Dear Rio, you could’ve done better.
Source: Gizmodo – The Greatest Tragedy of the Olympics Is Athletes Can’t Play Pokémon Go
Monthly Archives: July 2016
'How I Hacked Imgur for Fun and Profit'
A security researcher describes gaining full access to the production database for Imgur’s image-sharing site — and then successfully lobbying the company for a higher bug bounty of $5,000. Nathan Malcolm says he exploited a remote-access vulnerability in one of Imgur’s unprotected development servers to read their /etc/passwd file, and also keys.php, which contained the credentials for their MySQL servers. An anonymous Slashdot reader quotes Nathan’s article on Medium:
An important part of security research is knowing when to stop. I went far enough to prove how serious the issue is, and demonstrate what a malicious attacker could do, while not being overly careless or intrusive… I hope other teams can learn from Imgur’s willingness to take on feedback and improve, as communication around security is so very important.
Imgur’s founder and CEO sent him a personal e-mail along with the bounty, which ended “Thanks so much for protecting us and properly reporting it to us.” The author of the article reports that “I’ve continued to participate in Imgur’s bug bounty program, and while it’s not perfect, it’s responded and paid out nicely to myself and others.” And the $5,000 bounty? “Half of that went to people in need, including Lauri Love, a hacker facing extradition to the United States, and a close friend who was recently made homeless. Various charities and researchers also benefited from it.”
Read more of this story at Slashdot.
Source: Slashdot – ‘How I Hacked Imgur for Fun and Profit’
There are limits to 2FA and it can be near-crippling to your digital life
A video demonstration of the vulnerability here, using a temporary password. (credit: Kapil Haresh)
This piece first appeared on Medium and is republished here with the permission of the author. It reveals a limitation in the way Apple approaches 2FA, which is most likely a deliberate decision. Apple engineers probably recognize that someone who loses their phone won’t be able to wipe data if 2FA is enforced, and this story is a good reminder of the pitfalls.
As a graduate student studying cryptography, security and privacy (CrySP), software engineering and human-computer interaction, I’ve learned a thing or two about security. Yet a couple of days back, I watched my entire digital life get violated and nearly wiped off the face of the Earth. That sounds like a bit of an exaggeration, but honestly it pretty much felt like that.
Here’s the timeline of a cyber-attack I recently faced on Sunday, July 23, 2016 (all times are in Eastern Standard):
That’s a pretty incidence matrix (credit: Kapil Haresh)
3:36pm—I was scribbling out an incidence matrix for a perfect hash family table on the whiteboard, explaining how the incidence matrix should be built to my friends. Ironically, this was a cryptography assignment for multicast encryption. Everything seemed fine until a rather odd sound started playing on my iPhone. I was pretty sure it was on silent, but I was quite surprised to see that it said “Find My iPhone Alert” on the lock screen. That was odd.
Read 20 remaining paragraphs | Comments
Source: Ars Technica – There are limits to 2FA and it can be near-crippling to your digital life
J.K. Rowling Says Harry Potter is Done After Cursed Child
It’s an exciting weekend to be a Harry Potter fan, but it might also be a depressing one. Author J.K. Rowling has confirmed (or “confirmed,” as I’m gonna put it) that the story of our beloved Boy Who Lived has come to an end.
Source: io9 – J.K. Rowling Says Harry Potter is Done After Cursed Child
Sunscreen Showdown: Creams vs. Sprays
Sunscreen is sunscreen, so you’d think the way you apply it doesn’t really matter, but choosing between cream or lotion and a spray-on sunscreen can impact the likelihood you’ll use it, the amount of coverage on your skin, and even the actual protection you get. Let’s find out which might be better for you in this sunscreen showdown.
Source: LifeHacker – Sunscreen Showdown: Creams vs. Sprays
The After Math: Office Politics
Source: Engadget – The After Math: Office Politics
Btrfs ENOSPC Rework Lands For Linux 4.8, Boosts Throughput & Lowers Latency
The Btrfs “enospc-rework” that’s been in development for several months by Facebook’s Josef Bacik is landing with the Linux 4.8 kernel…
Source: Phoronix – Btrfs ENOSPC Rework Lands For Linux 4.8, Boosts Throughput & Lowers Latency
Alleged Nintendo NX Leak Could Be Most Interesting Product Concept Yet
The leaks surrounding Nintendo’s upcoming NX console continue to flow. Last week, a website claimed to have received exclusive information about Nintendo’s console, and depending on your perspective, it will either sound great or lackluster, if you weren’t big on the Wii or Wii U.
