The Edge of I-Hacked

from :: Hack In The Box ::

China is refusing to guarantee that it won’t censor the Internet during this summer’s Olympic Games, but insists that the international media will still be able to function normally. Officials from China’s Technology Ministry took a somewhat odd opportunity to speak about its censorship plans during a press conference after the Olympic torch relay crossed Mount Everest. They said that while the government would be able to “guarantee as much [access] as possible,” there’s no way that China would turn off the Great Firewall entirely during the Games.

“China has always been very cautious when it comes to the Internet,” Technology Minister Wan Gang said, according to Reuters. “I’ve not got any clear information about which sites will be shut or screened. But to protect the youth there are controls on some unhealthy web sites.”

 from arstechnica

As per the unofficial timeline, Windows XP Service Pack 3 (SP3) has been uploaded to Microsoft’s servers. Currently, the final build is only available on the download.windowsupdate domain in the following languages: Chinese (Hong Kong), Czech, English, French, German (Deutsch), Hebrew, Japanese, Polish, Russian, Simplified (Chinese), Spanish, and Traditional Chinese. According to Microsoft TechNet, the 300MB+ x86 standalone installer (build 5512) will not be available today on the Microsoft Download Center nor on Windows Update.

There will be no x64 version of SP3 released; Windows XP x64 will be updated at the same time Windows Server 2003 is updated, since it is derived from the codebase of the latter. Although Microsoft has still to confirm the date, SP3 should be rolled out via Automatic Updates on June 10, 2008.

(more…)

Update: We have a winner - that did not take long at all- Congratulations to “raptorjesus”.

One lucky person will get this sweet pick thanks to Defense Devices.
Its made of a lightweight shell (red) and can pick anything you throw at it.

TELL ME HOW IS IT FREE???? Well here are the rules.
*Make sure lock picks are not illegal in your area and you are a trained professional =-)*

Here is how the game works

Start by going to

http://www.defensedevices.com/ihacked.html

Once you are there find the CompuServe product and open that in the plain of all text.
(HINT) Meta DATA and Graphics Interchange Format

You will find 2 words within the meta data.
(HINT)You will need to drop the bang and the inc

Take those 2 words and head over to www.gmail.com

Use the 2 words with no space and perform a password recovery.
(the user name is 14 characters long)

(HINT) If you can figure out the password you can bypass the steps below - the password is made up of 4 words from the front page of www.i-hacked.com - good luck =)

Follow the password hint and crack the file –
(HINT)The user name might help you as a password down the road.

First one to finish wins =)

You didn’t win? Don’t worry we gave some nice I-Hacked.com shirts to Defense Devices and got you 5% off your order.
Click here if you did not notice the deal.

Open to USA residents only =-(

After spending a few days at Shmoocon, I have officially claimed the title Badge Hacker or maybe ConSocial. The talks were very educating and ranged from “almost hacking your own company” to “0wn1ng a business man every which way”. It was great to see that what is being exposed is actually being used to make change. Deviant of http://deviating.net/lockpicking/topics.html spoke out that companies such as Master Lock are making changes to their locks after exposing how easy it is to bump a lock.

I meet up with Johnny Long and we chatted about his new book and how 100% of his proceeds will be going to Africa. We hooked him up with some i-hacked.com swag for his new foundation hackers for charity. I did meet up with Muts from offensive-security who did show off some of his bad ass BackTrack skills. I must thank him for his time and the swag. If you want Back Track training offensive-security is the place to go.

Later that night I met up with the pod cast crew of hak5. After many “non-alcoholic” (yeah right) drinks I talked everyone into crashing “katsucon”. For those like my self that have no idea what the hell I am talking about, it’s a con for animation. To make a long evil story short – we got in, we partied like rock stars and we were amazed at the huge arcade that they had. Props to the DJ of katsucon who mixed in samples of Anonymous. Check back soon for the video of the CON.

