TechLuver.com

Jan 01, `08 — Nathan Ramella explains his ARCwelder Project at Google code:

Through a technique dubbed “Go Fighting Tabby!”, or GFT for short, you can gain root access on an Archos 605 wi-fi running 1.7.13 firmware and execute arbitrary programs in its embedded Linux environment.

This is the first step to gain access to the running Linux operating system, which until now has not been possible.

Using the GFT technique, you can install the ‘ARCwelder’ package which will allow you to ssh into the Archos 605 wi-fi and run unix commands from a shell.

Currently ARCwelder only provides an ssh package, however in time more packages may be included as they are tested and verified as working, some customization is necessary to ensure that they work on the embedded system, so the term ‘hack’ is definitely applicable.

More at ARCwelder Project.

BUCHAREST, Romania – On Tuesday, Dec 18, BitDefender announced that BitDefender antivirus analysts have detected a new trojan, which hijacks Google text advertisements, replacing them with ads from a different provider.

The threat, which is identified by BitDefender as Trojan.Qhost.WU, modifies the infected computers’ Hosts file (a local storage for domain name / IP address mappings, which is consulted before domain name servers and is considered authoritative).

The modified file contains a line redirecting the host “page2.googlesyndication.com” which should point to an IP of the form 6x.xxx.xxx.xxx to a different address, of the form 9x.xxx.xxx.xxx, so that the infected machines’ browsers read ads from server at the replacement address rather than from Google.

“This is a serious situation that damages users and webmasters alike,” said Attila-Mihaly Balazs, a BitDefender virus analyst. “Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites.”

Users are advised to let BitDefender software delete the trojan. More info on the ad-hijacking trojan at BitDefender here and Real-time Virus Reporting here.

Dec 08, ‘07 — Gadi Evron, a Security Architect for Afilias global registry services, an expert on corporate security and counterespionage, botnets, e-fraud and phishing, and the founder of the Zero-Day Emergency Response Team (ZERT), writes an excellent in-depth article on effectively fighting spam at ZDNet.

Excerpts from Gadi Evron’s article:
“Working in the Israeli city of Netanya, next door to our offices was a spam operation with roughly 30 employees. One day they weren’t there anymore.

They were blog comment spammers, but officially were doing Search Engine Optimization or SEO. Instead of optimizing content, they posted illicit comments on many blogs with commercial or misleading messages leading to their clients’ web sites, mainly for the purpose of increasing their clients’ web sites visibility in search engines such as Google. They would do this using an illegal tool such as botnets, and make quite a bit of money.

The reason for their disappearance soon became clear; nearly all their clients were gone. A law was passed in the United States which addressed online gambling operations (”Unlawful Internet Gambling Enforcement Act” - UIGEA). As a result, the public gaming industry ceased accepting online wagers. More than that, UIGEA addressed processing payments to and from Internet gambling sites. In a day, most of US-based gambling web sites ceased to exist (others moved over-seas, although quite a bit of the world’s credit processing is done by US firms).

This effectively caused the death of numerous black hat SEO companies–comment spammers. Perhaps the UIGEA measure against processing of payments proved too difficult to overcome. Not being a lawyer I can’t say exactly how UIGEA caused this death. No matter, US online gambling operations were effectively destroyed.

Spam decreased. The underlying cause for that was that the clients weren’t there due to the inability to process payments because of the online Casinos law. Not only black hat SEO companies suffered, many spam operations lost clients. There is nearly no more Casino spam in our mail inboxes. Isn’t that grand?

A long time ago I heard somebody say they asked a corporate take-over lawyer on how he’d take down spam. He said: Legalize and regulate it. It seems like he was right, just on a deeper level.” More at ZDNet.

London — Dec 02, ‘07 — Leading British firms and government agencies have been warned Chinese state organisations may be spying on them.

UK intelligence network MI5 has contacted 300 chief executives and security experts at banks and financial institutions to raise the concerns.

It is alleged that UK organisations may suffer a concerted cyber attack to gain commercially-sensitive data.

Recently, the head of MI5, Jonathan Evans, said that Britain faces a threat from digital espionage.

