With bike sales trends moving more into the online marketplace, manufacturers are having to come up with better ideas of how to ensure their products arrive safely with their customers.
For some reason, bicycles in big cardboard boxes have a tendency to get dropped, bashed or crushed by delivery companies, which has spurred Dutch manufacturer Vanmoof into action to find a solution.
What did they do? Instead of putting a picture of a bike on the box they printed a picture of a large flatscreen TV instead and saw instances of delivery damage drastically reduce.
WikiLeaks is hosting 324 confirmed instances of malware among its caches of dumped emails, a top Bulgarian anti-malware veteran says.
Random checks of reported malware hashes find the trojans are flagged as malware by Virus Total’s static analysis checks.
Much of the malware appear to be attachments emailed by black hats in a bid to compromise the various parties affected in the WikiLeaks dumps.
A feasibly simple antivirus check would have cleared a lot if not all of the attachment malware given the huge 80 to 100 percent hit rate Virus Total returned when testing files selected randomly from Dr Bontchev’s list.
Wikilieaks being careless with their dumps? Naaaah. Can’t be..
The iPhone 7 is, in Apple’s own words, “the best, most advanced iPhone ever.” It is not, however, impossible to hack.
A teenage hacker has found a way to circumvent the phone’s security and restrictions, jailbreaking a brand new iPhone 7 running iOS 10, effectively taking full control of it and allowing him to install apps not approved by Apple. The 19-year-old hacker, who’s known online as qwertyoruiop but whose real name is Luca Todesco, took advantage of a series of bugs he found and exploited—and all it took him, he said, was just 24 hours.“
They definitely made my life harder,” Todesco, who has a well-established reputation for finding bugs and jailbreaking iPhones, told Motherboard in a message. “The iPhone 7 is a step in the right direction. Obviously it’s not 100 percent secure—like nothing else is.”
When asked if Apple knows whether Todesco’s jailbreak is legit, the spokesperson simply answered: “I don’t but given his track record, I wouldn’t be surprised.”
The 2016 Ig Nobel Prizes were awarded yesterday.
Microsoft has downplayed the seriousness of an alleged Exchange auto-discovery vulnerability, saying that it sees no need to patch the reported security weakness.
Redmond contends that its existing security advice covers the issue, a point disputed by flaw-finder Marco van Beek.
Van Beek explains: “I recently discovered that most, if not all, Microsoft Exchange clients (eg, Outlook, iPhone mail app, Android mail app, Blackberry Mail App) are more than happy to provide a user’s password in plain text to any web server of the same domain as used in an email address, and it only takes only four lines of code and a local config file to make that happen.
When you set up a new MS Exchange client to access “mailserver.domain.com <http://mailserver.domian.com/>”, it first tries to talk to just “domain.com <http://domain.com/>” and, if presented with an SSL cert that has a trusted root, it is quite happy to supply the password for the user in cleartext as answer to a normal Apache authentication query (hence only needing a few lines of code to exploit it – all the required tools are already built in to any webserver).
In other words, you may have secured your internal MS Exchange server, but if the public webserver of that domain is hacked (on account of being typically less secure) you may already be leaking passwords. As a bonus, the client will frequently revisit that URL to pick up configuration changes so your hacked webserver will get plenty opportunity to grab the user’s password..
.. which may be the keys to the Kingdom as most organisations use Single Sign On. Uh oh.
There seems to be no real mitigation possible other than bolting down the associated webserver as it’s simply the way the protocol is set up.
Or just not use Microsoft at all.
Nevertheless, according to the latest Marquette poll, 44 percent of the respondents believe that at least as many illegal votes are cast as legal votes. In 2014, for example, 2.9 million votes were cast in Wisconsin’s congressional elections. You do the math. If the 44 percent of the respondents in the Marquette poll are right, then there were well over a million votes cast illegally in that election. This is, to put it mildly, so insanely detached from reality as to make you wonder whether or not alma mater’s pollsters oversampled schizophrenics and people who see the face of Jesus in their wallpaper.
Kathy Miller, who is white and chair of the Republican nominee’s campaign in Mahoning County, made the remarks during a taped interview with the Guardian’s Anywhere but Washington series of election videos.
“If you’re black and you haven’t been successful in the last 50 years, it’s your own fault. You’ve had every opportunity, it was given to you,” she said.
“You’ve had the same schools everybody else went to. You had benefits to go to college that white kids didn’t have. You had all the advantages and didn’t take advantage of it. It’s not our fault, certainly.”
Miller added: “I don’t think there was any racism until Obama got elected. We never had problems like this … Now, with the people with the guns, and shooting up neighborhoods, and not being responsible citizens, that’s a big change, and I think that’s the philosophy that Obama has perpetuated on America.”
