Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

June 15 2017

Georgia’s Lax voting security exposed just in time for crucial special election

(credit: Verified Voting)

To understand why many computer scientists and voting rights advocates don't trust the security of many US election systems, consider the experience of Georgia-based researcher Logan Lamb. Last August, after the FBI reported hackers were probing voter registration systems in more than a dozen states, Lamb decided to assess the security of voting systems in his state.

According to a detailed report published Tuesday in Politico, Lamb wrote a simple script that would pull documents off the website of Kennesaw State University’s Center for Election Systems, which under contract with Georgia, tests and programs voting machines for the entire state. By accident, Lamb's script uncovered a breach whose scope should concern both Republicans and Democrats alike. Reporter Kim Zetter writes:

Within the mother lode Lamb found on the center’s website was a database containing registration records for the state’s 6.7 million voters; multiple PDFs with instructions and passwords for election workers to sign in to a central server on Election Day; and software files for the state’s ExpressPoll pollbooks — electronic devices used by poll workers to verify that a voter is registered before allowing them to cast a ballot. There also appeared to be databases for the so-called GEMS servers. These Global Election Management Systems are used to prepare paper and electronic ballots, tabulate votes and produce summaries of vote totals.

The files were supposed to be behind a password-protected firewall, but the center had misconfigured its server so they were accessible to anyone, according to Lamb. “You could just go to the root of where they were hosting all the files and just download everything without logging in,” Lamb says.

And there was another problem: The site was also using a years-old version of Drupal — content management software — that had a critical software vulnerability long known to security researchers. “Drupageddon,” as researchers dubbed the vulnerability, got a lot of attention when it was first revealed in 2014. It would let attackers easily seize control of any site that used the software. A patch to fix the hole had been available for two years, but the center hadn’t bothered to update the software, even though it was widely known in the security community that hackers had created automated scripts to attack the vulnerability back in 2014.

Lamb was concerned that hackers might already have penetrated the center’s site, a scenario that wasn’t improbable given news reports of intruders probing voter registration systems and election websites; if they had breached the center’s network, they could potentially have planted malware on the server to infect the computers of county election workers who accessed it, thereby giving attackers a backdoor into election offices throughout the state; or they could possibly have altered software files the center distributed to Georgia counties prior to the presidential election, depending on where those files were kept.

Lamb privately reported the breach to University officials, the report notes. But he learned this March that the critical Drupal vulnerability had been fixed only on the HTTPS version of the site. What's more, the same mother lode of sensitive documents remained as well. The findings meant that the center was operating outside the scope of both the University and the Georgia Secretary of State for years.

Read 2 remaining paragraphs | Comments

June 14 2017

Michigan health director, 4 others charged with manslaughter over Flint water

Enlarge / Posters above water fountains warn against drinking the water at Flint Northwestern High School in Flint, Michigan. (credit: Getty | JIM WATSON)

Michigan Attorney General Bill Schuette charged five public officials with involuntary manslaughter on Wednesday in connection to the ongoing Flint water crisis. Those charged include the state’s director of Health and Human Services, Nick Lyon.

This latest batch of charges is the fourth linked to the water disaster, which exposed thousands of Flint children to lead-laced water and is linked to an outbreak of Legionnaires’ disease that contributed to at least 12 deaths.

As the water catastrophe stretches into its third year, Lyon is the highest-ranking member of Republican Governor Rick Snyder’s administration to get ensnarled in the ongoing criminal investigation.

Read 13 remaining paragraphs | Comments

Who had the best E3 press conference? Ars decides

(video link)

Before E3 even got started yesterday, we felt like we had already been through an entire show in and of itself. Press conferences and livestreams from the console makers at Microsoft, Sony, and Nintendo set the agenda for what we'll see on the Xbox One, PlayStation 4, and Switch in the coming year. Splashy events from publishers like EA, Bethesda, Ubisoft, and Devolver Digital highlighted countless games that were previously unknown.

Before diving in for actual hands-on time on the show floor, Ars Culture Editor Sam Machkovech and I had a quick chat about what stood out to us in these marketing-focused, hype-soaked, bombastic press conferences. Watch the video above for our full thoughts, but here's some quick bullet points:

Read on Ars Technica | Comments

Mini-review: How much faster have high-end iMacs gotten in the last 5 years?

