By BeauHD from Slashdot's only-a-matter-of-time department
An anonymous reader quotes a report from Motherboard: Grayshift, a company that offers to unlock modern iPhones for as little as $50 each, has caused a buzz across law enforcement agencies, with local police already putting down cash for the much sought-after tech. Now, it appears a section of the U.S. State Department has also purchased the iPhone cracking tool, judging by procurement records reviewed by Motherboard. Grayshift's iPhone product, dubbed GrayKey, can unlock devices running versions of Apple's latest mobile operating system iOS 11, according to marketing material obtained by Forbes. An online version of GrayKey which allows 300 unlocks costs $15,000 (which boils down to $50 per device), and an offline capability with unlimited uses is $30,000. According to a recent post from cybersecurity firm Malwarebytes, which obtained leaked details on GrayKey, the product itself is a small, four inch by four inch box, and two iPhones can be connected at once via lightning cables. Malwarebytes adds that the time it takes to unlock a device varies depending on the strength of the user's passcode: it may be hours or days. Notably, Grayshift includes an ex-Apple engineer on its staff, Forbes reported.
< article continued at Slashdot's only-a-matter-of-time department
>Read Replies (0)
By BeauHD from Slashdot's mission-accomplished department
An anonymous reader quotes a report from Los Angeles Times: "Mad" Mike Hughes, the rocket man who believes the Earth is flat, propelled himself about 1,875 feet into the air Saturday before a hard landing in the Mojave Desert. He told the Associated Press that outside of an aching back he's fine after the launch near Amboy, Calif. The launch in the sparsely populated desert town about 150 miles east of Los Angeles -- was originally scheduled in November. It was scrubbed several times due to logistical issues with the Bureau of Land Management and mechanical problems that kept popping up. The 61-year-old limo driver converted a mobile home into a ramp and modified it to launch from a vertical angle so he wouldn't fall back to the ground on public land. For months he's been working on overhauling his rocket in his garage. It looked like Saturday might be another in a string of cancellations, given that the wind was blowing and his rocket was losing steam. Ideally, they wanted it at 350 psi for maximum thrust, but it was dropping to 340. Sometime after 3 p.m. PDT, and without a countdown, Hughes' rocket soared into the sky. Hughes reached a speed that Stakes estimated to be around 350 mph before pulling his parachute. Hughes was dropping too fast, though, and he had to deploy a second one. He landed with a thud and the rocket's nose broke in two places like it was designed to do.Read Replies (0)
By BeauHD from Slashdot's non-commercial department
dryriver writes: Before I ask my question, there already is free and open-source software (FOSS) for wind turbine design and simulation called QBlade. It lets you calculate turbine blade performance using nothing more than a computer and appears compatible with Xfoil as well. But consider this: the ultimate, most efficient and most real-world usable and widely deployable wind turbine rotor may not have traditional "blades" or "foils" at all, but may be a non-propeller-like, complex and possibly rather strange looking three-dimensional rotor of the sort that only a 3D printer could prototype easily. It may be on a vertical or horizontal axis. It may have air flowing through canals in its non-traditional structure, rather than just around it. Nobody really knows what this "ultimate wind turbine rotor" may look like. The easiest way to find such a rotor might be through machine-learning. You get an algorithm to create complex non-traditional 3D rotor shapes, simulate their behavior in wind, and then mutate the design, simulate again, and get a machine learning algorithm to learn what sort of mutations lead to a better performing 3D rotor. In theory, enough iterations -- perhaps millions or more -- should eventually lead to the "ultimate rotor" or something closer to it than what is used in wind turbines today. Is this something FOSS developers could tackle, or is this task too complex for non-commercial software? The real world impact of such a FOSS project could be that far better wind turbines can be designed, manufactured and deployed than currently exist, and the fight against climate change becomes more effective; the better your wind turbines perform, and the more usable they are, the more of a fighting chance humanity has to do something against climate change. Could FOSS achieve this?Read Replies (0)
By BeauHD from Slashdot's here-we-go-again department