Even if you have zero need for a charging dock for your phone, check out their video
Tesla Motors is considered one of the most cybersecurity-conscious car manufacturers in the world—among other things, it has a bug bounty program. But that doesn’t mean the software in its cars is free of security flaws.
Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car and control its sunroof, central display, door locks and even the braking system. The attack allowed the researchers to access the car’s controller area network (CAN) bus, which lets the vehicle’s specialized computers communicate with each other.
“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars,” the researchers from Tencent’s Keen Security Lab said in a blog post Monday. “We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.”
This week Nashville’s city council is planning the final in a series of votes to approve Google Fiber’s one touch make ready rules. But AT&T has already promised to sue the city if Nashville passes the ordinance. Meanwhile AT&T and Comcast have taken another route to try and delay Google Fiber; they’ve urged a Nashville city council member to propose an alternative city resolution that would supplant Google Fiber’s plan with a plan that doesn’t appear to actually do anything outside of stalling the Google Fiber proposal.
Under this alternative “right touch” proposal, pole attachment would see only modest changes, leading Nashville city councilman Jeremy Elrod to deride the move as little more than a last gasp effort by AT&T and Comcast to protect their duopoly fiefdom:
“Google Fiber service and other competitors will be forced to rolling out their service at a trickle, when under the One Touch ordinance it will be like opening the floodgates,” Elrod said in an emailed statement.
“This resolution coming at the last minute, to be considered the same night as third reading of the One Touch bill, just shows it’s the last gasp of Comcast and AT&T, desperately trying to hold on to their top place on the utility pole. “These two companies should not be the gatekeepers that get to decide when and where their customers get access to a competitor, but (a Memorandum of Understanding) like this one enshrines that they stay that way. Comcast and AT&T would win, and competition and consumers would lose.”
AT&T and Comcast’s competing resolution was proposed by Nashville council member Sheri Weiner, who amusingly admits to Ars Technicathat the incumbent ISPs wrote the proposal, and while she intended to edit some of it herself, that just didn’t happen:
“I told them that I would file a resolution if they had something that made sense and wasn’t as drastic as OTMR,” Weiner told Ars in an e-mail today, when we asked her what role AT&T and Comcast played in drafting the resolution. Weiner said she is insisting on some changes to the resolution, but the proposal (full text) was submitted without those changes.
When asked why she didn’t put her suggested changes in the version of the resolution published on the council website, Weiner said, “I had them [AT&T and Comcast] submit it for me as I was out of town all last week on business (my day job).” Weiner said an edited resolution will be considered by the council during its next meeting.
Yeah, whoops-a-daisy. If the AT&T and Comcast proposal passes, it will likely delay Google Fiber’s market entry by a notable margin. If it doesn’t, AT&T will simply sue the city of Nashville, insisting the city council overstepped its authority. Either way, Google Fiber gets delayed thanks to regulatory capture. And note this is all occurring while AT&T lobbyists happily mock Google Fiber for receiving “government favoritism.”
A government by the corporations, for the corporations.
The rat’s primary survival skill, as a species, is its unnerving rate of reproduction. Female rats ovulate every four days, copulate dozens of times a day and remain fertile until they die. (Like humans, they have sex for pleasure as well as for procreation.) This is how you go from two to 15,000 in a single year. When poison or traps thin out a population, they mate faster until their numbers regenerate. Conversely, if you can keep them from mating, colonies collapse in weeks and do not rebound.
The original method of teaching the rats “abstinence only” has been mildly disastrous in Texas.
If you live in, say, New York, California, Texas, or Tennessee, you probably have no idea how nasty the campaign has become. That’s because the candidates are running their most brutal television ads only in the swing states. So far, Clinton is targeting about a dozen states while Trump is aiming at about half that number. The ads pull no punches. Here are two of them as examples.
Clinton’s ad features Republicans saying that Trump is dangerous and unfit to be president. In Trump’s ad, a narrator solemnly intones that in Hillary Clinton’s America the middle class gets crushed but in Donald Trump’s America there are good jobs and high wages. And the ads are only going to get worse from here on. (V)
Three of the four media outlets that received and published large numbers of secret NSA documents provided by Edward Snowden — The Guardian, the New York Times, and The Intercept –– have called for the U.S. government to allow the NSA whistleblower to return to the U.S. with no charges. That’s the normal course for a news organization, which owes its sources duties of protection, and which — by virtue of accepting the source’s materials and then publishing them — implicitly declares the source’s information to be in the public interest.
But not the Washington Post. In the face of a growing ACLU and Amnesty-led campaign to secure a pardon for Snowden, timed to this weekend’s release of the Oliver Stone biopic “Snowden,” the Post editorial page today not only argued in opposition to a pardon, but explicitly demanded that Snowden — the paper’s own source — stand trial on espionage charges or, as a “second-best solution,” accept “a measure of criminal responsibility for his excesses and the U.S. government offers a measure of leniency.”
