Month: January 2017

Enlarge / Connected cars aren't going away, so at least we can try and make them secure. (credit: Getty Images | Artur Debat)

A bipartisan bill was introduced in the House of Representatives on Wednesday with a major focus on automotive cybersecurity. The Security and Privacy in Your Car Study Act of 2017 (SPY Car Study Act, for short) is co-sponsored by Reps. Joe Wilson (R-SC) and Joe Lieu (D-CA).

The bill would require the National Highway Traffic Safety Administration, together with the Federal Trade Commission, the National Institutes of Standards and Technology, the Department of Defense, OEMs and suppliers, SAE international, and academics and other experts to come up with a set of appropriate cybersecurity standards for new vehicles.

This bill emerges as auto and tech industries floor the accelerator pedal with regards to connecting new vehicles to the Internet, citing benefits such as safety or driver convenience. Yet as we've seen repeatedly, not every automaker is taking the problem of cybersecurity as seriously as they ought to. Plus, the network architecture of our vehicles is still based on the Controller Area Network (CAN) bus, which wasn't ever envisioned as something that would be permanently networked to the wider digital world.

The Long Island coastline. (credit: Stanley Zimney)

On Wednesday, New York Governor Andrew Cuomo announced that the state had approved a 90 MW offshore wind farm to be installed off the coast of Long Island. That would make what will be called the South Fork Wind Farm the biggest offshore wind farm in the US. The announcement comes just a month after Block Island, a facility off the coast of Rhode Island, became the first ever commercial offshore wind farm in the US to transmit electricity in late 2016.

Deepwater Wind, the company that installed the turbines off Block Island, will also be supplying the turbines for South Fork. In a press release, the New York governor’s office wrote that the turbines will be placed 30 miles southeast of Montauk and “out of sight from Long Island’s beaches.” The press release added that South Fork will provide electricity for 50,000 Long Island homes.

Two weeks ago, Governor Cuomo announced that New York would commit to installing 2.4 GW of offshore wind by 2030. That comes just as the state announced that Indian Point, a 2 GW nuclear energy facility just north of New York City, would close by 2021. The state of New York celebrated the closure of Indian Point, claiming that the plant was unsafe and too close to a major metropolitan area. But critics of the move said it would be difficult for New York to replace all of that greenhouse-gas-free energy with renewable energy.

(credit: Moyan Brenn)

Firefox 51, released today, and Chrome 56, currently due for release next week, have started describing some HTTP connections as insecure as they continue the industry-wide push to promote the use of encrypted HTTPS.

The non-secure labelling will occur on pages delivered over HTTP that include forms. Specifically, pages that include password fields, and in Chrome, credit card fields, will put warnings in the address bar to explicitly indicate that the connection is not secure.

One somewhat common older development practice was to place the password field on a page delivered by HTTP, with the form submitted to a location protected by HTTPS. This offers little security in practice, however. Pages delivered by HTTP can be readily modified by eavesdroppers, meaning that an attacker could simply choose to submit the password data to a destination of their choosing, instead of the intended HTTPS location.

Enlarge / The Samsung Galaxy S7 and S7 Edge, Samsung's most recent (non-exploding) flagship smartphones. (credit: Ron Amadeo)

Donald Trump continues to use his "old, unsecured Android phone" since taking office despite "the protests of some of his aides," according to a report from The New York Times about how the new president is settling in to his routine. This contradicts another report from late last week that indicated Trump had given up the phone in exchange for a "secure, encrypted device approved by the Secret Service."

It's not clear exactly what kind of Android phone Trump uses—he has previously indicated that it's a Samsung Galaxy device—or whether it has also been encrypted or otherwise hardened or what kinds of things he uses it for. Samsung's Knox software is approved for "sensitive but unclassified use" by the US Department of Defense, so these phones are cleared for at least some kinds of government work when configured correctly.

How big of a deal is this? We don't know anything about the phone's configuration, but the state of Android security is notoriously poor compared to other operating systems like iOS or Windows, both of which are patched regularly by Apple and Microsoft with no interference from hardware manufacturers or wireless carriers. Google releases monthly security updates for Android, and Samsung is better than most about actually releasing those updates to its most recent devices (flagship phones tend to get monthly updates, midrange phones and most tablets get quarterly patches), but there is still often a gap of several days or weeks between when those security bulletins are published and when the patches are available.

Ars Technica Live 9: Filmed by Chris Schodt and produced/edited by Jennifer Hahn. (video link)

Vibrators have been such a popular gadget that nineteenth century inventors turned them into one of the first electrified devices in history. Today, they've become so mainstream that you can even buy them at Target. But for Ti Chang, our guest on this month's Ars Technica Live, vibrators are an industrial design challenge.

