News & Updates

Enlarge / In retrospect, perhaps our favorite port logo. (credit: Flickr user jeremybrooks)

The rise and fall of FireWire—IEEE 1394, an interface standard boasting high-speed communications and isochronous real-time data transfer—is one of the most tragic tales in the history of computer technology. The standard was forged in the fires of collaboration. A joint effort from several competitors including Apple, IBM, and Sony, it was a triumph of design for the greater good. FireWire represented a unified standard across the whole industry, one serial bus to rule them all. Realized to the fullest, FireWire could replace SCSI and the unwieldy mess of ports and cables at the back of a desktop computer.

Yet FireWire’s principal creator, Apple, nearly killed it before it could appear in a single device. And eventually the Cupertino company effectively did kill FireWire, just as it seemed poised to dominate the industry.

The story of how FireWire came to market and ultimately fell out of favor serves today as a fine reminder that no technology, however promising, well-engineered, or well-liked, is immune to inter- and intra-company politics or to our reluctance to step outside our comfort zone.

Read 43 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a tool suite – which is being used by the CIA for Microsoft Windows that targets “closed networks by air gap jumping using thumb drives,” mainly implemented in enterprises and critical infrastructures.

Air-gapped computers that are isolated from the Internet or other external networks are believed to be the


Source: http://feeds.feedburner.com/TheHackersNews

Enlarge / Daniel Ricciardo of Red Bull Racing prepares for the 2017 Australian Grand Prix. (credit: Mark Thompson/Getty Images for Red Bull)

“Big Data” has been all the rage for the last few years. But the sport of Formula 1 racing caught that bug a long time ago, certainly in the days predating that buzzword. In the past, we’ve taken a look at how teams like Williams Martini Racing, Renault Sport Formula One, and Caterham F1 (RIP) have handled collecting and crunching their terabytes. Today, it’s Red Bull Racing’s turn.

“I’ve worked for the team for 13 years now, and we’ve been doing this for ages. The complexity of what we measure and sophistication of the analytics continues to improve, but we’ve been doing big data for a long time,” explained Matt Cadieux, Red Bull Racing’s chief information officer. The data in question is collected by myriad sensors all over the team’s race cars, roughly adding up to a terabyte each race weekend (500GB for each of the two cars).

“But if you look at all the other data we use—video, audio, number crunching to run through various simulations—it’s a huge multiplication factor on top of that,” he told Ars. Cadieux wouldn’t give us an exact number for that data volume over a race weekend, lest that information prove too useful to the team’s rivals in the paddock, but company-wide the team manages 8PB of data. Cadieux reckoned that 95 percent of that was related to car design and car performance—think CAD (computer-aided design) and CFD (computational fluid dynamics), but also strategy simulations and historical telemetry data from previous seasons. “We have a very data-hungry business,” he said.

Read 10 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

A security researcher has found four vulnerabilities, including a critical remote code execution bug, in OpenVPN, those were not even caught in the two big security audits of the open source VPN software this year.

OpenVPN is one of the most popular and widely used open source VPN software solutions mostly used for various connectivity needs, but it is especially popular for anonymous and


Source: http://feeds.feedburner.com/TheHackersNews

The Honda company shuts down a factory in Japan after finding the WannaCry ransomware in its networks after 5 weeks its massive attack.

The WannaCry ransomware makes the headlines once again, The Honda Company to stopped the production in one of its plant in Japan after discovering the malware in its computer networks,

The Honda automaker halted the activities in the Sayama plant northwest of Tokyo on Monday after finding that the WannaCry ransomware had infected systems in its networks across Japan, North America, Europe, China, and other regions,

According to the Reuters agency, the experts discovered the infection on Sunday.

“The automaker shut production on Monday at its Sayama plant, northwest of Tokyo, which produces models including the Accord sedan, Odyssey Minivan and Step Wagon compact multipurpose vehicle and has a daily output of around 1,000 vehicles.” states the article.

“Honda discovered on Sunday that the virus had affected networks across Japan, North America, Europe, China and other regions, a spokeswoman said, despite efforts to secure its systems in mid-May when the virus caused widespread disruption at plants, hospitals and shops worldwide.”

