PlayStation Network hack launched from Amazon EC2

The hackers who breached the security of Sony's PlayStation Network and gained access to sensitive data for 77 million subscribers used Amazon's web services cloud to launch the attack, Bloomberg News reported.
The attackers rented a server from Amazon's EC2 service and penetrated the popular network from there, the news outlet said, citing an unnamed person with knowledge of the matter. The hackers supplied fake information to Amazon. The account has now been closed.

Neither Sony nor Amazon commented on the claims.

Bloomberg doesn't say how Amazon's cloud service was used to mount the attack. If the report is correct, it wouldn't be the first time it's been used by hackers.
German security researcher Thomas Roth earlier this year showed how tapping the EC2 service allowed him to crack Wi-Fi passwords in a fraction of the time and for a fraction of the cost of using his own computing gear. For about $1.68, he used special “Cluster GPU Instances” of the Amazon cloud to carry out brute-force cracks that allowed him to access a WPA-PSK protected network in about 20 minutes.
And in late 2009, a ZeuS-based banking trojan used the popular Amazon service as a command and control channel that issued software updates and malicious instructions to PCs that were infected by the malware.
In both cases, those tapping the Amazon cloud did so as paid customers.
A top Sony executive recently implicated the Anonymous hacker collective in the PSN attack but has so far provided no convincing evidence to support that claim. The attack, which penetrated core parts of the gaming network, was used to steal passwords, names, addresses, ages, email addresses and other data associated with 77 million accounts.
The network has been closed for the past 23 days and Sony has provided no little indication when it will reopen. On Tuesday, the company said the exact restoration date "will likely be at least a few more days". On April 30, the company's CEO had predicted the site would reopen later that week.

Verizon plans to kill unlimited data plans as the global iPhone 5 draws near

It’s official: Verizon’s unlimited data plans don’t have much longer to live.
The confirmation comes from Verizon CEO Fran Shammo, who told Reuters that the the unlimited data plans would be replaced by tiered service plans aimed at heavy users. Verizon’s tiered data plans would likely mimic AT&T’s own, which offer 250MB of data for $15 per month and 2GB for $25.
Shammo also said that Verizon is also preparing “mega plans” for data aimed at families. These plans, which would offer a set amount of data for one set price, would be shared among multiple phones in a household. These plans would operate in a similar fashion to Verizon’s current shared minutes plans.
Both of these changes come as Apple readies the release of the iPhone 5, which is widely expected to appear this fall. Shammo had a few interesting details on the Apple front as well. For one, the CEO confirmed a detail that most already suspected: Verizon and AT&T will get the iPhone 5 at the same time, thanks to the nifty GSM/CDMA Qualcomm chip included in the iPhone 4.
Shammo, however, could not say whether the next iPhone would take advantage of Verizon’s steadily-expanding 4G LTE network. While the consensus so far seems to point to Apple nixing LTE support, the possibly can’t be ruled out just yet. Either way, Shammo said that he isn’t concerned, and that a 4G iPhone was a bigger deal for Apple than Verizon.
Curiously, China Mobile today confirmed that it had reached a deal with Apple to offer 4G access to iPhones on its network. So don’t kill the 4G iPhone dream just yet.

Nokia To Use ST-Ericsson Chips For Windows Phone 8 devices

We haven't even reached the launch of Windows Phone 7.5, but information is already coming out about Windows Phone 8. Information is now being reported that Nokia will be using ST-Ericsson chipset U8500, a dual-core SoC that can also be found in the Samsung Infuse 4G and the T-Mobile Sidekick 4G, in its Windows Phone 8 devices.
The information comes from Forbes who states that this chipset will be used for Nokia's Windows Phone 8 devices. Forbes reports:

Even after the Microsoft deal ST-Ericsson continues to have “very close relations” with Nokia, said Bozotti, and will be “an important supplier” for Nokia’s Windows Phone 8 phones. (The first/current wave of Windows Phone devices is called Windows Phone 7 but the next generation of Windows Phones will be known as Windows Phone 8.)

Other information that surfaced is that Nokia will be producing 12 Windows Phone devices in 2012. Twelve new phones for the Windows Phone platform will help to propel the device deeper into the consumer marketplace. Nokia is known for its durable and reliable devices, pair that with Windows Phone OS and the combination of the two makes it an exciting time to be a consumer.
While Microsoft is about to unleash WP7.5 (Mango) upon consumers, we already have a small glimpse at what is ahead for the platform. Another takeaway from this is that if Windows Phone 8 will be using this chipset, we can expect the next major update to Windows Phone to happen during 2012 or earlier.

