CCTV footage from Long Beach, CA shows crooks robbing cars after opening them with some kind of keyless entry fob that appears to defeat the cars’ built-in cryptographic security. The fobs evidently don’t work on all models, and may require operation from the passenger side. It’s not clear what method the fobs use to attack the locks. Any guesses? Adding to the mystery, police say the device works on some cars but not others. Other surveillance videos show thieves trying to open a Ford SUV and a Cadillac, with no luck. But an Acura SUV and sedan pop right open. And they always seem to strike on the passenger side. Investigators don’t know why. “We’ve reached out to the car manufacturers, the manufacturers of the vehicle alarm systems: Nobody seems to know what this technology is,” Hendricks told us. “When you look at the video and you see how easy it is, it’s pretty unnerving.” Police admit they’re ‘stumped’ by mystery car thefts ( via /. )
See original article:
CCTV footage shows crooks using some kind of universal keyless entry fob
mask.of.sanity writes “Vulnerabilities in Hybrid Broadcast Broadband TV television sets have been found that allow viewers’ home networks to be hacked, the programs they watched spied on, and even for TV sets to be turned into Bitcoin miners. The laboratory attacks took take advantage of the rich web features enabled in smart TVs running on the HbbTV network, a system loaded with online streaming content and apps which is used by more than 20 million viewers in Europe.” Read more of this story at Slashdot. 
To create the map of Liberty City, creators stitched together nearly 80,000 in-game screenshots into around 3,000 panoramic views. [Read more] 
Sonte Film window coverings made from a special material that responds to electric current can go opaque or clear at the bidding of a smartphone app. [Read more] 
Tragedy hits the company that made the Oculus Rift head-mounted virtual-reality display, as co-founder Andrew Reisse finds himself in the wrong place at the wrong time during a police chase. [Read more] 
New submitter Eugriped3z writes with an article in the New York Times that “indicates that manufacturing defect rates for solar panels manufactured in China vary widely, anywhere from 5-22%. Secrecy in the terms of settlements negotiated by attorneys representing multi-million dollar installations perpetuate the problem by masking the identity of unscrupulous or incompetent actors. Meanwhile, Reuters reports that unit labor costs in Mexico are now lower than in China.” Read more of this story at Slashdot. 
Ars Technica’s Nate Anderson Dan Goodin follows up on Nate Anderson’s excellent piece on the nuts and bolts of password cracking with a further attempt to decrypt an encrypted password file leaked from LivingSocial, this time with the aid of experts. The password file they were working on was encrypted with the relatively weak (and now deprecated) SHA1 hashing algorithm, and they were only attacking it with a single GPU on a commodity PC, and were able to extract over 90% of the passwords in the file. The discussion of the guesswork and refinement techniques used in extracting passwords is absolutely fascinating and really is a must-read. However, the whole exercise is still a bit inconclusive — in the end, we know that a badly encrypted password file is vulnerable to an underpowered password-cracking device. But what we need to know is whether a well-encrypted password file will stand up to a good password-cracking system. The specific type of hybrid attack that cracked that password is known as a combinator attack. It combines each word in a dictionary with every other word in the dictionary. Because these attacks are capable of generating a huge number of guesses—the square of the number of words in the dict—crackers often work with smaller word lists or simply terminate a run in progress once things start slowing down. Other times, they combine words from one big dictionary with words from a smaller one. Steube was able to crack “momof3g8kids” because he had “momof3g” in his 111 million dict and “8kids” in a smaller dict… What was remarkable about all three cracking sessions were the types of plains that got revealed. They included passcodes such as “k1araj0hns0n,” “Sh1a-labe0uf,” “Apr!l221973,” “Qbesancon321,” “DG091101%,” “@Yourmom69,” “ilovetofunot,” “windermere2313,” “tmdmmj17,” and “BandGeek2014.” Also included in the list: “all of the lights” (yes, spaces are allowed on many sites), “i hate hackers,” “allineedislove,” “ilovemySister31,” “iloveyousomuch,” “Philippians4:13,” “Philippians4:6-7,” and “qeadzcwrsfxv1331.” “gonefishing1125” was another password Steube saw appear on his computer screen. Seconds after it was cracked, he noted, “You won’t ever find it using brute force.” Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”