Andrew Cunningham

Apple seems committed to the Mac Pro and iMac Pro for now, but the company says that its most popular desktops with pro users remains the 27-inch iMac.

Unlike phones and tablets, which can still post big performance gains from year to year, desktops age more slowly and gracefully. A typical replacement cycle in many businesses and schools is three or four years, and, as long as they don’t break, you can easily keep using them for years after that.

Read 20 remaining paragraphs | Comments

A spy satellite buzzed the space station this month, and no one knows why

Enlarge / SpaceX launches a satellite for the National Reconnaissance Office on May 1. (credit: SpaceX)

About six weeks ago, SpaceX launched a spy satellite into low Earth orbit from Launch Complex 39A at NASA’s Kennedy Space Center. As is normal for National Reconnaissance Office launches, not much information was divulged about the satellite's final orbit or its specific purpose in space. However, a dedicated group of ground-based observers continued to track the satellite after it reached outer space.

Then something curious happened. In early June, the satellite made an extremely close pass to the International Space Station. One of the amateur satellite watchers, Ted Molczan, estimated the pass on June 3 to be 4.4km directly above the station. Another, Marco Langbroek, pegged the distance at 6.4km. "I am inclined to believe that the close conjunctions between USA 276 and ISS are intentional, but this remains unproven and far from certain," Molczan later wrote.

In recent days, Ars has run these observations by several officials and informed sources. They are credible, these officials say, and curious indeed. "This is strange," said one astronaut who has commanded the International Space Station. "I don't really believe in coincidences. But I can't really think of anything that would be worth highlighting a close approach."

Read 4 remaining paragraphs | Comments

Konami reportedly blacklisting ex-employees across Japanese video game industry

Enlarge / Video game designer Hideo Kojima (left) speaks at the Tribeca Games Festival during Tribeca Film Festival at Spring Studios on April 29, 2017 in New York City. (credit: Ben Gabbe / Getty Images News)

According to a Wednesday report in the Nikkei Asian Review newspaper, Konami is apparently blacklisting former employees in the Japanese video game industry. The company is particularly targeting those who work for Kojima Productions, which was founded in 2016 by Hideo Kojima, who used to be a top designer at Konami.

The video game giant behind the Metal Gear Solid series, among others, has been in something of a shift over the last two years, as it has transitioned from a console-focused company to a mobile-focused one.

The Japanese newspaper wrote that two months ago, an unnamed Kojima Productions executive applied for Kojima to join ITS Kenpo, a health insurance company that focuses on the gaming industry. That application was denied, apparently because the chair of that company’s board, Kimihiko Higashio, is also a board member at Konami.

Read 2 remaining paragraphs | Comments

As Republicans push ringless voicemail spam, Democrats take consumers’ side

Enlarge / Democrats vs. Republicans. (credit: Getty Images | Linda Braucht)

US Senate Democrats today asked the Federal Communications Commission to protect consumers from ringless voicemails, which let robocallers leave voicemails without ringing your phone.

The Republican National Committee (RNC), which is already using ringless voicemails, recently asked the FCC to approve a petition filed by a marketing company that sells direct-to-voicemail services. Approving the petition would exempt ringless voicemails from the Telephone Consumer Protection Act (TCPA) and allow marketers and others to use the technology without complying with anti-robocall rules.

This is a horrible idea, Democrats said.

Read 6 remaining paragraphs | Comments

Quantum principle harnessed to create easier wireless charging

Enlarge / The developers of a new wireless charging tech are thinking big—automobile battery big. (credit: Oak Ridge National Lab)

Anyone who has ever left the house without remembering to charge their cellphone can appreciate the concept of wireless power transfer. All you would have to do is remember to drop your phone on your desk, and a wireless charging mat would ensure that it has a full battery by the time you pick it up again.

But current wireless charger systems require specialized hardware on both the sending and receiving ends, and power only flows efficiently when the two are a specific (and short) distance apart. It's possible to expand that distance a bit by carefully adjusting the frequency used to induce current at a distance, but this adds to the complexity and energy overhead of the system. And even the best current systems have losses that mean wasted electricity at a time when energy efficiency is critical.

Now, researchers at Stanford have found a different way to handle wireless charging. Taking advantage of a quantum principle that also applies to the everyday world, they've created a system in which power is transferred over a wider distance with roughly 100-percent efficiency. Better still, the system adjusts itself to the distance, so careful frequency tuning becomes unnecessary. The big downside, however, is that the supporting electronics aren't especially efficient.