Experts say there have been unprecedented waves of attacks on computer systems worldwide in the last year.

A number of countries have accused China of trying to hack into their systems. It is believed many major developed nations engage in very similar behaviour. China’s highly sophisticated technologies make it a world leader in computing. More at BBC News.

Wellington, New Zealand — Nov 29, ‘07 — Police nabbed the suspected teenage kingpin of an international cyber crime network accused of infiltrating 1.3 million computers and skimming millions of dollars from victims’ bank accounts, officials said.

“Working with the FBI and police in the Netherlands, New Zealand police arrested the 18-year-old in the North Island city of Hamilton, said Martin Kleintjes, head of the police electronic crime center. The suspect’s name was not immediately available.

Kleintjes charged that the ring was responsible for stealing at least $20 million using bank account and login details detected by their illegal spyware.

The 18-year-old Hamilton man is now co-operating with police after they carried out searches at Canterbury, Northland and Waikato addresses.

The FBI believes “AKILL” is the ringleader of a “botnet” – in this case a cluster of over a million computers infected by a malicious virus letting the perpetrator gain control of them, access private information and attack other computers.

The arrest was part of international probe into the criminal use of “botnets,” in which hackers gain control of third-party computers through malicious software and then use them as remote-controlled robots to crash online systems, accept spam and steal users’ personal information.

Eight people have been indicted, pleaded guilty or convicted since the investigation started in June. Thirteen additional warrants have been served in the U.S. and overseas in the investigation, which the FBI says has uncovered more than $20 million in economic losses.

New Zealand police searched the residence of the 18-year-old suspected to be the ringleader earlier this week. The federal agency identified the person by the online handle “AKILL.”

Earlier this month, Ryan Goldstein, 21, of Ambler, Pa., was indicted in the case. Authorities allege that the New Zealand suspect and Goldstein were involved in crashing a University of Pennsylvania engineering school server Feb. 23, 2006.” More at Stuff.co.nz

Nov 29, ‘07 — BBC News is reporting on a huge campaign to poison web searches and trick people into visiting malicious websites has been thwarted.

“The booby-trapped websites came up in search results for search terms such as “Christmas gifts” and “hospice”. Windows users falling for the trick risked having their machine hijacked and personal information plundered.

The criminals poisoned search results using thousands of domains set up to convince search index software they were serious sources of information.

While computer security researchers have seen small-scale attempts to subvert search results before now, the sheer scale of this attack dwarfed all others. “This was fairly epic,” said Alex Eckelberry, head of Sunbelt Software - one of the firms that uncovered the attack.

Eckelberry said tens of thousands of domains, many based in China and only a couple of days old, were used in the vanguard of the attack.

Websites loaded on these domains were booby-trapped with malicious software that looked for vulnerabilities in copies of Microsoft’s Internet Explorer used to browse them. “If your machine was not fully patched you were going to get hosed,” said Eckelberry.

The criminals who bought the domains convinced Google, MSN and Yahoo they were good and popular sources of information, said Mr Eckelberry, by using comment spam on blogs to push the pages up the search index rankings.

He speculated that the campaign was being waged by the Russian Business Network - a hi-tech criminal gang known to favour web-based attacks.

But, said Eckelberry, this attack was likely to be a harbinger of many more. “This is not going to go away,” he said.” More at BBCNews.

Nov 19, ‘07 — According to XianLi, a senior member at Hackintosh forum, the iPhone spies on you. The evidence in the code shows that the Stocks and Weather applications send your IMEI number—the unique number that identifies your iPhone and which is tied to your personal information—to Apple, along with the kind of app you were using to access the data.

If this is confirmed I can see some privacy lawsuits would be knocking Apple’s door.

Excerpts from Giz:
“While there’s no evidence that Apple actually uses this information for any purpose, good or evil, the code shows that every time you try to access a detailed information on whatever stock, the information will be sent embedded in the URL. This could be combined with IP location and the information in Apple or its partner’s databases to know what are you accessing, when and from where, all over the world. This could be a powerful data mining source for Apple and, if true, a breach on your privacy.

More importantly, there’s no op-out and Apple covers its back with the iPhone’s license, as readers have pointed already in the comments.”

