Google has decided that its initial release of the Android SDK will not include formal Bluetooth support or Google Talk. Bluetooth headsets will still work, but developers will not have access to the Bluetooth portion of the API. Google’s security researchers have announced that Google Talk was left out because of multiple security concerns. Bluetooth, on the other hand, was left out because the development team ran out of time.

Out of these two features, we think users are going to be most disappointed by the omission of Google Talk. Chatting has become one of the most useful features of new smart phones. The ability to just chat instead of sending a text message is one of the main attractions to phones like the iPhone, which has support for AIM.

[photo: dreamside]

IBM’s X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

Nintendo Wii Fanboy explains how to watch DVDs on your Wii using the new MPlayer application. Although the reviews are mixed, some claim it works and others claim it doesn’t, most are excited about this new feature which has been missing since the Wii’s launch. To get this working, you need to run the Twilight Hack and get the Homebrew Channel. Then you download the MPlayer software onto your SD card and install that using the Homebrew Channel. From there, you can launch the application and play your DVDs with ease using the minimalistic DVD player interface.

Although this seems like a lot of work just to watch a DVD, especially considering this might not work for you, it is interesting to see people trying to push for media center software on the Wii. Now they only need to find ways to get past the Nintendo’s attempts to stop this Homebrew movement.

[jonboytang] documented his construction of a clone of the famous Tube Screamer overdrive pedal from a set of plans found at tonepad. The tonepad site says you can use the plans to build either a TS-9 or a TS-808, both of which have been classic staples in every guitar player’s setup since the 70s. Although the old parts are no longer available, these new variants still have a really nice sound.

This project is really just a look into [jonboytang]’s etching and enclosure building process, but it may be useful for someone. The build and the circuit look really simple so this would be a great project for guitar players looking to learn how to etch their own PCBs. If you need more information on etching, we would suggest starting out by reading our How-To on etching single sided PCBs. If you are lazy and would rather spend a little money, check out tonepad’s online store. They have a board for this project and many others.

Since last month, when the Defcon warballooning event was announced, [Rick Hill] finished building his rig and even got FAA approval for the flight. Just when everything seemed set, the Riviera Hotel management decided not to allow the takeoff from their property. So, naturally, [Rick] and his team rented a moving truck and covertly inflated the balloon inside. They launched it in an abandoned parking lot and drove through the Vegas strip. They were surprised to find that about one third of the 370 wireless networks they scanned were unencrypted.

[photo: JoergHL]

[via /.]

A collaboration of various medical researchers in the academic field has led to proof that pacemakers can be remotely hacked with simple and accessible equipment. [Kevin Fu], an associate professor at the University of Massachusetts at Amherst, led the team. [Kevin] first tried to get documentation from the manufacturers, believing they would support the effort, but they were not interested in helping. They were forced to get access to an old pacemaker and reverse engineer it. They found that the communication protocol used to remotely program the device was unencrypted. They then used a GNU radio system to find access to some of the machine’s reprogrammable functions, including accessing patient data and even turning it off.

Although this was only done with one particular pacemaker, it proves the concept and should be taken seriously by the medical companies who produce these devices. If you are interested in the technical aspects, check out the paper the team released in May disclosing the methods.

Within an hour, Jeron Van Beek was able to create a successful clone of Britain’s new E-Passport. All he needed was a £40 card reader, two £10 RFID chips, and a small, improvised script. Although the exact details were not specified, it looks like he read the ID on the real passport using the RFID reader, then he wrote it to the two blank chips and put them in the fake passports. There is also a flaw which may allow outright forging of the passports. Nearly all of the 45 countries using the system have not yet registered with the Public Key Directory, which was put in place to make forging impossible.

The government is claiming that this hack is a hoax, but recent reports have shown that these RFID systems were never secure. No matter what the actual truth is about these hacks, it can certainly be said that the ability to clone or forge these passports would be a devastating security issue for every country involved.

[Photo: Digital World Tokyo]

[via The Guardian]

Researchers at NGS Software have come up with a method to embed malicious code into a picture. When viewed, the picture could send the attacker the credentials of the viewer. Social sites like Facebook and Myspace are particularly at risk, but the researchers say that any site which includes log ins and user uploaded pictures could be vulnerable. This even includes some bank sites.

The attack is simply a mashup of a GIF picture and a JAR (Java applet). The malicious JAR is compiled and then combined with information from a GIF. The GIF part fools the browser into opening it as a picture and trusting the content. The reality is, the Java VM recognizes the JAR part and automatically runs it.

The researchers claim that there are multiple ways to deal with this vulnerability. Sun could restrict their Virtual Machine or web applications could continually check and filter these hybrid files, but they say it really needs to be addressed as an issue of browser security. They think that it is not only pictures at risk, but nearly all browser content.
More details on how to create these GIFARs will be presented at this week’s Black Hat conference in Las Vegas.

Wikiwatcher has just officially released their new tools. We covered their announcement at The Last HOPE just last month. The 2.0 version of Wikiscanner is not ready just yet.

Poor Man’s Checkuser exposes the IPs of quite a few user accounts. There is a wealth of data here which can be used as a base for your own tools. Potential Sockpuppetry is a good example of using this data; it shows what IPs are associated with multiple accounts and could be run by the same person. It takes data from the Poor Man’s Checkuser and arranges it by organization and IP range. Beaver Scope keeps an eye on edits coming out of all specific locations on MIT campus. The author used this list of MIT IPs to monitor MIT’s activity during the Caltech-MIT pranking season. It is able to pinpoint exactly which building an article is being edited from. The team hopes to see people develop new tools from the Poor Man’s Checkuser data.

[The Tech Guy] shows us how he added cells to an MSI Wind’s battery. This hack is extremely simple but it may be difficult to get the battery back into your laptop. Also, we’re not too sure how stable it is, and you can definitely forget about taking this thing through an airport. It would be really nice to start seeing people fabricate custom enclosures. Until then, this hack is best reserved for people completely desperate for extended battery life.

[via hypatiadotca]