In the news a few days ago, the revelation that Luke Dashjr, a core Bitcoin developer, had his wallet compromised, and lost 200 BTC. A small fortune, and something of a shock. I’m guessing that someone with that expertise would not have left his private key lying around, so as a cryptocurrency non-enthusiast I’m left curious as to how the attackers might have done it. So I phoned a few friends who do walk those paths for an explanation, and the result was a fascinating conversation or two. The most probable answer is still that someone broke into his computer and copied the keys — straight-up computer theft. But there’s another possible avenue that doesn’t involve stealing anything, and is surprisingly simple. Continue reading “The Surprisingly Simple Way To Steal Cryptocurrency”→
Well folks, we made it through another one. While it would be a stretch to call 2022 a good year for those of us in the hacking and making community, the light at the end of the tunnel does seem decidedly brighter now than it did this time 365 days ago. It might even be safe to show some legitimate optimism for the year ahead, but then again I was counting on my Tesla stocks to be a long-term investment, so what the hell do I know about predicting the future.
Eh, my kids probably weren’t going to college anyway.
Thankfully hindsight always affords us a bit of wisdom, deservedly or otherwise. Now that 2022 is officially in the rearview mirror, it’s a good time to look back on the highs (and lows) of the last twelve months. Good or bad, these are the stories that will stick out in our collective minds when we think back on this period of our lives.
Oh sure, some might wish they could take the Men in Black route and forget these last few years ever happened, but it doesn’t work that way. In fact, given the tumultuous times we’re currently living in, it seems more likely than not that at some point we’ll find ourselves having to explain the whole thing to some future generation as they stare up at us wide-eyed around a roaring fire. Though with the way this timeline is going, the source of said fire might be the smoldering remains of an overturned urban assault robot that you just destroyed.
So while it’s still fresh in our minds, and before 2023 has a chance to impose any new disasters on us, let’s take a trip back through some of the biggest stories and themes of the last year.
Robot delivery has long been touted as a game-changing technology of the future. However, it still hasn’t cracked the big time. Drones still aren’t airdropping packages into our gutters by accident, nor are our pizzas brought to us via self-driving cars.
The topic of energy has been top-of-mind for us since the first of our ancestors came down out of the trees looking for something to eat that wouldn’t eat them. But in a world where the neverending struggle for energy has been abstracted away to the flick of a finger on a light switch or thermostat, thanks to geopolitical forces many of us are now facing the wrath of winter with a completely different outlook on what it takes to stay warm.
The problem isn’t necessarily that we don’t have enough energy, it’s more that what we have is neither evenly distributed nor easily obtained. Moving energy from where it’s produced to where it’s needed is rarely a simple matter, and often poses significant and interesting engineering challenges. This is especially true for sources of energy that don’t pack a lot of punch into a small space, like natural gas. Getting it across a continent is challenging enough; getting it across an ocean is another thing altogether, and that’s where liquefied natural gas, or LNG, comes into the picture.
Though oddly beautiful in its own way, it’s a sight no astronaut wants to see: their spacecraft, the only way they have to return to Earth, ejecting countless iridescent droplets of something into space.
When the crew of Apollo 13 saw their craft literally bleeding out on their trip to the Moon it was clear the mission, and ultimately their lives, were in real jeopardy. Luckily the current situation is not nearly as dire, as the leaking Soyuz MS-22 spacecraft docked to the International Space Station doesn’t pose any immediate danger to those aboard the orbiting laboratory. But it’s still an unprecedented situation, and getting its crew home will require engineers on the ground to make some very difficult decisions.
This situation is still developing, and neither NASA nor their Russian counterpart Roscosmos have released much in the way of specifics. But we can make some educated guesses from the video and images we’ve seen of the stricken Soyuz capsule, and from what’s been shown to the public so far, things aren’t looking good.
If you’re part of a government alphabet agency, particularly running a program to share information to fight cybercrime, make sure to properly verify the identity of new members before admission. Oh, and make sure the API is rate-limited so a malicious member can’t scrape the entire user database and sell it on a dark web forum.
Putting snark aside, this is exactly what has happened to the FBI’s InfraGuard program. A clever user applied to the program using a CEO’s name and phone number, and a convincing-looking email address. The program administrators didn’t do much due diligence, and approved the application. Awkward.
BSD Ping
First off, the good folks at FreeBSD have published some errata about the ping problem we talked about last week. First off, note that while ping does elevate to root privileges via setuid, those privileges are dropped before any data handling occurs. And ping on FreeBSD runs inside a Capsicum sandbox, a huge obstacle to system compromise from within ping. And finally, further examination of the bug in a real-world context casts doubt on the idea that Remote Code Execution (RCE) is actually possible due to stack layouts.
If someone messes up somewhere, go look if you messed up in the same or similar way somewhere else.
We’ve all been told to cut back on waste to help prevent environmental crisis on Earth. Reducing waste helps reduce the need to spend time and energy digging up fresh materials, and helps reduce the amount of trash we have to go out and bury in the ground in landfills. Recycling is a big part of this drive, allowing us to divert waste by reprocessing it into fresh new materials.
Sadly, though, recycling isn’t always as magical as it seems. As Australia has just found out, it’s harder than it sounds, and often smoke and mirrors prevent the public from understanding what’s really going on. Here’s how soft plastic recycling went wrong Down Under.