Here is what some of the Hackintosh forum members say about this:

A Comment from “brand1130″:
“This is how they know exactly how many iphnoes have been unlocked. total # of IMEIs minus the number of IMEI’s that have contacted the stocks/weather pages and were never activated

The bad thing about this is they konw exactly which IMEIs have been unlocked or at least bypassed activation. Hopefully, they can’t do anything further with it.”
Another comment from a senior member, “NotFound”:
“Apple is evil and monopolist.
1. They seal the batteries. You have to pay them $50 to $75 to replace the problematic batteries after warranty.
2. They use non-standard headset plugs. Technically, standard plug interface is enough in doing what iPods and iPhones should do with it.
3. They steal development ideas from 3rd party developers. For example, they stole widget from Konfabulator. It’s just the tip of the iceberg.
4. They rob the open source community and barely contribute. For example, Apache, Virtual Desktop and so on.
5. They don’t donate. While Bill Gates became the most generous donor on Earth many years ago, we barely heard Apple or its executives being on the news for the same reason.
6. Commercials, way too many commercials. If you notice, Steve Jobs and his team keeps advertising iTunes Store etc. They even put a iTunes Store icon on the SpringBoard. They charge for everything. All they talk about is money. Only money.”

More at Hackintosh, Giz.

What’s on your old hard drive? If you think a) There’s nothing interesting on my drive or b) Reformatting/repartitioning a hard drive is good enough or c) Deleting all of the files is good enough, think again.

A lot of information is stored on your hard drive. What you look at on the internet, emails, personal photographs, passwords to online banking, social security numbers, the list is endless. Probably enough for an attacker to know your name, address, location, what you look like, and probably quite a bit more. If nothing else, the people in your email contact list deserve anonymity.

Starting at $100 for a standard version to $200 for a Drive eRazer Versatile bundle, WiebeTech is offering its newest hardware solution to completely erases all your data from a hard drive quickly and easily. Stand-alone operation. No computer required! Faster than software.

Why use hardware? Drive eRazer is faster than software programs, and Drive eRazer doesn’t tie up a computer. What’s more, it’s far easier. Simply connect it to a drive and flip a switch. No computer needed. More info at WiebeTech here and you can get one at here.

Nov 16, ‘07 — Adam L. Penenberg at FastCompany.com writes an article on iPhone hacking demoed by a UNIX specialist and consultant from Sedona, Arizona, Rik Farrow.

In his words, “Of course, the Web is rife with braggadocio, and just because a few computer engineers could gin up an obscure software exploit or two didn’t mean anyone had actually unleashed any. Still, my editors and I wondered just how vulnerable is the “Jesus Phone” to an unscrupulous hacker? Could it really be turned into a tool of espionage?

So we purchased an iPhone for Rik Farrow and commissioned him to crack through its defenses, which he did using H D Moore’s Metasploit, a popular platform for testing security systems. The result is this video, in which Farrow was able to take complete control of an iPhone and demonstrate the ability to eavesdrop on conversations, intercept voice mail and e-mail, and upload nefarious software programs. “Physical access to an iPhone,” Farrow points out, “is not required.” Although in Farrow’s demo the Wi-Fi was turned on — common enough for iPhone users, since AT&T’s EDGE network makes Web surfing slow and laborious — Moore says his exploit can work on EDGE, too.

Now, our lawyer would like us to emphasize that Farrow was careful not to offer a cookbook, or how-to guide, on how to hack Apple’s touch screen marvel. He just showed what was possible.

As for the iPhone, however, Apple engineers have made it easier to attack by running all software applications as “root,” which means they offer the same full-system privileges. Locate a security flaw in one — say, e-mail or the Web browser — you can control them all. Standard security protocol dictates providing layers of protection to guard against this, which the iPhone does not.

As a result, there are a number of ways to exploit the iPhone’s defenses. If you know your target’s phone number, you could text message a link to a malicious Website, which would covertly install a third-party application executing malicious code. The corollary would be to send your target an e-mail with a nefarious attachment; he clicks on it and the attacker “owns” the phone.

