Romain Dillet reports via TechCrunch: Hacker group fail0verflow shared a photo of a Nintendo Switch running Debian, a distribution of Linux. The group claims that Nintendo can’t fix the vulnerability with future firmware patches. According to fail0verflow, there’s a flaw in the boot ROM in Nvidia’s Tegra X1 system-on-a-chip. When your console starts, it reads and executes a piece of code stored in a read-only memory (hence the name ROM). This code contains instructions about the booting process. It means that the boot ROM is stored on the chip when Nvidia manufactures it and it can’t be altered in any way after that. Even if Nintendo issues a software update, this software update won’t affect the boot ROM. And as the console loads the boot ROM immediately after pressing the power button, there’s no way to bypass it. The only way to fix it would be to manufacture new Nvidia Tegra X1 chips. So it’s possible that Nintendo asks Nvidia to fix the issue so that new consoles don’t have this vulnerability. Read more of this story at Slashdot.
Tag: hackers
Amazon To Take On UPS, FedEx Via ‘Shipping With Amazon’
According to a report by The Wall Street Journal, Amazon is planning to take on UPS and FedEx with a new shipping service named “Shipping with Amazon” (SWA). The new service will reportedly roll out in Los Angeles in the coming weeks. Ars Technica reports: Aside from first starting in LA, SWA will first serve third-party merchants that already sell on Amazon. The company plans to send drivers to pick up shipments from these businesses and deliver the packages for them. While shipping and delivery will mostly go through Amazon, anything outside of the retailer’s reach will be given to the USPS and other shipping services for the “last mile” portion of the delivery. In the future, Amazon reportedly wants to open up SWA to businesses that aren’t affiliated with the site — meaning Amazon could ship and deliver packages from companies of all sizes. Amazon also believes it can compete with UPS and FedEx by making SWA more affordable for business customers, but its pricing structure hasn’t been revealed. Read more of this story at Slashdot.
Visit link:
Amazon To Take On UPS, FedEx Via ‘Shipping With Amazon’
Lenovo Discovers and Removes Backdoor In Networking Switches
An anonymous reader writes: Lenovo engineers have discovered a backdoor in the firmware of RackSwitch and BladeCenter networking switches. The company released firmware updates last week. The Chinese company said it found the backdoor after an internal security audit of firmware for products added to its portfolio following the acquisitions of other companies. Lenovo says the backdoor affects only RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System). The backdoor was added to ENOS in 2004 when ENOS was maintained by Nortel’s Blade Server Switch Business Unit (BSSBU). Lenovo claims Nortel appears to have authorized the addition of the backdoor “at the request of a BSSBU OEM customer.” In a security advisory regarding this issue, Lenovo refers to the backdoor under the name of “HP backdoor.” The backdoor code appears to have remained in the firmware even after Nortel spun BSSBU off in 2006 as BLADE Network Technologies (BNT). The backdoor also remained in the code even after IBM acquired BNT in 2010. Lenovo bought IBM’s BNT portfolio in 2014. Read more of this story at Slashdot.
See more here:
Lenovo Discovers and Removes Backdoor In Networking Switches
According To Star Trek: Discovery, Starfleet Still Runs Microsoft Windows
AmiMoJo shares a report from The Verge: The third episode of Star Trek: Discovery aired this week, and at one point in the episode, Sonequa Martin-Green’s Michael Burnham is tasked with reconciling two suites of code. In the show, Burnham claims the code is confusing because it deals with quantum astrophysics, biochemistry, and gene expression. And while the episode later reveals that it’s related to the USS Discovery’s experimental new mycelial network transportation system, Twitter user Rob Graham noted the code itself is a little more pedestrian in nature. More specifically, it seems to be decompiled code for the infamous Stuxnet virus, developed by the United States to attack Iranian computers running Windows. Read more of this story at Slashdot.
