• The Real Story Behind The iPad 2 Jailbreak Leak

    // Gradly // Apple, blog, Featured, Hack, iPad, Jailbreak, News 3 Responses

    Most of you know by now that Comex’s long-awaited iPad 2 jailbreak was leaked. As the hacker was putting the finishing touches on JailbreakMe 3.0, the PDF exploit was leaked to the world. Someone publicly posted the new JailbreakMe files, and the links spread around the web like wildfire.

    The original dramatic story heard was that a trusted beta tester leaked the files. That would have meant Comex was betrayed by someone he trusted, adding insult to injury. but according to iDB this is not what actually happened. Here’s the real story behind the iPad 2 jailbreak leak…

    20 year-old Ryan Lobbins is a computer science major from Arizona. Lobbins took to his blog yesterday to clear the air regarding his part in the leak of Comex’s exploit.

    “Am I responsible for the leak? Indirectly, yes. Did I leak it intentionally? Not really, I only intended for 1 or 2 people to try the files to see if they worked. The person who leaked it was Will Sayer, and him only. He released the files, sent off the info to news sites not me.”

    As it turns out, Lobbins isn’t a beta tester and never said that he was. The entire story seems to have been cooked up by the same person who posted the original links to the unfinished jailbreak.

    “I was playing Star Craft with some friends reading Comex’s Twitter updates like every other person waiting for the jailbreak. This is when I had a crazy idea just to search a site he posted in a previous tweet.”

    During his search, Lobbins came across Comex’s bannerbomb exploit for the Nintendo Wii which led him to believe this was Comex’s site. As he continued to pour through the directories, he came across a folder named saffron that grabbed his attention. Low and behold, it was Comex’s new JailbreakMe.

    “So what would you do if you stumbled on a website that had all the data for the jailbreak people have been waiting months for? At first I wasn’t sure what to do, let alone believe I found the files. The only true indication that I found them was all the pdf files, deb files named after different iOS devices, and a php file.”

    When Lobbins went to try the jailbreak on his iPad, it didn’t work. So the computer science major made copies of the files to try on other devices. He then uploaded the files to his personal site before going on vacation.

    The night of July 1st, while on holiday, Ryan’s curiosity got the better of him. Here he had Comex’s new jailbreak software, which didn’t work on his iPad. He wondered if it worked at all. He got in touch with someone he had met through an iDevice forum named MultimediaWill, and sent him a link to one of the uploaded PDF files.

    To his surprise, it worked. It quickly did jailbreak his iPad and installed the all-too-familiar Cydia icon. According to Lobbins, Will swore up and down he wouldn’t leak the files. But judging by the mayhem that ensued yesterday morning, he was lying.

    So there you have it, that’s how the infamous iPad 2 jailbreak leak unfolded. By now, most of the links to the leaked files have been removed, and the community is still holding vigilant for the real iPad 2 jailbreak.

  • LulzSec Could Have Hit Apple Servers

    // Gradly // Apple, blog, Cloud, Hack, News, Tech. No Responses

    WSJ is reporting that the AntiSec hackers known as LulzSec that have been horsing around the internet using SQL injectors to steal username and password have hit Apple’s servers and taken usernames and passwords.

    The hackers said in a statement posted to Twitter that they had accessed Apple’s systems due to a security flaw used in software used by the Cupertino, Calif.-based gadget maker and other companies. “But don’t worry,” the hackers said, “we are busy elsewhere.” A spokesman for Apple didn’t immediately respond to a request for comment. The posted information comes as part of a two-month campaign of digital heists targeting corporations including Sony Corp. and AT&T Inc., as well as government agencies such as the U.S. Senate, the Central Intelligence Agency and the Arizona Department of Public Safety.

    However in a Previous postings by the group, titled “LulzSec into the iCloud,” they have claimed a much bigger bounty:

    Some weeks ago, we smashed into the iCloud with our heavy artillery Lulz Cannons and decided to switch to ninja mode. From our LFI entry point,we acquired command execution via local file inclusion of enemy flee. Apache vessel. We then found that the HTTPD had SSH auth keys, which let our ship SSH into other servers. See where this is going? We then switched to root ammunition rounds.And we rooted… and rooted… and rooted… After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database password which we proceeded to shift silently back to our storage deck.

    Nothing yet whether these info are true.

    LulzSec, short for Lulz Security, the hacker group behind hacking the CIA, U.S. Senate, Nintendo, Sony and others. They took down the CIA’s website, hacked Sony’s servers, released sensitive documents from the Arizona state government and attacked the U.S. Senate’s website. While a suspected member of LulzSec was recently apprehended, the group claims he was not its leader.

    The team claim that they intended to only operate for 50 days as an attempt to revive the AntiSec movement, which is opposed to the computer security industry.

