This Week In Security: MOAB, Microsoft, And Printers

This week, news has broken of the Mother of All Breaches, MOAB. It’s 12 terabytes and 26 billion records, averaging about 500 bytes each. Now note that a record here is likely not a discrete email address, but simply a piece of data — a row on the database.

Now before we all lose our minds over this, there’s an important detail to take note of: These aren’t new leaks. This is a compilation of leaks, and as far as researchers have checked, there aren’t any new leaks disclosed here. This was someone’s database of accumulated leak data, accidentally re-leaked via an unsecured database. [Troy Hunt] goes so far as to speculate that it could be from a breach search service, which sounds pretty plausible.

There was yet another release of credentials late last week that hasn’t attracted as much attention, but seems to represent a much bigger issue. The Naz.api data set isn’t a breach where a company was hacked, and their entire user database was stolen. Instead, this one is combination of a credential stuffing list and stealer logs.

Credential stuffing is basically a smarter brute force attack, where the credentials from one breach are tried on multiple other sites. Such a list is just the results where guesses were successful. The really interesting bit is that this dataset seems to include stealer logs. Put simply, that’s the results of malware that scrapes victim machines for credentials.

Naz.api has over 70 million unique email addresses, and it looks like about a third of them are new, at least according to the Haveibeenpwned dataset. Now that’s significant, though not really worthy of the MOAB title, either. Continue reading “This Week In Security: MOAB, Microsoft, And Printers”

San Francisco Sues To Keep Autonomous Cars Out Of The City

Although the arrival of self-driving cars and taxis in particular seems to be eternally ‘just around the corner’ for most of us, in an increasing number of places around the world they’re already operational, with Waymo being quite prevalent in the US. Yet despite approval by the relevant authorities, the city of San Francisco has opted to sue the state commission that approved Google’s Waymo and GM’s Cruise. Their goal? To banish these services from the streets of SF, ideally forever.

Whether they will succeed in this seems highly doubtful. Although Cruise has lost its license to operate in California after a recent fatal accident, Waymo’s track record is actually quite good. Using public information sources, there’s a case to be made that Waymo cars are significantly safer to be in or around than those driven by human operators. When contrasted with Cruise’s troubled performance, it would seem that the problem with self-driving cars isn’t so much the technology as it is the safety culture of the company around it.

Yet despite Waymo’s better-than-humans safety record, it is regarded as a ‘nuisance’, leading some to sabotage the cars. The more reasonable take would seem to be that although technology is not mature yet, it has the overwhelming advantage over human drivers that it never drives distracted or intoxicated, and can be deterministically improved and tweaked across all cars based on experiences.

These considerations have been taken into account by the state commission that has approved Waymo operating in SF, which is why legal experts note that SF case’s chances are very slim based on the available evidence.

Reviving A Sensorless X-Ray Cabinet With Analog Film

In the same way that a doctor often needs to take a non-destructive look inside a patient to diagnose a problem, those who seek to reverse engineer electronic systems can greatly benefit from the power of X-ray vision. The trouble is that X-ray cabinets designed for electronics are hideously expensive, even on the secondary market. Unless, of course, their sensors are kaput, in which case they’re not of much use. Or are they?

[Aleksandar Nikolic] and [Travis Goodspeed] strongly disagree, to the point that they dedicated a lot of work documenting how they capture X-ray images on plain old analog film. Of course, this is nothing new — [Wilhelm Konrad Roentgen] showed that photographic emulsions are sensitive to “X-light” all the way back in the 1890s, and film was the de facto image sensor for radiography up until the turn of this century. But CMOS sensors have muscled their way into film’s turf, to the point where traditional silver nitrate emulsions and wet processing of radiographic films, clinical and otherwise, are nearly things of the past. Continue reading “Reviving A Sensorless X-Ray Cabinet With Analog Film”