Peggle Nights is now out for Mac. The game costs $19.95 (there's a 60-min free trial available if you just want to check it out), and is as addictive as crack cocaine covered in sugar, drizzled with chocolate, and floating in original formula Coca-Cola. It should probably be illegal for PopCap to release games -- any court would convict them of the mass murder of free time around the world.

Don't believe us? Patrick Klepek over at the MTV Multiplayer blog tried out the game when it showed up on his desk, and let's just say he doesn't have that job any more. Of course, that's unrelated (we think), but still -- PopCap makes some addictive videogames, and Peggle is at the top of the list. Play with caution. And don't forget that the iPhone version of the game is still due out sometime this month.

The folks over at Intego let the world know about a new trojan making the rounds along with copies of an application designed to crack Adobe Creative Suite 4. They consider the risk "serious."

If you don't download software using peer-to-peer tools like BitTorrent, then you're perfectly safe. You can stop reading this story, if you like. If you're one of the 5,000 people who recently downloaded and installed the serial crack, then you have a bad day ahead of you.

The malware, after asking for your administrator password, installs an executable with a random name in /var/tmp, a folder that isn't deleted when the computer restarts.

The randomly-named program will install itself in /usr/bin/DivX, create a startup item in /System/Library/StartupItems/DivX, and if it has root privileges, save a hash of your password in the file /var/root/.DivX.

The software then listens on a random TCP port and awaits instructions from its evil overlords. With an infected computer's root password, those in control of the software will be able to execute commands on the infected computer, including deleting files and performing malicious network tasks.

Late last week, pirated copies of iWork '09 were infected with similar malware.

Intego VirusBarrier X4 and X5, as you might imagine, protect you against the Trojan. Either looking for (and removing) the files mentioned above or using a virus removal utility is recommended.

Also recommended: Not downloading pirated software (and their associated tools) on peer-to-peer networks. If you do choose to get your software that way, you have nobody to blame but yourself if your system gets infected.

In a recent post over at Ars Technica, they say that Mac OS X users could have their login passwords recovered through physically accessing the RAM. This comes after FileVault was proven to be cracked. The article notes that Mac OS X and certain applications store the user's password in memory, leaving it there after you've logged in. While locally-running apps cannot readily retrieve the password, someone could get access to the contents of RAM after the computer has been rebooted or shut down.

This could be accomplished by physical means and might require the hacker to remove the RAM cover on your Mac and chill the RAM, as suggested by Edward Felten's research team at Princeton. This freezing allows the information to stay on the RAM for longer than the normal 2.5 to 35 seconds -- allowing someone to place it in another computer and read the contents.

In a separate approach to the password-in-RAM vulnerability, CNET witnessed an EFF demo of an attack using a custom NetBoot "EFI memory scraper" to record the RAM contents on reboot and save the data as a file on another machine over the network -- the attackers were able to clearly find the login password in the file. Again, this attack requires physical access to the machine (in order to force the NetBoot via holding down the N key on restart) within a minute or two of shutdown. However, an attacker could conceivably target a machine that was locked or sleeping (with RAM contents 'live'), power it off and back on, and use the NetBoot attack immediately.

While Apple has been made aware of the attack (notified on February 5), no fixes for these issues were reported in the 2/11 security update. According to CNET, an Apple spokesperson said they were aware of the issues and were "working to fix it in an upcoming software update." Until this update comes out, you may want to set a firmware password for your Mac, or wait longer to leave your unattended Mac after a shut down. Alternatively, we have lovely TUAW-branded tin foil hats available for purchase.

[via Ars Technica]

Over at Zatz Not Funny, faithful TUAW reader Dave has written up a quick-and-dirty TiVo-to-Go to Mac tutorial.

For those who have been following closely, TiVoToGo DRM has been cracked, allowing transfer and decryption of .tivo format files to your Mac or Linux desktop.

The hack depends on identifying and using your personal Media Access Key with the TiVo Decode open source software. Dave gives the essential run-down of the steps you need to take to de-gunk your files.

These crazy hackers are moving fast these days, but Engadget has stayed in stride by providing a walk-through of myTunes, a GUI front-end to QTFairUse (sadly, Windows only - for now), that python code they mentioned earlier this week (not to be confused with any other products by the name of 'myTunes').

A big downer for this app, however, is the way it works its DRM-be-gone magic: it can only work on tracks as they're played in real time. Even then, you're left with a file (sans any metadata like ratings or ID3 tags) which needs to be re-constructed into a playable AAC file with a second tool, though that process seems to take mere seconds per track. Engadget recommends letting the stripping process run overnight, so you can get a good 8 hours or so of unshackled music from each batch. Check out their walk-through for more instructions and ideas on how to optimize this process.

myTunes might not be pretty yet, but it sounds like the developer(s) have a polishing roadmap in place, including simplifying this to a one-step process. For now, it still is the only method we know of for setting your iTMS purchases free.

JHymn users might remember that iTunes 6 broke the DRM-stripping tool, and it seems that Apple's done a good job of keeping FairPlay locked down - until someone cooked up QTFairUse6 for Windows. Yes, it's a Windows app, but it can apparently strip purchases from iTMS version 6.0.4 and above of their constraining DRM. QTFairUse6 isn't pretty either - it's a python script that involves some tinkering, but this might be good news to those who believe that if you love something, you should set it free.

[via Engadget]

Apple has stepped up to the plate regarding cracked screens on iPod nano's. Here at TUAW Jan reported on the screen cracking issues back in September of last year. If you have a 5G iPod and not a nano, hardware failure such as cracked screens should be covered if you are under warranty. Now it seems Apple will replace the screens free of charge on the iPod nano's on a case by case basis.

This repair coverage should be taken care of at both Apple stores and Apple certified service providers. Let us know if you hear otherwise!

[via Engadget]