Or there’s always the “man-in-the-middle” (MITM) attack, which is perhaps the most James Bondian: You sit in, say, Starbucks with a laptop set up, as part of the ruse, to operate as a Wi-Fi access point, so a target’s Web browsing and e-mail pass through your computer first. (How can you tell who has an iPhone as opposed to someone with a standard laptop, rival smartphone, or PDA? Simple — the exploit only works on iPhones.) “This method would allow exploitation of any application that downloads images from the Internet,” Moore says. “This covers standard Web-browsing using Safari, but also includes the iTunes Music Store, the YouTube video browser, and the Google Maps application.”" More at FastCompany.com

Chinese espionage poses “the single greatest risk” to the security of US technology, US-China Economic and Security Review Commission has told Congress.

Washington — Nov 15, ‘07 – China is pursuing new technology “aggressively”, it says, legitimately through research and business deals and illegally through industrial espionage.

China has also “embraced destructive warfare techniques”, the report says, enabling it to carry out cyber attacks on other countries’ infrastructure. A foreign ministry spokesman in Beijing denied any spying activities by China.

The advisory panel, appointed by Congress, recommended that US security measures and intelligence be stepped up to try to prevent the theft of military technology, in particular. “Chinese espionage activities in the United States are so extensive that they comprise the single greatest risk to the security of American technologies,” the report said.

It urged Congress to study “military, intelligence and homeland security programmes that protect critical American computer networks and sensitive information, specifically those charged with protecting networks from damage caused by cyber attacks”. The report also identified other grounds for concern, such as the fact that the Chinese are manufacturing “sophisticated weapon platforms” speedily and efficiently.

The unexpected pace of China’s military development has fuelled analysts’ suspicions that it is being helped by stolen information, the commission said. In addition, the Chinese media - firmly under state control - are being used to create “deep feelings of nationalism”, it said. In an international crisis, the panel warned, that could turn misunderstanding into conflict.

The report also criticised Chinese economic policy, saying that small and medium-sized American businesses “face the full brunt of China’s unfair trade practices, currency manipulation and illegal subsidies for Chinese exports”.

In September, the Chinese government denied reports that its military had hacked into the computer network of the US defence department in Washington. Chairman Carolyn Bartholomew’s opening statement on the release of the 2007 Annual Report to Congress (in PDF).

Atlanta, GA — Nov 15, ‘07 — Half of more than 3,000 retail stores that a wireless security company secretly monitored at major shopping areas in the U.S. and Europe use wireless data systems vulnerable to hacking, the company said Thursday.

The data that stores routinely transmit on wireless networks include credit card and Social Security numbers and other sensitive customer information.

AirDefense Inc., an Atlanta-based maker of security products for wireless data systems, found that about 25 percent of the stores’ 4,748 wireless access points were exchanging data with no encryption at all to foil electronic eavesdroppers.

Another 25 percent were using an outdated encryption method called Wireless Equivalent Privacy (WEP) that is easily cracked by thieves using widely available tools.

The remaining half of the access points — the connections between wireless devices and computer networks — were using newer encryption methods that are considered far harder to crack.

The six-week undercover project — conducted at shopping areas in Atlanta, Boston, Chicago, Los Angeles, New York, San Francisco, London and Paris — attempted to expose security holes in wireless networks that are increasingly used to transmit data inside stores.

Wireless systems are believed to have been the entry points for recent large-scale data thefts at retailers, including a massive heist at discount retailer TJX Cos.

TJX said in March that at least 45.7 million cards were exposed, although recent court filings by banks suing TJX estimate than 100 million were. Canadian investigators concluded in September that TJX had failed to upgrade its encryption from the older WEP method by the time the eavesdropping began in July 2005.

“The bad guys are going to go for the low-hanging fruit, and that’s the wireless networks,” said Richard Rushing, AirDefense’s chief security officer and manager of the survey project.

The most common data security lapses involved mis-configured access points that open backdoors to data. On several occasions, larger retailers had configured access points to work with WPA but had not switched off WEP, the weakest wireless security protocol. In addition, many retailers use their store name in the SSID, the name assigned by the equipment vendor to the wireless network during installation giving away a retailer’s identity. SSID’s can easily be reconfigured but often times are not. More at AirDefense.