Read 12 remaining paragraphs | Comments

In March, wind and solar generated a record 10% of US electricity

Enlarge / The large Barren Ridge solar panel array near Mojave, California. (Photo by George Rose/Getty Images) (credit: Getty Images)

According to the Energy Information Administration’s Electric Power Monthly, a bit more than 10 percent of all electricity generated in the US in March came from wind and solar power (including both distributed residential solar panels and utility-scale solar installations). That’s a record number for the country, and it reflects continuing effort to install more renewable capacity across the nation.

The EIA shows that eight percent of total electricity generation that month came from wind, and the other two percent came from solar. The administration also predicts that wind and solar will contribute more than 10 percent of the total electricity produced in April, although numbers for that month aren’t out yet.

(credit: EIA)

Renewables have tended to hit records in spring and fall—often called shoulder seasons—because wind is plentiful and the northern hemisphere receives a more even amount of sunlight during those seasons than it does during winter. In addition, electricity consumers tend to use less during the shoulder seasons (mild weather means they’re usually not running air conditioners or space heaters, for example). That means overall energy use is low and peak-demand fossil fuel-burning plants don’t need to come online. All these factors together make it easy for renewable energy to shoulder a larger and larger share of the work.

Read 6 remaining paragraphs | Comments

A judge is ordering drunken drivers to install Uber, Lyft

Enlarge (credit: SPUR)

A local judge in Ohio is taking a novel approach when it comes to drunken drivers. Municipal Court Judge Michael Cicconetti of Painesville has been requiring motorists convicted of operating a vehicle under the influence (OVI) to download the ride-hailing apps Uber and Lyft, and they must set up the apps with their credit cards.

"It’s just common sense. Now that we have the technology and most people have the ability to do that, why not make it part of their sentence?" the judge told local media about the new requirements implemented last month.

If you can save one person from getting another OVI, one person from getting into an accident, one person from hurting somebody else, it makes sense. It’s just common sense. It doesn’t cost anybody anything to install it and activate it, and it’s far cheaper than paying the thousands of dollars you’d have to pay for another OVI.

The new Ohio punishment, which is tacked on to fines and possible jail time, is the latest move by the authorities requiring the use of mobile technology to combat drunken drivers. Beginning in November, Oklahoma will become the latest of a growing number of states requiring first-time drunken-driving offenders to install a breathalyzer in their vehicles. The ignition won't start the car if the device detects a certain level of alcohol.

Read 4 remaining paragraphs | Comments

Bay Area: Join us 6/21 to discuss the US government’s scientific data purge

Enlarge / UC Santa Cruz professor Lindsey Dillon will join us at Ars Live.

After taking office in January, the Trump administration began systematically removing scientific and environmental data from government websites. Sociology professor Lindsey Dillon is helping to run a data-rescue project called the Environmental Data and Governance Initiative (EDGI), whose aim is to preserve this data and make it accessible to the public. At Ars Technica Live #14, we'll be hosting a public discussion with Dillon about her work.

Join Ars Technica editors Annalee Newitz and Joe Mullin at Eli's Mile High Club for the live taping of our monthly discussion series. Dillon will talk to us about EDGI, as well as her research on environmental racism in the San Francisco Bay Area.

Ars Live takes place on the third Wednesday of every month at Eli's Mile High Club in Oakland (3629 MLK Way). They have the best tater tots you've ever eaten. So crispy!

Read 2 remaining paragraphs | Comments

Sony continues to lock PS4 players out of cross-platform play

Enlarge / They need to add a tiny "not on PlayStation 4" disclaimer in tiny blocks...

This E3 has been a good one for many who are fans of playing online games with friends and strangers across different console and PC platforms. Psyonix announced that a newly announced Switch version of Rocket League would be able to interact with existing versions on the Xbox One and PC. And Microsoft announced that online Minecraft players would soon be united across Switch, Xbox One, PC, mobile, and VR platforms.

Missing from both of those lists is Sony's PlayStation 4, which will keep its players segregated to the PlayStation Network for the time being.