Google Android security leak getting (mostly) fixed

A security leak that affected nearly all of the phones with Google's Android operating system is in the process of being fixed, at least in some aspects. The issue, which we first reported on Tuesday, was an "improper implementation of an authentication protocol known as ClientLogin in Android versions 2.3.3 and earlier". Now according to a story in Computerworld, that exploit has been closed, at least partially, and thankfully it won't require a client download.
According to the article, the exploit would have allowed hackers to go after info from a Android user's Google Calendar, Google Contacts, and Google Picasa account if the user was connected to a public WiFi network. That issue has been fixed for phones that have the 2.3.4 version or higher of Android but that still leaves 99 percent of Android phones vulnerable to that particular security hole.
Now Google is saying that they are pushing out a server-side update that will mostly close that exploit. specifically for the Google Calendar and Google Contacts programs for all Android-based phones and devices. Because the update will be on Google's servers, there will be no software update needed for the phones themselves. It should cover all of the affected phones by the end of the week. However the security exploit that affects Google Picasa is still being worked on by Google and there's no word on when that will be fixed. As we mentioned on Tuesday we recommend that Android phone users to always use encrypted WiFi networks in order to keep their data secure.

Xperia Play and other phones coming to Verizon May 26

If you are a Verizon customer, get ready for a rush of new phones coming to the wireless phone company on May 26. Android Police reports that there will be a whopping three phones that will go on sale that day at Verizon. The most notable is the Xperia Play, the so-called "Playstation Phone" from Sony Ericsson. The phone will be available for pre-order online sales beginning tomorrow for $199 with a new two year contract.
As we have previously reported the Xperia Play phone comes with a slide out gamepad that has a touch joystick, two shoulder buttons, four Playstation-like buttons and a directional keypad. The Xperia Play will also come pre-loaded with nine games and you can purchase and download 50 more via Verizon's own download app. It uses Google's Android 2.3 operating system.
Also available for sale on May 26 is the Motorola Droid X2. This new version of the Droid family of phones has a 4.3 inch screen, a 1Ghz dual core processor, an 8 MP camera, and an HDMI out port. Oddly the Motorola Droid X2 will only have the 2.2 version of Android OS out of the box but it will get an update to 2.3 at some point. Like the Xperia Play, the Droid X2 will cost $199 with a new two year agreement.
Finally there's the LG Revolution phone which will be the latest phone to support Verizon's 4G-LTE network. The phone will come with a 4.3 inch screen, a 1 Ghz Snapdragon processor and more. It will also be the first Android-based phone that will have the Neflix streaming video app out of the box. Like the Droid X2 the LG Revolution will only have the Android 2.2 version at first. It will be priced at $249.

Angry Birds coming to Windows Phone 7 June 29

Windows Phone 7 users who have been waiting patiently to play Rovio's hit arcade game Angry Birds will have to be patient for a bit longer. PC Magazine reports that the Windows Phone 7 version of the game will now be coming out on June 29. Previously the game was announced by Microsoft to be released for the WP7 platform on May 25. There's no word on why there was a delay in the game's release but Microsoft does say that when it does come out the Angry Birds WP7 version will cost $2.99 and include 195 levels.
In related news Rovio announced today that Angry Birds has now sold 200 million copies across all of the game's current platforms. That includes sales from the game's movie-themed expansion pack Angry Games Rio which sold 10 million copies in just its first 10 days. Rovio also announced that it has seen over 6 million downloads of the game via Google's Chrome Web Store in just its first week.
In addition to the Windows Phone 7 version of Angry Birds, Microsoft has announced a number of other games that will be coming to users of those devices over the next several weeks. Hydro Thunder GP is due out on May 25 while Doodle Jump is being released on June 1. June 8 brings Geodefense to WP7 while Sega's Sonic The Hedgehog Episode 1 is coming to the phone OS on June 15. Finally the great Plants vs Zombies makes its Windows Phone 7 debut on June 22.

Buy a Nintendo 3DS and sign your life away

Nintendo has caused a rumpus with the draconian terms and conditions attached to the 3DS toy, which most normal people won't read - but, if they did, they'd find they'd be signing their lives away.
Along with keeping tabs on what games you play, the 3DS logs personal data such as any name, address, age, gender, geographic area, online status, Nintendo 3DS device certificate information, cookies, Friend Codes, wireless access point information, IP address, and Media Access Control ('MAC') address".
But worse, Nintendo reckons it owns all "User Content," this is: "comments, messages, images, photos, movies, information, data and other content"generated on the device.
"By accepting this Agreement or using a Nintendo 3DS System or the Nintendo 3DS Service, you also grant to Nintendo a worldwide, royalty-free, irrevocable, perpetual, non-exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display your User Content in whole or in part and to incorporate your User Content in other works, in any form, media or technology now known or later developed, including for promotional or marketing purposes."

This is about as daft a Bic attaching a notice to any pens it flogs saying that it owns any and everything written with it.
But it goes on: Nintendo reserves the right to brick your device remotely, in case you use it in a manner of which it does not approve.
"After the Nintendo 3DS menu is updated, any existing or future unauthorized technical modification of the hardware or software of your Nintendo 3DS System, or the use of an unauthorized device in connection with your system, will render the system permanently unplayable," the user agreement says.
The ts&Cs are causing so much outrage a campaign has started to get users to send Nintendo a brick.