In doing so, the Washington Post has achieved an ignominious feat in U.S. media history: the first-ever paper to explicitly editorialize for the criminal prosecution of its own source — one on whose back the paper won and eagerly accepted a Pulitzer Prize for Public Service.
Worse than the intellectual dishonesty of this editorial is its towering cowardice. After denouncing their own paper’s PRISM revelation, the editors proclaim: “Worse — far worse — he also leaked details of basically defensible international intelligence operations.” But what they inexcusably omit is that it was not Edward Snowden, but the top editors of the Washington Post who decided to make these programs public. Again, just look at the stories for which the Post was cited when receiving a Pulitzer Prize:
The editorial page is separate from the news organization and does not speak for the latter; I seriously doubt the journalists or editors at the Post who worked on these news stories would agree with any of that editorial. But still, if the Post editorial page editors now want to denounce these revelations, and even call for the imprisonment of their paper’s own source on this ground, then they should at least have the courage to acknowledge that it was the Washington Post — not Edward Snowden — who made the editorial and institutional choice to expose those programs to the public. They might want to denounce their own paper and even possibly call for its prosecution for revealing top-secret programs they now are bizarrely claiming should never have been revealed to the public in the first place.
Investigation of an online printer ink retailer shows that HP has programmed a date in its printer firmware on which unofficial non-HP cartridges would fail. Thousands of HP printers around the world started to show error messages on the same day, the 13th of September 2016.
On that date HP printers with non-HP cartridges started to show the error message, “One or more cartridges appear to be damaged. Remove them and replace them with new cartridges“. On HP’s support forums numerous complaints were posted and Dutch online retailer 123inkt also received a large amount of complaints on that day and decided to investigate the issue.
After an investigation on their test printers they found a large scale issue with their private label brand cartridges with several HP printers. When they emailed their customers asking them if they wanted to check if their printer also had issues, they received replies from more than 1,000 customers confirming the issue.
Further investigation with many printer models showed the issue resided in the firmware of the printers and 123inkt.nl contacted HP about the issue. HP stated it wasn’t aware of the issue. Consumers who complained to HP were told the error was caused by using non-HP cartridges. A day later HP withdrew that statement and explained the issues were a side effect of an firmware update.
However, the company didn’t release a firmware update at any date near the 13th of September. The printers with issues received a firmware update in March 2016 for the last time, and that firmware was developed in 2015. Also printers with firmware released before March 2016 suffered from the issue and even worse, also printers without any internet access started to reject non-HP cartridges.
Just add HP to your permanent blacklist.
We’ve written a lot about the abuse of the gravity knife statute in the five boroughs. A law passed in the 1950s, designed to outlaw large, switchblade-like knives, has increasingly been used to arrest people for common folding knives. As is the department’s wont, the vast majority of so-called “gravity knife” arrests have focused on people of color. The result is that thousands of people every year are arrested for knives that are widely available at reputable retailers in the city, and which they have no idea can land them in jail. The law has been the subject of broad reform efforts in recent years.
The arrest by PSA 7 is an especially cute one, however, with the added forfeiture element. As the Voice has documented, the NYPD’s civil forfeiture program —ostensibly a way for law enforcement to deny criminals their ill-gotten gains — is in fact a revenue generating scheme that often robs poor people of hard earned money with no due process.
Donald Trump’s son has a new reason why his father won’t release his tax returns: They’re too distracting.The new rationale is a shift from the Republican nominee’s previous explanation that an ongoing audit is the reason why he won’t release his taxes — breaking with decades of tradition.“Because he’s got a 12,000-page tax return that would create … financial auditors out of every person in the country asking questions that would detract from (his father’s) main message,” Donald Trump, Jr. told the Tribune-Review in Pennsylvania in a piece published Wednesday.
“I don’t talk about it because if I talk about that, your whole thing will be about that,” Trump said. “So I don’t talk about it.”
So… “We can’t talk about anything we say or do because then everyone will be talking about how what we say and do is bad.”
And the biased liberal media will quote them verbatim!
If I may interpret them: “I don’t want to be held accountable for what I’ve said and done, I just want to skate through on promises and accusations.”
His “sign language” interpreter would just be someone giving the finger to the camera for the entire speech…
In the past few years, the devastating effects of hackers breaking into an organization’s network, stealing confidential data, and publishing everything have been made clear. It happened to the Democratic National Committee, to Sony, to the National Security Agency, to the cyber-arms weapons manufacturer Hacking Team, to the online adultery site Ashley Madison, and to the Panamanian tax-evasion law firm Mossack Fonseca.
