By EditorDavid from Slashdot's automating-larceny department
schwit1 shared an article from the BBC:
Using a cheap robot, a team of hackers has cracked open a leading-brand combination safe, live on stage in Las Vegas. The team from SparkFun Electronics was able to open a SentrySafe safe in around 30 minutes... After the robot discovered the combination was 51.36.93, the safe popped open -- to rapturous applause from the audience of several hundred... The robot, which cost around $200 to put together, makes use of 3D-printed parts that can be easily replaced to fit different brands of combination safe. It cannot crack a digital lock -- although vulnerabilities in those systems have been exposed by other hacking teams in the past.
Though the safe had a million possible combinations using three two-digit numbers, the last number had slightly larger indents on the dial -- reducing the possible combinations to just 10,000. And in addition, "the team also discovered that the safe's design allows for a margin of error to compensate for humans getting their combination slightly wrong" -- which meant that the robot only had to check every third number. "Using this method, they could cut down the number of possible combinations to around 1,000."
"Some SentrySafe models come with an additional lock and key, but the team was able to unlock it by using a Bic pen."Read Replies (0)
By EditorDavid from Slashdot's so-ubiquitous-it-will-disappear department
An anonymous reader shares an article from O'Reilly Media's VP of content strategy:
It's high time to build the internet that we wanted all along: a network designed to respect privacy, a network designed to be secure, and a network designed to impose reasonable controls on behavior. And a network with few barriers to entry -- in particular, the certainty of ISP extortion as new services pay to get into the "fast lane." Is it time to start over from scratch, with new protocols that were designed with security, privacy, and maybe even accountability in mind? Is it time to pull the plug on the abusive old internet, with its entrenched monopolistic carriers, its pervasive advertising, and its spam? Could we start over again?
That would be painful, but not impossible... In his deliciously weird novel Someone Comes To Town, Someone Leaves Town, Cory Doctorow writes about an alternative network built from open WiFi access points. It sounds similar to Google's Project Fi, but built and maintained by a hacker underground. Could Doctorow's vision be our future backboneless backbone? A network of completely distributed municipal networks, with long haul segments over some public network, but with low-level protocols designed for security? We'd have to invent some new technology to build that new network, but that's already started.
The article cites the increasing popularity of peer-to-peer functionality everywhere from Bitcoin and Blockchain to the Beaker browser, the Federated Wiki, and even proposals for new file-sharing protocols like IPFS and Upspin. "Can we build a network that can't be monopolized by monopolists? Yes, we can..."
"It's time to build the network we want, and not just curse the network we have."Read Replies (0)
By EditorDavid from Slashdot's United-States-of-Developers department
An anonymous reader writes:
Palo Alto-based HackerRank, which offers online programmng challenges, "dug into our data of about 450,000 unique U.S. developers to uncover which states are home to the best software engineers, and which pockets of the country have the highest rate of developer growth." Examining the 24 months from 2015 through the end of 2016, they calculated the average score for each state in eight programming-related domains. (Algorithms, data structures, functional programming, math, Java, Ruby, C++, and Python.) But it seems like low-population states would have fewer people taking the tests, meaning a disproportionate number of motivated and knowledgeable test takers could drastically skew the results. Sure enough, Wyoming -- with a population of just 584,153 -- has the smallest population of any U.S. state, but the site's second-highest average score, and the top score in three subject domains -- Ruby, data structures, and algorithms. And the District of Columbia -- population 681,170 -- has the highest average score for functional programming.
California, New York and Virginia still had the highest number of developers using the site, while Alaska, Wyoming and South Dakota not surprisingly had the least number of developers. But maybe the real take-away is that programmers are now becoming more distributed. HackerRank's announcement notes that the site "found growing developer communities and skilled developers all across the country. Previously, the highest concentrations of developers did not stray far from the tech hubs in California. Hawaii, Colorado, Virginia, and Nevada demonstrated the fastest growth in terms of developer activity on the HackerRank platform..." In addition, "we've had a noticeable uptick in customers across industries, from healthcare to retail and finance, with strong demand for identifying technical skills quickly."
