Wiikey, a group that sells mod chips for the Nintendo Wii, have announced the WiikeÜ. Like the mod chips before it, this soft mod for the Wii U allows gamers to play Wii and Wii U games off of any USB media. The official line is that gamers can use this mod chip to play backups of Wii U games, but most would obviously use it to play pirated Wii U titles.

Some are calling shenanigans as the group has yet to provide any proof of the exploit. The group says it’s real though, and will be selling the USB emulator in the near future to allow others to hack their Wii U consoles.

So, what does Nintendo have to say about all of this? The company takes a hardline against piracy so it shouldn’t come as a surprise that Nintendo is watching this very closely. In a statement to Ars Technica, Nintendo said it’s “aware that a hacking group claims to have compromised Wii U security.” That being said, the company has “no reports of illegal Wii U games nor unauthorized applications playable on the system while in Wii U mode.” Nintendo finished up its statement with a classic by saying that it “will take the necessary legal steps to prevent the facilitation of piracy.”

If the Wii U is anything like the Wii, the system’s security will be constantly compromised during its lifetime. Of course, this will only lead to Nintendo issuing more frequent mandatory system updates to patch security holes that only serve to annoy legitimate customers while doing nothing to stop those hellbent on playing games off disc.

ZDNet reports that a hacker by the name of Jay Freeman has already jailbroken Glass. The jailbroken Glass can be used to bypass a number of obstacles that prevent Glass from becoming the surveillance tool of the future.

The big thing is that hackers can remove all indication that Glass is recording video. In the vanilla OS, Glass will show the video as it’s recording on the glass prism above the eye. If a person was close enough, they could tell that Glass was recording video. Freeman says that Glass’ OS can be modified to remove this so that you can record video while everybody is none the wiser.

Of course, you couldn’t record minutes of footage as the current Glass only allows video recordings of up to 10 seconds. Oh wait, that’s controlled by the OS as well so you could bypass that limitation to allow unlimited video recording. Glass only has 12.5GB of embedded flash memory though so there’s not much space for video.

That’s where Freeman starts to get creative. He says you can modify Glass to take a picture every 30 seconds while recording low bit rate audio. It takes up much less storage than HD video, but provides what is essentially the same information. Freeman speculates such tactics could be used for corporate espionage or for planning robberies.

Should you be afraid of Google Glass, especially after all of this has come to light? The short answer is no. The long answer is that Google Glass is just a tool, and like any other tool can be used for good or evil. It doesn’t mean that you shouldn’t be cautious though. Bars, strip clubs and other establishments that make it a priority to protect customer privacy have an obligation to prevent Glass and other recording equipment from being used on their premises.

It should be noted that we’re still in the infancy of Google Glass. Google may lock down the consumer versions of Glass to prevent unwarranted surveillance on a massive scale. We’ll find out in about a year when Google Glass finally launches.

[Image: Stop the Cyborgs]

The Guardian reports that North Korea’s Twitter and flickr accounts have been compromised by hackers claiming to be a part of Anonymous. The reasoning behind the attacks seems to be in retaliation to North Korea’s most recent threat to attack the United States and its allies with nuclear weapons. In fact, one of the images posted on flickr calls out North Korean leader Kim Jong-Un for “threatening world peace with ICBMs and nuclear weapons” among other things.

Other images on the flickr account include an image of the North Korean flag with a Guy Fawkes mask, and a simple “We Are Anonymous” in white text on a black background.

The Twitter hack is far less entertaining, however, as the only updates to it thus far have been multiple messages that say “hacked” while linking to North Korean Web sites that have been taken down by Anonymous.

Unlike other recent hacks, I doubt that North Korea will try to wrestle away its accounts from Anonymous. I highly doubt that Twitter and flickr are in the mood to help them get the accounts back either.

Ars Technica reports that Xbox Live accounts belonging to former and current Microsoft employees have been hijacked by hackers. It’s suspected that those responsible may belong to a group of hackers going by the name of Team Hype. The group reportedly has a history of obtaining Xbox Live accounts and selling them to other players.

To Microsoft’s credit, the company confirmed the hijacking with Ars Techinca, and said it is working on a solution:

“We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees. We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use.”

Unfortunately, there may be more account hacks on the horizon as a Microsoft Entertainment Awards Facebook app accidentally revealed account information for nearly 3,000 Xbox Live members. No passwords or other critical information was leaked, but the information that was revealed could be enough to obtain more through social engineering.

