ARS Technica

Syndicate content
The Art of Technology
Updated: 32 min 54 sec ago

“SOHOpelessly BROKEN” hacking contest aims to test home router security

Fri, 2014-07-18 13:33

Over the past few years, consumer-grade routers have emerged as a key security threat. Whether manufactured by Asus, Linksys, D-Link, Micronet, Tenda, TP-Link, or others, small office/home office (SOHO) routers have suffered a variety of real-world attacks that in some cases have allowed hackers to remotely commandeer hundreds of thousands of devices.

Now, security advocates are sponsoring "SOHOpelessly BROKEN," a no-holds-barred router hacking competition at next month's Defcon hacker conference in Las Vegas. The contest will challenge attendees to unleash novel exploits on 10 off-the-shelf SOHO routers running recent firmware versions.

"The objective in this contest is to demonstrate previously unidentified vulnerabilities in off-the-shelf consumer wireless routers," organizers said. "Contestants must identify weaknesses and exploit the routers to gain control. Pop as many as you can over the weekend to win. Contest will take place at Defcon 22, August 7-12, 2014 in the Wireless Village contest area."

Read 1 remaining paragraphs | Comments

Categories: Tech

Photoshopping of adult porn nets man 10-year child-porn conviction

Fri, 2014-07-18 13:23

A federal appeals court upheld Thursday the child pornography conviction and accompanying 10-year prison term handed to a Nebraska man who superimposed the image of an underaged girl's face onto a picture of two adults having sex.

The 8th US Circuit Court of Appeals rejected (PDF) claims from 28-year-old Jeffrey Anderson that his actions were protected by the First Amendment. Anderson sent the doctored image to his 11-year-old half-sister via Facebook, resulting in the charge of distributing child pornography. Anderson had superimposed the half sister's face onto the photo, the court said.

Among other defenses, Anderson argued that because no minor engaged in sex, he should not have been charged.

Read 2 remaining paragraphs | Comments

Categories: Tech

How US satellites pinpointed source of missile that shot down airliner

Fri, 2014-07-18 13:18
An artist's rendering of the SBIRS "High" geosynchronous infrared surveillance satellite, one of the newer additions to the DOD's constellation of missile launch detection satellites. Lockheed Martin

President Barack Obama today said without hesitation that the missile that shot down Malaysia Airlines Flight 17 was launched from within territory controlled by pro-Russian separatists in Eastern Ukraine. While he didn’t go into the sources the US used to pinpoint the launch, early reports say that US intelligence had identified the infrared signature of a missile launch just before contact with the airliner was lost.

That information likely came from one of a network of satellites operated by the Air Force and the National Reconnaissance Office (NRO), the US intelligence community’s spy satellite operations agency. Using highly sensitive infrared sensors and other electronic intelligence gathering sensors, these satellites can detect a variety of ground-based missile systems, as well as some aircraft, by their infrared signature. They also carry sensitive electronic intelligence sensors that can detect radar signals associated with anti-aircraft missile systems like the Buk launcher that has been widely pointed to as the culprit in the MH17 downing.

The latest of these satellite systems is the Space Based Infrared System (SBIRS), the successor to the long-running and euphemistically named “Defense Support Program” (DSP) satellite system. The DSP started in the late 1960s and continued in various forms through the last decade. A portion of the DSP constellation of satellites continues to function today and has been considered for use in tracking forest fires and potentially forecasting impending volcanic eruptions.

Read 9 remaining paragraphs | Comments

Categories: Tech

Why Google took years to address a battery-draining “bug” in Chrome

Fri, 2014-07-18 11:00
Aurich Lawson

A recent Forbes report says that Chrome on Windows uses up more battery than competing browsers, thanks to a high system timer setting. Windows uses a timer to schedule tasks. At idle, the timer on Windows is set to about 15 ms, so if it has no work to do, it will go to sleep and only wake up every 15 ms to check if it needs to do something.

