Some PDFs from Blackhat 2015

by
Anonymous Coward
in security on (#H1EZ)
The Black Hat Conference of 2015 just concluded in Las Vegas, and they've got a lot to show for it. If you're not familiar with Black Hat, they are:
the most technical and relevant global information security event series in the world. For more than 16 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.

From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to the most respected information security event series internationally. Today, the Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a premier venue for elite security researchers and trainers to find their audience.
Here are links for PDFs provided as part of the 2015 event (don't read them in Firefox's built-in PDF reader; it's got a vulnerability):

How to build an asychronous and fileless back door,

Reverse Engineering a Smart Card,

Automated Human Vulnerability Scanning with AVA,

Big Game Hunting: Nation-state malware research,

https://www.blackhat.com/docs/us-15/materials/us-15-Davis-Deep-Learning-On-Disassembly.pdf

Toward Automated Scalable Analysis of Graphical Images Embedded in Malware,

Hidden risks of biometric identifiers and how to avoid them,

Internet Facing PLCs: a new back orifice,

Internet-scale file analysis,

The ELK: Obtaining context from security events,

Conti Pen testing a city,

Modern Active Directory attacks: detection and protection,

Remote physical damage 101 Bread and Butter attacks,

Sharing more than just your files,

The memory sinkhole: unleashing an X86 design flaw allowing univeral privilege escalation,

The NSA Playset: a year of toys and tools,

Understanding and managing entropy usage,

Using static binary analysis to find vulnerabilities and backdoors in firmware, and

Web timing attacks made practical.

Editor's note: For what it's worth, the Black Hat Review Board oversees the entire organization and is supposed to be a selection of the industry's best and brightest. I don't recognize any names, which probably says more about your editor than about the Board. What is |.'s opinion of Black Hat and its annual conferences?

Outfit your windows with transparent solar panels?

by
Anonymous Coward
in science on (#GTCK)
Despite the immense potential of solar energy, at present, roof-mounted photovoltaic panels are able at best to capture about 20% of the available energy. And that despite research that has led to gains! To improve energy generation, you either increase solar panel efficiency, or increase their coverage. Enter a Silicon Valley startup named "Ubiquitous Energy."

Ubiquitous Energy produces transparent solar cells using an organic chemical process they call "Clearview Power Technology." They claim their panels cost less than traditional tech and can be built 1000x thinner than a human hair. The system captures ultraviolet and infrared light and lets the rest pass through as it would normally.

National Geographic has a look at the technology here.

Is this an important step forward in solar power generation, or does adding windows to the mix constitute a gimmick? How do we get people more interested in solar energy?

[Ed. Note: the article image chosen here is of an invisible solar panel placed over the entirety of the text.]

Fingerprint biometrics instead of ticket/ID

by
Anonymous Coward
in security on (#GTBW)
story imageWishing the airline industry could get its act together to innovate around security hassles? Don't give up hope yet!

Security firm CLEAR has worked with Alaska Airlines to implement biometric identification of passengers willing to pay an annual fee of $245. Swiping fingers across a plate will replace a boarding pass and photo ID. The airline states that in their opinion 'Using biometrics as identification has a huge potential to simplify the travel experience and eliminate hassles'.

No word on what happens when someone decides to impersonate someone and hacks off their hand to use as identification.

Will ATSC 3.0 make your TV useless after 2017?

by
in hardware on (#GQFM)
story imageConsumer Reports is sounding the early warning alarm that if the FCC adopts the upcoming ATSC 3.0 standard, expected to be completed in 2017, current TVs will go dark. ATSC 3.0 will be a completely new standard and incompatible with current broadcast systems. It is supported by a broad coalition of influential corporations, who are likely to aggressively push for adoption of the standard. Improvements include 4k/Ultra HD video, immersive audio, single frequency network technology, IP-based content, and much greater reception tolerance (eg. mobile, tunnels, etc.). Also, emergency alerts will including a digital wakeup bit that will power up your TV automatically and inform you of critical information, with maps, graphics, video, and text.

