Tech Today w/ Ken May

Archive for October 3rd, 2017

Enlarge (credit: Michael Ochs Archives/Getty Images) Technologies such as Bluetooth Low Energy (BLE) have allowed an increasing number of devices to be controlled by mobile devices. But as Ars has reported in the past, BLE devices also can be a privacy and security risk. And as Alex Lomas of Pentest Partners  found recently, some of these vulnerable devices are of a very personal nature. Lomas discovered that he could relatively easily search for and hijack BLE-enabled sex toys—a pursuit he named “screwdriving” (after the Wi-Fi network finding practice of “wardriving”). Lomas performed a security analysis on a number of BLE-enabled sex toys, including the Lovesense Hush—a BLE-connected butt plug designed to allow control by the owner’s smartphone or remotely from a partner’s phone via the device’s mobile application. Using a Bluetooth “dongle” and antenna, Lomas was able to intercept and capture the BLE transmissions between the devices and their associated applications. As it turns out, reverse-engineering the control messages between apps and a number of devices was not terribly difficult—the communications between the apps and the toys were not encrypted and could easily be recorded with a packet capture tool. They could also be replayed by an attacker, since the devices accepted pairing requests without a PIN code—allowing anyone to take over control of them. Read 2 remaining paragraphs | Comments

Categories: reader

Turns out that the total number of people whose lives Equifax ruined by doxing them and then dumping all their most sensitive personal and financial data is 145,500,000 , not 143,000,000. The company’s new CEO apologized for the misunderstanding, and persisted in calling the people his company destroyed “customers” despite the fact that the vast majority of them were not Equifax customers, just random people whom Equifax compiled massive dossiers on, and then lost control over.

Categories: reader

Fully driverless cars could be months away

Posted by kenmay on October - 3 - 2017

Enlarge / Waymo is using a fleet of Chrysler Pacifica Hybrid minivans to develop its self-driving technology. (credit: Waymo) Real driverless cars could come to the Phoenix area this year, according to a Monday report from The Information’s Amir Efrati. Two anonymous sources have told Efrati that Google’s self-driving car unit, Waymo, is preparing to launch “a commercial ride-sharing service powered by self-driving vehicles with no human ‘safety’ drivers as soon as this fall.” Obviously, there’s no guarantee that Waymo will hit this ambitious target. But it’s a sign that Waymo believes its technology is very close to being ready for commercial use. And it suggests that Waymo is likely to introduce a fully driverless car network in 2018 if it doesn’t do so in the remaining months of 2017. Waymo plans to launch first in the Phoenix suburbs Efrati reports that Waymo CEO John Krafcik faces pressure from his boss, Google co-founder and Alphabet CEO Larry Page, to transform Waymo’s impressive self-driving technology into a shipping product. Page had been pushing for a launch by the end of 2016. But a major deal with Ford to produce the necessary vehicles fell through, forcing Waymo to scramble and sign a smaller deal with Fiat Chrysler  to supply minivans. Read 9 remaining paragraphs | Comments

Categories: reader

For years, Google has provided a nifty trick to get around subscriptions for newspapers and magazines. But the company is now doing away with it. From a report: Google is ending its controversial First Click Free (FCF) policy that publishers loathed because it required them to allow Google search results access to news articles hidden behind a paywall. The company is replacing the decade-old FCF with Flexible Sampling, which allows publishers instead to decide how many (if any) articles they want to allow potential subscribers to access. Google says it’s also working on a suite of new tools to help publishers reach new audiences and grow revenue. Via FCF, users could access an article for free but would be prompted to log-in or subscribe if they clicked anywhere else on the page. Publishers were required to allow three free articles per day which Google indexed so that they appeared in searches for a particular topic or keyword. Opting out of the FCF feature was detrimental because it demoted a publisher’s ranking on Google Search and Google News. Read more of this story at Slashdot.

Categories: reader

A reader shares a report: A team of theoretical physicists from Oxford University in the UK has shown that life and reality cannot be merely simulations generated by a massive extraterrestrial computer. The finding — an unexpectedly definite one — arose from the discovery of a novel link between gravitational anomalies and computational complexity. In a paper published in the journal Science Advances, Zohar Ringel and Dmitry Kovrizhi show that constructing a computer simulation of a particular quantum phenomenon that occurs in metals is impossible — not just practically, but in principle. The pair initially set out to see whether it was possible to use a technique known as quantum Monte Carlo to study the quantum Hall effect — a phenomenon in physical systems that exhibit strong magnetic fields and very low temperatures, and manifests as an energy current that runs across the temperature gradient. The phenomenon indicates an anomaly in the underlying space-time geometry. They discovered that the complexity of the simulation increased exponentially with the number of particles being simulated. If the complexity grew linearly with the number of particles being simulated, then doubling the number of partices would mean doubling the computing power required. If, however, the complexity grows on an exponential scale — where the amount of computing power has to double every time a single particle is added — then the task quickly becomes impossible. Read more of this story at Slashdot.