“The honest answer is PlayStation has not yet granted us permission," Psyonix VP of Publishing Jeremy Dunham told Polygon regarding the reason for the Rocket League's cross-platform block on PS4. Since Psyonix runs its own servers and since those servers have already been certified for Microsoft's strict technical and security requirements for tying in to Xbox Live, adding PS4 is "literally something we could do with a push of a button, metaphorically," he added. "In reality it’s a webpage with a checkbox on it. All we have to do is check that box and it would be up and running in less than an hour all over the world. That’s all we need to do.”

Read 6 remaining paragraphs | Comments

Navy chief: It may be time to bring back retired warships

Enlarge / The Oliver Hazard Perry-class fast frigate USS Ford (FFG 54) departs Pearl Harbor in this 2010 photo. The Navy is looking at bringing back a handful of the decommissioned ships. (credit: US Navy)

In a speech before the Naval War College yesterday, Chief of Naval Operations Admiral John Richardson said that the Navy is looking at "every trick" to grow the fleet more quickly towards the Navy's goal of 355 ships, including extending the lives of ships already in the fleet and "bringing ships back." And one of the candidates for a comeback, Richardson said, are the Oliver Hazard Perry class frigates. (The Iowa-class battleships, despite political posturing by President Trump during the election campaign, have not yet been mentioned.)

The Perry class ships were the Navy's equivalent of the Air Force's A-10 Thunderbolt II—workhorse ships that lacked the glamor of larger, more capable commands that performed missions essential to the fleet. They were originally built as guided missile frigates (FFGs), intended to provide a combination of air and antisubmarine defenses for carrier battle groups. The few ships being considered for reactivation were all built in the late 1980s and decommissioned over the past five years. About 10 are held in the Navy's Inactive Fleet Inventory designated for foreign sale, while the remainder are slotted to be scrapped or sunk as targets.

The Australian Navy has managed to keep three of its original Perry-class frigates (known as the Adelaide class) in service through upgrades to its power plants and other life-extending maintenance. Several other navies still operate former US ships of the class.

Read 6 remaining paragraphs | Comments

Trump to nominate Democrat Jessica Rosenworcel for empty slot at FCC

Enlarge / Jessica Rosenworcel speaks at INTX: The Internet & Television Expo in Chicago on Wednesday, May 6, 2015. (credit: Getty Images | Bloomberg)

President Donald Trump plans to nominate Democrat Jessica Rosenworcel for another term on the Federal Communications Commission.

Rosenworcel had to leave the commission at the end of last year when the Republican-led US Senate refused to reconfirm her for a second five-year term. The departure of Rosenworcel and former Chairman Tom Wheeler left the FCC with just three out of the typical five members, with Republicans holding a 2-1 majority. Republican senators didn't want Rosenworcel to stay on the FCC at the time because it would have resulted in a 2-2 deadlock.

Commissioners are nominated by the president and confirmed by the Senate. But no party can have more than a one-vote majority, so Trump has to nominate a Democrat and a Republican to fill the empty seats. When a president needs to nominate a commissioner from the opposing party, he takes suggestions from the opposing party's leadership. Senate Democrats backed Rosenworcel for a return to the FCC, so Trump appears to be following longstanding tradition by nominating her.

Read 9 remaining paragraphs | Comments

Pirate Bay may finally be sunk after EU copyright ruling

(credit: Aurich Lawson / Thinkstock)

Infamous BitTorrent tracker site The Pirate Bay can be found liable of copyright violations even if it doesn't host any infringing content, Europe's top court has ruled.

"Making available and managing an online platform for sharing copyright-protected works, such as 'The Pirate Bay,' may constitute an infringement of copyright," the Court of Justice of the European Union (CJEU) said in its judgment on Wednesday. "Even if the works in question are placed online by the users of the online sharing platform, the operators of that platform play an essential role in making those works available."

The ruling isn't only good news for copyright lawyers, but it also paves the way for ISPs across Europe to choke access to The Pirate Bay, which started life in Sweden in 2003 and has undergone a number of high-profile legal battles—including prison time for its founders, after they were found guilty of being accessories to breaching copyright laws in 2009.

Read 9 remaining paragraphs | Comments

Fileless malware targeting US restaurants went undetected by most AV

Enlarge (credit: Carol Von Canon)

Researchers have detected a brazen attack on restaurants across the United States that uses a relatively new technique to keep its malware undetected by virtually all antivirus products on the market.