Today, there simply isn't enough TV spectrum available for broadcasters to simulcast both ATSC 1.0 and ATSC 3.0 signals, and no sign of willingness from Congress to subsidize the purchases of converter boxes, as was the case in the digital cut-over back in 2009. While there are actually more people using over-the-air TV than before the switchover, the "incentive auctions" and "repack" indicate much less interest in maintaining our OTA infrastructure, and more interest in auctioning it off to cellular phone companies for billions of dollars. From a peak of 486 MHz of TV bandwidth before 1983, the upcoming repack could reduce that to 210 MHz or less.

Will ATSC 1.0 be replaced after less than 20 years on the air (compared with the 70 year run of NTSC-M), or will ATSC 3.0 be a dead-end that goes nowhere, despite its influential supporters?

Return of the flip phone

by
in mobile on (#GF7K)
Flip phones were all the rage in the 1990s - they were the ultimate fashion accessory. And despite being overtaken by smartphones the world over, the flip phone paradoxically remains very popular in technology-obsessed Japan. Flip-phone shipments rose 5.7 percent in 2014, while smartphone shipments fell 5.3 percent, down for a second year. The handsets have been dubbed 'Galapagos' phones because they have evolved to meet unique Japanese standards and tastes. This may also be attributable to users in Japan paying some of the highest smartphone fees among developed nations, while flip-phone rates are among the lowest. Many Japanese, accustomed to years of deflation, are content with old-style flip-phones offering voice calling, email and basic Internet services. Also, Japanese electronics companies Panasonic Corp and NEC Corp have pulled out of the consumer smartphone business, unable to compete with Apple and Samsung, but they still make flip-phones, competing in a crowded competitive market.

Though it may be easy to mock such a low-tech choice of phone, a recent trend observed by MailOnline has seen classic 1990s models by Nokia, Ericsson and Motorola commanding four-figure sums on eBay and other resale sites. While they may lack features, these retro phones are simple to use, have batteries that last the week and are practically indestructible compared to their smartphone equivalents. And now, LG has decided to join the party.

LG has launched a new model of flip phone, branded the "LG Gentle". Despite the 90s design, chunky physical buttons and 3MP camera, it comes with numerous modern features and the budget handset can perform many more tricks than flip phones from the 90s. The handset has a 3.2-inch colour touch screen and runs Android Lollipop 5.1, a modern 1.1GHz quad-core Snapdragon 2010 processor and 1GB of RAM, supports 4G LTE, Bluetooth, Wi-Fi and GPS... The phone has launched in Korea, but there is no news as to whether it will be rolled out elsewhere.

Windows 10 changes users’ default browser to Microsoft Edge

by
in microsoft on (#G568)
Over at Microsoft, they have a new browser called Edge that is part of Windows 10, and they'd really like everyone to use it. Edge replaces Internet Explorer, which has fallen from a peak of about 95% usage share during 2003 to as low as 13% today. The new version of Windows steamrolls over a user's preferred application settings and makes Microsoft's Edge browser the default. "[T]he design of the whole upgrade experience and the default settings APIs have been changed to make this less obvious and more difficult," Mozilla CEO Beard explains in an open letter to Microsoft CEO Satya Nadella. Windows 10 is a free upgrade for current home users of Windows 7 or 8, which means that it's sure to become popular.

Mozilla is not fond of this change. They have put together an education campaign to show users how to get Mozilla's Firefox back as their default browser after they've already upgraded: it's less than a minute long, but it has become a more complex multi-step process not everyone will be able to figure out. Microsoft hasn't responded to Mozilla's queries about the situation or why Windows installation overrides the user's current preferences.