< article continued at Slashdot's United-States-of-Developers department
>Read Replies (0)
By EditorDavid from Slashdot's extra-Flashy department
An anonymous reader quotes BleepingComputer:
A petition is asking Adobe to release Flash into the hands of the open-source community. Finnish developer Juha Lindstedt started the petition a day after Adobe announced plans to end Flash support by the end of 2020. "Flash is an important piece of Internet history and killing Flash means future generations can't access the past," Lindstedt explains in the petition's opening paragraph. "Games, experiments and websites would be forgotten." The developer wants Adobe to open-source Flash or parts of its technology so the open-source community could take on the job of supporting a minimal version of the Flash plugin or at least create a tool to accurately convert old SWF and FLA files to modern HTML5, canvas data, or WebAssembly code... Lindstedt is asking users to sign the petition by starring the project on GitHub. At the time of writing, the petition has garnered over 3,000 stars.
A reporter at ZDNet counters that "the only way to really secure Flash is to get rid of it... If Flash lives, people will continue to use it, and without security support, it will be even more insecure than ever."
He points out there's already several programs that convert Flash into other formats -- and that Adobe already open sourced its Flex framework for building Flash applications back in 2008 (now supported by the Apache Software Foundation as Apache Flex). "In other words, we don't need the Flash source code to convert or create Flash files. Just let Flash go already...!
"Usually, I'm favor with open-sourcing everything and anything. Not this time. Flash has proven to be a net of endless security holes. It's time to let it go for once and for all.Read Replies (0)
By EditorDavid from Slashdot's Should-The-Government-Fix-America's-Worst-Internet-Access? department
An anonymous reader quotes a story from Nate Silver's FiveThirtyEight site about "the worst internet in America":
FiveThirtyEight analyzed every county's broadband usage using data from researchers at the University of Iowa and Arizona State University and found that Saguache, Colorado was at the bottom. Only 5.6 percent of adults were estimated to have broadband... It has some of the worst internet in the country. That's in part because of the mountains and the isolation they bring... Its population of 6,300 is spread across 3,169 square miles 7,800 feet above sea level, but on land that is mostly flat, so you can almost see the full scope of two mountain ranges as you drive the county's highway...
But Saguache isn't alone in lacking broadband. According to the Federal Communications Commission, 39 percent of rural Americans -- 23 million people -- don't have access. In Pew surveys, those who live in rural areas were about twice as likely not to use the internet as urban or suburban Americans.
In Saguache County download speeds of 12 Mbps (with an upload speed of 2 Mbps) cost $90 a month, and the article points out that when it comes to providing broadband, "small companies and cooperatives are going it more or less alone, without much help yet from the federal government." But that raises an inevitable question. Should the federal government be subsidizing rural internet access?Read Replies (0)
By EditorDavid from Slashdot's social-engineering department
In a piece describing the paranoid vibe in Las Vegas during the DEFCON convention, CNET reported Friday that the Wet Republic web site "had two images vandalized" with digital graffiti. But their reporter now writes that "my paranoia finally got the best of me, and it turned out to be an ad campaign."
The images included a scribbled beard and eye patch on a photo of bikini model, along with the handwritten message "It's all out war." CNET's updated story now reports that "It looked like a prank you'd see from a mischievous hacker..."
When I spotted the vandalism on the Wet Republic site Friday morning, it looked like other attacks I'd seen throughout the week, such as a Blue Screen of Death on a bus ticket machine... Hakkasan, which hosts the event at MGM Grand, said the "vandalism" was part of the cheeky advertisements for a seasonal bikini contest it's been running since 2015. The "all-out war" is between the models in the competition, not between hackers and clubs. Hakkasan's spokeswoman said nothing on its network has been compromised. So maybe not everything online in Las Vegas is getting hacked this week, and this n00b learned to calm down the hard way.
For that matter, maybe that blue screen of death was also just another random Windows machine crashing.