Categories: reader

macOS 10.13’s Disk Utility 17.0 (1626) does not recognize raw drives, reads a blog post, shared by several readers. From the post: Diskutil does recognize the drive. We’ll use it to perform a quick, cursory format (e.g., diskutil eraseDisk JHFS+ NewDisk GPT disk0) to make the disk appear in Disk Utility, where further modifications can more easily be made. Plugging in an unformatted external drive produces the usual alert, “The disk you inserted was not readable by this computer. Initialize… | Ignore | Eject”, but clicking Initialize just opens Disk Utility without the disk appearing. There’s an option in Disk Utility to view “all devices, ” but clicking that doesn’t show raw disks, the blog post adds. Read more of this story at Slashdot.

Categories: reader

Enlarge / A monitor displays Equifax Inc. signage on the floor of the New York Stock Exchange (NYSE) in New York on Friday, September 15, 2017. (credit: Michael Nagle/Bloomberg via Getty Images ) A series of costly delays and crucial errors caused Equifax to remain unprotected for months against one of the most severe Web application vulnerabilities in years, the former CEO for the credit reporting service said in written testimony investigating the massive breach that exposed sensitive data for as many as 143 million US Consumers . Chief among the failures: an Equifax e-mail directing administrators to patch a critical vulnerability in the open source Apache Struts Web application framework went unheeded, despite a two-day deadline to comply. Equifax also waited a week to scan its network for apps that remained vulnerable. Even then, the delayed scan failed to detect that the code-execution flaw still resided in a section of the sprawling Equifax site that allows consumers to dispute information they believe is incorrect. Equifax said last month that the still-unidentified attackers gained an initial hold in the network by exploiting the critical Apache Struts vulnerability . “We at Equifax clearly understood that the collection of American consumer information and data carries with it enormous responsibility to protect that data,” Smith wrote in testimony provided to the US House Subcommittee on Digital Commerce and Consumer Protection . “We did not live up to that responsibility.” Read 6 remaining paragraphs | Comments

Categories: reader

schwit1 quotes a report from Futurism: In a continued streak of goodwill during this year’s devastating hurricane season, Tesla has been shipping hundreds of its Powerwall batteries to Puerto Rico in the aftermath of Hurricane Maria. Since the hurricane hit on 20 September, much of the U.S. territory has been left without power — about 97 percent, as of 27 September — hampering residents’ access to drinkable water, perishable food, and air conditioning. The island’s hospitals are struggling to keep generators running as diesel fuel dwindles. Installed by employees in Puerto Rico, Tesla’s batteries could be paired with solar panels in order to store electricity for the territory, whose energy grid may need up to six months to be fully repaired. Several power banks have already arrived to the island, and more are en route. Read more of this story at Slashdot.

Categories: reader

Enlarge (credit: Emmett Anderson ) Today, the Nobel Prize committee has honored three US biologists for their role in unravelling one of biology’s earliest mysteries: how organisms tell time. Microbes, plants, and animals all run on a 24-hour cycle, one that’s flexible enough to gradually reset itself, although it can take a few days after transcontinental travel. The biological systems responsible for maintaining this circadian clock require a lot of proteins that undergo complex interactions, and the new laureates are being honored for their use of genetics to start unraveling this complexity. A long-standing problem The first description of an organism’s internal clock dates all the way back to 1729, when a French astronomer (!?!?) decided to mess with a plant that opened and closed its leaves on a 24-hour cycle. He found that the cycle didn’t depend on daylight but would continue even when the plant was kept in the dark nonstop. It would take nearly 250 years to move from this observation to any sort of biological handle on the system. The change, as it has been so many times, was brought about using the fruit fly Drosophila . A genetic screen in the 1960s identified three different mutations that altered flies’ circadian clock: one that lengthened its 24-hour period, one that shortened it, and one that left it erratic. Mapping these revealed that all of them affected the same gene. From there, however, the field had to wait 20 years for us to develop the technology to clone the gene responsible for these changes, named period . Read 10 remaining paragraphs | Comments

Categories: reader