Month: July 2016

(credit: Aurich / Getty)

As we have seen in the past couple of years, car hacking is becoming an ever-greater threat. Many of the systems in our vehicles—and the standards to which they were designed—predate the connected car era. And so computerized vehicle systems lack some of the basic kinds of security that we would otherwise expect as default given the ramifications of a hack. The car-hacking problem gained widespread attention in July 2015, when hackers revealed that 1.4 million Chrysler and Dodge vehicles were vulnerable to an exploit—via the car's infotainment system—that could allow a malicious hacker to take over control of the vehicles' throttle, brakes, and even steering.

On Wednesday morning, Fiat Chrysler Automobiles (FCA) announced it has created a bug bounty program, using Bugcrowd's platform to allow the security community to inform it about possible exploits.

"We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers," said Titus Melnyk, senior manager of security architecture at FCA. "Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer. Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all."

Google's incoherent messaging strategy adds yet another bizarre chapter with the latest update to Google Hangouts for Android. Version 11 of Android's default messaging app adds the ability to send video messages, but it removes the ability to display SMS and IM messages in a single conversation.

Hangouts video messages debuted on iOS four months ago, and now the feature is finally coming to Android. Users can record a short video clip and fire it off to a friend, just like a picture or text. To get the feature, they'll have to give up a core messaging feature—merged SMS and IM conversations. Users can still send and receive SMSes with Hangouts, but each contact now can have two (or more) separate conversation entries—one for SMS messages and one for Hangouts messages. Hangouts used to merge all conversations under a single contact without worrying what protocol the message used.

It's unclear why Google is ripping a core feature out of its most popular messaging product. At the beginning of this year, Hangouts began suggesting users stop using the app for SMS with a pop-up message, so we were kind of warned this was happening. It doesn't make any more sense now than it did then, though—Hangouts now has a big downside compared to iMessage on iOS. On the support page, Google recommends using Android's "Messenger" app, which only supports SMS.

New energy-efficient buildings contribute to a reduction in energy intensity. (credit: Mariano Mantel)

According to a report from the Energy Information Administration (EIA), the world is getting better, on average, at using energy to power its economic activity.

The latest numbers measure “global energy intensity” or the number of British thermal units used for every unit of gross domestic product (GDP) created. A falling energy intensity measurement doesn’t mean the world is using less energy in total—but it does mean that global economic activities are getting more efficient on the whole.

Specifically, the EIA says that global energy intensity has fallen by nearly one-third in the 25 years between 1990 and 2015. “Energy intensity has decreased in nearly all regions of the world,” the EIA says, in developed and developing countries alike.

Jester Poker is one game you can play virtually at MGM Resorts in Vegas. (credit: easyPLAY)

MGM Resorts on Wednesday unveiled what it's billing as the nation's first "real-money" mobile tournament gambling platform. The new platform enables gamblers 21 and older, who are connected to the Wi-Fi network of an MGM-owned hotel in Las Vegas, to throw down their kids' college funds for the chance to strike gold—all from their mobile phone, tablet, or laptop.

The easyPLAY Mobile Tournaments platform allows resort guests "at nine iconic Las Vegas resorts to compete with other players in a variety of tournament games using their own mobile devices whether they are at the pool, sipping cocktails at the bar, or simply relaxing in their rooms," the company said.

Bettors compete against fellow resort guests in bingo, slots, and video poker. Other methods of throwing away your hard cash are in the works, the company said. There are plenty of Vegas-based, MGM-owned resorts where bettors can play, too. They include ARIA Resort & Casino, Bellagio, MGM Grand, Mandalay Bay, The Mirage, Monte Carlo, Luxor, New York-New York, and Excalibur. What could go wrong? It has all been approved by the Nevada Gaming Control Board.

Enlarge (credit: Vectra Networks)

For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle.

The vulnerability resides in the Windows Print Spooler, which manages the process of connecting to available printers and printing documents. A protocol known as Point-and-Print allows people who are connecting to a network-hosted printer for the first time to automatically download the necessary driver immediately before using it. It works by storing a shared driver on the printer or print server and eliminates the hassle of the user having to manually download and install it.

Researchers with security firm Vectra Networks discovered that the Windows Print Spooler doesn't properly authenticate print drivers when installing them from remote locations. The failure makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one provided by the printer maker. The exploit effectively turns printers, printer servers, or potentially any network-connected device masquerading as a printer into an internal drive-by exploit kit that infects machines whenever they connect.

After assembling suicide bomb vests for the attacks that slaughtered 130 people in Paris last November, Najim Laachroui went underground in his native Brussels.

The 24-year-old explosives expert wasn't just hiding from the biggest manhunt in Europe's recent history. He was plotting. In a dingy apartment converted into a bomb factory, Laachroui exchanged a series of messages in French with Abu Ahmed, a shadowy commander in the Islamic State based in Syria.

If law enforcement agencies had intercepted the communications, they would have been immediately alarmed. Laachroui asked militants in Syria to test chemical mixtures so he could assemble powerful bombs. He discussed his hopes to strike France again and disrupt a soccer championship there. He reported that he and half a dozen other fugitives from the Paris attacks had split up among three safe houses, according to Belgian and French counterterror officials.

NASA Planetary Science Division Director Jim Green (left) and other key science officials celebrate Juno's orbital insertion on Monday night. (credit: NASA)

Carlos Entrena, one of the bright young minds in aerospace, asked a fair question last week in the wake of the Juno mission's successful insertion into orbit around Jupiter: "So why is a spacecraft doing a pre-planned burn a big deal again?" He was right, it did seem a relatively straightforward maneuver.

Another young scientist, Christopher Stelter, offered a series of answers that put the Juno spacecraft's 35-minute engine burn into perspective. Among the reasons, he said, was that, "Most burns a spacecraft does are not critical. If there's a glitch, you can try again later. Not this time. And it's a very long burn."

This exchange captured my attention because NASA in recent years has made the extremely difficult—flying robotic probes throughout the Solar System—look easy. The agency's record of achievement appears more impressive still when compared to other space agencies. In reality, no other country or space agency can really be considered NASA's peer, especially when it comes to Mars and beyond. (Admittedly, the Soviet Union does have a better record with Venus).