The key and OEM certificate were extracted from Win 7 Ultimate's .wim files. A similar method was used to bypass Vista, and those vulnerabilities were never addressed so there is no reason to suspect that Microsoft will do anything about it now (but there are no guarantees). Supposedly, the crack works with 32-bit and 64-bit Ultimate versions and can be implemented on HP, Dell, and MSI computers in addition to Lenovo. Of course, you would need to engage in a little BIOS magic to fool the OS that you are using an OEM machine before any of this would work in the first place. [Softpedia via Download Squad via Lifehacker]

According to the blog of Outdustry—a music industry consultancy firm in China—the market is getting inundated with this pirate cards, with prices falling quickly. You can find $200 iTunes Music cards in Taobao for as low as $10, and the blog is reporting prices of $2.60.

Nobody knows what this means for Apple yet. For sure, a change of the formula that generates the vouchers looks like a definitive possibility, but that won't solve the situation of legal cards already in the market. [Outdustry and Taobao via MusicAlly]

The weak point that allows the technique to work—which researchers will be detailing at the 25th Chaos Communication Congress in Berlin—is the MD5 hash algorithm, which, basically, is what's used to create a fingerprint that makes it hard to forge digital certificates. Verisign's RapidSSL still uses the MD5 hash algorithm.

So, where do the crack-friendly PlayStation 3s come in? Well, they have to generate CA certificiate—the certificate that allows them to sign and verify certificates for any other site—and a website certificate that produce the same MD5 hash. A cluster of 200 PS3s were used to figure out where the MD5 hashes of their forged CA certificate and website certificate "collide," allowing them to "crunch out their forgery in about three days."

What's all this mean? David Molnar, a computer science PhD candidate, Threat Level talked to, explains it best: ""We can impersonate Amazon.com and you won't notice...The padlock will be there and everything will look like it's a perfectly ordinary certificate." Thankfully, the hack is hard, but the solution is pretty easy—just switch to a more secure hash, which many companies have done. Verisign is currently in the process of phasing out the MD5 hash. [Threat Level]

Koschitzki alleges that many of the hairline cracks are visible on unopened, unused iPhones, and that Apple willingly and knowingly sold iPhones with the unsightly lines. I'd think cosmetic damage before use would be grounds for a return, and I can't say I approve of the proliferation of this kind of lawsuit, but if Apple is sending out cracked iPhones, they've gotta step up and be more careful. [AppleInsider]

It's extremely simple. All you have to do is stick in the CD, pick the account you want to crack, and it'll start churning away. Useful if you have to break into a departed co-worker/wife/child/lover's machine. Or your own machine if you're an idiot and forget your password.

p.s. I made up that story about Adam. He keeps his porn on his own machine. – Jason Chen

Screenshot Tour: How to crack a Windows password with Ophcrack Live CD [Lifehacker]

• Try to protect it from any type of update
• Make it programmable via PC
• Boot unsigned code
• Allow to swap HD with larger drive with a special interface between the 360 and the HD (all types IDE/SATA).

Bold claims, but we'll see if it works. Personally, we'd rather not mess with the chance that we'll get banned from Xbox Live, but $59 is a lot for some people—not that we condone piracy. – Jason Chen

Devil360 [via Xbox Scene]