In this case, the best thing you can do is change your Xbox Live account password if you happened to use the Xbox Entertainment Awards app earlier this week. You should also be wary of any messages sent over Xbox Live asking for your password of other personally identifiable information.

Security research firm Security Explorations reported two new zero day exploits hit Java on February 25. Since then, the company has provided a number of updates on the progress its made with Oracle to patch these security holes:

25-Feb-2013

27-Feb-2013

28-Feb-2013

The issues referenced above – 54 and 55 – can apparently be combined to “gain a complete Java security bypass in the environment of Java SE 7 (Update 15).” Issue 54 is being labeled by Oracle as a non-issue, but issue 55 has been picked up for further investigation.

This latest discovery only further stains Java’s reputation as it has not only been exploited twice in the past two months, but said exploits led to major firms like Apple and Facebook being hacked. Granted, Oracle can’t predict every new exploit that comes its way, but you would think it would be more thorough before releasing updates.

So, what can you do to prevent any Java-based attacks? It’s rather simple really – just disable Java. Firefox automatically disables it for you, and it’s easy enough to disable on other browsers as well.

[h/t: ZDNet]

BBC News reports that the popular Anonymous Central Twitter (@Anon_Central) was hacked by a rival hacker group known as Rustle League. The Twitter feed was forced down, and now the account is starting from scratch.

Follow @Anon_CentralNF

Anonymous Central
@Anon_CentralNF

After being hacked we fought back, and we live on

 Reply  ·  Retweet  ·  Favorite
1 day ago via web · powered by @socialditto

Follow @Anon_CentralNF

Anonymous Central
@Anon_CentralNF

After being forced down, we must return to page one, thanks to everyone who has already followed

 Reply  ·  Retweet  ·  Favorite
1 day ago via Twitter for Android · powered by @socialditto

While this was going on, most of the dramas was taking place on the fellow @Anon_Central Twitter. Some were saying that a fight between rival hacker collectives was wonderfully entertaining, but most were asking the two groups to work together instead of fighting amongst themselves.

Follow @theMost_Wanted

Lucif3r
@theMost_Wanted

Both @Anon_CentralNF and @RustleLeague says they work for saving internet. Then why not work togather instead of a fight ? #confused

 Reply  ·  Retweet  ·  Favorite
1 day ago via web · powered by @socialditto

Follow @4shkore

arie yuta
@4shkore

Stop this shit and fight together against the corrupt government @jmnanonymous@Anon_CentralNF@RustleLeague

 Reply  ·  Retweet  ·  Favorite
1 day ago via UberSocial for BlackBerry · powered by @socialditto

Of course, some people find the idea of Anonymous getting hacked to be scary in and of itself:

Follow @teddiwarlock

Teddi Worrock
@teddiwarlock

if @Anon_CentralNF can get hacked… that means none of us are safe!! #FML

 Reply  ·  Retweet  ·  Favorite
1 day ago via web · powered by @socialditto

It should be noted that not all hackers are related to Anonymous, and some really hate Anonymous. In this case, it seems that Rustle League was in it for the “lulz.” There might be cases in the future, however, where rival hacker collectives take things to serious new levels by posting personal information on those involved in each group. For hackers veiled in anonymity, that would be the worst possible thing.

Computer World reports that Adobe has issued a patch ahead of schedule that fixes the two zero-day exploits that hackers were using to hijack Windows PCs and Macs. Here’s the report from Adobe:

Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.

Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

If you don’t want to be hit by something that nasty, you might want to update to the latest version of Flash now. Most Flash users probably have automatic updating turned on, however, and won’t need to worry as the update will take care of itself. For those who do not, you’ll want to download the latest version from Adobe’s Web site.

There might be other zero-day vulnerabilities floating around in Flash for hackers to find and exploit users with. Always stay on guard and only use Flash on trusted Web sites. You can do this by installing a plugin that disables any Flash content from automatically playing unless you authorize it. This technology is built into Firefox. Chrome users can grab the popular FlashControl extension here. If you’re using Internet Explorer, especially IE8, you should probably just stop.

ZDNet reports that the Federal Reserve sent out notices to affected individuals earlier this week confirming an intrusion on their system. In a statement to Reuters, a spokesperson said the Federal Reserve was “aware that information was obtained by exploiting a temporary vulnerability in a Web site vendor product.” The vulnerability was reportedly fixed, and should cause no more problems in the future.

Of course, that doesn’t fix the fact that a list containing the personal data of over 4,000 bankers is still floating around the Internet. The Federal Reserve downplayed the hack by telling those affected that their passwords were not compromised. That’s technically true, but there’s still cause for concern.