"FBI and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such 'extraordinary access' to encrypted devices," reports The New York Times (alternative source), citing people familiar with the matter. Justice Department officials believe that these "mechanisms allowing access to the data" exist without weakening the devices' security against hacking. Slashdot reader schwit1 shares the report: Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. The Trump White House circulated a memo last month among security and economic agencies outlining ways to think about solving the problem, officials said. The FBI has been agitating for versions of such a mandate since 2010, complaining that the spreading use of encryption is eroding investigators' ability to carry out wiretap orders and search warrants -- a problem it calls "going dark." The issue repeatedly flared without resolution under the Obama administration, peaking in 2016, when the government tried to force Apple to help it break into the iPhone of one of the attackers in the terrorist assault in San Bernardino, Calif. The debate receded when the Trump administration took office, but in recent months top officials like Rod J. Rosenstein, the deputy attorney general, and Christopher A. Wray, the FBI director, have begun talking publicly about the "going dark" problem. The National Security Council and the Justice Department declined to comment about the internal deliberations. The people familiar with the talks spoke on the condition of anonymity, cautioning that they were at a preliminary stage and that no request for legislation was imminent. But the renewed push is certain to be met with resistance.Read Replies (0)
By BeauHD from Slashdot's tragic-accidents department
theodp writes: Nearly a week after an autonomous Uber SUV claimed the first life in testing of self-driving vehicles, The Washington Post reports that Waymo CEO John Krafcik says he is confident its cars would have performed differently under the circumstances (Warning: source may be paywalled; alternative source), since they are intensively programmed to avoid such calamities. "I can say with some confidence that in situations like that one with pedestrians -- in this case a pedestrian with a bicycle -- we have a lot of confidence that our technology would be robust and would be able to handle situations like that," Krafcik said Saturday when asked if a Waymo car would have reacted differently than the self-driving Uber. In explaining its since-settled lawsuit against Uber last year, Google charged that Uber was "using key parts of Waymo's self-driving technology," and added it was "seeking an injunction to stop the misappropriation of our designs." In announcing the settlement of the lawsuit last month, Uber CEO Dara Khosrowshahi noted, "we are taking steps with Waymo to ensure our LIDAR and software represents just our good work." A Google spokesperson added, "We have reached an agreement with Uber that we believe will protect Waymo's intellectual property now and into the future. We are committed to working with Uber to make sure that each company develops its own technology. This includes an agreement to ensure that any Waymo confidential information is not being incorporated in Uber Advanced Technologies Group hardware and software." All of which might prompt some to ask: was Elaine Herzberg collateral damage in Google and Uber's IP war? "I want to be really respectful of Elaine [Herzberg], the woman who lost her life and her family," Krafcik continued. "I also want to recognize the fact that there are many different investigations going on now regarding what happened in Tempe on Sunday." His assessment, he said, was "based on our knowledge of what we've seen so far with the accident and our own knowledge of the robustness that we've designed into our systems."Read Replies (0)
By BeauHD from Slashdot's book-of-secrets department
An anonymous reader quotes a report from Ars Technica: This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received. This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us -- my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata. In response to an email inquiry about this data gathering by Ars, a Facebook spokesperson replied, "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts." The spokesperson pointed out that contact uploading is optional and installation of the application explicitly requests permission to access contacts. And users can delete contact data from their profiles using a tool accessible via Web browser.
< article continued at Slashdot's book-of-secrets department
>Read Replies (0)
By EditorDavid from Slashdot's this-scepter'd-isle department
The U.K.'s High Court will not send Lauri Love to face trial in the U.S. for hacking government computer systems. Instead they've issued a final refusal to overturn Love's successful appeal of his extradition, Ars Technica reports, "effectively ending the extradition effort permanently."
Love was originally arrested in the UK in October of 2013 after using an automated scanner to locate servers within a large range of IP addresses for SQL injection and ColdFusion vulnerabilities and then breaching vulnerable systems and installing Web shells to give him remote administrative-level access. He allegedly managed to compromise servers belonging to the U.S. Missile Defense Agency, the U.S. Army, the Federal Reserve, NASA, and the Environmental Protection Agency. Love's attorneys fought the extradition on the grounds that Love -- who has been diagnosed with Asperger's Syndrome, severe depression, and antibiotic-resistant eczema -- would not get appropriate medical attention in a U.S. prison and would be at risk of suicide if he faced the potential 99-year prison term associated with the charges...