View the original here:
According To Star Trek: Discovery, Starfleet Still Runs Microsoft Windows
Equifax Has Been Sending Consumers To a Fake Phishing Site for Almost Two Weeks
An anonymous reader shares a Gizmodo report (condensed for space): For nearly two weeks, the company’s official Twitter account has been directing users to a fake lookalike website. After announcing the breach, Equifax directed its customers to equifaxsecurity2017.com, a website where they can enroll in identity theft protection services and find updates about how Equifax is handing the “cybersecurity incident.” But the decision to create “equifaxsecurity2017” in the first place was monumentally stupid. The URL is long and it doesn’t look very official — that means it’s going to be very easy to emulate. To illustrate how idiotic Equifax’s decision was, developer Nick Sweeting created a fake website of his own: securityequifax2017.com. (He simply switched the words “security” and “equifax” around.) As if to demonstrate Sweeting’s point, Equifax appears to have been itself duped by the fake URL. The company has directed users to Sweeting’s fake site sporadically over the past two weeks. Gizmodo found eight tweets containing the fake URL dating back to September 9th. Read more of this story at Slashdot.
Continue Reading:
Equifax Has Been Sending Consumers To a Fake Phishing Site for Almost Two Weeks
Hackers Vandalize Vegas Pool Party Club in ‘All Out War’
From a CNET report: Next to DJ Tiesto’s loud image on Wet Republic’s website sits a photo of a bikini model with a beard and an eye patch, with a simple message: “It’s all out war.” Not exactly the type of message you’d expect from a spot that advertises itself as a dance club that doubles as a pool party, but when hackers are in town for Defcon, everything seems to be fair game. The hacker convention, which is in its 25th year in Las Vegas, typically has hotels on alert for its three days of Sin City talk, demos and mischief. Guests are encouraged not to pick up any flash drives lying around, and employees are trained to be wary of social engineering — that is, bad guys pretending to be someone innocent and in need of just a little help. Small acts of vandalism pop up around town. At Caesars Palace, where Defcon is happening, the casino’s UPS store told guests it was not accepting any print requests from USB drives or links, and only printing from email attachments. Hackers who saw this laughed, considering that emails are hardly immune from malware. But the message is clear: During these next few days, hackers are going to have their fun, whether it’s through a compromised Wi-Fi network or an open-to-mischief website. Wet Republic’s site had two images vandalized, both for the “Hot 100” party with DJ Shift. The digital graffiti popped up early Friday morning, less than 24 hours after Defcon kicked off. Read more of this story at Slashdot.
View post:
Hackers Vandalize Vegas Pool Party Club in ‘All Out War’
Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain
An anonymous reader writes: Samsung cellphones used to have a stock app called S Suggest. The company apparently discontinued the app recently, and then forgot to renew a domain that was used to control it. This snafu left millions of smartphone users vulnerable to hackers who could’ve registered the domain and installed malicious apps on the phones. Read more of this story at Slashdot.
Originally posted here:
Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain
Hackers Can Spoof Phone Numbers, Track Users Via 4G VoLTE Mobile Technology
An anonymous reader writes: “A team of researchers from French company P1 Security has detailed a long list of issues with the 4G VoLTE telephony, a protocol that has become quite popular all over the world in recent years and is currently in use in the US, Asia, and most European countries, ” reports Bleeping Computer. Researchers say they identified several flaws in the VoLTE protocol (a mixture of LTE and VoIP) that allow an attacker to spoof anyone’s phone number and place phone calls under new identities, and extract IMSI and geo-location data from pre-call message exchanges. These issues can be exploited by both altering some VoLTE packets and actively interacting with targets, but also by passively listening to VoLTE traffic on an Android device. Some of these flaws don’t even need a full call/connection to be established between the victim and the target for the data harvesting operation to take place. Additionally, another flaw allows users to make calls and use mobile data without being billed. The team’s research paper, entitled “Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone” was presented last week at SSTIC (Symposium sur la Securite des Technologies de l’Information et des Communications), a security conference held each year in Rennes, France. Read more of this story at Slashdot.
More:
Hackers Can Spoof Phone Numbers, Track Users Via 4G VoLTE Mobile Technology
Some Hackers Figured Out How to Take Control of Any WhatsApp Account
Security researchers just announced the discovery of major vulnerabilities in WhatsApp and Telegram, two popular messaging apps with end-to-end encryption, when used in an internet browser. In related news, you can use WhatsApp and Telegram in an internet browser. Read more…
See more here:
Some Hackers Figured Out How to Take Control of Any WhatsApp Account
How to Run Windows on an iPhone, No Jailbreak Required
Are you tired of using your iPhone to do all kinds of iPhone stuff? Then check out this boredom cure that lets you install and run Windows XP on an iPhone 7 without jailbreaking the device. It’s just silly fun! Read more…
See the original article here:
How to Run Windows on an iPhone, No Jailbreak Required