In a world where various mass breaches dictate the use of strong, randomized passwords more than ever, reliable and secure credentials management is paramount in 2020. One Irish drug dealer has evidently learned this lesson the hard way.
This week, the Irish Times reported the sad tale of Clifton Collins, a 49-year-old cannabis grower from Dublin. Collins quietly grew and sold his product for 12 years, and he amassed a small fortune by using some of that revenue to buy bitcoins around 2011 and 2012 before the price of the cryptocurrency soared. But in 2017, state authorities on a routine overnight patrol spotted and then arrested Collins with roughly $2,000 of cannabis in his car. The man quickly earned himself a five-year jail sentence.
As part of authorities' investigation, Ireland's Criminal Assets Bureau discovered and confiscated 12 Bitcoin wallets belonging to Collins totaling nearly $59 million (reportedly the biggest financial case in CAB's 25-year history). There was only one problem—CAB couldn't access the accounts because Collins had lost the keys.
Nervous about having a ton of money tied up in a single wallet, Collins diversified in 2016 by splitting his 6,000 bitcoins across 12 newly created wallets. And to further secure this fortune, Collins hid a piece of paper containing the access codes inside a fishing rod case at his home.
Unfortunately a separate criminal broke into Collins' home in 2017 and cleared his belongings. And upon Collins' arrest, his former home was cleared out by his landlord, with left-behind belongings taken to a dump. Dump workers told state police they remembered seeing fishing gear, but waste from this particular dump is sent to Germany and China and incinerated by procedure. The fishing rod case has been missing ever since.
Collins told the Irish police he has had time to come to terms with the loss of the money and regarded it as punishment for his own stupidity.
Sent to us by: Roy W. Nash
Firefox has begun the process of switching browser users to Cloudflare's encrypted-DNS service this week. The change rolls out across the United States in the coming weeks.
DNS over HTTPS helps keep eavesdroppers from seeing what DNS lookups your browser is making, potentially making it more difficult for Internet service providers or other third parties to monitor what websites you visit.
Mozilla's embrace of DNS over HTTPS is fueled in part by concerns about ISPs monitoring customers' Web usage. Mobile broadband providers were caught selling their customers' real-time location data to third parties, and Internet providers can use browsing history to deliver targeted ads.
Wireless and wired Internet providers are suing the state of Maine to stop a Web-browsing privacy law that would require ISPs to get customers' opt-in consent before using or sharing browsing history and other sensitive data. The telecom companies already convinced Congress to eliminate a similar federal law in 2017.
With Web users already being tracked heavily by companies like Google and Facebook, Mozilla has said it is embracing DNS over HTTPS because "we don't want to see that business model duplicated in the middle of the network" and "it's just a mistake to use DNS for those purposes."
Mozilla said in an announcement Tuesday, "Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the Internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, [and] helps prevent data collection by third parties on the network that ties your computer to websites you visit."
While Firefox's encrypted DNS uses Cloudflare by default, users can change that to NextDNS in the Firefox settings or manually enter the address of another encrypted-DNS service. Firefox users can also disable the new default setting if they don't want to use any of the encrypted-DNS options.
Google's plan for encrypted DNS in Chrome—which is still in the experimental phase and hasn't been deployed to everyone—is a little different from Mozilla's. Instead of automatically switching users to a DNS provider chosen by Google, Chrome sticks with whichever DNS provider the user has selected. If the user-selected DNS provider offers encrypted lookups and is in this list of providers, Chrome automatically upgrades the user to that DNS provider's encrypted service. If the user-selected DNS provider isn't in the list, Chrome makes no changes.
Sent to us by: Roy W. Nash
Owners of a device designed to release food for pets say their animals were left hungry during a week-long system failure.
In this instance, the device was one from Petnet. However such devices are being trusted by pet owners.
Petnet allows owners to schedule and control feeding via a smartphone app.
One pet owner tweeted: "My cat starved for over a week", while others complained about other hardware issues.
"My three Gen2 feeders constantly jam and won't dispense food," wrote another.