Speaking to ZDNet, Jon Waldman, a senior information security consultant for financial institutions, said the hashed passwords included in the leak could be easily decrypted by hackers. The list which contained the information is no longer on the original hacked Alabama Web site, but it’s reportedly being hosted on a Chinese Web site for hackers to get a hold of. Waldman says the existence of this information means that banking executives “will be specific targets of Social Engineering and hacking attacks.”

It remains to be seen if any of the leaked information has led to attacks on individual banks. Waldman certainly thinks they’re at risk, but you would hope that banks would be wary of any attempts to solicit info after this latest attack.

We’ll continue to follow the exploits of Anonymous in #OpLastResort. It doesn’t appear that the hacktivist collective is done just yet, and likely has more attacks planned in the coming weeks.

Follow @Anon_Central

Anonymous Operations
@Anon_Central

#OpLastResort is preparing for epic #lulaze as we speak. | #PublicAnonNews#Anonymous

 Reply  ·  Retweet  ·  Favorite
1 day ago via web · powered by @socialditto

[Image courtesy Wikimedia Commons]

The UK’s Information Commissioner Office has hit Sony with a $395,000 fine for being in violation of the Data Protection Act. The Office says that the hack, and the resulting fine, could have been avoided if Sony’s server software “had been up-to-date.”

Here’s the full statement from David Smith, Deputy Commissioner and Director of Data Protection:

“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.

There’s no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.

The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft.

If there’s any bright side to this it’s that a PR Week poll shortly after the breach found the case had left 77 per cent of consumers more cautious about giving their personal details to other websites. Companies certainly need to get their act together but we all need to be careful about who we disclose our personal information to.”

So what will Sony do? A spokesperson told IT World that it plans to appeal the fine. If the appeal falls through, Sony can have the fine reduced to $316,000 if it pays by February 13. I’m sure the payment will come with a box of these.

Trike, a member of gaming forum NeoGAF, reported yesterday that he had gained access to the debug page in Miiverse, Nintendo’s social network for games. Here’s the report from Trike:

I found out I could access the debug menu on Miiverse by hitting the “X” button on the gamepad while hovering over the exit button. I found an admin access list or something to that effect. I couldn’t really do anything from there though. I could view different messages from a developer though. One mentioned that there would be big games coming out(announced?) on the 10th of December. A different said “POKEMON” and “SUICIDE”. Sorry, bro.

I went to another link that lead me to some test messages. I thought they were real when I found them, because they were posted 20 minutes ago from the time I accessed them. I could flag them for prohibited content, spoilers, and something else that I forget.

Then I went to a different link on the debug menu and it showed three different Miiverse subforums I could access that would be coming out on December 20th. I clicked on the “games for teens, kids and blahblah” (forgot the other two, I think family games was one of them?) and it lead to some sort of dispute between Timelord celebrities Tom Cruise and Brad Pitt. There were even more subforums for games specifically, including Yoshi’s Island Wii U and Soul Hackers, and less specific ones like “Metal Gear Solid” and “Resident Evils”. By the time I stopped posting on gaf to check for more it was fixed, and someone pointed out that Nintendo put up a tweet about a miiverse fix.

I don’t know if I really could flag posts to be deleted or whatever, but I know I could not make myself an admin or delete admins. At least when I pressed the buttons nothing happened.

Such stories pop up on NeoGAF from time to time, and are quickly debunked. In this case, however, it seems that it was legitimate. Trike not only posted pictures of his time in the Miiverse debug page, but Nintendo themselves confirmed the issue in a statement to Gamesindustry International. The company said that what the user accessed was nothing more than a “mock up menu” and that access to it has now been removed.

Mock up menu or not, the supposed debug page contained a number of interesting tidbits that will fuel rumors for some time. One in particular contained a number of subforums for games that had not been listed on the Miiverse yet. Some of the titles point to unannounced games like Yoshi’s Land Wii U, Donkey Kong, Metroid, and a title called Soul Hackers that might be referring to a Shin Megami Tensei game of the same name. Check it out:

It seems that Trike’s accidental “hack” into the Miiverse has caused some Wii U owners to fear that Nintendo’s network may be easily compromised in the future. Gamers aren’t exactly confident in security anymore after hackers took down Sony’s PlayStation Network for over a month.

Nintendo is still relatively new to this whole online thing, but the company has made some great strides with the Wii U. The company’s services, however, are only as good as its security. We’ll find out in the coming months and years if Nintendo can keep its network safe from those who would want to bring it down.

[h/t: Sophos]