Month: March 2018

Hacker stock photos FTW. (credit: Thinkstock Photos)

A bug in an obscure but widely used email program may be putting as many as 400,000 servers around the world at risk of serious attack until they install an update.

The flaw—which is in all releases of the Exim message transfer agent except for version 4.90.1—opens servers to attacks that can execute malicious code, researchers who discovered the vulnerability warned in an advisory published Tuesday. The buffer overflow vulnerability, which is indexed as CVE-2018-6789, resides in base64 decode function. By sending specially manipulated input to a server running Exim, attackers may be able to remotely execute code.

A single byte of data resulting from an exploit "overwrites some critical data when the string fits some specific length," the researchers, from Devcore Security Consulting, wrote. "In addition, this byte is controllable, which makes exploitation more feasible. Base64 decoding is such a fundamental function, and therefore this bug can be triggered easily, causing remote code execution."

Honda

Over in Switzerland, the Geneva International Motor Show got underway on Tuesday morning. Switzerland has no real domestic car industry, so it's neutral territory for the world's car companies. That's made Geneva the marquee event on the calendar, where OEMs bring out their biggest reveals of the year in an attempt to steal headlines from one another. Sadly, we're not there on the ground this year—I did get an invite from Lamborghini which we had to decline due to our junket policy—but the wonders of the Internet mean we're still able to bring you the highlights.

And what an array of new reveals to choose from! There's something for everyone, whether you like pint-sized urban electric vehicles, four-door luxury coupes, or new hybrid or electric SUVs. You can even go all the way up to multimillion-dollar hypercars, several of which aren't even going to be road legal.

Paul Allen / Getty Images

Paul Allen, the co-founder of Microsoft, has put his money into many passion pursuits. One of those has been underwater archaeology: finding ships sunk during World War II. Last August, Allen's R/V Petrel discovered the wreckage of the USS Indianapolis, the cruiser that delivered components of the two nuclear bombs dropped on Japan to close the war. A previous Allen expedition in 2015 with his personal yacht Octopus recovered the ship's bell from the HMS Hood, the Royal Navy cruiser sunk by the German battleship Bismarck with the loss of over 1,400 men, and surveyed the wrecks of "Ironbottom Sound" off Guadalcanal—the site of massive losses by the Allied navies during the long battle for that island.

Now, the Petrel has located the USS Lexington—the aircraft carrier that, along with the USS Yorktown, fought the first-ever carrier duel with the Imperial Japanese Navy in the Battle of the Coral Sea.

Paul Allen / Getty Images

Paul Allen, the co-founder of Microsoft, has put his money into many passion pursuits. One of those has been underwater archaeology: finding ships sunk during World War II. Last August, Allen's R/V Petrel discovered the wreckage of the USS Indianapolis, the cruiser that delivered components of the two nuclear bombs dropped on Japan to close the war. A previous Allen expedition in 2015 with his personal yacht Octopus recovered the ship's bell from the HMS Hood, the Royal Navy cruiser sunk by the German battleship Bismarck with the loss of over 1,400 men, and surveyed the wrecks of "Ironbottom Sound" off Guadalcanal—the site of massive losses by the Allied navies during the long battle for that island.

Now, the Petrel has located the USS Lexington—the aircraft carrier that, along with the USS Yorktown, fought the first-ever carrier duel with the Imperial Japanese Navy in the Battle of the Coral Sea.

Enlarge / The BlackBerry KeyOne, a 2017 phone that was manufactured under license by a Chinese company, TCL. (credit: Ron Amadeo)

BlackBerry, the once-great smartphone maker that exited the hardware business in 2016, is suing Facebook for patent infringement. BlackBerry owns a portfolio of broad software patents that cover some of the most basic features of modern smartphone messaging services—and the company says it wants Facebook to pay up.

Facebook "created mobile messaging applications that coopt BlackBerry's innovations, using a number of the innovative security, user interface, and functionality-enhancing features that made BlackBerry's products such a critical and commercial success in the first place," BlackBerry's Tuesday lawsuit claims. The lawsuit argues that Facebook subsidiaries Instagram and Whatsapp infringe BlackBerry's patents in addition to Facebook's own messaging apps.

It's not unusual for technology companies that lose their lead in the marketplace to turn to patent licensing as an alternative way to make money. Yahoo sued Facebook for patent infringement in 2012, for example, while Nokia sued Apple for patent infringement in 2016.

Enlarge (credit: ES&S)

A US senator is holding the nation's biggest voting machine maker to account following a recent article that reported it has sold equipment that was pre-installed with remote-access software and has advised government customers to install the software on machines that didn't already have it pre-installed.

Use of remote-access software in e-voting systems was reported last month by The New York Times Magazine in an article headlined "The Myth of the Hacker-Proof Voting Machine." The article challenged the oft-repeated assurance that voting machines are generally secured against malicious tampering because they're not connected to the Internet.

Exhibit A in the case built by freelance reporter Kim Zetter was an election-management computer used in 2016 by Pennsylvania's Venango County. After voting machines the county bought from Election Systems & Software were suspected of "flipping" votes―meaning screens showed a different vote than the one selected by the voter―officials asked a computer scientist to examine the systems. The scientist ultimately concluded the flipping was the result of a simple calibration error, but during the analysis he found something much more alarming―remote-access software that allowed anyone with the correct password to remotely control the system.

Enlarge / A Chevrolet Bolt EV self-driving test car like this one was involved in two incidents in San Francisco. (credit: Jeff Kowalsky/Bloomberg via Getty Images)

Since the beginning of the year, there have been six collision reports involving autonomous vehicles officially filed to the California Department of Motor Vehicles.

Of those, two involve humans mildly attacking the car in question. According to state law, companies that operate self-driving cars must submit a report to the DMV detailing any such incident. Since the Golden State began keeping such records, there have been a total of 58 such reports, including the six in 2018.

The most recent incident involving light violence was in San Francisco at the intersection of Duboce Avenue and Mission Street on January 28 at 10:55pm.