 cents per click on a sponsored link; they get traffic to the bands' other Web sites through a toolbar fans can install; and they get rid of promotional items from tours that are just laying around the band office, says Haddad.
I'm waiting for the Spinal Tap search site, myself.