Malicious code used in so-called fileless attacks resides almost entirely in computer memory, a feat that prevents it from leaving the kinds of traces that are spotted by traditional antivirus scanners. Once the sole province of state-sponsored spies casing the highest value targets, the in-memory techniques are becoming increasingly common in financially motivated hack attacks. They typically make use of commonly used administrative and security-testing tools such as PowerShell, Metasploit, and Mimikatz, which attackers use to feed malicious commands to targeted computers.

FIN7, an established hacking group with ties to the Carbanak Gang, is among the converts to this new technique, researchers from security firm Morphisec reported in a recently published blog post. The dynamic link library file it's using to infect Windows computers in an ongoing attack on US restaurants would normally be detected by just about any AV program if the file was written to a hard drive. But because the file contents are piped into computer memory using PowerShell, the file wasn't visible to any of the 56 most widely used AV programs, according to a Virus Total query conducted earlier this month.

Read 6 remaining paragraphs | Comments

Man who downloaded child porn from Tor-hidden Playpen sentenced to 6 months

Enlarge (credit: carlosbezz / Getty Images News)

On Tuesday, a federal judge in Tacoma, Washington, sentenced David Tippens to six months in prison for one remaining count of possession of child pornography that he obtained via the now-defunct, notorious Tor-hidden child porn website, Playpen.

In a sentencing memorandum filed last month, prosecutors asked the judge to impose a much longer sentence.

"The Government asked for 48 months in prison but the Court was impressed with Mr. Tippens' long and distinguished service in the Army, including combat duty in Iraq; his cooperation with the police at the time of his arrest and perfect compliance with pre-trial supervision; and the fact that he had a pornography addiction related to PTSD that would be addressed through continuing counseling," Tippens’ federal public defender, Colin Fieman, e-mailed Ars.

Read 9 remaining paragraphs | Comments

Firefox 54 finally goes multiprocess, eight years after work began

Enlarge (credit: Mozilla)

Firefox has finally been outfitted with simultaneous multiple content processes, a UI process, and a GPU acceleration process— eight years after the project, codenamed Electrolysis (E10S), began. Mozilla is calling Firefox 54 "the best Firefox ever," and they're probably not wrong (though Firefox 3.5 was pretty good, in my opinion).

In theory, moving to multiple content processes will improve stability and performance (one bad tab won't slow down the rest of your computer). Electrolysis is also a prerequisite for full security sandboxing in Firefox, which is currently only available for a few media-decoding plug-ins such as Flash.

The trade-off with multiple processes, though, is memory overhead, because each process contains an instance of the browser's rendering engine. Mozilla says they've worked hard to avoid increased memory consumption, but as a result you only get four content processes by default. Apparently that's the sweet spot between using too much RAM while still taking full advantage of multi-core CPUs. If you want to be more (or less) aggressive, you can visit about:config and tweak dom.ipc.processCount. By default Google Chrome starts a new process for every tab, which is one of the reasons it's such a memory hog.

Read 8 remaining paragraphs | Comments

Last year, Joey Hand won Le Mans; he tells us about this year’s race prep

Way back in 1966—after two unsuccessful attempts to beat Ferrari at its own game—the Ford Motor Company scored an impressive win at the 24 Hours of Le Mans. Last June, the Blue Oval returned to La Sarthe for a repeat performance, finishing first and third in class (bookending a Ferrari in the process). The company is hoping that was no one-off, and it will be back again this year with a four-car effort, hoping to make it two for two. That race takes place between June 17 and 18, but ahead of the event we caught up with one of Ford's racing drivers, Joey Hand, to find out how the preparation has been going and his thoughts on competing in one of our favorite races of the year.

Video edited by Jennifer Hahn. (video link)

Hand has raced in a ton of different series but appears to be enjoying racing in the factory-backed GTE-Pro and GTLM (in IMSA's series) class. "It's one of the most competitive things I've done," he told Ars. "You have two factory drivers all the time, so it makes for good, tough fights."

Read 9 remaining paragraphs | Comments

Video: Sony lets Ars loose on PlayStation’s E3 games and developers

Ars plays games and talks to their devs at a PlayStation media mixer. Video shot by Anthony Falleroni. (video link)

LOS ANGELES—Ahead of PlayStation's Monday press conference, Ars Technica attended a media-exclusive mixer full of playable new PS4 and PSVR video games. Since many of them had their developers standing nearby, we grabbed cameras and microphones to dig a little further into some interesting games coming to PlayStation in the near future.

Read 3 remaining paragraphs | Comments

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!