Tag: digest-golf

First known hacker-caused power outage signals troubling escalation

(credit: Krzysztof Lasoń ) Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said. The outage left about half of the homes in the Ivano-Frankivsk region of Ukraine without electricity, Ukrainian news service TSN reported in an article posted a day after the December 23 failure . The report went on to say that the outage was the result of malware that disconnected electrical substations. On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to “destructive events” that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage. “It’s a milestone because we’ve definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout,” John Hultquist, head of iSIGHT’s cyber espionage intelligence practice, told Ars. “It’s the major scenario we’ve all been concerned about for so long.” Read 7 remaining paragraphs | Comments

See the original post:
First known hacker-caused power outage signals troubling escalation

Files on nearly 200 floppy disks belonging to Star Trek creator recovered

(credit: churl ) According to a press release from DriveSavers data recovery, information on nearly 200 floppy disks that belonged to Star Trek creator Gene Roddenberry has been recovered. The information on the disks belongs to Roddenberry’s estate and has not been disclosed to the general public. DriveSavers notes, however, that Roddenberry used the disks to store his work and “to capture story ideas, write scripts and [take] notes.” VentureBeat reports that the disks, containing 160KB of data each, were likely used and written in the ’80s. The circumstances of the information recovery are particularly interesting, however. Several years after the death of Roddenberry, his estate found the 5.25-inch floppy disks. Although the Star Trek creator originally typed his scripts on typewriters, he later moved his writing to two custom-built computers with custom-made operating systems before purchasing more mainstream computers in advance of his death in 1991. Read 2 remaining paragraphs | Comments

Excerpt from:
Files on nearly 200 floppy disks belonging to Star Trek creator recovered

CBS, Paramount sue crowdfunded Star Trek filmmakers for copyright infringement

Prelude to Axanar (Official). On Tuesday, lawyers representing CBS and Paramount Studios sued Axanar Productions, a company formed by a group of fans attempting to make professional-quality Star Trek fan-fiction movies, for copyright infringement. “The Axanar Works are intended to be professional quality productions that, by Defendants’ own admission, unabashedly take Paramount’s and CBS’s intellectual property and aim to ‘look and feel like a true Star Trek movie,’” the complaint reads  (PDF). Axanar Productions released a short 20-minute film called  Prelude to Axanar  in 2014, in which retired Starfleet leaders talk about their experiences in the Four Years War, a war between the Federation and the Klingons that occurred in the Star Trek universe before The Original Series began. The feature-length Axanar is scheduled to premier in 2016 and follows the story of Captain Kirk’s hero, Garth of Izar . Both productions were funded on Kickstarter and Indiegogo, raising more than $1.1 million  from fans. Read 12 remaining paragraphs | Comments

Read More:
CBS, Paramount sue crowdfunded Star Trek filmmakers for copyright infringement

Beating graphene to push supercapacitors closer to batteries

(credit: Oak Ridge National Lab ) Most people think of batteries when they consider energy storage, but capacitors are an alternative in some use cases. Capacitors are used in almost all electronic devices, often to supply temporary power when batteries are being changed to prevent loss of information. In addition to everyday devices, they are also used in more obscure technologies, including certain types of weapons. Understanding the supercapacitor Unlike batteries, capacitors use static electricity to store energy. In their simplest form, they contain two conducting metallic plates with an insulating material (dielectric) placed in between. A typical capacitor charges instantly but usually cannot hold a great deal of charge. Supercapacitors can at least partly overcome this shortcoming. They differ from the typical capacitor in that their “plates” provide significantly larger surface area and are much closer together. The surface area is increased by coating the metal plates with a porous substance. Instead of having a dielectric material between them, the plates of a supercapacitor are soaked in an electrolyte and separated by an extremely thin insulator. Read 11 remaining paragraphs | Comments

Excerpt from:
Beating graphene to push supercapacitors closer to batteries

Yandex worker stole search engine source code, tried selling for just $28K

(credit: Yandex ) An employee of Russia’s Internet giant Yandex, Dmitry Korobov, stole the source code of its search engine and tried to sell it on the black market to fund his own startup, according to a report by the Russian newspaper Kommersant . A Russian court has found Korobov guilty and handed down a suspended sentence of two years in jail. The Kommersant  investigation revealed that Korobov downloaded a piece of software codenamed Arcadia from Yandex’s servers, which contained the source code and algorithms of the company’s search engine. Later on, he tried to sell it to an electronics retailer called NIX, where a friend of his allegedly worked. Korobov also trawled the darknet in search of potential buyers. Korobov put a surprisingly low price on the code and algorithms, asking for just $25,000 and 250,000 Russian rubles, or about £27,000 in total. There’s no information on Korobov’s position within the company, but it appears that he wasn’t aware that the data he had in his possession could be worth much more. Read 7 remaining paragraphs | Comments

See the original post:
Yandex worker stole search engine source code, tried selling for just $28K