Photos

digg story
For those that have not heard, there is an ebay strike happening - This was the info being passed around the yahoo groups, I did not write it, but it is very informative of the changes ebay is making and why everyone is upset. Its important to know about the strike if you are listing and ending your auctions in the next two weeks you will not get good bids due to this strike. I’ve heard this strike can go on till the end of Feb… the change - as a “fee reduction”. However, if you read the fine print you’ll find that they are slyly raising Final Value Fees (the fee the seller pays when the item sells at auction) by as much as 66%. The percentage of increase differs by seller because all sellers sell items with different values and the Final Value Fee is based on the dollar amount of the item. So we save a nickel to list an item, but pay 33% more after the auction is over. This first part of the changes, while quite disgusting, IS bearable.

Second, they are removing the ability for sellers to leave feedback for buyers. Now, Ebay has always been successful on the basis of both buyer and seller being able to rate each other based on the success of a single transaction. They are removing this for sellers. This is very scary for the seller population because as sellers, we already are held hostage by what we call “Feedback Extortionist Buyers”. These are
the buyers that buy something in an auction and then send an email that says:

“You send me the item free or I will leave you a negative and ruin
your Ebay reputation!”.

While people like this are quite rare they do exist. I’ve got over 792 transactions and I’ve come across 4 difficult
buyers who no matter what I couldn’t please them. I managed to scrape by without a negative because they were booted from Ebay, but the point of the matter is that while most buyers are wonderful, these psycho types of buyers DO exist. Now with this new feedback system, ONE rogue buyer (and even my selling competition) could ruin my reputation very easily. Even if I provided a 100% perfect transaction and the item was received the very same day and all was perfect with the world, that one person could ruin me if they wanted to. All they would need to do is buy 5 or 10 items from me and leave five feedbacks separately - because each and every negative will count against the seller. This would mean the end of my store and my business on Ebay over one rogue buyer. Why? Read the next section.

Third, as if one and two weren’t bad enough, if a seller has below a 95% satisfaction rating on Ebay, Ebay will not display your auctions in the search engine. For example, if I sell 20 items one month and 1 of them has a neutral or negative left for it by a buyer (deserved or not), I can no longer list auctions on Ebay and have them be seen in the search engine. Yes, thats right. I can list, Ebay will take my money, but all of my auctions will be on page 857 of the listing and never be seen by any buyers. So once I get one negative, it is virtually impossible to recover from that by selling additional items because none of my items will be seen to be purchased by another buyer later. It’s a no win situation for a seller.

Fourth, as if all of this wasn’t the most horrific thing you’ve ever heard, they’re making changes to Pay Pal - which is the method most people use to accept payment over Ebay. From now on, if you have less than 100 feedback and you sell an item Pay Pal will not give you your money for 21 (TWENTY ONE!) days. Yes, you read that right. Say, Susie sells a 50 dollar item and the buyer pays through Pay Pal. Susie is then forced to ship the item FREE without any payment. After 21 days has passed, THEN Pay Pal will forward Susie her money. This folks is just horrible. Do you know anywhere else on the planet where you can demand that someone selling you an item give you the item FREE and ship it to you FREE while you hold on to your money for 21 entire
days? I sure don’t. On top of this “under 100 feedback” thing, again if I have less than a 95% rating or get one negative or get one neutral - again - Pay Pal will hold my money for 21 days. Imagine how must interest Pay Pal and Ebay will accumulate on billions of dollars being held in 21 day increments - yet another disgusting way for them to squeeze MORE money out of the system.

Fifth, they instituted “Seller Rewards”. Essentially, if you meet certain criteria as a seller you can earn 15% credit on your account. The catch is that you have to sell 1,000 dollars or more on your account every month and have to have a 4.8 rating on all your “stars”. I feel that these guidelines are impossible to reach and that they were designed to be impossible to reach on purpose so that Ebay, yet again, would not have to actually pay out the discounts. To give you an example of how hard these are to reach, out of Ebay’s top 500 Powersellers (the crop on Ebay and make lilke $100,000 a month on Ebay) only SEVEN qualify for the 15% discount. SEVEN.

And finally, when all these changes were announced, the Ebay sellers went ballistic. The response from Ebay management? We were told that our complaints and anger and frustration and tears were - and I quote - “NOISE!”. Yes, we are nothing but “noise” to the Ebay management, yet they are making million dollar salaries off of us.

