Month: September 2018

Enlarge / Samples of biodiesel sit on a pump on March 22, 2013 in San Francisco, California. (credit: Justin Sullivan/Getty Images)

A company called NGL Crude Logistics reportedly generated and sold 36 million fraudulent renewable-energy credits by processing and re-processing the same barrels of biodiesel.

In a press release today, the Department of Justice said that it had reached a settlement with NGL over its fraudulent activity. NGL will be compelled to pay a $25 million fine and buy back $10 million in fraudulent credits.

Those credits are called Renewable Identification Numbers, or RINs. The Environmental Protection Agency (EPA) requires that fuel producers in the US either blend a certain amount of biofuel into their primary fossil-fuel-based product or, in certain cases, fuel producers can purchase RINs in lieu of that blending.

Enlarge (credit: TechBargains)

Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Today's list is headlined by a deal on AMD's latest Ryzen 7 2700 processor, which is down to $220 as part of a one-day sale at Amazon. That's its lowest price to date on Amazon, down about $60-70 from its usual going rate.

This is an unlocked eight-core, 16-thread processor with a base clock speed of 3.2GHz and a turbo of 4.1GHz. It also comes with AMD's handy Wraith Spire LED cooler. We went over the second-gen Ryzen chips when they launched in April, but the skinny on the Ryzen 7 2700 is that it's not the best buy for lightly threaded tasks or gaming. Despite that, it's still more than adequate and a good value for heavier workloads and multi-threaded tasks. This deal price should only amplify that. Just note that Intel's ninth-gen processors are likely launching soon.

If you aren't looking to build a budget-conscious rig, though, we also have a site-wide 15 percent-off sale at eBay, deals on Amazon Fire TV devices, and more. Have a look below.

Enlarge (credit: Getty Images | Charles Taylor)

The Federal Communications Commission yesterday issued about $120 million dollars' worth of fines to two robocallers accused of spoofing real people's phone numbers.

In one of the cases, the robocaller made 21 million calls overall and told the FCC that he spoofed real people's numbers in Caller ID in order to avoid angry call-backs to his own phone. In the other case, the FCC said the robocaller made 2.3 million calls including 48,349 that spoofed the number of a single person. That unlucky person ended up getting about five angry call-backs a day for two months, the FCC said.

In the first case, the FCC fined telemarketer Philip Roesel and his companies more than $82 million. This is the same amount that the FCC proposed to fine Roesel a year ago—as is standard, the commission gave him a chance to respond before making the decision final.

Enlarge (credit: Getty Images)

Mobile device management (MDM) systems are often used by organizations to manage the security of employees' devices. But security researchers have found that the interface provided by Apple to enroll Apple devices in an MDM system can also be used to potentially introduce rogue devices into those systems and gain trusted access to enterprise systems—just by spoofing the serial number of an already enrolled device.

In a paper released today, Duo Senior Research and Development Engineer James Barclay, along with researchers Pepijn Bruienne and Todd Manning, have demonstrated an exploit of Apple's mobile device management (MDM) enrollment interface, the Device Enrollment Protocol (DEP). By spoofing serial numbers of enrolled devices, attackers could connect malicious devices to corporate MDM systems and gain trusted status on their networks or mine valuable information about organizations using MDM and the devices that are connected to them.

While MDM systems are often used to lock down devices with organizationally mandated policies and distribute certificates to gain access to virtual private networks, they're not always a guarantee of device security and have also been used for malicious purposes. And as the Duo researchers found, they can be turned against an organization if too much trust is put into them—because many rely solely on the serial number to ensure that the device is allowed to join a corporate network.