First and foremost, the biggest thing that would set the
Source: Hot Hardware – Alleged Nintendo NX Leak Could Be Most Interesting Product Concept Yet
NFS Client Sees Some Performance Improvements With Linux 4.8
The NFS client updates for the Linux 4.8 kernel feature a few prominent additions…
Source: Phoronix – NFS Client Sees Some Performance Improvements With Linux 4.8
Mr. Robot 'Plugs' uTorrent and Pirate Release Groups
From a TorrentFreak report: The latest episode of award-winning TV show Mr. Robot includes a nod to online pirates. The main character Elliot is shown pirating a movie using uTorrent, while his movie folder lists movies from various pirate groups including YIFY. The group in question appreciates the “bad ass” mention, while another group casts doubt on the hacker’s choice of BitTorrent client. As the screenshot shows, Elliot uses a recent version of the popular BitTorrent client uTorrent, showing a house ad for an upgrade to uTorrent Plus. In the “movies” folder, which is also shown, we can see various other movies complete with release group tags such as YIFY, PRiSTiNE, DiPSHiT, RARBG and CRiTERiON.
Read more of this story at Slashdot.
Source: Slashdot – Mr. Robot ‘Plugs’ uTorrent and Pirate Release Groups
The basics of the thorny relationship between science and philosophy
A lot of things that try to pass themselves off as science, like homeopathy, clearly aren’t scientific. But it might surprise you to know that there’s no simple checklist or flow chart that lets you separate the scientific from the nice-try-but-not-quites. It’s not for lack of trying; for decades, philosophers worked to figure out how a decidedly human activity could produce such reliable information, but all the big-name thinkers in the field have come up short.
Understanding why they failed is the subject of multiple graduate-level seminar classes. But if you’re just interested in a brief overview, Tim Lewens can help you out.
Dr. Lewens is a philosopher of science at Cambridge University (and a Ford driver, as we discover) who’s written a book called The Meaning of Science. It’s meant for a general audience, yet it tackles hairy issues in the philosophy of science and throws in ruminations on the nature of humanity for free. The Meaning of Science is an odd mix that doesn’t quite hang together as a coherent whole, but it’s not a bad read for anyone interested in a quick-and-painless introduction to the mystery of why science works.
Read 12 remaining paragraphs | Comments
Source: Ars Technica – The basics of the thorny relationship between science and philosophy
This Man Fell 25,000 Feet Without a Parachute And This Is How He Did It
Skydiving is pretty terrifying on its own, even when you take into account necessary safety precautions. But what if you were to jump from an airplane without a parachute? If Luke Aikins’ stunt is any indication, you’d have to be highly skilled and train for two years before even attempting it. There’s also the issue of jumping from an plane without a parachute.
Source: Gizmodo – This Man Fell 25,000 Feet Without a Parachute And This Is How He Did It
Elon Musk Told To ‘Smile A Lot’ In Gigafactory Speech Pep Talk
Tesla CEO Elon Musk hosted the grand opening for Tesla’s Nevada Gigafactory
on Friday night, but only after receiving an offstage pep talk reminding him to “smile a lot,” and that “everything is awesome.”
Source: Gizmodo – Elon Musk Told To ‘Smile A Lot’ In Gigafactory Speech Pep Talk
Amazon's Next Noise-Canceling Headphones Could Turn Off When Someone Yells Your Name
I’m not sure why these are being touted for safety purposes—last time I checked, bicyclists or cars don’t give you predefined cues before hitting you, nor would you have time to react if they did. These headphones only seem to be of benefit to your significant other or co-worker who wants to get your attention from a distance.