Applications can change this timer, and other browsers like Firefox and Internet Explorer don't mess with it until they need to do something processor intensive, like playing a video. After the video is done, the timer is set to return to 15 ms so that the computer can idle again. Chrome, though, boosts the timer to 1 ms and keeps it there forever. The difference means that on Firefox at idle, the CPU only wakes 64 times a second. On Chrome, it wakes up 1,000 times a second.

In its Windows documentation, Microsoft notes that setting the system timer to a high value can increase power consumption by “as much as 25 percent.” This means that on a laptop, you'll get a shorter runtime with Chrome than you will on a competing browser. And the issue has been around for a long time. Forbes links to a bug report documenting the problem that was first filed in 2010.

Read 7 remaining paragraphs | Comments

Categories: Tech

Faulty red light cameras produced thousands of bogus traffic tickets

Fri, 2014-07-18 10:24

At least 13,000 Chicago motorists have been cited with undeserved tickets thanks to malfunctioning red-light cameras, according to a 10-month investigation published Friday by the Chicago Tribune. The report found that the $100 fines were a result of "faulty equipment, human tinkering or both."

According to the investigation:

Cameras that for years generated just a few tickets daily suddenly caught dozens of drivers a day. One camera near the United Center rocketed from generating one ticket per day to 56 per day for a two-week period last summer before mysteriously dropping back to normal.

Tickets for so-called rolling right turns on red shot up during some of the most dramatic spikes, suggesting an unannounced change in enforcement. One North Side camera generated only a dozen tickets for rolling rights out of 100 total tickets in the entire second half of 2011. Then, over a 12-day spike, it spewed 563 tickets—560 of them for rolling rights.

Many of the spikes were marked by periods immediately before or after when no tickets were issued—downtimes suggesting human intervention that should have been documented. City officials said they cannot explain the absence of such records.

City officials and Redflex Traffic Systems of Arizona, the report said, "acknowledged oversight failures and said the explosions of tickets should have been detected and resolved as they occurred. But they said that doesn't mean the drivers weren't breaking the law, and they defended the red light camera program overall as a safety success story. The program has generated nearly $500 million in revenue since it began in 2003."

Read 1 remaining paragraphs | Comments

Categories: Tech

Critical industrial control systems remain vulnerable to Heartbleed exploits

Fri, 2014-07-18 10:14

More than three months after the disclosure of the catastrophic Heartbleed vulnerability in the OpenSSL library, critical industrial control systems sold by Siemens remain susceptible to hijacking or crashes that can be triggered by the bug, federal officials have warned.

The products are used to control switches, valves, and other equipment in chemical, manufacturing, energy, and wastewater facilities. Heartbleed is the name given to a bug in the widely used OpenSSL cryptographic library that leaks passwords, usernames, and secret encryption keys. While Siemens has updated some of its industrial control products to patch the Heartbleed vulnerability, others remain susceptible, an advisory published Thursday by the Industrial Control Systems Cyber Emergency Response Team warned.

"The vulnerabilities identified could impact authenticity, integrity, and availability of affected devices," the notice stated. "The man-in-the-middle attack could allow an attacker to hijack a session between an authorized user and the device. The other vulnerabilities reported could impact the availability of the device by causing the web server of the product to crash."

Read 2 remaining paragraphs | Comments

Categories: Tech

Quasiparticles carry entanglement, breaking speed limits

Fri, 2014-07-18 08:53
crocus08

In a recent experiment, scientists were able to observe quasiparticles propagating across a string of ions, creating waves of quantum entanglement in their wake. Experiments like this one, which study systems with multiple quantum bodies, are crucial to learning about the behavior of quasiparticles and their interactions with more traditional particles.

It’s tempting to think that quasiparticles are not particles at all. Quasiparticles are “objects” that emerge within a complex system, such as a solid object. The collective behavior of the particles in the solid can create the impression of a new particle. The impression—or quasiparticle—moves through the solid as if it were a real particle moving through empty space, and it behaves according to the same rules.