Some expressed relief that the feeders were now back online.
Petnet has two Twitter accounts. The official one has not tweeted since August 2019 but the support account issued four tweets between last week about problems experienced.
In its first tweet it said a "system outage" was affecting second generation devices and asked customers not to switch off their feeder even if it appeared to be offline.
It said automatic feeds would "still dispense".
Four days later, it tweeted again to say it hoped to "release more information" soon.
On Friday it said its smartfeeders were "returning online" and a "system reset" was in progress.
Stuart Miles, founder of the tech site Pocket-Lint says, "As we go towards a more automated home you have to acknowledge that, somewhere along the line, things will fall over. Robots and automated systems have hiccups along the way, it's something we need to get used to."
This particular outage though points to a need for pet owners to have a backup plan: a friend or family member to check in on the pets every couple of days may be all it takes to ensure if tech fails, a human is there to ensure things are safe and cared for.
Sent to us by: Roy W. Nash
Two programmer-musicians wrote every possible melody in existence to a hard drive in MIDI format, copyrighted the whole thing, and then released it all to the public domain in an attempt to stop musicians from getting sued.
Programmer, musician, and copyright attorney Damien Riehl, along with fellow musician/programmer Noah Rubin, sought to stop copyright lawsuits that they believe stifle the creative freedom of artists.
Often in copyright cases for song melodies, if the artist being sued for infringement could have possibly had access to the music they're accused of copying—even if it was something they listened to once—they can be accused of "subconsciously" infringing on the original content. One of the most notorious examples of this is Tom Petty's claim that Sam Smith's “Stay With Me” sounded too close to Petty's “I Won’t Back Down." Smith eventually had to give Petty co-writing credits on his own chart-topping song, which entitled Petty to royalties.
Defending a case like that in court can cost millions of dollars in legal fees, and the outcome is never assured. Riehl and Rubin hope that by releasing the melodies publicly, they'll prevent a lot of these cases from standing a chance in court.
In a recent talk about the project, Riehl explained that to get their melody database, they algorithmically determined every melody contained within a single octave.
To determine the finite nature of melodies, Riehl and Rubin developed an algorithm that recorded every possible 8-note, 12-beat melody combo. This used the same basic tactic some hackers use to guess passwords: Churning through every possible combination of notes until none remained. Riehl says this algorithm works at a rate of 300,000 melodies per second.
Once a work is committed to a tangible format, it's considered copyrighted. And in MIDI format, notes are just numbers.
All of the melodies they've generated, as well as the code for the algorithm that generated them, are available as open-source materials on Github and the datasets are on Internet Archive.
Sent to us by: Jeff Weston
Pioneering African-American Nasa mathematician Katherine Johnson has died.
Ms Johnson calculated rocket trajectories and Earth orbits for Nasa's early space missions.
She was portrayed in the 2016 Oscar-nominated film Hidden Figures.
The film tells the story of African-American women whose maths skills helped put US astronaut John Glenn into orbit around the Earth in 1962. Ms Johnson verified the calculations made by new electronic computers before his flight.
Ms Johnson had previously calculated the trajectory for the space flight of Alan Shepard - the first American in space.
Such was her skill and reputation that Glenn had asked for her specifically and had refused to fly unless she verified the calculations. She also helped to calculate the trajectory for the 1969 Apollo 11 flight to the Moon.
Nasa administrator Jim Bridenstine described Ms Johnson as a leader from Nasa's pioneering days.
He says, "Ms Johnson helped our nation enlarge the frontiers of space even as she made huge strides that also opened doors for women and people of colour in the universal human quest to explore space. Her dedication and skill as a mathematician helped put humans on the Moon and before that made it possible for our astronauts to take the first steps in space that we now follow on a journey to Mars."
Ms Johnson was born in a small town in West Virginia in 1918.
She excelled academically, graduating from high school at just 14 and from university at 18. Nasa notes that her academic achievements were particularly impressive "in an era when school for African-Americans normally stopped at eighth grade for those that could indulge in that luxury".
