Self-Driving Snow Plows Could Battle Winter

We hate to break it to you, but winter is coming. And with winter comes snow, which tends to spoil people’s travel plans. But a group of self-driving snowplows could clear the tarmac faster and more efficiently, helping make winter-weather delays a thing of the past.
Four autonomous Mercedes-Benz Arocs tractor’s recently hit the the tarmac at a former airbase in Germany, showcasing the tech and use-case, according to a news release.
Using a Remote Truck Interface (RTI) the Arocs are ab

from Discover Main Feed http://ift.tt/2y0tKXC
via IFTTT

Kaspersky pledges independent code review to cast off spying suspicions

Enlarge /

Kaspersky Lab CEO and Chairman Eugene Kaspersky speaks at a conference in Russia on July 10, 2017.


reader comments
0

After reports that data collected by the company’s anti-malware client was used to target an NSA contractor and various accusations of connections to Russian intelligence, today Kaspersky Lab announced the launch of what company executives call a “Global Transparency Initiative.” As part of the effort aimed at regaining the trust of corporate and government customers among others, a Kaspersky spokesperson said that the company would open product code and the company’s secure coding practices to independent review by the first quarter of 2018.

In a statement released by the company, founder Eugene Kaspersky said, “We want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”

As part of the initiative, Kaspersky Lab will open three “Transparency Centers” for code review—one in the US, one in Asia, and one in Europe. This is similar to the practices of Microsoft and other large major software companies that allow code reviews by major government customers in a controlled environment. Kaspersky isn’t the first vendor accused of providing espionage backdoors to follow this route—a similar practice was launched by Chinese networking hardware vendor Huawei in 2012 in the United Kingdom. At the time, Huawei offered to do the same for Australia and the US, but the offer was rejected and the company was banned from sensitive network work in the US by Congress.

Kaspersky Lab also announced a boost to the company’s bug bounty program, promising to raise payments for the “most severe vulnerabilities” submitted by researchers to the company’s Coordinated Vulnerability Disclosure program to $100,000 “to further incentivize independent security researchers to supplement our vulnerability detection and mitigation efforts.”

In a blog post, Eugene Kaspersky accused the press of making false allegations about his company. “The media attacks have been intense, fierce, and persistent,” he wrote. “So much so that we’ve had to lay low for a while to catch our breath and work out what on earth this is all about.” He acknowledged that some “think ‘Russian cybersecurity company’ are three words that shouldn’t be in the same sentence, especially these days,” but Kaspersky suggested there were ulterior motivations behind the recent accusations.

“The steady stream of media leaks seem intentionally designed to damage our reputation without providing us with any real opportunity to address any concerns,” Kaspersky wrote. “Action is being taken before we can engage. Some will say that the government has provided us with an administrative remedy that we can pursue, and if so we will do so. But genuine due process provides you with the opportunity to defend yourself and see the evidence against you before action is taken; it doesn’t ask you to respond once action is already underway.”

Last month, the US Department of Homeland security ordered government agencies to stop using any software products made by Kaspersky Lab due to concerns about possible ties between Kaspersky officials and Russian intelligence.

from Ars Technica http://ift.tt/2l8lkag
via IFTTT

Crippling crypto weakness opens millions of smartcards to cloning

Gemalto


reader comments
0

Millions of smartcards in use by banks and large corporations for more than a decade have been found to be vulnerable to a crippling cryptographic attack. That vulnerability allows hackers to bypass a wide range of protections, including data encryption and two-factor authentication.

The critical vulnerability, which researchers disclosed last week, allows attackers to derive the private portion of any vulnerable key using nothing more than the corresponding public portion. The so-called factorization attack can be completed in minutes or days, and the price can range from nothing, depending on the key size and type of computer an attacker uses. The vulnerability stems from a widely deployed library developed by German chipmaker Infineon, which in turn sells its hardware and software to third-party smartcard and device manufacturers.

The defect has now been confirmed to affect the first line of Gemalto IDPrime.NET smartcards. The cards have been on the market since 2004 at the latest, when Gemalto predecessor Axalto announced Microsoft employees were using the card to secure access to the software maker’s network, by among other things providing two-factor authentication to company employees worldwide. During the 12 years the cards are known to have been in use, Netherlands-based Gemalto has shipped cards numbering in the millions or even the tens or hundreds of millions.