As the VP of design at Crave, Chang is responsible for the creation and manufacturing of the most intimate device you're likely to buy. She handles everything from CAD drawings to coordinating with engineers in San Francisco and manufacturers in China. Plus, she actually listens to users. Ars staffers Annalee Newitz and Cyrus Farivar talked to her about her fascinating career in hardware design. You can watch the video or listen to the podcast. (Yes, it's all safe for work! We were talking about vibrators, not using them.)

In a move that stunned some security researchers, a top investigator at Russia's largest antivirus provider, Kaspersky Lab, has been arrested in an investigation into treason, a crime that upon conviction can carry severe sentences.

Ruslan Stoyanov, the head of Kaspersky Lab's investigations unit, was arrested in December, Russian newspaper Kommersant reported Wednesday. The paper said that Sergei Mikhailov, a division head of the Russian intelligence service FSB, was also arrested in the same probe. Stoyanov joined the Moscow-based AV company in 2012 and was chiefly involved in investigating and responding to hacking-related crimes carried out in Russia. His LinkedIn profile shows he served as a major in the cybercrime unit of Russia's Ministry of Interior from 2000 to 2006.

"The case against this employee does not involve Kaspersky Lab," company officials wrote in a statement issued following the report. "The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation. The work of Kaspersky Lab's Computer Incidents Investigation Team is unaffected by these developments."

Comcast's X1 TV system and apps. (credit: Comcast)

The Democratic plan to save cable TV customers money on set-top box rental fees no longer has any real hope of passage since the Federal Communications Commission switched to Republican control. But just in case, GOP lawmakers have asked new FCC Chairman Ajit Pai to close the docket on the proceeding and make its death official.

"We are writing to ask that you close the docket on the set-top box proceeding... and signal clearly to consumers, content producers, consumer electronics manufacturers, and video programming distributors that the Commission's consideration of the set-top box proposal is at an end," House Republicans wrote to Pai today.

Nineteen Republican representatives signed the letter, led by Greg Walden (R-Ore.) and Joe Barton (R-Texas), the chair and vice chair of the Commerce Committee; and Marsha Blackburn (R-Tenn.) and Leonard Lance (R-N.J.), the chair and vice chair of the Subcommittee on Communications and Technology.

(credit: Jason Burrows)

A lawsuit that claims the public is being overcharged by the US government's website for accessing federal court records just took a major step forward. A federal judge overseeing the litigation against PACER, the Public Access to Court Electronic Records system, just certified the case as a class action—meaning anybody who has used the service between 2010-2016 might be entitled to refunds if the government loses or settles.

Three nonprofits last year brought the suit that claims millions of dollars generated from a recent 25-percent increase in page fees are being illegally spent by a federal agency known as the Administrative Office of the Courts (AO). The cost for access is 10 cents per page and up to $3 a document. Judicial opinions are free.

The case is being brought by the National Consumer Law Center, the Alliance for Justice, and the National Veterans Legal Services Program. The organizations claim that, while the fees my not be onerous to some, for others the amount adds up and may hinder public access. What's more, they claim that the fees breach a congressional act—the E-government Act of 2002—requiring that PACER only levy charges that cover the government's cost to maintain the program.

Enlarge / The new face of medicine?

While there are still many visual tasks where humans perform better than computers, computers are catching up. Part of the reason for computers' progress has been the development of what are called "deep neural networks," which chain together multiple layers of analysis. These have significantly boosted computers' performance in a variety of visual challenges.

The latest example of this progress comes in a rather significant field: medical diagnosis. A group of Stanford researchers has trained one of Google's deep neural networks on a massive database of images that show skin lesions. By the end, the neural network was competitive with dermatologists when it came to diagnosing cancers using images. While the tests done in this paper don't fully represent the challenges a specialist would face, it's still an impressive improvement in computer performance.

Deep neural networks may sound like a jargonish buzzword, but they're inspired in part by how we think the brain works. The brain's visual system uses different clusters of neurons to extract specific features of a visual scene. This information is gradually integrated to create a picture. The neural network used here, GoogleNet Inception v3, has a similar architecture. You can view it as a long assembly line, except any stage of the assembly line may have multiple image classifiers operating in parallel. Sporadically, these parallel tracks are merged and the results separated again. According to a diagram of the system included in the new paper, information can be processed by as many as 70 individual stages before reaching the end of the system (or as few as 33, if it goes down alternate paths).