Voltage Pictures, the production studio behind the Oscar-winning film The Hurt Locker, has filed a new lawsuit in a federal court in Florida, according to TorrentFreak. The studio’s latest complaint targets at least 2,514 alleged BitTorrent users, whom Voltage Pictures claims pirated the film and cost the studio millions. The company last year filed a joint lawsuit against more than 30,000 alleged BitTorrent users who illegally downloaded the film. The case closed this past December, with Voltage Pictures collecting an undisclosed number of settlements. The studio’s latest suit looks to obtain a subpoena that will order ISPs to reveal the identities of the defendants. The alleged pirates will then be offered a settlement of about $3,000, the report claims. All of the defendants allegedly downloaded the film in 2010 and are Charter Communications subscribers.

Read

The hacker group “Anonymous operations” plans to launch further attacks on Chinese government-run websites to protest what it believes to be strict and unfair laws. The loosely knit group launched various cyberattacks on China’s goverment last week and warned that further attacks were on the horizon. “First we want to alert the Chinese government that we aren’t afraid, and we are going to show the truth and fight for justice,” Anonymous hacker “f0ws3r” said to Reuters, adding that more serious attacks are coming against Chinese websites. “Yes, we are planning more attacks, a few at a time,” the hacker said. The group is looking to “take down the Great Firewall of China,” which blocks access to Twitter, Facebook, YouTube and many other websites. The Anonymous China team consist of 10 to 12 hackers, most of whom are not based in China, and has “hundreds” of translators who have helped the group hack various Chinese websites, f0ws3r said. The hacker declined to give further details on the next round of attacks, although he did say the group may hit bigger targets this time around.

Read

Android users who are looking to sell their old devices should be wary of the possible consequences. McAfee identity theft researcher Robert Siciliano warned that personal data from Android devices is not completely removed after a user activates the built-in wipe option, The Los Angeles Times reported on Friday. “What’s really scary is even if you follow protocol, the data is still there,” Siciliano said. If you have a BlackBerry or Apple device, Siciliano said your data can be fully deleted by following the manufacturer’s directions. As for smartphones running the Android operating system and computers running Windows XP, Siciliano recommends that people don’t bother with selling them at all. “Put it in the back of a closet, or put it in a vise and drill holes in the hard drive, or if you live in Texas take it out into a field and shoot it,” he said. “You don’t want to sell your identity for 50 bucks.” To test the security of various platforms, Siciliano purchased 30 smartphones and computers from Craigslist. The researcher was able to access personal data from 15 of the 30 devices through his own hacking efforts and the help of a forensic expert. The data obtained included bank account information, Social Security numbers, child support documents and credit card account log-ins.

Read

A new exploit has been discovered that allows unauthorized access to a user’s Google Wallet account with a simple hack that can be performed by anyone in a matter of minutes. A security firm recently exposed a Google Wallet vulnerability that allowed hackers to bypass PIN protection, but the vulnerability is only present on rooted Galaxy Nexus handsets. This new exploit, however, does not require a handset to be rooted, which leaves all Google Wallet users exposed. Read on for more.

As mobile blog The Smartphone Champ explains, the newly exposed security hole allows someone to simply reset a user’s Google Wallet password by clearing the Google Wallet application data from within the phone’s settings menu. A user’s Google Wallet PIN is not required to wipe this data and once the information has been cleared, the handset will prompt the user for a new PIN without first requiring that the old PIN be entered. Anyone who performs this simple procedure will be able to access funds on the original user’s Google prepaid card.

A Google spokesperson acknowledged the vulnerability and gave the following statement to Android and Me: “We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”

A video demonstration of the simple hack follows below.