Gemalto stopped selling the product in September, but it has pledged to support them for 24 to 48 months after that, depending on how the cards are used. Third-party distributors continue to sell the cards online. A Gemalto representative referred Ars to this company advisory that says: “Our investigation has determined that End-of-sale IDPrime.NET products may be affected.”

Cryptography experts, however, said there is little doubt the line of Gemalto cards. Dan Cvrcek, CEO of Enigma Bridge, said he examined 11 IDPrime.NET cards issued from 2008 through earlier this year. All of them used an underlying public key that tested positive for the crippling weakness. By running the public keys through an attack hosted on Amazon Web Services or a similar cloud computing platform, the private portions could be computed in a matter of hours for 1024-bit keys and in a matter of days for 2048-bit keys. Once attackers know the secret key, they could cryptographically clone the card. Attackers could also compromise any other keys that were generated by the smartcards.

Keys to the kingdom

Cvrcek said members of the research team that discovered the flaw went on to obtain two RSA keys with a length of 512 bits that were generated by separate IDPrime.NET cards. His team was able to calculate the secret key for both of them, one in about three minutes and the other in about 10 minutes, using a general-purpose computer. He said the results are alarming, because they confirm the weakness affects a card that forms the basis for a public key infrastructure many companies use to encrypt e-mail, secure network logins, and authenticate employees.

“These card were primarily used for enterprise and medium-sized company PKI systems, Cvrcek said. “They are protecting e-mail communication, remote access (VPN), they are used to sign and decrypt sensitive documents. The documents would likely be highly sensitive ones—whatever an enterprise gives maximum confidentiality level.”

Gemalto’s IDPrime.net card is only the latest smartcard to be confirmed vulnerable to ROCA, and it’s almost certainly won’t be the last one. Estonia’s government has already said that 750,000 electronic IDs it has issued are vulnerable, and researchers have uncovered evidence ID cards issued by Slovakia and Spain may be vulnerable, too. Several models of Trusted Platform Modules protecting computers sold by a variety of manufacturers are also known to be affected, as are Javacards.

The vulnerability resides in all RSA keys generated by the faulty Infineon library. To optimize speed, the library uses a structure of underlying prime numbers that makes the keys much more susceptible to a mathematical process known as factorization. Identifying affected keys is quick and inexpensive and requires only access to a public key. Attackers can then run all vulnerable public keys through an attack dubbed Return of the Coppersmith Attack, or ROCA, for the type of factorization method it uses.

Once the longer factorization is completed, attackers have access to the private key that’s used for a variety of sensitive tasks, including decrypting data, digitally signing software, and providing a cryptographically robust second authentication factor. The attack and the vulnerability it exploits were discovered by Slovak and Czech researchers from Masaryk University in the Czech Republic, Enigma Bridge in Cambridge, UK, and Ca’ Foscari University in Italy. Cvrcek said other lines of Gemalto smartcards, including the IDPrime MD, aren’t vulnerable.

Now that the IDPrime.NET has been confirmed to be affected, organizations that use the smartcard should carefully assess how their networks and employees can be exploited. A Microsoft spokeswoman said company officials are investigating the vulnerable cards and will take appropriate steps if they determine there’s a risk to the company’s network or employees. Gemalto officials declined to say how many smartcards have been sold over the years or how many remain in active use. Cvrcek estimated sales total in the millions at a minimum and possibly in the hundreds of millions. It’s not hard to find case studies naming specific companies that use the Gemalto cards. This one, for instance, shows that British Sky Broadcasting Group recently deployed vulnerable cards to 4,000 employees.

from Ars Technica http://ift.tt/2yEeJtS
via IFTTT

Self-driving startup nuTonomy bought by Delphi for $400 million

Enlarge /

nuTonomy was spun out of MIT and has stayed true to its New England roots.

nuTonomy


reader comments
0

On Tuesday we learned that Boston-based nuTonomy is being bought by tier-one auto supplier Delphi. Delphi is paying $400 million for the startup, plus about $50 million more in earn-outs. In return, it gets an extra bow in its self-driving quiver. Four-year-old nuTonomy is developing an automated driving “stack”—the combined software programs that do everything from fusing sensor inputs that perceive the environment around a vehicle to facilitating the decision-making of where to actually drive.