CNET's reporter made one other change to his article. He removed the phrase "when hackers are in town for Defcon, everything seems to be fair game."Read Replies (0)
By EditorDavid from Slashdot's extending-an-embrace department
BrianFagioli quotes BetaNews: Today, Microsoft further pledges its loyalty to Linux and open source by becoming a platinum member of the Cloud Native Computing Foundation. If you aren't familiar, the CNCF is a part of the well-respected Linux Foundation (of which Microsoft is also a member). With the Windows-maker increasingly focusing its efforts on the cloud -- and profiting from it -- this seems like a match made in heaven. In fact, Dan Kohn, Executive Director of the foundation says, "We are honored to have Microsoft, widely recognized as one of the most important enterprise technology and cloud providers in the world, join CNCF as a platinum member." "CNCF is a part of the Linux Foundation, which helps govern for a wide range of cloud-oriented open source projects, such as Kubernetes, Prometheus, OpenTracing, Fluentd, Linkerd, containerd, Helm, gRPC, and many others," says John Gossman Azure Architect, Microsoft. "Since we joined the Linux Foundation last year, and now have decided to expand that relationship to CNCF membership as a natural next step to invest in open source communities and code at multiple levels, especially in the area of containers."
The announcement notes that Microsoft has already been contributing code to the Kubernetes project, "as well as running Kubernetes as part of the Azure Container Service."Read Replies (0)
By EditorDavid from Slashdot's clean-air-acts department
Here's how the Volkswagen emissions scandal ends in California -- and the rest of America. An anonymous reader quotes the Bay Area News Group:
In a decision with lasting implications for the growth of electric vehicles, state regulators on Thursday approved Volkswagen's plan to invest nearly $1 billion in California's EV network as penalty for its diesel-emission cheating scandal... San Jose and San Francisco are two of six cities slated for expanded community charging stations. A Volkswagen subsidiary, Electrify America, also will target low-income communities for at least 35 percent of the projects... The first phase calls for $120 million to build 400 charging stations with between 2,000 and 3,000 chargers. About $75 million will be used to develop a high-speed, highway charging network, mostly consisting of 150 kilowatt fast-chargers. The other $45 million will build community charging stations in six metro areas: San Jose, San Francisco, Sacramento, Fresno, Los Angeles and San Diego. Another $44 million will build a "Green City" in Sacramento. It will provide access to zero-emission vehicles to low-income residents, through ride-sharing and other programs. As part of the 10-year comprehensive plan, Electrify America will build a nationwide network of fast-charging stations with universal technology.
That nationwide network is expected to cost another $2 billion.Read Replies (0)
By EditorDavid from Slashdot's knowing-when-you've-been-bad-or-good department
An anonymous reader quotes Computerworld's article on the implications of New York City's plan to blanket the city with "smart" kiosks offering ultrafast Wi-Fi.
The existence of smart-city implementations like Intersection's LinkNYC means that New Yorkers won't actually need mobile contracts anymore. Most who would otherwise pay for them will no doubt continue to do so for the convenience. But those who could not afford a phone contract in the past will have ubiquitous fast connectivity in the future. This strongly erodes the digital divide within smart cities. A 2015 study conducted by New York City found that more than a quarter of city households had no internet connectivity at home, and more than half a million people didn't own their own computer...
Over the next 15 years, the city will go through the other two phases, where sensor data will be processed by artificial intelligence to gain unprecedented insights about traffic, environment and human behavior and eventually use it to intelligently re-direct traffic and shape other city functions... And as autonomous cars gradually roll out, New York will be well positioned to be one of the first cities to legalize them, because they'll be safer thanks to 5G, sensors and data from all those kiosks.
Intersection, a Google-backed startup, has already installed 1,000 of the kiosks in New York, and is planning to install 7,000 more. The sides of the kiosk have screens which show alerts and other public information -- as well as advertisements, which cover all the costs of the installations and even bring extra money into the city coffers.