I know I am so mad, myself. I have 100% positive feedback and I’ve completed almost 800 transactions. I’m not a bad seller and I bend over backwards to make a buyer happy. I have a very good record. But ALL THAT HARD WORK and ONE rogue person could ruin it for me. Or even someone who competes against me can very easily get a new nickname, buy stuff from me, leave negs - and take my listings right out the search engine!!). It’s not fair at all. Not to mention, if somehow I do screw up or get a rogue buyer, Pay Pal won’t even let me have my
money for 21 days. When you do this type of work full time, that is a terrifying thought.

So I’m here to beg you guys, if possible, and even if you don’t understand all the ins and outs of Ebay and what a seller has to go through to sell on Ebay - PLEASE RESPECT THE STRIKE we are organizing. Please don’t buy or sell on Ebay from Feb 18th through Feb 25th. Please tell your friends and family members to do the same. We know that not everyone can respect it - some people make ends meet by selling on Ebay. But for those of you who can, us sellers would very much appreciate it if you could respect the strike on those days.

Also - if you are an Ebay seller - and you are angry like the rest of us, CNN and FORBES is quite interested in how we feel. Quite a few people, including myself have flocked to CNN MONEY to get their attention. So far, the comments and anger and speaking out are actually working - the media is starting to pay attention and Ebay has
stepped up their marketing tactics. We feel that they’re getting a little worried over all the outrage.

digg story

 

Despite all the talk of various retailers only getting a low supply of Super Smash Bros. Brawl, it seems that the Kyoto Company was still able to pour enough units onto shop shelves to ensure the hotly anticipated Wii fighter would blow away the competition this coming week and become the fastest-selling Wii game so far in Japan. Below are its sales, along with some other new releases, all courtesy of Japanese blogger sinobi (first day numbers are based on Famitsu leaked numbers):

• Super Smash Bros. Brawl (Wii, Nintendo) - 500,000 (80% sell-through of initial stock)
• Devil May Cry 4 (PS3, Capcom) - 140,000 (60% sell-through)
• Haruhi (PS2) - 105,000 [Limited Edition - 80,000 (over 80% sell-through), Normal - 25,000]
• Tales of Destiny Director’s Cut (PS2, Bandai Namco) - 70,000 (Limited Edition - 60,000, Normal - 10,000 60% sell-through)
• Disgaea 3 (PS3, Nippon Ichi) - 40,000 (Limited Edition - 20,000, Normal - 20,000)
• Devil May Cry 4 (360, Capcom) - 30,000 (60% sell-through)
• Assassin’s Creed (PS3, Ubisoft) - 20,000
• Family Ski (Wii, Bandai Namco) - 10,000
• Houkago no Shounen (NDS) - 4,500
• Sega Rally REVO (PS3, SEGA) - 2,000
• Sega Rally REVO (360, SEGA) - 1,600
• Sega Rally REVO (PSP, SEGA) - 1,000 (Overall 10% of initial stock on all formats sold)
• Mushishi: Amefuru Sato (NDS) - 1,000

But just how quickly can Nintendo get more stock onto the shelves? When it releases NEW Super Mario Bros., the initial stock levels were meant to be lower than expected, around 700,000, but the game ended up selling 900,000 in its first week due to quick re-stocking. Could that be the case here and the game could end up closer to the million mark by next Wednesday’s Media Create chart update?

I can’t wait for the US release

from New York Times Blog

Network-level filtering means your Internet service provider – Comcast, AT&T, EarthLink, or whoever you send that monthly check to – could soon start sniffing your digital packets, looking for material that infringes on someone’s copyright.

“What we are already doing to address piracy hasn’t been working. There’s no secret there,” said James Cicconi, senior vice president, external & legal affairs for AT&T.

Mr. Cicconi said that AT&T has been talking to technology companies, and members of the MPAA and RIAA, for the last six months about implementing digital fingerprinting techniques on the network level.

“We are very interested in a technology based solution and we think a network-based solution is the optimal way to approach this,” he said. “We recognize we are not there yet but there are a lot of promising technologies. But we are having an open discussion with a number of content companies, including NBC Universal, to try to explore various technologies that are out there.”