TSA may soon stop accepting drivers’ licenses from nine states

TSA screening passengers in Fort Lauderdale, Florida. (credit: danfinkelstein ) The citizens of several US states may soon find that they can’t use their drivers’ licenses to get into federal facilities or even board planes. Enforcement of a 2005 federal law that sets identification standards, known as “Real ID,” has been long-delayed. But now Department of Homeland Security officials say enforcement is imminent. The “Real ID” law requires states to implement certain security features before they issue IDs and verify the legal residency of anyone to whom they issue an ID card. The statute is in part a response to the suggestion of the 9/11 Commission, which noted that four of the 19 hijackers used state-issued ID cards  to board planes. Real ID also requires states to share their databases of driver information with other states. The information-sharing provisions are a big reason why some privacy groups   opposed the law , saying it would effectively be the equivalent of a national identification card. Read 10 remaining paragraphs | Comments

More here:
TSA may soon stop accepting drivers’ licenses from nine states

Self-driving Ford Fusions are coming to California next year

Apart from the sensor bar on the roof, this Ford Fusion Hybrid looks just like a normal car. (credit: Jonathan Gitlin) Even more robots are coming to California’s roads next year. Yesterday, Ford announced that it will start testing its autonomous Fusion sedans in the state now that it is officially enrolled in the California Autonomous Vehicle Testing Program . The company opened a new R&D center in Palo Alto at the beginning of the year, which among other projects has been working on virtual simulations of autonomous driving as well as sensor fusion to improve the way its cars perceive the world around them. Ford is the 11th group to obtain a California driving license for its autonomous cars, joining other OEMs (BMW, Mercedes-Benz, Honda, Nissan, Tesla, and Volkswagen Group), tier one suppliers (Bosch and Delphi ), and tech companies (Cruise Automation and Google). A condition of the self-driving car regulations requires companies to provide California’s DMV with a report any time one of their cars is involved in a collision. Since the rules went into effect in September 2014, there have been a total of 10 incidents . The first, in October 2014, involved one of Delphi’s test vehicles, although it was being driven by a human at the time. The nine other incidents all involve Google’s cars, seven of which were being driven autonomously. Read 1 remaining paragraphs | Comments

Read the original:
Self-driving Ford Fusions are coming to California next year

Hackers actively exploit critical vulnerability in sites running Joomla

Enlarge / An payload that’s been modified so it can’t be misused. Malicious hackers are using it to perform an object injection attack that leads to a full remote command execution. (credit: Sucuri ) Attackers are actively exploiting a critical remote command-execution vulnerability that has plagued the Joomla content management system for almost eight years, security researchers said. A patch for the vulnerability, which affects versions 1.5 through 3.4.5, was released Monday morning . It was too late: the bug was already being exploited in the wild, researchers from security firm Sucuri warned in a blog post . The attacks started on Saturday from a handful of IP addresses and by Sunday included hundreds of exploit attempts to sites monitored by Sucuri. “Today (Dec 14th), the wave of attacks is even bigger, with basically every site and honeypot we have being attacked,” the blog post reported. “That means that probably every other Joomla site out there is being targeted as well.” Read 2 remaining paragraphs | Comments

See the article here:
Hackers actively exploit critical vulnerability in sites running Joomla

Copyright case over “Happy Birthday” is done, trial canceled

With less than a week to go before a trial, a class-action lawsuit over the copyright status of “Happy Birthday” has been resolved. Details of the settlement, including what kind of uses will be allowed going forward, are not clear. A short order (PDF) filed yesterday by US Chief District Court Judge George King says that all parties have agreed to a settlement, and it vacates a trial which was scheduled to start on December 15. The key turning point came in September , when King ruled that Warner/Chappell’s copyright transfer was invalid because there was no proof it was ever properly transferred from the Hill sisters, who claimed to have written the song. The trial would have addressed damages issues. Also looming was a late copyright claim by Association for Childhood Education International (ACEI), a children’s’ charity affiliated with the Hill sisters. ACEI came forward in November to say that if Warner/Chappell didn’t own the song, it did. The settlement revealed yesterday resolves all claims by the plaintiffs, Warner/Chappell, and ACEI. Read 4 remaining paragraphs | Comments

Read More:
Copyright case over “Happy Birthday” is done, trial canceled

Getting a Linux box corralled into a DDoS botnet is easier than many think

Enlarge (credit: Aurich Lawson and Getty) Getting a Linux server hacked and made part of a botnet is easier than some people may think. As two unrelated blog posts published in the past week demonstrate, running a vulnerable piece of software is often all that’s required. Witness, for example, a critical vulnerability disclosed earlier this year in Elasticsearch , an open source server application for searching large amounts of data. In February, the company that maintains it warned it contained a vulnerability that allowed hackers to execute commands on the server running it. Within a month, a hacking forum catering to Chinese speakers provided all the source code and tutorials needed for people with only moderate technical skills to fully identify and exploit susceptible servers. A post published Tuesday by security firm Recorded Future deconstructs that hacker forum from last March. It showed how to scan search services such as Shodan and ZoomEye to find vulnerable machines. It includes an attack script written in Python that was used to exploit one of them and a separate Perl script used to make the newly compromised machine part of a botnet of other zombie servers. It also included screenshots showing the script being used against the server. The tutorial underscores the growing ease of hacking production servers and the risk of being complacent about patching. Read 5 remaining paragraphs | Comments

See the article here:
Getting a Linux box corralled into a DDoS botnet is easier than many think