According to the company, the production at other plants had not been affected, according to a Honda Spokesman, regular operations at the Sayama plant had resumed on Tuesday.

It is still unclear why the WannaCry ransomware was present in the Honda networks 5 weeks after its discovery,

WannaCrypt ransomware

the unique certainly is that the company had yet to patch its systems with the highly critical patch that Microsoft released in March.

One possibility is that IT staff at the company has inadvertently blocked the access to the kill switch domain that partially stopped the infections. That would have caused the WannaCry propagation inside the Honda networks.

We cannot exclude that the shutdown of Sayama plant was a  precautionary measure to eradicate dormant instance of the ransomware.

Honda wasn’t the only company forced to shut down its networks due to WannaCry, other automakers like Renault and Nissan Motor were affected and were forced to halt productions in plants in Japan, Britain, France, Romania, and India.

It’s my opinion that the failure in responding the WannaCry attack was primarily caused by the failure of patch management processes. Don’t forget that systems across the world were infected by ransomware that was exploiting a flaw that was already fixed by a two-month-old patch.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – WannaCry ransomware, Honda)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Honda halted production in a factory after finding WannaCry traces in its networks appeared first on Security Affairs.

Source: Security affairs

Hackers can exploit electronic cigarettes and any other electronic device to deliver a malware in a poorly protected network.

In November 2014, in a discussion started on the Reddit news media website it has been debated the case of a malware implanted by using electronic cigarettes connected over USB.

Hackers are able to exploit any electronic device to deliver a malware in a poorly protected network. Electronic cigarettes could be an attack vector, the idea may appear hilarious, many electronic cigarettes can be charged over USB, using a special cable or by inserting one end of the cigarette directly into a USB port.

The report posted on the social news Reddit website reported a strange case happened to an executive that discovered a malware in his system without immediately identify its source.

“One particular executive had a malware infection on his computer from which the source could not be determined,” reported a Reddit user “After all traditional means of infection were covered, IT started looking into other possibilities.

Investigating on the case, the man discovered that the electronic cigarettes were infected by a malware hardcoded into the charger, once the victim will connect it to the computer the malicious code will contact the C&C server to drop other malicious code and infect the system

Electronic cigarettes or vape pens properly modified could be an effective hacking tool to infect a targeted computer.

The security researcher Ross Bevington presented at BSides London how to use electronic cigarettes to compromise a computer by tricking it to believe that it was a keyboard.The researchers also explained that it is BSides London how to use electronic cigarettes to compromise a computer by tricking it to believe that it was a keyboard.

It is important to note that Bevington’s attack required the victim’s machine to be unlocked.

“PoisonTap is a very similar style of attack that will even work on locked machines,” Mr Bevington told Sky News.

The researchers also explained that it is possible to use the electronic cigarettes to interfere with its network traffic.

E-cigarettes are powered by a rechargeable lithium-ion battery that can be plugged into a cable or directly connects to the USB port of a computer.

“Security researchers have demonstrated how e-cigarettes can easily be modified into tools to hack computers.” reported SkyNews.

“With only minor modifications, the vape pen can be used by attackers to compromise the computers they are connected to – even if it seems just like they are charging.”

The researcher @FourOctets published a proof-of-concept video which showed arbitrary commands being sent to an unlocked laptop just by charging a vape pen.

Fouroctets modified the vape pen by simply adding a hardware chip which allowed the device to communicate with the laptop as if it were a keyboard or mouse.

“A pre-written script that was saved on the vape made Windows open up the Notepad application and typed “Do you even vape bro!!!!” reported SkyNews.

Enjoy the video!

 

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs –  electronic cigarettes, hacking)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Attackers can exploit electronic cigarettes to hack computers appeared first on Security Affairs.

Source: Security affairs

It’s the new trailer for Game of Thrones season 7!

The second big trailer for Game of Thrones season 7 is here, and I’m starting to get pretty excited for the July 16 premiere. The cast and crew have promised that this penultimate season, only a measly seven episodes, will move at a faster pace than previous ones. Plus, all the characters will eventually find themselves in the same place at some point near the end of the season.