[Via Android and Me]

Read

Amazon’s Silk Web browser has received mixed reviews from the media and from consumers. In our review of the Amazon Kindle Fire, we noted that loading Web pages in the cloud-assisted browser on the tablet seemed to stall at first but once content finally began downloading, it indeed seemed to move very quickly. Other reviews found Silk to be much slower than other comparable browsers, however. Curious Android device owners who aren’t among the millions who purchased the Kindle Fire ahead of the holidays can now install Amazon’s Silk browser on a variety of rooted handsets and tablets thanks to the work of an xda-developers forum member. Results are mixed so far, and the port will not work on the Galaxy Nexus, among other handsets. Many users have successfully installed the browser on a variety of devices including the Motorola ATRIX and the Samsung Galaxy Tab, however.

Read

All GSM phones, such as those that run on T-Mobile and AT&T in the United States, are vulnerable to a major security flaw that could allow hackers to send text messages or place phone calls remotely using a new security flaw, one hacker said recently. Speaking to Reuters ahead of a hacking convention in Berlin, Karsten Nohl, the head of Germany’s Security Research Labs, said the attack could be initiated on a large scale, too. ”We can do it to hundreds of thousands of phones in a short timeframe,” Nohl explained. “None of the networks protects users very well.” Nohl didn’t provide details on how hackers could take advantage of the flaw, although Reuters said it’s likely that those attending the conference will try to recreate it themselves. Nohl also explained that carriers can easily patch the security hole and that some simply need to update their software. “Mobile network is by far the weakest part of the mobile ecosystem, even when compared to a lot attacked Android or iOS devices,” Nohl said, noting that Germany’s T-Mobile and France’s SFR wireless carriers are the most secure against hackers.

Read

New York University’s Polytechnic Institute has discovered a Skype security flaw that leaves Skype users’ locations and P2P sharing activity accessible to hackers. The security hole was discovered while NYU scientists monitored 10,000 Skype users and 20 volunteers during a two-week period. “A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud,” professor Keith Ross from computer science NYU-Poly’s computer science program said. Hackers can also keep track of a Skype user’s movements as he or she places calls from various locations. The scientists were able to follow a Skype user during a vacation from New York to Chicago and then all the way home to France, Financial Post explained. “A fairly straightforward and inexpensive fix would prevent hackers from taking the critical first step in this security breach – that of obtaining users’ IP addresses through inconspicuous calling,” the scientists said. Skype chief information officer Adrian Asher said his company will work to improve the security of Skype’s software. 

Read

Apple has addressed a major security vulnerability with the latest version of its iOS software. Just released on Thursday afternoon, iOS 5.0.1 was welcomed with open arms by iPhone users plagued by poor battery life. Apple promised that this new build addresses issues causing the lackluster battery performance — though its effectiveness remains in question — and it also addresses a much more serious problem. Security expert Charlie Miller revealed a major security flaw in iOS last week that allowed developers to sneak malicious apps past Apple’s App Store review process. Once installed by an end user, a hacker was able to use the vulnerability to steal data or perform any number of other unauthorized functions. IOS 5.0.1 addresses the vulnerability, Forbes reports, preventing apps from receiving malicious payloads. Apple credits Miller with having discovered the bug — he reported it to Apple nearly a month before going public — though the company has yet to restore his developer account, having banned him from its developer program after he planted an app in the App Store in order to demonstrate the vulnerability.

[Via Forbes]

Read

A major security flaw in Apple’s iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert. Described by Forbes as a “serial Mac hacker,” Accuvant LABS computer security researcher Charlie Miller has uncovered a security flaw that allows hackers to build apps that look legitimate and pass through Apple’s App Store approval process. Using a code-signing vulnerability, however, the malicious apps will automatically connect to a remote server following installation and download new unapproved code that might grant hackers access to system files, personal data and a host of unauthorized functionality. Read on for more.

Apple’s closed App Store approval process has been touted by security experts and pundits alike as a much more secure option than an open system like Google’s Android Market. While Apple has been largely successful in keeping malicious software out of its iOS App Store, this newly revealed vulnerability illustrates that no system is ever fully secure. “Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Miller told Forbes in an interview. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

Miller isn’t just talking the talk, either. The security expert actually planted an app in Apple’s App Store that utilizes the exploit he detailed. Miller submitted the app to Apple for approval using his developer account and, following Apple’s standard testing and approval process, the app became available in the App Store. Miller then recorded a video illustrating some of the many functions a hacker would be able to perform using this exploit, which include executing a payload that will give the hacker complete control of an iOS device from a remote terminal.

