There’s a tutorial on how to download and install cracked apps from the newly-launched Mac App Store floating around, and while we’re not encouraging pirating applications and cracked apps, we’re sure Apple will patch this pretty soon and it’s worth reporting on. If you download a free app from the Mac App Store, like the Twitter for Mac app, and then go to Package Contents and to the Contents folder of the app, you can copy the code signature and a couple other files and then paste those files into a non-purchased downloaded app. That will trick the non-purchased app into thinking you purchased it, and it will run without issue. We’re linking the site because again, we think it’s worth reporting, but we don’t encourage pirating apps — just pay the developers and support them so we can continue receiving great quality iOS and Mac apps, alright?
The digital rights management (DRM) security used by Microsoft to protect apps in its Windows Phone 7 Marketplace has been cracked, enthusiast blog WPCentral reports. Though the technology needed to do so is not yet in the hands of the general public, the DRM protecting paid applications can now easily be stripped off of apps. If details of the vulnerability used to achieve the DRM crack are made available to the public, unscrupulous programers could use the exploit to develop software that allows users to steal applications and deploy them to Windows Phone 7 devices. Microsoft has not publicly responded to the security hole, though WPCentral claims the company has been made aware of the issue. Hit the break to see Microsoft’s Windows Phone 7 Marketplace security being manhandled in a proof-of-concept video demonstration. More →
It’s the same old story, content providers try to prevent piracy by wrapping media in DRM. Hackers crack the DRM. We have seen it with protected WMA, iTunes AAC, DVD, HD-DVD, Blu-Ray and so on. Next to lay claim to the dubious honor of being “crackable” is the DRM that encases tracks downloaded from Nokia Comes with Music service. Nokia Comes with Music allows owners of supported Nokia phones to download an unlimited number of tracks during the first year of service. DRM is the controlling force that limits these tracks to one designated mobile device and one PC. For a mere €20 / £17.50 / $26 USD, an owner of a Nokia Comes with Music phone can use the DRM-removal tool Tunebite to re-encode his or her downloaded music tracks into an unencrypted format in only a matter of minutes. Nokia has not responded nor indicated what measures it will presumably take to prevent future DRM removal.
Next week at the PacSec Conference in Tokyo, security researcher Erik Tews is expected to put on quite a show. Tews will be showcasing what he describes as the first practical attack on the widely used WPA Wi-Fi security protocol. Tews’ attack, discovered during testing performed with his co-researcher Martin Beck, tricks the router into sending him a large amount of data and combined with a “mathematical breakthrough,” Tews is able to break WPA much faster than any previously tested method. In fact, it reportedly takes between 12 and 15 minutes to execute. The attacker is then able to access data passed from the router to the laptop and even transmit data to a client computer connected to the router. Tews will be publishing his work in an upcoming academic journal and parts of his code have already been implemented in his partner Beck’s publicly available Wi-Fi encryption hacking tool. Great. So it looks like WPA is well on its way to becoming the new WEP – perfect for keeping your neighbor’s 12-year old daughter off your network but pretty useless beyond that.