Microsoft promises new Xboxes to XGD3 casualties

Microsoft is due to launch a new disc format for its Xbox 360 console tomorrow - and has promised those whose consoles fail to support the new format a shiny new replacement for their troubles.

With developers starting to hit the limits of the Xbox 360's DVD media - Rockstar recently bemoaned having to spread its latest game L.A. Noire across multiple discs on the Xbox, while the Blu-ray based PlayStation 3 needed only one - Microsoft is to introduce a new disc format, known as XGD3.
While physically the same as a standard DVD, the XGD3 format allows Microsoft to cram an extra gigabyte of data onto each disc - not a huge amount, it's true, but enough to keep developers happy for a few months.
A dashboard update is due to start rolling out tomorrow in order to add support for the new format to older consoles by upgrading the firmware in the optical drive - but some users have reported receiving messages from Microsoft telling them their consoles won't support the update.
Rather than leave those with older devices in the lurch, however, Microsoft has announced that it will be providing them with a replacement - in the form of a top-of-the-line Xbox 360 S with 250GB hard drive.
"Following a recent update to our system software, we have become aware of an issue that is preventing a very small number of Xbox 360 owners from playing retail game discs," a Microsoft spokesperson admitted to thinq_.
"We are able to detect this issue over Xbox LIVE," the spokesperson said, "and are proactively reaching out to customers that may be impacted to replace their console." Microsoft is also asking those who receive error messages saying that a disc is 'unsupported' after the update contact their support department for assistance.
The company claims that only a very small number of consoles are affected - which is, presumably, why it is being so terribly generous to the users who are inconvenienced by the update.
For some, however, the update will bring bad news: the company has also confirmed that the upgrade will detect consoles that have had their optical drives 'flashed' in order to play pirated games and undo the hack - meaning pirates will find their precious 'backups' cease to work.
Those who choose not to accept the dashboard update to preserve their piratical potential will find that they are unable to connect to Xbox Live until the update is installed, the company confirmed.

PSN password resets exploited, accounts compromised again

Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to hackers during the initial PSN attack.
The issue was first reported by Nyleveia, which was contacted by an unnamed source who reportedly performed the hack on a dummy account, prompting an e-mail message confirming that the password had been changed. Similar reports on gaming forum NeoGAF show an identical situation, in which the user provided the necessary information only to receive two subsequent e-mails: one claiming that someone was attempting to change the account's password and requesting the user click on a confirmation link, and another confirming that the password had been changed.
"I never clicked the confirmation link," the user wrote. "So yeah... my password was successfully changed by someone else."
Currently, users cannot sign in to PSN via websites like PlayStation.com. Instead, a message appears stating that the "server is currently down for maintenance." Meanwhile, a recent message on Sony Computer Entertainment Europe's Twitter feed reads "Fortunately we have got ISPs to release outstanding e-mails; unfortunately, a small amount of maintenance is required to improve this process." Followed soon after by "Clarification: this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email."
Nyleveia claims to have contacted SCEE directly after finding the exploit and that the system was taken down roughly 15 minutes after this happened.
Ars has contacted Sony for comment but has yet to hear back as of publication. We will update you as we learn more information.
Update: Sony has posted an update on the PlayStation Blog, which states:
We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.

HP, IBM, Intel and Red Hat promote an open virtualisation standard

In the computer industry have banded together to form the Open Virtualisation Alliance that promotes interoperability in virtualised environments.
BMC Software, Eucalyptus Systems, HP, IBM, Intel, Red Hat and Suse all banded together to create the Open Virtualisation Alliance, which aims to facilitate interoperability between various vendors virtualisation software. One of the key areas where the firms want to agree upon a standard is for the Kernel-based Virtual Machine (KVM).
The Open Virtualisation Alliance will undertake the usual tasks of trying to educate companies on best practices and offer technical help to businesses. Interoperability between virtualised environments is extremely important for enterprises as they look to deploy new hardware and software.
Hardesh Degun, technical architect at Knight Frank told The INQUIRER that interoperability between various virtualised services such as storage area networks and servers were major deciding points on what hardware and software the companies chose. Degun, who has just finished deploying HP kit at Knight Frank said that he "never wanted to be tied into one system", so it's not surprising that having some sort of open standard will help the firms win business.
KVM installations were promoted by all the major vendors in the alliance as it uses the rapidly developing Linux kernel to virtualise both Linux-based and Windows operating systems. Both Red Hat and Suse have done exceedingly well with their enterprise oriented Linux distributions and, with KVM being an important technology for cloud-based deployments, it was a natural choice to promote cross-vendor harmony in a bid to increase sales.
Even Microsoft's proprietary Hyper-V virtualisation software now has support for the free CentOS Linux distribution. CentOS is based on Red Hat Enterprise Linux but removes all Red Hat branding in order to avoid infringing any copyrights, and it is extremely popular in the low-cost server market.
With KVM having some of the biggest names in the business supporting it, there is little doubt that it will gain traction in the marketplace.