After working as a teacher and being a stay-at-home mom, Ms Johnson began working for Nasa's predecessor, the National Advisory Committee for Aeronautics (Naca), in 1953.
Johnson died at a retirement home in Newport February 24, at the age of 101.
Bridenstine described her as "an American hero" and stated that "her pioneering legacy will never be forgotten."
Sent to us by: Bekah Ferguson
Since we're already on the subject of mankind travelling to the stars... the Los Angeles City Council has approved a SpaceX permit to lease 19 acres of land in the city’s port for 20 years for a Starship rocket facility.
SpaceX’s new rocket factory will be for its massive, next-generation rocket called Starship. The rocket so far has been developed at SpaceX facilities in Texas and Florida. But the new location adds capacity for SpaceX within driving distance of its headquarters outside the Los Angeles International Airport, where the majority of the company’s more than 6,000 employees work.
In an outline of plans distributed by government officials, SpaceX’s facility will include multiple buildings for manufacturing, such as a blacksmith shop and machining. Los Angeles officials say SpaceX’s plan will refurbish “dilapidated facilities with a history of vacancy and vandalism” and “has the potential to create 130 aerospace jobs.”
The facility itself would be a large tent-like structure, similar to those used when Tesla was ramping up production of its cars in recent years.
The port location provides SpaceX with immediate access to water, key to transporting its immense rocket from a production facility to launch sites in either Texas or Florida. SpaceX currently moves Falcon 9 rockets across the highway on super long trucks, but Starship and its “Super Heavy” booster would be too large to transport on the road.
Sent to us by: Robbie Ferguson
Researchers have developed an algorithm that could stop self-driving vehicles from getting in crashes and traffic jams.
The algorithm divides the ground beneath the machines into a grid. The robots learn their position through technology similar to GPS and coordinate their movements through sensors that assess where there’s free space to move.
Northwestern Engineering’s Michael Rubenstein, "The robots refuse to move to a spot until that spot is free and until they know that no other robots are moving to that same spot. They are careful and reserve a space ahead of time.”
Rubenstein’s team tested their algorithm on a swarm of 100 robots set up in their lab. To cut out any distractions, the robots were only allowed to sense three or four of their closest neighbors. This restriction on their vision makes the system easier to scale, as the robots can interact locally without needing global information.
The advantage of a swarm of robots is there’s no centralized controller that can disrupt the whole system. This allows them to work together to accomplish a task — even if one of them breaks down.
This gives the system an obvious application in warehouse robots. But Rubenstein believes it could also cut traffic and collisions for self-driving vehicles on the road.
He said, “By understanding how to control our swarm robots to form shapes, we can understand how to control fleets of autonomous vehicles as they interact with each other.”
Sent to us by: Robbie Ferguson
Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
Dubbed 'Kr00k' the flaw could let nearby remote attackers intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device.
The attacker does not need to be connected to the victim's wireless network and the flaw works against vulnerable devices using WPA2-Personal or WPA2-Enterprise protocols, with AES-CCMP encryption.
ESET researchers said, "Our tests confirmed some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k."
The attack relies on the fact that when a device suddenly gets disconnected from the wireless network, the Wi-Fi chip clears the session key in the memory and set it to zero, but the chip inadvertently transmits all data frames left in the buffer with an all-zero encryption key even after the disassociation.
Therefore, an attacker in near proximity to vulnerable devices can use this flaw to repeatedly trigger disassociations by sending deauthentication packets over the air to capture more data frames, "potentially containing sensitive data, including DNS, ARP, ICMP, HTTP, TCP, and TLS packets."
Besides this, since the flaw also affects chips embedded in many wireless routers, the issue also makes it possible for attackers to intercept and decrypt network traffic transmitted from connected devices that are not vulnerable to Kr00k, either patched or using different Wi-Fi chips.
Apple has already released patches for its users, some should have issued advisory or security patches at the time of publication, and other vendors are still testing the issue against their devices.
Watch for a patch to mitigate the problem via software or firmware updates for your devices.
Sent to us by: TheFu