“Our mission has always been to radically improve the safety, efficiency, and accessibility of transportation worldwide,” said nuTonomy cofounder and CEO Karl Iagnemma. “Joining forces with Delphi brings us one step closer to achieving our goal with a market-leading partner whose vision directly aligns with ours. Together, we will set the global standard for excellence in autonomous driving technology.”

Automotive suppliers like Delphi and Bosch are just as heavily committed to self-driving technology as OEMs like General Motors, Tesla, and Volvo. Last year, Delphi and Mobileye revealed plans for a production-grade autonomous system planned for 2019.

nuTonomy has been testing its driverless cars in Singapore and Boston (where Delphi has also been testing autonomous vehicle technology). The addition of nuTonomy’s 70-odd engineers and scientists almost doubles Delphi’s self-driving research team, and Delphi says that combining efforts in those two cities (and others) will see it deploy 60 self-driving vehicles in three continents by the end of the year.

It’s yet another domino falling in the driverless car space, which has seen several acquisitions with hefty price tags of late. Last year, GM paid $1 billion for Cruise. In February, Ford splashed out a similar amount on Argo AI. And in March, Intel coughed up $15.3 billion for Mobileye. It almost makes Delphi’s purchase look cheap.

from Ars Technica http://ift.tt/2yNpZDL
via IFTTT

Your old GameCube controllers now work with the Nintendo Switch

Enlarge /

If you have these lying around, dig them out of the closet for some Switch action!


reader comments
0

Classic Nintendo GameCube controllers can now work with the Nintendo Switch via a USB adapter, following a version 4.0.0 system update released late last week. While Nintendo didn’t list the feature in its official release notes, the new controller support was discovered and spread on Twitter yesterday, then quickly confirmed by others.

GameCube controllers show up on the Switch controller-calibration screen with a “USB” label when plugged into the system dock via Nintendo’s official GameCube controller adapter, which was first released years ago alongside Super Smash Bros. for Wii U (third-party adapters may not work as well, from reports). The controllers seem to work with every available Switch game, though the GameCube controller lacks an equivalent for the Switch’s “minus” and “ZL” buttons, limiting the functionality in some titles. Other USB controllers, such as wired Xbox 360 game pads, still aren’t recognized when plugged into the Switch.

The surprise controller addition will be welcome news for the many longtime Nintendo fans who think Nintendo never really improved on the oddly shaped GameCube controller design and for those who want to use bigger analog sticks on the system without having to invest in the Switch Pro Controller.

The feature’s stealth launch is already fueling speculation that Nintendo may be planning support for downloadable GameCube games on the Switch’s still-pending Virtual Console. GameCube controller support would also practically be a prerequisite for getting serious players to support any upcoming Super Smash Bros. game for the Switch, should Nintendo ever see fit to announce one. Hmm…

from Ars Technica http://ift.tt/2gyOB9d
via IFTTT

Balloon navigation breakthrough helps extend cell service in Puerto Rico

Enlarge /

A balloon launches from Nevada on its way to Puerto Rico.


reader comments
6

One of Puerto Ricans’ most basic needs in the wake of Hurricane Maria is communication with the outside world. Cell phone companies on the island are still working to repair infrastructure after the hurricane took 95 percent of the island’s cell phone towers out of service.

So X, Google’s company devoted to technological “moonshots,” is sending a fleet of balloons to serve as cell phone towers in the sky. “We are now collaborating with AT&T to deliver emergency Internet service to the hardest hit parts of the island,” writes Alastair Westgarth, who leads the company’s balloon-based Internet efforts.

The idea of providing Internet service via balloons sounds crazy—indeed it has sounded crazy since Google first announced the effort, dubbed Project Loon, in 2013. But Google—now X—is deadly serious about making balloon-powered Internet access a real thing.

Westgarth acknowledges that “Project Loon is still an experimental technology and we’re not quite sure how well it will work.” But the company has been making steady progress over the last four years. The company can keep its balloons in the air for more than three months at a time, powered by solar energy. It has figured out how to efficiently steer flocks of balloons to keep them over an area that needs service.

