Month: July 2016

Things seem a bit dark for Elliot Alderson as S2 begins (and it's not some "change the lightbulb" thing). (credit: Peter Kramer/USA Network)

Warning: This piece contains minor spoilers for this week's episode of Mr. Robot

Has our hero left the grid for good? In two hours of Mr. Robot’s glorious return, Elliot Alderson touches only one computer. Technically, that brief interaction takes place within the timeline of season one.

The screenshot-able coding and tech accuracy that the show became known for last year only surfaces twice (and fittingly, Darlene provides the other moment). Instead of action, the second season’s two-part premiere, titled “unm4sk,” is much more interested in the state of our hackers and the hacked.

Sen. Al Franken (D-MN) at a Senate Judicary Committee meeting in May. (credit: Photo by Chip Somodevilla/Getty Images)

Earlier this week, we learned that the insanely popular mobile gaming app Pokémon Go requested full access to users' Google accounts when activated on iOS. Niantic said that it was a mistake, and the issue was corrected in an update for the app.

Yesterday, Sen. Al Franken (D-Minn.) sent a letter (PDF) to game creator Niantic asking the company to explain that issue, as well as some of the other privacy choices in the game.

The letter notes that Pokémon Go collects profile and account information, location data, and data "obtained through Cookies and Web Beacons." The game also asks permission to do things like control vibration and prevent the phone from sleeping. Franken wants to know what information and functions exist to support and improve services, and what's being gathered for "other purposes."

Trinity test explosion, July 16, 1945. (credit: Wikimedia)

If the CSI family of television shows has blunted your appetite for impossibly omniscient crime scene analysis, consider the real, and very serious, science of nuclear forensics. If someone flouts the ban on nuclear weapons testing, we want to know as much about it as possible. And the resources backing that effort are substantial.

Seismic waves betray the occurrence of underground tests, and air samples grabbed soon afterward can contain the radioactive proof. But both are transient, and even radioactivity at the site of the explosion can fade too quickly to be of much use. A group of researchers at Los Alamos National Laboratory have demonstrated a new technique than can reveal the potency of the bomb from the debris—even decades after the fact.

To test the technique, they tried it out on the famous 1945 Trinity test site in New Mexico, where the very first atomic bomb was detonated less than a month before nuclear bombs were dropped on Hiroshima and Nagasaki. The heat of the blast fused the sandy surface into glassy rock that took on the name “trinitite.” Immediately after the explosion, that trinitite would have been loaded with short-lived radioactive isotopes that could tell you about how the bomb functioned, but the most important indicators dissipate within months.

Insuring deposits, but not your identity. Thanks, FDIC. (credit: Matthew G. Bisanz)

A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities, and were only brought to light after an Inspector General investigation into another serious data breach at FDIC in October of 2015.

The FDIC failed at the time of the "advanced persistent threat" attacks to report the incidents. Then-Inspector General at FDIC, Jon Rymer, lambasted FDIC officials for failing to follow their own policies on breach reporting. Further investigation into those breaches led the committee to conclude that former FDIC CIO Russ Pittman misled auditors about the extent of those breaches, and told employees not to talk about the breaches by a foreign government so as not to ruin FDIC Chairman Martin Gruenberg's chances of confirmation.

The cascade of bad news began with an FDIC Office of the Inspector General (OIG) investigation into the October "Florida incident." On October 23, 2015, a member of the Federal Deposit Insurance Corporation's Information Security and Privacy Staff (ISPS) discovered evidence in the FDIC's data loss prevention system of a significant breach of sensitive data—over 1,200 documents, including Social Security numbers from bank data for over 44,000 individuals and 30,715 banks, were copied to a USB drive by a former employee of FDIC's Risk Management Supervision field office in Gainesville, Florida. The employee had copied the files prior to leaving his position at FDIC. Despite intercepting the employee, the actual data was not recovered from him until March 25, 2016. The former employee provided a sworn statement that he had not disseminated the information, and the matter was dropped.

A rotor for the i-DCD drive motor, using rare earth metal-free magnets. (credit: Honda)

Honda said on Tuesday that it had created the first commercial hybrid-electric vehicle motor without using any heavy rare earth metals. (Rare earth metals are often divided into “heavy” and “light” categories.) Working with the expertise of Daido Steel Co., Honda’s new motor will appear in this year’s Honda Freed, a hybrid minivan sold in Japan.

Rare earth metals are essential to making a plethora of items, including smartphones, laptops, missiles, and electric cars. Unfortunately, that group of elements are at risk of shortage, and many of them are mined predominantly in China, adding a special political flavor to ensuring a global supply for industry. In 2009, Reuters reported that Toyota, maker of the popular hybrid-electric Prius, risked suffering at the hands of a rare earth metal shortage. And in 2010, China temporarily banned exports of rare earth metals to Japan during a standoff over territory.

The Japanese automaker bristled at that turn of events. Although Honda told Reuters that it started looking into ways to reduce rare earth metal use a decade ago, the recent risk of shortage and the growing popularity of hybrid vehicles spurred the company to look more seriously into ways to "avoid resource-related risks and diversify channels of procurement,” according to a Honda press release.

Update, 7/15, 9am EDT: The man who discovered the rare, American 64DD has now posted video proof of his discovery, embedded above from his YouTube channel. The video shows off one surprising quirk: the hardware is region locked—designed to load American 64DD software that was never actually produced! There's also some speculation about what kind of in-development, US 64DD software might be on the blue development disk that was included with the hardware (which isn't currently launchable).

We look forward to Lindsey uncovering more about the hardware, including possibly a BIOS dump, as time goes on.

Original Story

(credit: Tor Project)

Over a month after a prominent staffer at the Tor Project left the organization amid public accusations of sexual misconduct, the project has shaken up its entire seven-person board of directors, replacing the seven who have left as of Wednesday with six new members.

The Tor Project is the Massachusetts-based nonprofit that maintains Tor, the well-known open-source online anonymity tool.

In June 2016, Jacob Appelbaum, one of Tor’s most public-facing developers and a member of the "Core Team," denounced the accusations as a "calculated and targeted attack has been launched to spread vicious and spurious allegations against me."

(credit: Image courtesy of Valve)

Valve Software is facing potential legal trouble in the form of two recent lawsuits, both of which revolve around the company's games being connected to third-party gambling sites. While the game maker and Steam store operator did not offer a public response when the suits were filed, Valve has finally gone on the record to denounce the gambling issues that have arisen—yet at the same time did not announce definitive action against the third-party sites in question.

Those sites, which include Florida-based CSGOLotto, traffic mostly in the "skins" (meaning, cosmetic items) that can either be earned or purchased for small, non-refundable fees in the game Counter Strike: Global Offensive. These can be traded to the gambling sites via Steam Marketplace features, at which point they essentially become poker chips for those sites' gambling features. In some cases, those skins can then be cashed out for real money.

A Wednesday statement written by Valve's Erik Johnson said that the game maker does not directly profit from these gambling sites' actions: "We have no business relationships with any of these sites. We have never received any revenue from them. And Steam does not have a system for turning in-game items into real world currency." Johnson then explained that the gambling sites work by creating and maintaining their own Steam accounts, through which they conduct virtual item trading on a massive scale.