This trailer promises a lot of action, including long-awaited dragon breath weapon situations where Dany rides into battle on the back of Drogon. Plus, we get glimpses of the Hound, Jon Snow among the Wildlings, and the Night King playing some kind of mind game with Bran’s warg powers. Arya is looking ultra-badass, as is Brienne (with cute li’l sidekick Pod, who has apparently learned to fight pretty well under her tutelage).

Obviously a battle is brewing, with some of the Grayjoys allying with Cersei Lannister, while it appears that Jon Snow is attempting to ally with Dany (and a bunch of Wildlings?). Also, Gray Worm and the Unsullied are breaking into what appears to be Casterly Rock, the Lannister’s castle. No sightings of Sam, but we saw him at Maester school in the first trailer. So he’s in the mix.

Read 2 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / PARIS, FRANCE – 2015/12/08: US Secretary of Energy Ernest Moniz talks during a panel at the COP21, United Nations Climate Change Conference in Paris. (credit: Getty Images)

Former Energy Secretary Ernest Moniz announced that he is establishing an energy-focused think tank to provide research and analysis for state and local governments, industry leaders, and NGOs.

The organization, called Energy Futures Initiative (EFI), aims to provide analytical and technical reports on a wide variety of energy-related topics. The first eight topics that EFI will address are listed on its website and cover areas from “Modernizing the North American Energy Sector” to “Decarbonization of Energy Systems” and “Evolution of Natural Gas Markets.”

The EFI’s first study, called “Modernizing the North American Energy Sector,” is due in the fall, and group spokesman David Ellis said that the group is currently working on three or four topics. The report will take a look at baseload energy and grid reliability, with a view to providing strategies for regional energy authorities to modernize their systems and improve reliability. That may sound startlingly similar to a baseload study that current DOE secretary Rick Perry has ordered, which is due out at the end of this month. But in his Wednesday morning announcement at the National Press Club in Washington, DC, Moniz stressed that EFI’s study is not in response or related to Perry’s study. “I want to emphasize that this… initiative has been in formation now since—basically since we left the Department in January. It is not in response to recent events.”

Read 4 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / UC Santa Cruz professor Lindsey Dillon will join us at Ars Live.

After taking office in January, the Trump administration began systematically removing scientific and environmental data from government websites. Sociology professor Lindsey Dillon is helping to run a data-rescue project called the Environmental Data and Governance Initiative (EDGI), whose aim is to preserve this data and make it accessible to the public. At Ars Technica Live #14, we’ll be hosting a public discussion with Dillon about her work.

Join Ars Technica editors Annalee Newitz and Joe Mullin tonight at Eli’s Mile High Club for the live taping of our monthly discussion series. Dillon will talk to us about EDGI, as well as her research on environmental racism in the San Francisco Bay Area.

Ars Live takes place on the third Wednesday of every month at Eli’s Mile High Club in Oakland (3629 MLK Way). They have the best tater tots you’ve ever eaten. So crispy!

Read 2 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / A Comcast service vehicle. (credit: Justin Sullivan/Getty Images)

An electric utility in Tennessee has accused Comcast of not paying its bills for three years. The utility says it will start removing Comcast wires from utility poles next week unless the cable company pays up.

In a notice on its website, the electric co-op said:

If Comcast does not pay the amounts owed to STEMC [Southwest Tennessee Electric Membership Corporation] by June 28, 2017, we will begin removing their attachments from our poles. Removal of Comcast cables will affect Comcast service to their customers in Tipton County. We regret that some customers may lose their Comcast service. However, the full cost and maintenance of these utility poles are borne by all members of STEMC, and we cannot allow STEMC members to subsidize Comcast’s services. We are hopeful that Comcast will make payment prior to the deadline and avoid the need to remove their cable attachments.

Comcast promised to pay the “correct amount,” but the industry giant says that STEMC tried to double its bill in 2015 and did not provide evidence to support the new amount until this month, according to a WREG news report last night.

Read 9 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/