Month: September 2018

Enlarge / A voting machine is submitted to abuse in DEFCON's Voting Village. (credit: Sean Gallagher)

Today, six prominent information-security experts who took part in DEF CON's Voting Village in Las Vegas last month issued a report on vulnerabilities they had discovered in voting equipment and related computer systems. One vulnerability they discovered—in a high-speed vote-tabulating system used to count votes for entire counties in 23 states—could allow an attacker to remotely hijack the system over a network and alter the vote count, changing results for large blocks of voters. "Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election," the authors of the report warned.

The machine in question, the ES&S M650, is used for counting both regular and absentee ballots. The device from Election Systems & Software of Omaha, Nebraska, is essentially a networked high-speed scanner like those used for scanning standardized-test sheets, usually run on a network at the county clerk's office. Based on the QNX 4.2 operating system—a real-time operating system developed and marketed by BlackBerry, currently up to version 7.0—the M650 uses Iomega Zip drives to move election data to and from a Windows-based management system. It also stores results on a 128-megabyte SanDisk Flash storage device directly mounted on the system board. The results of tabulation are output as printed reports on an attached pin-feed printer.

The report authors—Matt Blaze of the University of Pennsylvania, Jake Braun of the University of Chicago, David Jefferson of the Verified Voting Foundation, Harri Hursti and Margaret MacAlpine of Nordic Innovation Labs, and DEF CON founder Jeff Moss—documented dozens of other severe vulnerabilities found in voting systems. They found that four major areas of "grave and undeniable" concern need to be addressed urgently. One of the most critical is the lack of any sort of supply-chain security for voting machines—there is no way to test the machines to see if they are trustworthy or if their components have been modified.

Any excuse to reuse this image of Carmack is a good one. (credit: Oculus VR)

SAN JOSE—In a wide-ranging and occasionally rambling unscripted talk at the Oculus Connect conference today, CTO John Carmack suggested the Oculus Quest headset was "in the neighborhood of power of an Xbox 360 or PS3."

That doesn't mean the Quest, which is powered by a Qualcomm Snapdragon 835 SoC, can generate VR scenes comparable to those seen in Xbox 360 or PS3 games, though. As Carmack pointed out, most games of that generation targeted a 1280x720 resolution at 30 frames per second. On Quest, the display target involves two 1280x1280 images per frame at 72fps. That's 8.5 times as many pixels per second, with additional high-end anti-aliasing effects needed for VR as well.

"It is not possible to take a game that was done at a high-quality level [on the Xbox 360 or PS3] and expect it to look good in VR," Carmack said.

Enlarge (credit: Google Chrome)

Google will partially revert a controversial change made in Chrome 69 that unified signing in to Google's online properties and Chrome itself and which further preserved Google's cookies even when users chose to clear all cookies. Chrome 70, due in mid-October, will retain the unified signing in by default, but it will allow those who want to opt out to do so.

Chrome has long had the ability to sign in with a Google account. Doing this offers a number of useful features; most significantly, signed-in users can enable syncing of their browser data between devices, so tabs open on one machine can be listed and opened on another, passwords saved in the browser can be retrieved online, and so on. This signing in uses a regular Google account, the same as would be used to sign in to Gmail or the Google search engine.

Prior to Chrome 69, signing in to the browser was independent of signing in to a Google online property. You could be signed in to Gmail, for example, but signed out of the browser to ensure that your browsing data never gets synced and stored in the cloud. Chrome 69 unified the two: signing in to Google on the Web would automatically sign you in to the browser, using the same account. Similarly, signing out of a Google property on the Web would sign you out of the browser.

Enlarge / Get one. (credit: Getty | Jeff Greenberg)

The 2017-2018 flu season was brutal, leading to an estimated 80,000 deaths and 900,000 hospitalizations, according to new figures released Thursday, September 27, by the Centers for Disease Control and Prevention.

Those are the highest estimated tolls the health agency has calculated for any flu season in more than a decade, the CDC noted in an email to Ars. In recent years, flu-related death estimates have ranged from a high of 56,000 (2012-2013) to as low as 12,000 (2011-2012).

Those figures are all based on mathematic modeling after the fact; exact numbers are not available, the agency notes. For one thing, states aren’t required to report adult flu deaths to the CDC. Also, many death certificates will fail to list the flu anyway.

Enlarge / Elon Musk speaks at the 68th International Astronautical Congress 2017 in Adelaide on September 29, 2017. (credit: PETER PARKS/AFP/Getty Images)

The Securities and Exchange Commission has sued Tesla CEO Elon Musk over an August tweet he made claiming he had "funding secured" to take Tesla private at $420 per share. The SEC says that this and subsequent tweets were false and misleading—and therefore a violation of market-manipulation laws.

The stakes are high. In addition to seeking financial penalties and an injunction against similar tweets in the future, the SEC is also seeking that Musk "be prohibited from acting as an officer or director" of companies that issue shares under Section 12 or Section 15(d) of federal securities laws. Stephen Diamond, a securities law expert at Santa Clara Law School, tells Ars that means Musk would have to step down as Tesla's CEO and give up his board seat.

In another tweet, the same day as his initial buyout tweet, Musk claimed that "[i]nvestor support is confirmed. Only reason why this is not certain is that it's contingent on a shareholder vote."

Enlarge / Artist's rendering of a Vulcan Centaur rocket launch. (credit: United Launch Alliance)

After a four-year, high-profile competition, rocket maker United Launch Alliance announced Thursday that it has selected the BE-4 rocket engine manufactured by Blue Origin to power its new Vulcan Centaur rocket. The new space company founded by Amazon's Jeff Bezos defeated the most storied rocket engine manufacturer in the United States, Aerojet Rocketdyne, which is developing the AR1 engine.

"We are pleased to enter into this partnership with Blue Origin and look forward to a successful first flight of our next-generation launch vehicle," United Launch Alliance's chief executive, Tory Bruno, said in a statement Thursday. He added that the Vulcan rocket remains on track for an initial flight in mid-2020.

"We are very glad to have our BE-4 engine selected by United Launch Alliance," Blue Origin Chief Executive Bob Smith also said. "United Launch Alliance is the premier launch-service provider for national security missions, and we're thrilled to be part of [its] team and that mission. We can't thank Tory Bruno and the entire United Launch Alliance team enough for entrusting our engine to powering the Vulcan rocket's first stage."