[Dino A. Dai Zovi] gave a talk in the earlier part of 2010 where he shares his thoughts on the future of malicious exploits. You can watch it on Ustream and he’s also posted a set of slides (PDF) that goes along with it. We find the 48 minute video to be quite interested. Instead of going into mundane detail, he covers the broader picture; what has been done in the past, what will happen in the future, and how are we currently ill-equipped to respond to future threats? That last question is covered throughout the video, but seems to come back to the concept that we are stuck in a rut of terminology and past practice that is impeding our ability to innovate security strategies at the same rate that the bad guys are coming up with the next nasty thing to come down the pipeline.

You’ve probably already heard about the Apple TV 2. It retails for $99 and packs a punch with HD video, optical audio, and WiFi in that tiny package. But as always, we like it for its hackability. Even though it’s just starting to ship, the hacks are already rolling in. The firmware is available from Apple’s servers and has already been unlocked with the yet-to-be-release SHAtter exploit. [Das_coach] even sent us a link to a video of the new Frontrow ported for the iPod touch (embedded after the break).

But the holy grail has to be XBMC. We’ve seen it on the first generation Apple TV and it was good. The second generation switches to the A4 processor which is an ARM Cortex-A8. Not quite as easy to port for as the Intel chip on the first generation was. But there is hope, one of the 2010 Google Summer of Code projects worked to port XBMC to another ARM device, it’s just a matter of inspiring some developers to take on the quest to make it happen. We can’t wait for the day that we can just velcro one of these to the back of our TV and be done with it, that first generation Xbox isn’t going to last forever.

[Photo credit]

We often hear people touting the evilness of DRM, but usually they are talking about the idea of ownership. In this case, DRM is actually causing harm. It turns out that Microsoft’s msnetobj.dll, which is supposed to enforce DRM on your computer, stopping you from doing certain things like saving files you don’t “own” is open to 3 attacks.  Vulnerable to buffer overflow, integer overflow, and denial of service, this sucker is riddled with issues.

The vulnerabilities in this file aren’t groundbreaking. Buffer overflow is a common method to get to many systems. The problem here, according to some commenters at BoingBoing, is the fact that this DLL is called every time you open a media file.

[via BoingBoing]

There’s now a method of using PIC microcontrollers to exploit the PlayStation 3. This is centered around a PIC 18F2550 which has been popular in past hacks because of its built-in USB serial port. This again makes use of the PSGroove open source exploit code and, like the TI calculator version, seeks to expand the selection of hardware the code runs on.

In addition to the chip and a PIC programmer you’ll need the CCS compiler as others cannot successfully compile this code. A licensed copy is necessary because the demo version of the CCS compiler doesn’t support this particular chip. Add to that the fact that because of the timing it may take several tries to achieve the exploit and you may find yourself disappointed by this development. But there’s always room for improvement and this is a proven first step on the new architecture.

[Thanks das_coach via PS3Hax via Elotrolado]

You can now download the exploit package for the PlayStation 3. [Geohot] just posted the code you need to pull off the exploit we told you about on Sunday, making it available on a “silver platter” with just a bit of explanation on how it works. He’s located a critical portion of the memory to attack. By allocating it, pointing a whole bunch of code at those addresses, then deallocating it he causes many calls to invalid addresses. At the same time as those invalid calls he “glitches” the memory bus using a button on his FPGA board to hold it low for 40ns. This trips up the hypervisor security and somehow allows read/write access to that section of memory. Gentleman and Ladies, start your hacking. We wish you the best of luck!

[Thanks Phileas]

A new open source package called Lightning Rod will help to close security exploits in Adobe’s dirty Flash code. A presentation made at the 26th Chaos Communication Congress showed that the package does its job by reviewing incoming code before the browser executes it. Heise Online is reporting that this method can block over 20 different known attacks and can even be used to filter out malicious JPG attacks. As more vulnerabilities are discovered they can be added to Lightning Rod to close the breach. This amounts to a virus scanner for Flash code. It’s great to have this type of protection but why can’t Adobe handle its security problems?

[Photo Credit]

[Thanks das_coach]

There has been another development in the never-ending battle that is Microsoft trying to keep its gaming system closed to unauthorized use. Xbox-scene reports that a new hack called freeBOOT v0.01 allows the Xbox 360 to upgrade to the newer kernels, but allows the option of rebooting to an older kernel in order use the JTAG exploit and gain access to the hardware.

In case you missed it, the JTAG hack is a way to run homebrew code on an Xbox 360. Exploiting this hack makes it possible to boot a Linux kernel in about five seconds. We’ve long been fans of the homebrew work done with XBMC on the original Xbox and hope that advances like this will lead to that end. We want this because the older hardware cannot handle high definition content at full resolution but the Xbox 360 certainly can.

This exploit is still far from perfect. It currently requires that the Cygnos360 mod chip be installed on the system. A resistor also needs to be removed from the board to prevent accidental kernel updating. That being said, this is still progress. If you’re interested in step-by-step details, take a look at the text file instructions provided.

[Thanks wdfowty]

An Android App for “testing” the Windows SMB2 vulnerability we covered last week has been released. For testing? Yeah right! The availability of this kind of software makes it ridiculously easy for anybody to go out and cause some havoc. Go right now and double check that your machines that run Windows Vista or Windows Server 2008 are protected (see the “workarounds” section.)

[Thanks Tom101]

The Twilight Princess hack doesn’t work on newer versions of the Nintendo Wii, but thanks to a new exploit for the Wii, homebrew is still possible. Using an SD card and a few files, you can have the homebrew channel up and running in no time. The folks at Lifehacker show us how it’s done. It’s good to see that the Wii modding community is still in full force. Hopefully, this won’t turn into a back and forth battle between modders and Nintendo, like it has with Sony and the PSP.

The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we’ve been watching the project since the very early days. They say this new beta is both stable and usable. They’ve moved towards behaving like an actual distribution: it’s based on Debian core, they use Ubuntu software, and they’re running their own BackTrack repositories for future updates. There are a lot of new features, but the one we’re most interested in is the built in Pico card support. You can use the FPGAs to generate rainbow tables and do lookups for things like WPA, GSM, and Bluetooth cracking. BackTrack ISO and VMWare images are available here.

Now that the iphone-dev team has unlocked the iPhone 3G they’re moving onto jailbreaking the iPod Touch 2G. While they have a fully working jailbreak, it’s not yet in a user friendly format. [MuscleNerd] did a live video demo this afternoon to show what progress they had made. It starts with him showing the iPod on but not booting. He’s already patched the kernel, but it’s failing the signature check in iboot. He then uses the team’s recoverytool to exploit a hole in iboot and patch out the signature check. The ipod then boots normally and he shows non-App Store software like Mobile Terminal, Cydia, and an NES Emulator (which makes use of the iPod’s internal speaker).

The redsn0w jailbreak works, but it has to be applied via tether every time the iPod boots. The team won’t release anything until they’ve found a way around this problem. For more insight into the boot process, check out our coverage of their Hacking the iPhone talk at 25C3.

[matiaz] has released an exploit which allows homebrew on the PSP3000. It takes advantage of a vulnerability when loading save games on a game called GripShift. You can see the PSP running unsigned code in the video.

[thanks wraggy]

[photo: mattdork]