Chatting in secret while we're all being watched

by
Anonymous Coward
in security on (#G31R)
Micah Lee from The Intercept wants to remind you that all your communications are being spied on, and offers tips on how you can chat securely and anonymously, particularly with journalists, as NSA whistle blower Edward Snowden did. His tips amount to: using Tor, Jabber, and OTR (Off-the-Record messaging), while creating disposable accounts that can't be linked back to you. He includes some specifics for various operating systems, and a number of important tips and caveats, such as:

* Use Tor when you create your chat account, not just when you use it.
* Never login to that account when you're not using Tor.
* Don't choose a user name that might betray your real identity - don't use a pseudonym that you've used in the past. Make up a random user name that doesn't have anything to do with you
* Don't re-use passwords.
* Be aware of which contacts you communicate with from which secret identity accounts.
* Don't give any other identifying information to the chat service.
* Don't use your Tor IP address to login to a chat account that's publicly associated with you.

95 percent of Android phones vulnerable to Stagefright remote MMS exploit

by
Anonymous Coward
in security on (#FZ53)
story imageResearchers at security firm Zimperium identified a bug (really, a series of bugs) that puts some 950 million Android phones at risk of hacking, called it "the mother of all Android vulnerabilities." If you are an Android user, the chances that your phone is vulnerable are about 95 percent. No one has exploited the vulnerability and actually hacked someone's phone -- at least, not yet. The security firm shared the information with Google back in April, along with a suggested patch. Hackers could take advantage of it by sending you a multimedia message (MMS) containing malware. Once received, it would give them complete control over the handset and allow them to steal anything on it, such as credit card numbers or personal information.

The key to protecting your phone is to turn off automatic retrieval of multimedia messages. Open your default text messaging app, go to its settings and find the option for auto-retrieving MMS/multimedia messages. Uncheck that box, don't choose to retrieve or open multimedia messages from numbers you don't know, and you should be fairly safe.

A new type of GM rice fights climate change, increases yields

by
in environment on (#FV4C)
story imageAfter three years of field trials in China, a group of international scientists led by Chuanxin Sun at Swedish University of Agricultural Sciences, in collaboration with Chinese and American scientists, have developed a new type of genetically modified rice that could boost food sustainability while fighting climate change..

Rice paddies are one of the largest sources of atmospheric methane, which is thought to be responsible for one-fifth of the global warming effect. The new genetically-modified strain of Nipponbare rice - equipped with a gene taken from barley - emits as little as 1% of the methane. What's more, the new rice produces significantly higher yield per plant. The reason: More carbon going into rice grains left less carbon to go elsewhere - which ultimately feed microbes that produce methane. Scientists have been working to develop rice with higher-nutrition, low-emissions traits for years, given that the crop that plays such a significant role in the diets of some 3 billion people.

While some experts hail the findings as an important breakthrough, it seems likely to add new fuel to the heated debate over genetically modified (GM) foods. "Right now, Chinese society is very sensitive" to concerns about GM food, Sun said. China, the world's largest producer of rice, hasn't allowed a single genetically modified rice variety into its fields. Assuming all further research goes well, the rice still might not be available for quite a while, given the regulatory processes involved.

Carmakers refuse to share usage data with Google, Apple

by
in google on (#FN6M)
story imageDespite the fact that drivers frequently use in-car apps from Google and Apple, several carmakers including Volkswagen and Ford are refusing to let the industry juggernauts access private customer information in exchange. If you thought that the companies were doing so out of concerns for their consumers, you'd be wrong. Automakers want to keep such information for their own purposes. This came to light when Reuters published a recent report highlighting the potential windfall that car manufacturers refusing to partake could be missing out on procuring, estimated to be around $40 billion.

The symbiotic relationship sees carmakers utilizing technology to improve the experience for drivers and passengers whilst tech companies are constantly seeking out new outlets for their gear. Technology has now become synonymous with many drivers' experiences. Many cars now make use of Apple's CarPlay service and Google's Android Auto. The risks of not playing ball with big tech companies include losing out on a sustained and promising source of revenue. Car companies may attempt to do an end-run around Apple and Google by manufacturing their own in-car tech apps, but their past record with vehicle infotainment and navigation systems has been poor. Consumer Reports found "significant rates of complaints" and called them "distracting", "unintuitive and frustrating".
...18192021222324252627...