How Project Loon works

Fundamentally, the balloons are a way to extend the range of an existing cellular network. A terrestrial cell phone tower communicates with a balloon soaring as much as 20 kilometers overhead. At that height, a balloon has a clear line of sight to a large area of the ground below. A single balloon can serve an area the size of Rhode Island. Phones on the ground communicate with the balloon the same way they would communicate with any other cell phone tower. X says that one balloon can serve thousands of customers simultaneously.

There’s a big, obvious challenge, of course: wind. If you send a balloon up 20 kilometers in the air, it will quickly blow away from the desired coverage zone. Past balloon-based transmission schemes have tethered balloons with a cable, but that limits how high the balloons can go and it increases the cost and complexity of the system.

The company’s original plan was to just release a steady stream of balloons and have them slowly float around the world. As one balloon floated out of range for any given customer, there would be another one behind it. With enough balloons, people at certain latitudes would be within range of at least one balloon at all times.

But as X experimented with its balloons, the company realized that it could use wind to steer them. The balloons have on-board pumps that allow them to move up and down.

“From our millions of kilometers of test flights, we’ve been able to develop sophisticated models that allow us to more accurately predict the wind patterns at different altitudes,” a Project Loon post said in 2016. “Using this data, our software algorithms are able to determine which altitude has a wind pattern that gives us the best chance of keeping our balloons close to the areas where we want them.”

“We figured out how to cluster balloons in teams, dancing in small loops on the stratospheric winds, over a particular region,” wrote X CEO Astro Teller.

In one 2016 test, a balloon took 12 days to travel from Puerto Rico to Peru and then spent 14 weeks hovering in Puerto Rican airspace.

The technique wasn’t perfect; the balloon would occasionally get blown out over the Pacific Ocean before being steered back over Peru.

The Peruvian experiment proved useful earlier this year when the country suffered from serious flooding. Because X had already done work in the country, X was able to quickly get its balloons aloft and provide connectivity to thousands of Peruvians who had been cut off from conventional communications infrastructure.

The company has developed other technologies to make this whole system practical. For example, an early challenge was that balloons would get blown away before they had been fully prepped for release. The team designed a balloon launchpad, depicted at the top of this article. The launchpad rotates so its open side is always pointed downwind, shielding the balloon from direct wind as it’s prepared for release.

Bringing balloon Internet to Puerto Rico

X has solved a number of thorny technical problems for getting balloon Internet technology working. But using that technology to quickly provide service to ordinary Puerto Ricans was still a big challenge.

First and foremost, X needed on-the-ground partners. Project Loon’s technology is fundamentally a way to extend the range of an existing cellular network, so X needed to partner with an existing Puerto Rican cellular provider. That local provider needed to modify some of its towers to communicate with the Project Loon balloons and correctly route customer traffic that came back from them. AT&T agreed to partner with X on the project.

X also needed approval from the Federal Communications Commission to operate in the area, which it got earlier this month. X says it also worked with the Federal Aviation Administration—presumably to get the rights to operate in the airspace above Puerto Rico.

“Project Loon is now supporting basic communication and Internet activities like sending text messages and accessing information online for some people with LTE enabled phones,” Loon reported in a Friday blog post.

Puerto Rico is about three times as large as Rhode Island, so (in principle) you should be able to cover most of the island with three balloons. In practice, of course, X needs more than that since steering the balloons with air currents is far from an exact science. At any given time, some balloons will be drifting off-course or working to get back on-course. More balloons will be needed to provide reasonable levels of reliability.

Disclosure: My brother works at Google.

from Ars Technica http://ift.tt/2y1m5bm
via IFTTT

How Often Do You Really Need to Shower? (Hint: Not Every Day) [Video]

Do you really need a daily shower to stay clean, or is it doing more harm than good? Some scientists have recommendations based on what we know about our skin — and what might be living on top of it.

[SciShow]

The post How Often Do You Really Need to Shower? (Hint: Not Every Day) [Video] appeared first on Geeks are Sexy Technology News.

from [Geeks Are Sexy] Technology News http://ift.tt/2yP2XfV
via IFTTT