The security expert’s app has since been removed from the App Store and his developer account has been suspended. Miller’s video follows below.

Anonymous, the “hacktivist” group that waged war on the U.S. government and large companies such as Apple, has shifted its focus from cracking corporations to fighting online pedophilia. The group is now targeting web host Freedom Hosting and is accusing it of knowingly hosting child pornography. “The owners and operators at Freedom Hosting are openly supporting child pornography and enabling pedophiles to view innocent children, fueling their issues and putting children at risk of abduction, molestation, rape, and death,” Anonymous said in a statement. “Our demands are simple. Remove all child pornography content from your servers. Refuse to provide hosting services to any website dealing with child pornography. This statement is not just aimed at Freedom Hosting, but everyone on the internet. It does not matter who you are, if we find you to be hosting, promoting, or supporting child pornography, you will become a target.” Read on for the full statement against online child pornography from Anonymous. 

1. #OpDarknet Press Release – 10/15/2011
2. ————————
3.    Timeline of Events
4. ————————
5. At apprx 8:30 CST while browsing the Hidden Wiki we noticed a section called Hard Candy which was dedicated to links to child pornography. We then removed all links on the website, within 5 minutes the links were edited back in by an admin. For this reason, we will continue to make the Hidden Wiki unavailable.
6. –
7. At apprx 8:45 CST we noticed 95% of the child pornography listed on the Hidden Wiki shared a digital fingerprint with the shared hosting server at Freedom Hosting.
8. –
9. At apprx 9:00pm CST on October 14, 2011 We identified Freedom Hosting as the host of the largest collection of child pornography on the internet. We then issued a warning to remove the illegal content from their server, which they refused to do.
10. –
11. At apprx 11:30pm CST on October 14, 2011 We infiltrated the shared hosting server of Freedom Hosting and shutdown services to all clients due to their lack of action to remove child pornography from their server.
12. –
13. At apprx 5:00pm CST on October 15, 2011 Freedom Hosting installed their backups and restored services to their child pornography clients. We then issued multiple warnings to remove all child pornography from their servers, which Freedom Hosting refused to do.
14. –
15. At apprx 8:00pm CST on October 15, 2011 despite new security features, we once again infiltrated the shared hosting server at Freedom Hosting and stopped service to all clients.
16. –
17. ————————
18.      Our Statement
19. ————————
20. The owners and operators at Freedom Hosting are openly supporting child pornography and enabling pedophiles to view innocent children, fueling their issues and putting children at risk of abduction, molestation, rape, and death.
21. For this, Freedom Hosting has been declared #OpDarknet Enemy Number One.
22. By taking down Freedom Hosting, we are eliminating 40+ child pornography websites, among these is Lolita City, one of the largest child pornography websites to date containing more than 100GB of child pornography.
23. We will continue to not only crash Freedom Hosting’s server, but any other server we find to contain, promote, or support child pornography.
24. ————————
25.       Our Demands
26. ————————
27. Our demands are simple. Remove all child pornography content from your servers. Refuse to provide hosting services to any website dealing with child pornography. This statement is not just aimed at Freedom Hosting, but everyone on the internet. It does not matter who you are, if we find you to be hosting, promoting, or supporting child pornography, you will become a target.
28. ————————
29.      Images & Misc
30. ————————
31. Dead Server Screenshot: http://i55.tinypic.com/vy9w7k.jpg
32. –
33. Freedom Host PR Screenshot: http://i53.tinypic.com/o5qlip.jpg
34. –
35. Our Manifesto: http://www.youtube.com/watch?v=aFuJp_zPIlU
36. –
37.   #Antisec | #Anonymous | #FreeTopiary | #AnonOps | #FreeAnons | #OccupyWallSteet | #OWS
38. We are Anonymous.
39. We are Legion.
40. We do not forgive.
41. We do not forget.
42. Expect us.

