35639199
submission
zacharye writes:
Another day, another Apple (AAPL) vs. Samsung (005930) trial. The two consumer electronics companies are preparing to do battle in San Jose, California next week, and now-public court documents shed light on the positions each firm is taking. On Tuesday, Apple told Samsung exactly what it thinks its technology patents are worth (spoiler: barely anything at all), and subsequent filings from Samsung reveal that the South Korea-based company has a few choice words for Apple as well...
35639131
submission
Dputiger writes:
Companies like Autodesk release software updates every year at several thousand dollars each, but if you work in this field, are you better off sticking with a relatively recent suite and buying new hardware — or should you spring for the updates? The answer — especially with 3ds Max 2012 — might surprise you.
35638143
submission
Joe_Dragon writes:
"Black Hat hacker gains access to 4 million hotel rooms with Arduino microcontroller
By Sebastian Anthony on July 25, 2012 at 7:00 am
5 Comments
Cody Brocious opens an Onity hotel lock with an Arduino microcontroller
Share This article
Bad news: With less than $50 of off-the-shelf hardware and a little bit of programming, it’s possible for a hacker to gain instant, untraceable access to millions of key card-protected hotel rooms.
This hack was demonstrated by Cody Brocious, a Mozilla software developer, at the Black Hat security conference in Las Vegas. At risk are four million hotel rooms secured by Onity programmable key card locks. According to Brocious, who should be scolded for not disclosing the hack to Onity before going public, there is no easy fix: There isn’t a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed.
The hack in its entirety is detailed on Brocious’s website, but in short: At the base of every Onity lock is a small barrel-type DC power socket (just like on your old-school Nokia phone). This socket is used to charge up the lock’s battery, and to program the lock with a the hotel’s “sitecode” — a 32-bit key that identifies the hotel. By plugging an Arduino microcontroller into the DC socket, Brocious found that he could simply read this 32-bit key out of the lock’s memory. No authentication is required — and the key is stored in the same memory location on every Onity lock.
ArduinoThe best bit: By playing this 32-bit code back to the lock it opens. According to Brocious, it takes just 200 milliseconds to read the sitecode and open the lock. “I plug it in, power it up, and the lock opens,” Brocious says. His current implementation doesn’t work with every lock, and he doesn’t intend to take his work any further, but his slides and research paper make it very clear that Onity locks, rather ironically, lack even the most basic security.
I wish I could say that Brocious spent months on this hack, painstakingly reverse-engineering the Onity lock protocol, but the truth is far more depressing. “With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments,” says Brocious, in an interview with Forbes. “An intern at the NSA could find this in five minutes.”
That is how he justifies his public disclosure of the vulnerability: If security agencies and private militias already have access to millions of hotel rooms, then this is Brocious’s way of forcing Onity to clean up its act. By informing the public, it also means that we can seek out other methods of securing our rooms — such as chain- or dead-locks on the inside of the room.
As for how Onity justifies such a stupendously disgusting lack of security, who knows. Generally, as far as managerial types go, securing a system seems like a frivolous expense — until someone hacks you. In non-high-tech circles, hacks like this are par for the course — usually, a company doesn’t hire a security specialist until after its first high-profile hack. For a company that is tasked with securing millions of humans every night, though, it would’ve been nice if Onity had shown slightly more foresight."
Now there should be a harder way to get to the ports even having them under a screwed in panel or use a custom port that only the lock maker and hotel have. can make it harder and take more time to brake in.
35637357
submission
alphadogg writes:
Tatu Ylonen has garnered fame in technology circles as the inventor of Secure Shell (SSH), the widely used protocol to protect data communications. The CEO of SSH Communications Security — whose crypto-based technology invented in 1995 continues to be used in hundreds of millions of computers, routers and servers — recently spoke with Network World on a variety of security topics, including the disappearance of consumer privacy and the plight of SSL. (At the Black Hat Conference this week, his company is also announcing CryptoAuditor.)
35635609
submission
jones_supa writes:
A boy of 11 flew alone to Rome after he ran away from his mother and boarded a flight at Manchester Airport without a passport, boarding pass or cash. Security staff scanned him but failed to realize he was on his own and had no boarding card. It was only during the journey to Italy that passengers became suspicious and told the cabin crew. The crew members alerted the captain who radioed back to Manchester. Now a full-scale investigation has been mounted by Manchester Airport and Jet2.com to find out how this was possible. It is understood five members of staff working for Jet2.com have been suspended from duty while the investigation takes place.
35630021
submission
cylonlover writes:
Body armor is a blessing and a curse for soldiers. Modern tactical armor has saved thousands of lives from bullets and bombs, but it can also be a major problem if it doesn’t fit properly. That’s what the women who make up 14 percent of the U.S. Army face on a regular basis. Now, according to the Army News Service, the Army is preparing to test a new armor that is tailored to the female form to replace the standard men's armor that the women now use. Working on data collected in studies overseas and at stateside army bases, the Program Executive Office (PEO) Soldier has identified several problem areas and has developed a new armor that will be tested in 2013.
35629671
submission
mask.of.sanity writes:
The Tor Project is considering paying exit relay hosts to make the network faster and more secure.
The project has called for discussion on the idea, notably from relay hosts. Its founder has suggested a $100 a month would attract fast and diverse nodes.
Exit nodes are the last hopping point on the Tor network and are critical to its performance and safety.
