News & Updates

Enlarge / A St. Jude Medical cardiac defibrillator implant like the ones MedSec claimed to have found vulnerabilities in. (credit: St. Jude Medical)

Trading in the stock of medical device manufacturer St. Jude Medical was halted Friday afternoon after a dramatic drop in its value. That drop was triggered by news of alleged vulnerabilities in the company’s cardiac care devices. The vulnerability was disclosed not in a report by the company but by security researchers partnered with Muddy Waters Capital, an investment firm that had “shorted” St. Jude’s stock on the information in order to profit from a drop in the stock’s value.

The researchers at the security firm MedSec chose to take this route to disclosure, MedSec CEO Justine Bone said, to “ensure that St. Jude Medical responds appropriately and with urgency.” The partnership with a short seller is a fundamental departure from the established approach of responsible disclosure normally taken by researchers. But it also represents an approach that bypasses the sort of legal maneuverings and threats, suppression of information, and inaction that have been experienced by researchers who have discovered vulnerabilities in other products. Researchers who discovered a vulnerability in Volkswagen electronic engine locks, for example, were forced to withhold a paper for two years through a court injunction filed by the automaker in 2012.

Muddy Waters issued a report on Thursday claiming that it had demonstrated “two types of cyber attacks against STJ implantable cardiac devices: a ‘crash’ that causes cardiac devices to malfunction… and a battery drain attack that could be particularly harmful to device dependent users.” The report claimed that the vulnerabilities had been proven in “multiple demonstrations evidencing how hollow STJ’s device security is.”

Read 7 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

(credit: megaupload.org)

Megaupload.org used to be where you’d go to access the vast amount of films hosted by Kim Dotcom’s Megaupload service. But once Dotcom was hit with US criminal charges, that site and many others were grabbed by the FBI, and visiting them produced nothing but a government seizure banner.

No longer. Today, a visit to Megaupload.org (NSFW) brings up what can only be described as softcore porn. Text ads for “casual sex,” “adult affair dating,” “adult cam chat,” and “live sex cams” are surrounded by pictures of women in their underwear.

So how did this happen? In all likelihood, this is the same thing that happened last year, when similarly scammy-looking ads took over the main Megaupload.com page. The FBI used a domain called cirfu.net as a “name server” to re-direct traffic from sites it had seized. Then the Bureau apparently forgot to renew that domain, allowing someone else to purchase it.

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / A forest of false-colored silicon nanowires.

Flexible electronics, which could be used to control flexible robots, depend on the ability to produce electrical circuits that can be repeatedly stretched and bent while remaining operational. Silicon is obviously one of the most important building blocks of modern electronics, but even when it’s shaped into wires, it isn’t very stretchy.

Recently, theoretical calculations have indicated that it may be possible to stretch silicon nanowire by as much as 23 percent, depending on its structure and the stretch direction. This raises an obvious question: why haven’t we been able to do so?

Recently, an international team of scientists and engineers has directly probed the elastic strain limit of single-crystalline Si nanowires. The team found that stretching the Si nanowires almost to their theoretical limit is possible.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

(credit: Mike Mozart)

AT&T is fighting a recent punishment handed down by the Federal Communications Commission. Last month, the FCC issued a Notice of Apparent Liability (NAL) that says AT&T overcharged the Florida school districts of Orange and Dixie by nearly 400 percent.

AT&T filed its response today, saying that there is “no legal or factual basis for liability against AT&T.”

The phone service in question is paid for by US citizens through surcharges on phone bills. Those surcharges fund the E-rate program that subsidizes telecommunications for schools and libraries. Under this program, the FCC says AT&T is required to charge schools and libraries the lowest available rates. The commission says AT&T should repay $63,760 it improperly received from the FCC in subsidies and pay an additional fine of $106,425.

Read 7 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

SS7 allows an attacker to use just a phone number to gain access to calls and texts to and from that phone—and can be used to undermine the security of WhatsApp and Telegram. (credit: Petr Kolář (modified by Ars))

A documented weakness in Signaling System 7 has been shown to allow widespread interception of phone calls and text messages (SS7 is the public switched telephone network signaling protocol used to set up and route phone calls; it also allows for things like phone number portability). This weakness in SS7 can even undermine the security of encrypted messaging systems such as WhatsApp and Telegram.