Los Angeles, CA — Nov 10, ‘07 — A Los Angeles  computer security consultant entrusted with making personal computers safer has admitted to hacking into them to create a rogue network of as many as 250,000 PCs, which he used to steal money and identities.

Federal prosecutors Friday said that John Kenneth Schiefer, a 26-year-old computer security consultant, used an army of hijacked computers, known as a “botnet,” to carry out a variety of schemes to rip off unsuspecting consumers and corporations.

Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles.

Schiefer, who used the Internet name “acidstorm,” is the first person charged under federal wiretapping law with operating a “botnet,” or network of compromised computers, Assistant U.S. Atty. Mark Krause said.

“People hired him to fix their computers, to make sure they’re safe,” Krause said. Instead, prosecutors contend that Schiefer and his associates installed malicious computer code, called malware, that gave them remote access to the computers without the owners’ knowledge.

The “zombie” computers then eavesdropped on the users’ electronic communications. The vast number of computers that Schiefer compromised — as many as 250,000 — highlights a stealthy online crime spree on the rise.

These botnets, short for “robot networks,” remotely harvest personal information, including user names and passwords, to give their operators access to credit card information and online bank accounts.

Schiefer culled user names, passwords for the PayPal online payment service, and other account information that he used to make unauthorized purchases and passed on to others, prosecutors said.

In all, the federal indictment includes four counts of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. Federal authorities were still trying to identify victims and the scope of their losses, Krause said.

Nov 09, ‘07 — Avoid Alicia Keys’ Web page on MySpace. It’s been hacked and has become the latest vehicle for malware on the Web.

At the time of this  posting, MySpace was displaying this “Function Disabled” message when trying to open “New Messages” or “Inbox” of MySpace account.

Roger Thompson, CTO at Exploit Prevention Labs, has found multiple hacked MySpace pages, including the page for Alicia Keys, the social networking site’s fourth most popular music artist. Also hacked were pages for Greements of Fortune, a French funk band, and Dykeenies, a rock band from Glasgow.

When visitors click almost anywhere on these infected site, they are directed to co8vd(.)cn/s, which appears to be a Chinese malware site. The visitors then see a box on their screen telling them they need to install a special codec to view the video – a legitimate possibility on any site rich in media. But if the visitor clicks ‘yes’, the site installs software that appears to be a rootkit and DNS changer. This would allow the hackers to take over what you see on your browser and what you download onto your computer.

Excerpts from Roger Thompson’s Blog:

“Attacks on MySpace seem to be on the rise. First, at the end of October, there were a number of links added as friend-comments that went via MySpace’s open-redirector (MSPlinks) to exploit sites in China. This was reported publicly on the FunSec mailing list. (All myspace friend-comments _seem_ to automatically redirect thru MSPlinks, probably as a way to try to filter out spam and phishing, but a downside is that the URL is base64 encoded, and is thus impossible for a human being to eyeball, and therefore possibly reject … the effect of the well-intentioned msplinks is thus to make an open-redirector)

Now, we keep finding MySpace pages that have had some sort of image-background link injected, that are reaching out to a different site in China that is both throwing exploits and using social engineering to install rootkits and (probably) dns-changers.

The interesting thing about this is that rather than using an iframe for an automatic embed, as they usually do, they’ve added some sort of image background href, with a large size … 8000 by 1000 pixels, with the effect that a click that slightly *misses* a control or link on the page, ends up going to the exploit site.

The fact that this site is media-rich, with lots of sound and videos means that the FakeCodec trick will be much more effective. The click-er is probably expecting to see a vid, or hear a song, and is quite likely to think he genuinely needs to install something extra.” More at Exploit Prevention Labs.

Santiago, Chile — Nov 05, ‘07 –A hacker broke into the Web page of Chile’s presidency and planted the flag of neighboring Peru, leaving the site inoperable for about 18 hours until it was restored Monday.

The intruder left a message - “Long live Peru,” followed by an expletive - as well as the flag around midday Sunday. Officials took the site down a few minutes later, leaving a notice: “Because we want to give a better service, we are working for you.”