In all of these instances, the documents were real: the email conversations, still-secret product details, strategy documents, salary information, and everything else. But what if hackers were to alter documents before releasing them? This is the next step in organizational doxing—and the effects can be much worse It’s one thing to have all of your dirty laundry aired in public for everyone to see. It’s another thing entirely for someone to throw in a few choice items that aren’t real.
Imagine trying to explain to the press, eager to publish the worst of the details in the documents, that everything is accurate except this particular email. Or that particular memo. That the salary document is correct except that one entry. Or that the secret customer list posted up on WikiLeaks is correct except that there’s one inaccurate addition. It would be impossible. Who would believe you? No one. And you couldn’t prove it.
Next up: corporate rule that all e-mail is digitally signed.
Next up after that, top of corporation “forgets” to sign e-mail that would be embarrassing later, using the lack of digital signatures as plausible deniability.
Next up after that, each digital signature gets published to a (third party?) block-chain for transparency.
The pervasive influence of corporate cash in the democratic process, and the extraordinary lengths to which politicians, lobbyists and even judges go to solicit money, are laid bare in sealed court documents leaked to the Guardian.
The John Doe files amount to 1,500 pages of largely unseen material gathered in evidence by prosecutors investigating alleged irregularities in political fundraising. Last year the Wisconsin supreme court ordered that all the documents should be destroyed, though a set survived that has now been obtained by the news organisation.
The files open a window on a world that is very rarely glimpsed by the public, in which millions of dollars are secretly donated by major corporations and super-wealthy individuals to third-party groups in an attempt to sway elections. They speak to a visceral theme of the 2016 presidential cycle: the distortion of American democracy by big business that has been slammed by both Donald Trump and Bernie Sanders.
On July 4, former British Foreign Secretary Jack Straw emailed former U.S. Secretary of State Colin Powell to discuss the upcoming release of the Chilcot Report– a document detailing the British government’s inquiry. The report probed, among other things, the depth of private British commitment and support for the American-led war in Iraq.
In anticipation of coming press coverage, Straw asked Powell to review a statement in a Word document he drafted. He wrote that the “only silver lining of the Brexit vote is that it will reduce medium term attention on Chilcot — thought it will not stop the day of publication being uncomfortable.”
It looks like a toroid planet is not forbidden by the laws of physics. It is just darn unlikely to ever form naturally, and likely will go unstable over geological timescales because of outside disturbances. So if we decide to assume it just is there, perhaps due to an advanced civilization with more aesthetics than sanity, what are its properties?
The 65-year-old Keenan pleaded not guilty last month during a court appearance, but prosecutors said he admitted to sexually assaulting the girl over a three-year period, beginning when she was 4 years old.
Prosecutors said Keenan confessed to the sex abuse to his wife, a pastor, a social worker and his brother- and sister-in-law.
According to court filings, the child told Keenan’s wife about the abuse and she confronted him — and he then admitted “I did it.”
Keenan also admitted the abuse during group discussions at a nearby hospital, and he then voluntarily checked himself into a psychiatric facility because he was suicidal.
He told a social worker there that he had molested the girl for at least two years, beginning in September 2013, but he blamed the child for initiating the sex acts and described her as a “willing participant.”
Keenan, who bragged about his Christian values after he was sworn in as mayor, also discussed the abuse at length with a pastor.
Eyeo GmbH, the company that makes the popular Adblock Plus software, will today start selling the very thing many of its users hate—advertisements. Today, the company is launching a self-service platform to sell “pre-whitelisted” ads that meet its “acceptable ads” criteria. The new system will let online publishers drag and drop advertisements that meet Eyeo’s expectations for size and labeling.
“The Acceptable Ads Platform helps publishers who want to show an alternative, nonintrusive ad experience to users with ad blockers by providing them with a tool that lets them implement Acceptable Ads themselves,” said Till Faida, co-founder of Adblock Plus.
Publishers who place the ads will do so knowing that they won’t be blocked by most of the 100 million Adblock Plus users. The software extension’s default setting allows for “acceptable ads” to be shown, and more than 90 percent of its users don’t change that default setting.
As if 2016 hasn’t been challenging enough; the universe seems totally hellbent on making Britain suffer till the bitter end.
The most recent blow to our nation, has been described by many online as pure treason. Let us introduce squirty aerosol tea. Tea in a can.
For the next two weeks, a Tube station in South London will create a rip in the space time continuum. The Citizens Advertising Takeover Service has replaced 68 adverts in Clapham Common with pictures of cats. This isn’t a clever marketing stunt for a pet food brand, or a guerrilla campaign for a new TV series. The people behind it are volunteers who raised the money on Kickstarter. We want to inspire people to think differently about the world and realise they have the power to change it.