In an April segment of 60 Minutes, Democratic Congressman Ted Lieu of California allowed hackers to demonstrate how they could listen in on his calls. In light of the mass leak of congressional staffers’ contact information by hackers, Congressman Lieu is now urging the Federal Communications Commission to take action quickly to fix the problem with SS7. The hackers are purportedly tied to Russian intelligence.

The vulnerability in SS7 was revealed in a presentation at the RSA security conference in March. It exploits the use of SS7 by cellular networks to handle billing and phone location data for call routing. The vulnerability is open to anyone with access to SS7 signaling. This includes not just telecommunications companies that have “roaming” relationships with a phone’s primary carrier, but any state actor or hacker who has access to those companies’ networks. Using SS7, an attacker could create a proxy to route calls and text messages. He could intercept them and record them without the knowledge of the people on either end of the communications. An attacker could also spoof texts and calls from a number.

Read 3 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / Bubble wrap isn’t just for stress relief. (credit: George Ni)

To boil water using the Sun, we typically burn fossil fuels carrying several-hundred-million-year-old solar energy that was extracted from underground at great expense. It’s kind of Rube-Goldbergian. We’re fortunate that the Sun’s heat isn’t strong enough to boil the oceans (or us), but extracting the Sun’s energy at a significant scale is tricky.

The usual solution, as many magnifying-glass-toting children already know, is to concentrate sunlight and increase its intensity. Solar thermal plants, for example, use massive arrays of mirrors to focus sunlight and generate electricity. All that extra equipment gets pretty expensive—especially if you need the mirrors to track the Sun’s position across the sky.

So how do we engineer another way? In the past, researchers made clever designs to concentrate the heat generated by lower-intensity sunlight into small volumes of water. This heat consequently created higher localized temperatures. While they managed to boil water with this method, they weren’t able to ditch optical concentration completely.

Read 9 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / Disclosing the warrantless surveillance program won Thomas Tamm the “Ridenhour Prize for Truth-Telling.” (credit: War on Whistleblowers/YouTube)

The Justice Department lawyer who disclosed the secret and warrantless surveillance program then-President George W. Bush adopted in the immediate aftermath of the Sept. 11 terror attacks was publicly censured Thursday by a federal appeals court for breaching legal ethics. As a Lawyer for the Justice Department’s Intelligence Policy and Review unit, Thomas Tamm violated professional conduct rules for disclosing to The New York Times “confidences” and “secrets,” the US Court of Appeals for the District of Columbia Circuit concluded. (PDF)

As part of his Justice Department duties, Tamm was tasked with requesting electronic surveillance warrants from the secret Foreign Intelligence Surveillance Court. The District of Columbia Court of Appeals Board of Professional Responsibility said Tamm became aware in 2004 that certain applications to that FISA Court for national security surveillance authority “were given special treatment” and he leaked details of the program to the newspaper.

Tamm, who could have been disbarred, but now can continue practicing law as a Maryland state public defender (he resigned from the Justice Department in 2006), said he learned that “these applications derived from special intelligence obtained not pursuant to prior applications to the Court, but from an extra-judicial source referred to as ‘the program.'” After digging into it, he “concluded that it was probably illegal as it was not court-supervised.”

Read 7 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: Google Fiber)

Google Fiber has been battling AT&T over access to utility poles for a few years now. During a dispute in Austin, Texas late in 2013, AT&T said it could deny access to its poles because Google wasn’t a “qualified” telecom or cable provider.

Things have gone a bit smoother since then because the companies signed a nationwide agreement granting Google Fiber access to AT&T poles on a city-by-city basis. But in Nashville, Tennessee, Google Fiber construction has stalled partly because the new ISP still has problems getting access to AT&T poles. AT&T confirmed to Ars earlier this month that the terms of the previous nationwide agreement cover Nashville, but it declined to explain why there are still holdups.

An AT&T executive has now detailed the telco’s objections in an interview with FierceTelecom. Google Fiber has been making mistakes in engineering drawings that it needs to submit before attaching fiber to AT&T poles, according to Joelle Phillips, president of AT&T Tennessee.

Read 10 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/