hacking

The exploit that allowed users to purchase digital goods inside iOS apps without actually paying has jumped platforms and now works on Apple's Mac platform.

The Next Web notes that programmer Alexei Borodin, who created the iOS in-app purchase exploit, now has a similar solution for apps purchased in Apple's Mac App Store. Like the exploit for iOS, this too requires that users install special security certificates on their machines, though it also requires the installation of an extra helper program.

Earlier today Apple said it had a fix coming in the next version of iOS, due out … Read more

Apple has outlined a way for iOS developers to protect themselves against an exploit that lets users gain free access to paid add-on content sold within their apps.

In a new support document posted today, the company provided detailed guidelines, urging developers to use its receipt validation system that cross-checks purchases made inside applications with the company's own records. It also said that it will be taking extra precautions to keep this from happening in the next version of iOS, due out later this year.

"We recommend developers follow best practices at developer.apple.com to help ensure … Read more

New features on Google's latest Android mobile OS -- Jelly Bean 4.1 -- beef up the system's security over all other past OS iterations. With Jelly Bean's design, Google has aimed to defend against hacks that install viruses and other malware on mobile devices using the system.

"Android has stepped its game up mitigation-wise in the new Jelly Bean release," security researcher Jon Oberheide wrote in an analysis published this week.

Oberheide notes that the central difference between Jelly Bean and other Android systems is that it incorporates Address Space Layout Randomization (ASLR), which … Read more

Apple is not too pleased with Russian hacker Alexey V. Borodin, and a hack he developed that allows iDevice owners to install in-app goods without paying for them.

According to The Next Web, Apple over the weekend blocked the IP addresses of the server Borodin used to facilitate the hack. In addition, the company issued a takedown request to his server's hosting provider. Apple even requested that the video Borodin posted showing his technique in action be removed from YouTube due to a copyright violation.

Borodin last week surfaced with an exploit that re-routes in-app purchase requests away from Apple or a developer's secured server … Read more

A new exploit aimed at iOS devices enables users to gain free access to paid content within applications, thereby circumventing built-in security measures.

The hack, which was detailed by a Russian programmer and picked up by 9to5mac this morning (via i-ekb.ru), uses a proxy system to send purchase requests to third-party servers where they are validated and sent back to the application as if the transaction had gone through. However before that happens, users need to install special security certificates on their device, as well as be on a Wi-Fi network.

The individual behind the effort has already created … Read more

Phandroid is urging members of its Android forums to change their passwords immediately after discovering that the server hosting the forum site was hacked this week, ZDNet reported today.

The data includes the user names, e-mail addresses, hashed passwords, and registration IP addresses of the forums' more than 1 million users. To change your password, go to UserCP, or use the "forgot your password?" page. As always, if you use the same e-mail address and password combination on other accounts, change those too.

A community manager for the site posted the news earlier this week, informing members that … Read more

Yahoo has been the victim of a security breach that yielded hundreds of thousands of login credentials stored in plain text.

The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer's network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a "wake-up call."

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as … Read more

A top defense and cybersecurity expert says the U.S. should stop trying to take aim at expert hackers and start doing a better job of recruiting them.

"Let's just say that in some places you find guys with body piercings and nonregulation haircuts," U.S. Naval Postgraduate School professor John Arquilla said in an interview with The Guardian published today. "But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them."

Arquilla argues that there are … Read more

Pop quiz. You have 12 piezo sensors, Arduino Uno, two speakers, lots of wire, and plenty of duct tape. There is an umbrella nearby. What do you make? How about a musical umbrella that translates raindrops into song?

Two creative Germans, Alice Zappe and Julia Lager, built an umbrella that detects raindrops and interprets them as 8-bit music. This could turn a regular walk down the street into a personalized retro gaming adventure.… Read more