New York's move "puts pressure on other U.S. cities to follow suit," the article also points out, adding that privacy policies "are negotiated agreements between the company and the city. So if a city wants to use those cameras and sensors for surveillance, it can."Read Replies (0)
By EditorDavid from Slashdot's secret-ballot-machines department
An anonymous reader quotes The Hill:
Hackers at at a competition in Las Vegas were able to successfully breach the software of U.S. voting machines in just 90 minutes on Friday, illuminating glaring security deficiencies in America's election infrastructure. Tech minds at the annual "DEF CON" in Las Vegas were given physical voting machines and remote access, with the instructions of gaining access to the software. According to a Register report, within minutes, hackers exposed glaring physical and software vulnerabilities across multiple U.S. voting machine companies' products. Some devices were found to have physical ports that could be used to attach devices containing malicious software. Others had insecure Wi-Fi connections, or were running outdated software with security vulnerabilities like Windows XP.
Though some of the machines were out of date, they were all from "major U.S. voting machine companies" like Diebold Nixorf, Sequoia Voting Systems, and WinVote -- and were purchased on eBay or at government auctions. One of the machines apparently still had voter registration data stored in plain text in an SQLite database from a 2008 election, according to event's official Twitter feed.
By Saturday night they were tweeting video of a WinVote machine playing Rick Astley's "Never Gonna Give You Up."Read Replies (0)
By EditorDavid from Slashdot's mass-producing-with-metal department
Big Hairy Ian shares an article from New Atlas: Desktop Metal -- remember the name. This Massachussetts company is preparing to turn manufacturing on its head, with a 3D metal printing system that's so much faster, safer and cheaper than existing systems that it's going to compete with traditional mass manufacturing processes... Plenty of design studios and even home users run desktop printers, but the only affordable printing materials are cheap ABS plastics. And at the other end of the market, while organizations like NASA and Boeing are getting valuable use out of laser-melted metal printing, it's a very slow and expensive process that doesn't seem to scale well.
But a very exciting company out of Massachusetts, headed by some of the guys who came up with the idea of additive manufacture in the first place, believes it's got the technology and the machinery to boost 3D printing into the big time, for real. Desktop Metal is an engineering-driven startup whose founders include several MIT professors, and Emanuel Sachs, who has patents in 3D printing dating back to the dawn of the field in 1989. The company has raised a ton of money in the last few months, including some US$115 million in a recent Series D round that brings total equity investments up over US$210 million. That money has come from big players, too, including Google Ventures... And if Desktop Metal delivers on its promises -- that it can make reliable metal printing up to 100 times faster, with 10 times cheaper initial costs and 20 times cheaper materials costs than existing laser technologies, using a much wider range of alloys -- these machines might be the tipping point for large scale 3D manufacturing.Read Replies (0)
By EditorDavid from Slashdot's don't-be-an-evil-app department
An anonymous reader quotes Ars Technica:
Google has expelled 20 Android apps from its Play marketplace after finding they contained code for monitoring and extracting users' e-mail, text messages, locations, voice calls, and other sensitive data. The apps, which made their way onto about 100 phones, exploited known vulnerabilities to root devices running older versions of Android.... As a result, the apps were capable of surreptitiously accessing sensitive data stored, sent, or received by at least a dozen other apps, including Gmail, Hangouts, LinkedIn, and Messenger. The now-ejected apps also collected messages sent and received by Whatsapp, Telegram, and Viber, which all encrypt data in an attempt to make it harder for attackers to intercept messages while in transit... To conceal their surveillance capabilities, the apps posed as utilities for cleaning unwanted files or backing up data.
Google reports that the malicious apps also had these functions:
Call recordingVOIP recordingRecording from the device microphoneLocation monitoringTaking screenshotsTaking photos with the device camera(s)Fetching device information and filesFetching user information (contacts, call logs, SMS, application-specific data)
12 hours later an antivirus provider reported two more Google Play apps could surreptitiously steal text messages by downloading a malicious plugin -- and that the apps had already been downloaded at least 100,000 times.Read Replies (0)