The U.S. had already essentially dropped efforts to extradite Love, but the ruling by the High Court now sets legal precedent that may bar future extraditions of British citizens on hacking charges. In a statement e-mailed to Ars, Naomi Colvin -- acting director of the Courage Foundation, an organization that has assisted Love in his extradition appeal -- said that as a result of the ruling, "there is now very little prospect of any British hacker ever finding themselves in the same position as Lauri Love or Gary McKinnon. Fifteen years of terrible public policy in which British hackers were left open to the vindictive instincts of US prosecutors have now been brought to an end."
Lauri Love told the site that with this ruling, "The era of the U.S. Department of Justice as world police is over."Read Replies (0)
By EditorDavid from Slashdot's artificially-intelligent department
"Robot brains will challenge the fundamental assumptions of how we humans do things," argues Popular Mechanics, noting that age-old truism "that computers will always do literally, exactly what you tell them to."
A paper recently published to ArXiv highlights just a handful of incredible and slightly terrifying ways that algorithms think... An AI project which pit programs against each other in games of five-in-a-row Tic-Tac-Toe on an infinitely expansive board surfaced the extremely successful method of requesting moves involving extremely long memory addresses which would crash the opponent's computer and award a win by default...
These amusing stories also reflect the potential for evolutionary algorithms or neural networks to stumble upon solutions to problems that are outside-the-box in dangerous ways. They're a funnier version of the classic AI nightmare where computers tasked with creating peace on Earth decide the most efficient solution is to exterminate the human race. The solution, the paper suggests, is not fear but careful experimentation.
The paper (available as a free download) contains 27 anecdotes, which its authors describe as a "crowd-sourced product of researchers in the fields of artificial life and evolutionary computation. Popular Science adds that "the most amusing examples are clearly ones where algorithms abused bugs in their simulations -- essentially glitches in the Matrix that gave them superpowers."Read Replies (0)
By EditorDavid from Slashdot's moving-back-to-MySpace department
Long-time Slashdot reader Lauren Weinstein argues that fixing Facebook may be impossible because "Facebook's entire ecosystem is predicated on encouraging the manipulation of its users by third parties who posses the skills and financial resources to leverage Facebook's model. These are not aberrations at Facebook -- they are exactly how Facebook was designed to operate." Meanwhile one fund manager is already predicting that sooner or later every social media platform "is going to become MySpace," adding that "Nobody young uses Facebook," and that the backlash over Cambridge Analytica "quickens the demise."
But Slashdot reader silvergeek asks, "is there a safe, secure, and ethical alternative?" to which tepples suggests "the so-called IndieWeb stack using the h-entry microformat." He also suggests Diaspora, with an anonymous Diaspora user adding that "My family uses a server I put up to trade photos and posts... Ultimately more people need to start hosting family servers to help us get off the cloud craze... NethServer is a pretty decent CentOS based option."
Meanwhile Slashdot user Locke2005 shared a Washington Post profile of Mastodon, "a Twitter-like social network that has had a massive spike in sign-ups this week."
Mastodon's code is open-source, meaning anybody can inspect its design. It's distributed, meaning that it doesn't run in some data center controlled by corporate executives but instead is run by its own users who set up independent servers. And its development costs are paid for by online donations, rather than through the marketing of users' personal information... Rooted in the idea that it doesn't benefit consumers to depend on centralized commercial platforms sucking up users' personal information, these entrepreneurs believe they can restore a bit of the magic from the Internet's earlier days -- back when everything was open and interoperable, not siloed and commercialized.
< article continued at Slashdot's moving-back-to-MySpace department
>Read Replies (0)
By EditorDavid from Slashdot's permission-slips department
Thousands of etcd servers "are spitting sensitive passwords and encrypted keys," reports Fossbytes:
Security researcher Giovanni Collazo was able to harvest 8781 passwords, 650 AWS access keys, 23 secret keys, and 8 private keys. First, he ran a query on the hacker search engine Shodan that returned around 2300 servers running etcd database. Then, he ran a simple script that gave him the login credentials stored on these servers which can be used to gain access to CMSs, MySQL, and PostgreSQL databases, etc.
etcd is a database used by computing clusters to store and exchange passwords and configuration settings between servers and applications over the network. With the default settings, its programming interface can return administrative login credentials without any authentication upfront... All of the data he harvested from around 1500 servers is around 750MB in size... Collazo advises that anyone maintaining etcd servers should enable authentication, set up a firewall, and take other security measures.
Another security research independently verified the results, and reported that one MySQL database had the root password "1234".Read Replies (0)