  • Leaked AT&T Documents Hint at LTE 4G iPad

    // Gradly // Apple, blog, Featured, Gadgets, Hack, iPad, iPhone, News, Rants & Raves, Rumors, Tech. 1 Response

    LulzSec, the 6-man hacking group ended their 50 days reign of “hackery” but after revealing/embarrassing/corrupting/exposing numerous corporations/governments/servers, the guys came with one last act of mischief.

    They once again published confidential data recovered from their latest attack. One prominent folder is titled “AT&T.” other dumped files were leaked from AOL, Disney, Universal, EMI and the FBI.

    Digging through the data, the guys over at iFans have come across some interesting information. The internal AT&T documents reveal that the carrier is planning to roll out their new LTE network in the first week of July, and more ineterstingly hinting at what seems to be an LTE-capable iPad.

    If you’re up for it, the leaked presentation is embedded here. The LTE iPad is mentioned on page 4.

    Pre-LTE scenarios. Testing will include iPad new activations HLS using the new rate plan, as well as a regression on netbooks and dongles. During validation E2E execution should ensure all functionality new and current is still functioning properly by validating account set up, provision, usage and notifications.

    Apple’s 3rd iteration of their popular tablet line is expected to be a major upgrade, with speculation suggesting everything from a Retina display to LTE capabilities.

    LulzSec, short for Lulz Security, the hacker group behind hacking the CIA, U.S. Senate, Nintendo, Sony and others. They took down the CIA’s website, hacked Sony’s servers, released sensitive documents from the Arizona state government and attacked the U.S. Senate’s website. While a suspected member of LulzSec was recently apprehended, the group claims he was not its leader.

    The team claim that they intended to only operate for 50 days as an attempt to revive the AntiSec movement, which is opposed to the computer security industry.

  • LulzSec Retires, Ending All Hacking Activities

    // Gradly // blog, Consoles, Featured, Games, Hack, News, PS3, Rants & Raves 2 Responses

    Popular hacking group LulzSec, responsible behind hacking the PSN, have announced that they will be retiring, exactly 50 days after forming the group.

    The group have released a farewell statement urging all its supporters to support the AntiSec movement, saying:

    “Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.”

    LulzSec did go out with a bang however, the group claims they have obtained 50,000 passwords of Gaming forum members, 55,000 Battlefield Heroes Beta users’ data, AT&T Internal Data, 200,000 hackforums member data, AOL internet data and more. Read the full statement here.

    Previously, the group were said to be taken down by a 17-year-old member of a hacking group named TeaMp0isoN_. While gaining attention through their acts of “hackery,” the group annoyed some members of the hacking community, as a member of hacking group TeaMp0isoN_ hacked the site of a LulzSec member, posting the following message (after defacing the site):

    BREAKING NEWS: TEH LULZBOAT HAS OFFICALY SANK WITH 100S OF ANON MEMBERS ON BOARD!

    No matter how many bots you gather, no matter how much people you lie to, no matter how much pre-made tools you use, you will _NEVER_ represent the real hacking scene, we warned you, we told you we do not make empty threats, we gave u 48hrs to secure your ircs yet u failed to do so, instead u posted hashes from public forums and then claimed you doxed us and laughed at the fact that i was 17years old. stop telling yourself that u are hackers, putting a ip into a irc is NOT hacking nor is using pre-made tools and scripts to grab databases… you do not represent the anti-sec movement, u are not allowed to greet underground groups like zf0, ab, h0n0, el8 like your member “AnonSabu” was doing, you will never be apart of the underground scene, if anyone thinks you are underground and can actually hack they have no idea about what happens in the underground scene. oh and TeaMp0isoN Issue 2 is coming out VERY soon exposing lulzsec members (pictures, addresses, passwords, ips,phone numbers etc). . . . not so anonymous anymore are you? lets hope that you can swim because the lulzboat just got titanic’d

    Adding a little “humor,” a video clip of the song “My Heart Will Go On” from the movie Titanic was also posted. In addition, the group also stated that they will post the identities of every LulzSec member in the next issue of their magazine. So far, the Twitter account of LulzSec has remained quiet since the attack by TeaMp0isoN_.

    You can check out a copy of the hacked site here for your own amusement.

    Later, Sven Swootleg, the Dutch owner of the website hacked by TeaMp0isoN_ has denied that he is involved with LulzSec, and his statement can be found below.

    This website was compromised through exploiting a plugin in an outdated WordPress setup, uploading a shell, and replacing the index page. I am not a member of Lulzsec (a statement I have made several times before in various places), noone “hacked the server” (this has been verified by the hosting company, as this website is on shared hosting) and this was definitely not an “elite hack”. I am not available for further comments to press.

    How can we know that he’s telling the truth? The members of LulzSec are meant to stay anonymous, and he’s NOT going to publicly admit he’s affiliated with the group. However, who knows?

    [via grindgadget]