Massachusetts Attorney General Martha Coakley recently said her iTunes account was compromised by identity thieves and that she will press Apple for answers. It is unclear how the thieves gained access to Coakley’s account, perhaps through an application, but the hackers stole credit card information and made fraudulent purchases, ThreatPost said. Coakley brought up the attack during a speech for the launch of the Massachusetts Advanced Cyber Security Center. She noted that Dell blocked her credit card when the hackers tried to purchase a computer, believing the purchase to be fraudulent. Apple, however, did not. Coakley said she would reach out to the iPhone maker and demand information. ThreatPost argued that Coakley might have been speaking so strongly in an effort to build support for Massachusetts’ state data privacy, data protection and data breach notification laws. Coakley believes companies such as Apple should be held liable when in violation of the aforementioned laws. The Massachusetts Attorney General’s office said any company that has had a breach which “creates a substantial risk of identity theft or fraud against a resident of the commonwealth,” should publicly disclose the attack.

Read

Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion. “[While] non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Patrick Dunstan from Defense in Depth explained in a recent blog post. The result is that anyone could use a simple Python script, created by Dunstan himself, to discover a user’s password. It gets worse. Reportedly, OS X Lion does not require its users to enter a password to change the login credentials of the current user. That means typing the command: “dscl localhost -passwd /Search/Users/Roger” will actually prompt you to set a new password for Roger. As CNET points out, a hacker could only take advantage of the known bug if he or she has local access to the computer and Directory Service access. CNET suggests disabling automatic log-in, enabling sleep and screensaver passwords and disabling guest accounts as some preventative measures to keep your Mac secure.

[Via CNET]

Read

Following a major security breach earlier this year, Sony made good on its promise to bolster its security by hiring a former official from the U.S. Department of Homeland Security to serve as its chief information security officer and senior vice president, Reuters reported on Tuesday. Philip Reitinger formerly served as the director of the U.S. National Security Center. “Certainly the network issue was a catalyst for the appointment,” a Sony spokesman told Reuters. “We are looking to bolster our network security even further.” Sony’s online PlayStation and Qriocity networks were attacked in May when a hacker group known as LulzSec gained access to personal data belonging to more than 100 million users. A string of subsequent hacks on Sony’s digital properties made headlines for the better part of two months, and Sony’s PlayStation Network was not fully restored until July.

Read

A security expert at Italian security firm AIR Sicurezza Informatica claims to have found a security flaw in Google’s new social network that allows hackers to potentially use Google+ servers to execute DDoS attacks. Simone Quatrini explained the flaw on the IHTeam Security Blog, and he wrote a script that can perform the attack, repeatedly prompting Google’s server to send requests to the target site. DDoS attacks, or distributed denial-of-service attacks, flood a web server with requests in an effort to prevent it from functioning. Such attacks require appropriate resources and bandwidth to execute, and Google servers would obviously have more than enough of these resources to launch a significant attack.

[Via The Hacker News]

Read

A 22-year old student allegedly associated with the hacking group “Anonymous” has been arrested and charged in the United Kingdom. Peter David Gibson is charged with “conspiracy to do an unauthorized act in relation to a computer, with intent to impair the operation of any computer or prevent or hinder access to any program or data held in a computer or to impair the operation of any such program or the reliability of such data,” the Metropolitan Police said in a statement Thursday. Gibson is out on bail and is scheduled to appear in court on September 7th to stand trial. It is believed that Gibson was involved on a number of Anonymous’s DDOS attacks against large corporations; the “Anonymous Operations” branch of the hacking group most recently attacked Apple. Authorities in the United States and the United Kingdom have arrested a number of hackers believed to be associated with Anonymous and a sub-group called LulzSec. LulzSec spokesperson and hacker Jack Davis, aka Topiary, was arrested earlier this month and released on bail.

[Via Bloomberg]

Read