Carlos Portales, political director of the Chilean foreign ministry, said the incident is being investigated. “It has happened with other Web pages, including some from the United States government, the Vatican,” Portales told reporters.

The Santiago daily El Mercurio on Monday reported that officials believe the hacker was a Peruvian.

While Chile and Peru have generally friendly relations, tension sporadically breaks out over the aftermath of two 19th century wars between the countries and a dispute over maritime boundaries has been developing.

New York, NY–Nov 02, ‘07–The Associated Press is reporting, “Hackers have unlocked violent content that was censored by the publisher of the game “Manhunt 2″ to give it a marketable rating, the company confirmed Thursday.

The game, initially given an “Adults Only” rating by the Entertainment Software Rating Board, went on sale in the U.S. on Wednesday with a “Mature” rating, after being modified. Most stores refuse to carry “Adults Only” games; Mature means a game is intended for player 17 or older.

Game publisher Take-Two Interactive Software Inc. and the studio that designed the game, Rockstar Games, have long been at the center of the debate over video game violence and children. Two years ago, a hacker uncovered a hidden sex scene in their game “Grand Theft Auto: San Andreas.”

In “Manhunt 2,” the player takes the role of a man who escapes from an insane asylum and goes on a killing spree. Take-Two edited parts of the game, including blurring some of the most gruesome killing scenes, to get the less restrictive rating.

The hack does not roll back all the changes that enabled the game to qualify for the “Mature” rating, and it requires some technical expertise and a PSP unit that is itself hacked to accept modified software. More at AP.

Oct 29, ‘07 — The Unofficial Apple Weblog, TUAW reports, “A crew of hackers (including hdm/metasploit, rezn, dinopio, drudge, kroo, pumpkin, davidc, dunham, and NerveGas) have introduced a one-touch instant jailbreak for both iPhone and iPod touch. The jailbreak opens your iPhone for full disk access and installs Installer.app so you can add pretty much any third party application you like.  

To use it, open Safari and point your browser to jailbreakme.com (which we aren’t linking to so folks won’t install this by accident, but you are prompted to confirm). Once there, read the directions, scroll to the bottom, and tap Install AppSnapp. If Safari disappears and you return to the main Home screen, you’re good. Just wait a minute more for your unit to restart–don’t touch anything until you see the slide to unlock screen. If Safari hangs, just quit out (press and hold Home for 4-8 seconds) and try again. 

More at TUAW

San Jose, CA — October 26, ‘07 – The AP is reporting on Apple restricting iPhone sales by not accepting cash payments for iPhone purchases and reducing sales limit to two per person from five in a move to stop people from reselling them.

Apple started the new policy on Thursday, said spokeswoman Natalie Kerris. Before then, there was no cash restriction.

“Customer response to the iPhone has been off the charts, and limiting iPhone sales to two per customer helps us ensure that there are enough iPhones for people who are shopping for themselves or buying a gift,” Kerris said. “We’re requiring a credit or debit card for payment to discourage unauthorized resellers.”

Apple estimates that buyers of 250,000 of the iPhones sold so far intended to unlock them, Apple’s chief operating officer Tim Cook said in a conference call with analysts this week.

Apple’s attempts to prevent that “unlocking” activity, which included a software update that blocked the workarounds hackers had developed, have frustrated users - and sparked two lawsuits.

Richardson, TX, October 23, 2007 – Sipera VIPER Lab, operated by Sipera Systems, the leader in comprehensive VoIP/UC security solutions, today disclosed multiple threat advisories for users of VoIP services and equipment from Vonage, Globe7 and Grandstream. Among other threats, unwitting VoIP users face eavesdropping, spam, spoofing and denial-of-service (DoS) attacks. Full details on these vulnerabilities are posted as an educational security service to Sipera’s customers and the general public at http://www.sipera.com/viper.

Sipera VIPER Lab determined the Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user’s phone service with a “registration replay attack,” then make and receive calls while impersonating the victim. Incomplete security practices, such as not encrypting traffic, open Vonage users to eavesdropping on private voice and video communications. Hackers can also send multiple SIP INVITE messages to a user, an Internet version of “ringing the phone off the hook” which creates a DoS attack. Leveraging these vulnerabilities, remote attackers can also send malicious messages directly to Vonage users, subjecting them to spam, social engineering and VoIP scams.