Amazon might be working on the first headphones that can save lives. The company was just awarded a patent on July 19 for a noise-canceling headphone that automatically clicks off when it “hears” certain sound patterns, frequencies and even keywords like a name. The feature would allow the wearer to instantly tune back into his or her surroundings, and hopefully get out of the way of oncoming traffic. A diagram in the patent application filed on July 25, 2014 shows an array of microphones built into the ear pads. I assume those could be used to listen to ambient sounds, similar to the way the Amazon Echo’s Alexa is always aware of vocal prompts spoken around her. The description even talks about training the microphones to listen for a two-part audio command like “Hey Justin!”
Comments
Source: [H]ardOCP – Amazon’s Next Noise-Canceling Headphones Could Turn Off When Someone Yells Your Name
Skydiver Sets Record For Highest Jump Without Parachute
This guy must have balls of steel. Not only did he voluntarily jump out of a plane without a parachute, his survival hinged on landing in an area a third the size of a football field.
Luke Aikins on Saturday became the first skydiver to jump from a plane without a parachute or wingsuit and live to tell the story. In a stunt called, “Heaven Sent,” the 42-year-old daredevil leaped 25,000 feet to Earth –- setting the world record for the highest jump. To accomplish this feat, Aikins had to direct his body in free fall using only the air currents around him to land safely on the high-tech 10,000-square-foot net (about a third the size of a football field) laid out to catch him. The jump was aired live on television via the Fox network during an hour-long special. Aikins fell for about two minutes above the California desert, appearing to soar effortlessly, arms extended, face downward. And as he neared the ground, with a mere second to go, he expertly flipped onto his back and landed without incident.
Comments
Source: [H]ardOCP – Skydiver Sets Record For Highest Jump Without Parachute
Syfy's Van Helsing Trailer is Basically The Walking Dead With Vampires
“In a world where ____ (vampires) have taken over the ____ (world), humanity must _____ (band together) to ____ (survive).”
Source: io9 – Syfy’s Van Helsing Trailer is Basically The Walking Dead With Vampires
Sunday Comics: Expanded Universe
Welcome to Kotaku’s Sunday Comics, your weekly roundup of the best webcomics. The images enlarge if you click on the magnifying glass icon.
Source: Kotaku – Sunday Comics: Expanded Universe
Nissan's gold Olympics-edition EV, and more in the week that was
Tesla’s Gigafactory is set to double the world’s battery production, and this week it opened its doors for the first time. Tesla is also working on an electric truck, but Mercedes-Benz beat them to punch this week by launching the world’s first all-e…
Source: Engadget – Nissan’s gold Olympics-edition EV, and more in the week that was
Go Incognito Opens Your Current Tab in Incognito Mode, Scrubs It from Your Browser History
Chrome: Go Incognito does one simple, very useful thing: It opens your current tab in Incognito mode, then removes any reference to that tab from your browser history. You know, in case you click a link or open something and you just forgot to do it in Incognito Mode first. It’s happened to all of us.
Source: LifeHacker – Go Incognito Opens Your Current Tab in Incognito Mode, Scrubs It from Your Browser History
Cyberattackers Hijack Screens at Two Vietnam Airports, Broadcast Political Messages
An anonymous reader quotes an article from the Washington Times:
Hackers on Friday successfully pulled off cyberattacks against Vietnam’s two largest airports and the nation’s flag carrier, Vietnam Airlines. The attacks — attributed to a Chinese hacking group known as 1937CN — ultimately failed to cause any significant security issues or air traffic control problems, Vice Minister of Transport Nguyen Nhat told local media. Nonetheless, the individuals briefly hijacked flight information screens and sound systems inside Noi Bai and Tan Son Nhat airports in Hanoi and Ho Chi Minh City, respectively… Instead of departure and arrival details, the airports’ flight screens and speakers broadcast what local media described as anti-Vietnamese and Philippines slogans, in turn prompting authorities to shut down both systems… Vietnam Airlineâ(TM)s website, meanwhile, “was seized control and transferred to a malicious website abroad” and… passenger data pertaining to an undisclosed number of its frequent flyers was published online as well, the airline said in a statement. Local media on Friday said about 100 MB of data concerning roughly 40,000 VMA passengers had been dumped online.
Read more of this story at Slashdot.
Source: Slashdot – Cyberattackers Hijack Screens at Two Vietnam Airports, Broadcast Political Messages