Nevertheless, within their system, quasiparticles can have real effects on their environment. Most recently, scientists were able to track the propagation of quasiparticles called magnons through a collection of atoms. Now, scientists have been able to watch as that propagation changed the behavior of these atoms. And in the process, the quasiparticles reached speeds where a conventional model, which we use to understand time, breaks down.

Read 13 remaining paragraphs | Comments

Categories: Tech

On the lam for decades, fugitive’s Facebook account dooms him

Fri, 2014-07-18 08:41

A fugitive on the run for 21 years is learning the hard way that it's best not to have a Facebook account if you're trying to avoid the long arm of the law.

Apparently, fugitive Francisco Legaspi didn't get that memo. The former California tax-preparer pleaded guilty Thursday in a San Francisco federal court to charges (PDF) that he fled prosecution for filing false tax returns in 1993, initially landing in Mexico and eventually settling in Canada.

US Attorney Melinda Haag's office in San Francisco said the 61-year-old fugitive was apprehended "after the US Department of State's Bureau of Diplomatic Security researched social media websites and found Legaspi's Facebook page. The Royal Canadian Mounted Police used the information to apprehend Legaspi."

Read 1 remaining paragraphs | Comments

Categories: Tech

Id shows off double-jumping, skull-crushing new Doom at QuakeCon

Fri, 2014-07-18 08:31
If you weren't at QuakeCon, this content-free teaser is all you get to see of the new Doom for the time being.

The bad news is that only people who were actually at Dallas' QuakeCon last night were able to see the world-premiere gameplay footage from the next Doom game, which somehow hasn't been leaked online yet. The good news is that plenty of people that were there are reporting on the unveiling, which seemed to include a number of extremely un-Doom-like additions.

One of the bigger changes brought by the new Doom (which is notably not being called Doom 4 anymore) is a jet-pack powered double-jump, à la Crysis 3, Titanfall, Destiny and, now, presumably, every first-person shooter to come out in the next year or two. Players can also climb up the sides of "large crates and gaps" according to PC Gamer's report, adding even more ability to go vertical.

But it's the Mortal Kombat-style melee finishing moves that seem to have gotten the crowd the most riled up. PC Gamer describes how, once an enemy is low on health, the player can get close and activate moves that see "lower jaws pulled off, skulls stomped on, and hearts torn out with the level of detail usually reserved for those slow-mo bullet cams in the Sniper Elite series." Rock Paper Shotgun noted that "enemies break apart like moldy bread... literally tearing them in half sometimes." The outlet also reported scenes with "crushing heads, chunks flying everywhere."

Read 3 remaining paragraphs | Comments

Categories: Tech

Amazon rolls out Kindle Unlimited e-book subscription service

Fri, 2014-07-18 07:38

True to the webpages uncovered earlier in the week, Amazon has unveiled a new e-book subscription service. Dubbed Kindle Unlimited, the service gives access to both e-books and audiobooks, though with restrictions on the latter.

Kindle Unlimited is priced at $9.99 per month with a 30-day free trial, and it allows users to read any number of the 600,000 available titles. By saying audiobooks are available, Amazon means that "thousands of Kindle books come with the free professionally narrated Audible audiobook." Kindle Unlimited subscribers also get three months of an Audible membership (normally $14.95 per month), which translates to three free audiobooks. There are no standalone audiobooks available through the service.

Kindle Unlimited books are accessible on any Kindle or device that has a Kindle app. The program is more flexible than the Kindle Owners' Lending Library, a perk of Amazon Prime that allows only Kindle-owning Prime members to read a limited selection of free e-books.

Read 1 remaining paragraphs | Comments

Categories: Tech

“Verizon made an enemy”: FiOS customer mad that Netflix works better on VPN

Fri, 2014-07-18 07:28

"Verizon made an enemy tonight" is the title of a new blog post by a FiOS customer who just discovered that using a VPN can vastly improve his Netflix performance.