Internet civil rights organizations oppose network-level filtering, arguing that it amounts to Big Brother monitoring of free speech, and that such filtering could block the use of material that may fall under fair-use legal provisions — uses like parody, which enrich our culture.

If you have At&t as your ISP (Uverse everyone?) you need to call them and tell them you will cancel if they begin filtering webtraffic — seriously.

from Download Squad

Remember Octobers news of Comcast throttling Bit Torrent traffic? The debacle not only created a firestorm of bad press for the nations largest cable provider but also re-ignited the nationwide debate about Net Neutrality. We had numerous signs that Comcast was inhibiting our use of this legal and legitimate file transfer protocol, but to have the AP catch them red handed was icing on the cake.

To add to our pleasure, we learned today that the Federal Communications Commission FCC has finally taken notice of Comcasts indiscretion as well. According to FCC Chairman Kevin Martin, a group of consumer advocates and legal scholars have asked the commission to look into Comcast discriminating against specific types of data read: Bit Torrent. The groups have also requested the FCC to fine Comcast $195,000 per affected subscribers. In case you were wondering, at last report, Comcast has 9.1 million subscribers.

We dont really think Comcast will be forced to fork out the projected $1.77 trillion, but we do hope they get scraped through the mud on this one. They completely disregarded their entire customer base and should receive far more than just bad press as a result of this. If you are a company and youre going to filter network traffic, be transparent and disclose it up front. If not, be ready to pay up to Mr. Martin.

from New Zealand PC World Magazine

The hacker who posted an exploit last week that threatened a large swath of Hewlett-Packard’s laptop lineup followed up with new attack code that can “brick” nearly every HP laptop.

In a post to the milw0rm.com Web site, a Polish security researcher who used the alias “porkythepig” spelled out a pair of vulnerabilities in an ActiveX control used by HP’s Software Update, the patch management program bundled with virtually every HP- and Compaq-branded laptop.

According porkythepig’s post, the Software Update bugs let an attacker corrupt Windows’ kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection. In either case, a drive-by attack could be conducted by feeding users an e-mail message with a link to a malicious Web site.

“Every HP notebook machine containing the HP Software Updates application is vulnerable,” claimed porkythepig. “It is possible that the vulnerable machine model list disclosed by the vendor as a confirmation to the previous issue concerning HP laptops, [the] HP Info Center case, will be similar in this case.”

Last week, porkythepig disclosed multiple flaws in other software included with HP’s portables. When the company patched the vulnerabilities a day later, it listed 83 affected laptops.

The scenario in which an attacker overwrites the kernel and thus “bricks” the HP or Compaq notebook, was out of the ordinary, since most hacks aim to snatch control of the machine or infect it with identity-stealing malware. But the crippling attack, said porkythepig, is actually the simpler of the two. “This attack vector doesn’t require any additional victim social engineering, because the system files are always placed in the predictable locations,” he said.

A drive-by attack that hopes to execute rogue code, however, requires more work. To successfully exploit the ActiveX bug in Software Update and compromise the computer, the hacker needs to know the location of certain files.

The researcher said he had tested the exploit code on Windows 2000, XP, Server 2003 and Vista, and that the vulnerabilities pose a risk to any user with either Internet Explorer 6 (IE6) or IE7 on the PC. Nor will HP be able to use the down-and-dirty fix it deployed last week, said porkythepig. After he revealed several bugs in HP’s Info Center a week ago, HP issued an update that simply disabled the vulnerable software.

“Simple disabling of the vulnerable control by the vendor’s patch, like in the other HP software vulnerability case, HP Info, [could still] result in the machine[’s] software update system [being] compromised, and would leave the user vulnerable to future security issues,” porkythepig said in the milw0rm.com write-up.

HP did not reply to e-mailed requests for confirmation and comment.

from eff.org

San Francisco - In the wake of the detection and reporting of Comcast Corporation’s controversial interference with Internet traffic, the Electronic Frontier Foundation (EFF) has published a comprehensive account of Comcast’s packet-forging activities and has released software and documentation instructing Internet users on how to test for packet forgery or other forms of interference by their own ISPs.

(more…)