Cisco and company, you’ve got approximately seven days before a security researcher rains down exploits on your web-based home router parade. Seismic’s Craig Heffner claims he’s got a tool that can hack “millions” of gateways using a new spin on the age-old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week. He’s already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G (pictured above) and devices running certain DD-WRT and OpenWRT Linux-based firmware.
To combat the hack, the usual precautions apply — for the love of Mitnick, change your default password! — but Heffner believes the only real fix will come by prodding manufacturers into action.
More information [engadget]
In 2009, Chris Paget showed the world the vulnerabilities of RFID by downloading the contents of US passports from the safety of his automobile. This year, he’s doing the same for mobile phones. Demonstrating at DefCon 2010, the white hat hacker fooled 17 nearby GSM phones into believing his $1,500 kit (including a laptop and two RF antennas) was a legitimate cell phone base station, and proceeded to intercept and record audience calls. “As far as your cell phones are concerned, I’m now indistinguishable from AT&T,” he told the crowd. The purpose of the demonstration was highlight a major flaw in the 2G GSM system, which directs phones to connect to the tower with the strongest signal regardless of origin — in this case, Paget’s phony tower.
The hacker did caveat that his system could only intercept outbound calls, and that caller ID could tip off the owner of a handset to what’s what, but he says professional IMSI catchers used by law enforcement don’t suffer from such flaws and amateur parity would only be a matter of time. “GSM is broken,” Paget said, “The primary solution is to turn it off altogether.” That’s a tall order for a world still very dependent on the technology for mobile connectivity, but we suppose AT&T and T-Mobile could show the way. Then again, we imagine much of that same world is still using WEP and WPA1 to “secure” their WiFi.
More information [engadget]
Google is adding support for multiple account sign-ins so anyone with more than one Google account can just log into one, but quickly switch between accounts without special add-ons or other tricks.
We mentioned it might happen yesterday, but it looks like the new feature is rolling out for real, starting today. The feature won’t be enabled for everyone just yet, but when it is, you should be able to set it up here. Alternately, Google Operating System points out that you may also see a link to multiple sign-in setup on your Google Accounts page. (It’s starting to roll out today, and if it’s like most Google rollouts, you should see it within at least a few days.) What you need to know:
- You can sign into a maximum of three accounts at once.
- The first account you sign in with when you’re setting up multiple sign-in will be set to your default account.
- You can’t use Offline Gmail or Calendar with the multiple sign-in feature.
- Multiple sign-ins only work with these Google apps—that is, Google App Engine, Code, Calendar, Gmail, Reader, Sites, and Voice support the multiple sign-in feature. Most notably, Google Docs isn’t yet supported, but it’s marked as coming soon.
More information [lifehacker]
Una de las principales características del iPhone es el catálogo de aplicaciones que permiten convertir al celular de Apple en una versión digital de un cortaplumas suizo. Juegos, guía de recetas, noticias son tan sólo una parte de la oferta que ponen a disposición los programadores independientes de la plataforma. Sin embargo, no todos los desarrollos son aceptados: la compañía liderada por Steve Jobs es quien decide qué contenidos son apropiados y cuáles no.
Para evitar este mecanismo impuesto por Apple desde los inicios del iPhone, extensivo a los dispositivos móviles que utilizan el sistema operativo iOS4 como el iPod Touch o la iPad, en la Red aparecieron diversas alternativas para desbloquear los equipos y saltear esta restricción. En la jerga técnica, esta modalidad se denominó jailbreaking.
Más información [lanacion.com]
Google Voice is great, but it isn’t an entirely free voice-over-internet service if you have to pay a phone bill to use it. With a few tweaks, though, you can make completely free internet phone calls with Google Voice.
What You’ll Need
* Google Voice account: Google Voice is a free service that, as of June 22nd (today if you’re reading this when it published), is available for everyone in the U.S. and Canada. All you need to use it is your Google account, so head to the Google Voice homepage and sign on in to get started (if you haven’t already).
* Sipgate account & phone number: Both are free—even the real phone number that folks can call you on all they want. Sipgate has many neat services to recommend it beyond its free Sipgate One service-with some cheap hardware, you could set up what amounts to a very cheap digital phone network, in your house or with a small telecommuting team. For now, though, we’re just going to hook up a Sipgate One phone account and number up to Google Voice.
* Audio tools for computer calls: You can make and take phone calls using your laptop’s microphone and speakers, but if you’re going to be talking regularly, you’ll probably want to upgrade to decent USB headset with microphone.
* Cellphone with text messaging: Just for a verification code that Sipgate sends. You won’t need the cellphone to actually use your free VoIP setup.
More information [lifehacker]
This Chinese page purportedly features a couple of leaked screenshots of IE9′s new GUI. I don’t know if it’s the real thing, but if it is, Microsoft are doing something very bold here. The general design is reminiscent of the new Windows Phone 7, with a clean, angular look and graphics that are “cut” on the edge of the window (like that back button in the top-left corner). Even if it’s just a mock-up, it’s still quite impressive, and an interesting break from what we’ve come to know from Firefox, Chrome and Opera, not to mention previous versions of IE.
I’ll let Google Translate do the talking here: “New version of IE 9 preview version of the title bar of the platform, integrating the address bar, tool bar, search box, the status bar. Click the page title to display the address bar (and the search box, favorites management, access history viewer), the website finish loading cases, the address bar to display only part of the title page.” (Any native Chinese speakers here are welcome to submit a better translation via the comments.)
What do you think, people? April Fool’s or the real deal?
More information (Chinese page) [livesino.net]
Google is slowly but steadily adding all of the basic features into Wave. Recently they added email notifications, and not long before that they added access permissions. Now they’ve knocked out another one of those “must have” features; being able to remove someone from a wave.
ou can read more about it on the Google Wave Help site.
More information [GoogleWave]