“These vulnerabilities create serious privacy and service availability issues for users,” said Krishna Kurapati, Sipera founder/CTO and head of Sipera VIPER Lab. “Vonage, Globe7 and Grandstream customers can no longer assume that their VoIP providers are automatically securing their services, but they should demand best security practices be followed as a condition of becoming a customer. Sipera VIPER Lab will continue to proactively identify VoIP threats and assist VoIP providers to implement best security practices before attacks occur.”

More at Sipera

This process is designed to rebuild your lock table in the seczone area and repair the damage done by the original anySIM unlock. In essence, it re-virginizes your phone. This method has been personally confirmed by Zibri who intentionally bricked a phone (wrong IMEI, Invalid SIM) then ran through this process which successfully restored the device to working condition.

More at iPhone Elite Dev Team

This is sort of a new method to “Revirginize” the iPhone to the factory locked state. Be warned: It may not be ready for the mainstream just yet, despite the excellent guidance manual. More details at Hackintosh

The iPhone’s Installer.app has been updated to 3.0beta3 and features a much better organizational system. You can “Update All”, and the packaging backend is improved as well. You can’t install this directly on your phone, but instead you have to install the older version, then update via installer itself. If you have 1.1.1, you’ll have to jailbreak first, then transfer it on manually. However, it does detect what firmware version you’re running and only displays the apps that run fine on yours.

More at Installer.app Beta - App. Tapp. Install

TheRegister is reporting via TechCrunch, on Chinese internet providers China Netcom, China Telecom bowing to pressure from Chinese Government Authorities and hi-jacking Google, Microsoft and Yahoo’s search traffic to re-route / re-direct it to Baidu.

When TheRegister contacted Google, “the company confirmed that the Chinese are up to their old tricks. “We’ve had numerous reports that Google.cn and other search engines have been blocked in China and traffic redirected to other sites,” said a company spokesman. ” While Microsoft said “it was looking into the matter.”

More at TheRegister

Ryan Block of Engadget reports on release of iPhone v1.1.1 baseband downgrade by iPhone Dev-Elite Team. In his words “For those following this stuff religiously: the iPhone “Elite” Team has released a method to downgrade the baseband on v1.1.1 iPhones. Ok, that basically means if you accidentally disabled the phone end of your iPhone with anySIM or iUnlock during the upgrade (or just decided v1.0.2 is where it’s at), now you can revert to the last working version and restore order to your iPhone’s wayward cell radio. Right, for free without paying iPhoneSimFree a cent for their unbricking solution.”

More at Engadget, iPhone Dev-Elite Team

Thomas Ricker of Engadget is reporting on iPod Touch running Mail, Google Maps and more. In his words “  We’re not looking at general availability yet, but those happy hacking cats unravelling the iPod touch have decrypted the ramdisk and are now busy installing applications. Already, Mail, Maps, and other 3rd party apps are up and running on their jailbreaked touches. The race is on between the cat and the mouse to see who will release their wares first.

More at Engadget…

On the heels of iPhone/ iTouch Dev Wiki Team iPhoneSimFree offers un-bricking of AnySim / iUnlock iPhones. In their words “Our sincere congratulations, to the iPhone/ iTouch Dev Team for their brilliant work in finding an ingenious way to jailbreak the 1.1.1 system. This exciting news means we are now able to gladly welcome all SIMFREE unlocked phone owners to UPGRADE to 1.1.1 if they so wish

Further to this, we are very proud to announce, (after some very difficult and lengthy hardware hackery), we were able to retrieve the necessary info to create the world first 1.1.1 unlock solution. We have now tested SimFree v1.6 with phones that have the new Baseband version 04.01.13_G with full success. This now means that SimFree v1.6 release, is now capable of completely restoring/repairing software unlocked “bricked” iPhone. Those of you wishing to repair your phone, please read the following steps. ”

More at iPhoneSimFree…