This this tabletop appliance promises to turn $2 into a $20 bottle of wine in three days. Continue reading →
I’m not expecting a complex wine but I m not hopeful it will be worth drinking. We shall see.
On Hackaday, Shenzhen demonstrates some proof-of-concept “taser-proof clothing” created by adding carbon fiber to the clothes’ lining. The carbon fiber textile can be procured in a variety of forms, including upholstery fabric (58″ wide, $19.50/yard) and peel-and-stick 50cm tape rolls. Shenzhen claims this will work even if the taser’s prongs get to the wearer’s body: “Electric current flows through the carbon tape and not through the human body. Always. Even if the taser’s needle pierced the skin.”
Of course, the next step if this works would apparently be to simply shoot you. But I expect efforts by the authoritarians to make it very hard to get this material if it actually works.
We shall see how this plays our.
Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.
The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.
The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical “goto fail” flaw that for months put users of Apple’s iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.
This bug may well have been there since 2005! The cry of Open Source is that, because so many eyeballs can see everything, critical bugs get found.
In contrast to closed source systems, such as Apple’s OS.
The reason these bugs were found was because people were specifically looking for them. Testing or eyeballs did not reveal them. Because Snowden released slides indicating that the NSA was specifically getting client data from various OS, including Windows, iOS and Linux.
This bug actually makes it easier for someone to get the information than Apple’s bug. For the hacker to use Apple’s bug, they had to be on the same network. But this one does not require that be the case.
You can bet that the NSA has been using this bug to get ahold of encrypted data from anyone using the appropriate Open Source tools.
All in systems that everyone supposedly can review.
The failure may allow attackers using a self-signed certificate to pose as the cryptographically authenticated operator of a vulnerable website and to decrypt protected communications. It’s significant that no one managed to notice such glaring errors, particularly since they were contained in code that anyone can review.
This was only found when some of the Open Source companies held audit reviews, probably to check out the very bug Apple found,
There was lots of criticism for Apple’s supposedly poor coding and bad error testing. But here we have something that has been a part of Linux for perhaps 10 years. Where was all the great checking by all those eyeballs?
I have to say that if Snowden’s revelations only helped Apple and others to identify these bugs (simply because they looked) he should be welcomed as a whistleblower. Because these are really devastating security flaws.
The more I learn about pCell, the more interesting it sounds. It still blows my mind that such a concept can work at scale at all.
The pCell could do more than help cell phones.
WARNING— the article has equations and matrix multiplication!
I skipped them and went right to the conclusions. Wireless power transmission to single points,such as an electric car, would change everything.
Will it happen? Could be exciting.
Last October, I speculated on the best ways to go about designing and implementing a software backdoor. I suggested three characteristics of a good backdoor: low chance of discovery, high deniability if discovered, and minimal conspiracy to implement.
The critical iOS vulnerability that Apple patched last week is an excellent example. Look at the code. What caused the vulnerability is a single line of code: a second “goto fail;” statement. Since that statement isn’t a conditional, it causes the whole procedure to terminate.
The flaw is subtle, and hard to spot while scanning the code. It’s easy to imagine how this could have happened by error. And it would have been trivially easy for one person to add the vulnerability.
Was this done on purpose? I have no idea. But if I wanted to do something like this on purpose, this is exactly how I would do it.
EDITED TO ADD (2/27): If the Apple auditing system is any good, they would be able to trace this errant goto line not just to the source-code check-in details, but to the specific login that made the change. And they would quickly know whether this was just an error, or a deliberate change by a bad actor. Does anyone know what’s going on inside Apple?
Schneier is a guy to listen to. There are a lot os things discussed in the comments about this because we have so little information.
It fits his criteria, With the logs of changes on hand, Apple should be able to back track and figure out how this happened. The best conspiracy theory would have to include the possibility that anyone signing off on correct testing of the code would also have to be involved – unless the same guy who added the code also signed off on the testing.
Makes for a great idea. even if it is much more likely that human error was involved.
An iOS security white paper published by Apple on Wednesday offers a deeper understanding of the company’s Touch ID fingerprint sensing system and the so-called “Secure Enclave” found in the A7 SoC, both of which were introduced with the iPhone 5s.
This is nice to see. The key is building their own processor and devoting space to a Secure Enclave.
What will Samsung do? I wonder what patents Apple holds here?
Speaking at Mobile World Conference, Google’s new Android chief Sundar Pichai admitted that security plays second fiddle to “freedom” in the design and implementation of Google’s mobile operation system, exposing Android users to an overwhelming, disproportionate share of malware vulnerabilities.
This is a classic battle. But, when it comes to my personal data, along with credit card info, I want as much security as possible.
Security from the prying eyes and harmful arms of others. I think this will be a continuing plus for Apple and iOS.
Because, truthfully, in today’s society, there can be no freedom unless we can also secure our digital selves.
Apple lets us do this. Android, not so much.
(Not mine. I have a picture. I’ll upload later.)
A couple of weeks ago, I did something really stupid.
I put my new iPad Air on top of my car as loaded in a bunch of stuff. And I forgot about it.
Like the dog in National Lampoon’s Vacation, the poor little iPad tried to hold onto the roof, only flying off as I reached about 35 mph.
I heard it come off and hit the ground. Stopping and running back to see the damage revealed a totally smashed screen.
I mean with pieces of glass falling off. I went home and it still worked; I could just not decipher the odd lines on the screen that still had parts working.
But I could back it up. So I did. Then I did something that turned out to be miraculous.
I went to the Apple Store to see if there was anything I could do – repair or what not. I had used an American Express card to pay for it so I figured I could use they Buyer Protection to get some money back.
But as it turned out, I had also purchased Applecare+ (always a worth while expense) and one of the things recently added to iPad ‘scare was the Two Strikes clause.
You get two free replacements, no questions asked, when the iPad is damaged
Even if it was my fault. (i’d imagine that they would not replace it if you tried to blend it ;-)
They erased my old iPad, set me up with a new one with a new Applecare+ coverage. For like $50, cheaper than any sort of new purchase would have taken.
They had 3 people come over to deal with this – one to deal with the old iPad, one to get the new one up to speed.
And the manager came over, introduced herself, showed actual concern for the horrible state my iPad was in and just acted like I was part of the family who needed comforting
And that is why I love Apple.
Even when we do something stupid they treat us like part of the family and not some leper to be shunned.
(And yes, I do know that Apple can easily replace the screen, refurbish the unit and sell it in China and still make money. But when are win-win solutions a problem?)
Instead of feeling like a schlub at some customer service line, I was treated like a continuing valuable customer who needed something done for their problem. And Apple did just that.
I had a replacement within 30 minutes and was on my way. In a store that was simply jammed. And pretty much no wait.
This is why I will buy Apple. A little time and energy here on something they will make out okay in the end, and they create a community that is self sustaining.
Serial entrepreneur Steve Perlman claims that his new patented technology can create the wireless network of our dreams.
His invention, pCell, theoretically delivers on the long-sought dream of ubiquitous, fast Internet, with the reliability and consistency previously only achievable through a wired connection. pCell is “effectively mobile fiber,” he announced in a press release for his new company, Artemis Networks.
The technology turns conventional wisdom about wireless technology on its head. pCell, which stands for “personal cell,” exploits interference rather than avoiding it as in conventional wireless networks.
Hard to tell if this is a real disruptor or another Segway. But if it really could get 70 megabits per second per antenna (an iPhone has 2) you are talking about game-changing levels.