Colin Nederkoorn, co-founder and CEO of e-mail software maker Customer.io, ran a Netflix test video and found that it "streams at 375 kbps (or 0.375 mbps – 0.5% of the speed I pay for) at the fastest. I was shocked."

Nederkoorn pays Verizon for 75Mbps download speed. How could he make the most of it?

Read 4 remaining paragraphs | Comments

Categories: Tech

New solar material goes hole-free for greater durability

Fri, 2014-07-18 06:09
Perovskites are appealing in part because you can adjust the areas of the spectrum they absorb by changing their composition. NREL

Right now, silicon-based photovoltaics rule the production lines. That's good, in the sense that the silicon is cheap and abundant. But the form used in photovoltaic panels has to be exceptionally pure and processed heavily, which adds significantly to its cost. For that reason, research has continued into alternative materials for use in solar cells.

Based on the frequency that they appear in scientific journals, there's a class of substances that have materials scientists excited: perovskites. Originally named after a mineral, "perovskite" is now used to refer to any material that adopts the same crystalline structure as calcium titanium oxide.

Perovskites have some significant advantages, in that they can also be made from abundant and cheap elements, and many types of perovskite crystals will form spontaneously from a saturated solution. There are some downsides, however, as one of the best photovoltaic materials contains lead, which is toxic. Another problem is that one of the layers in perovskite cells tends to degrade rapidly in use. A just-published paper describes a new perovskite photovoltaic that, while still reliant on lead, gets rid of the problematic layer entirely.

Read 6 remaining paragraphs | Comments

Categories: Tech

Android Wear doesn’t support watch face apps yet; API coming this year

Thu, 2014-07-17 18:47
Matrix face and Starwatch, two early (and now unsupported) Android Wear watch faces. Dheera Venkatraman/Bonysoft

Third-party watch faces on Android Wear seem like a no-brainer—there's an app store, developers can make apps for the platform, and there is even a method for switching among the packed-in watch faces. Official documentation on how to make a custom watch face doesn't exist, though. While Google will gladly tell developers how to use every other facet of Wear, it has been strangely quiet about making a watch face. That hasn't stopped developers from figuring it out on their own, though, with the Play Store already home to several custom faces.

Today Google has finally broken its silence. As it turns out, there's more work to be done on Google's part. Wayne Piekarski, a senior developer advocate at Google, has said the company is "hard at work on a custom watch face API." While custom watch faces are currently possible, right now Piekarski admits "making a really great watch face currently takes a fair bit of tweaking." The Googler says the upcoming API includes "using a shorter peek card, moving the status indicators for battery and mute, and rendering the faces differently in ambient mode."

The bad news is the timing. Piekarski says, "Some of these changes won't be ready until we migrate Android Wear to the Android L release later this year." If the L release timing is anything like KitKat, it is still something like three months away. Piekarski also warns that current watch faces are not supported and may not work on future versions. He recommends not publishing the app to the Play Store (or only publishing using the Alpha/Beta channels) until the official API comes out.

Read 2 remaining paragraphs | Comments

Categories: Tech

AT&T supports a “fast lane” ban as long as it contains a giant loophole

Thu, 2014-07-17 18:01
That looks pretty fast. AT&T

Six months ago, a federal appeals court struck down net neutrality rules that prohibited Internet service providers from blocking Web content or discriminating against Web services. The court said the FCC messed up by imposing "per se common carrier obligations" onto ISPs without first reclassifying them as common carriers.

The FCC responded by coming up with a weaker set of rules that would effectively outlaw blocking by requiring a minimum level of service, while allowing ISPs to sell "fast lanes" in which Web services can pay for priority access to consumers.

The common wisdom is that the FCC can't issue stronger rules unless it re-classifies broadband as a telecommunications service, which would open ISPs up to utility-style, common carrier regulations under Title II of the Communications Act.

Read 8 remaining paragraphs | Comments

Categories: Tech