News

3607 Articles

Netscape Communicator And SHA-1 Written Into Brexit Agreement

December 28, 2020 by 36 Comments

We pity the civil servants involved in the negotiations between the European Union and the United Kingdom, because after tense meetings until almost the Eleventh Hour, they’ve had to cobble together the text of a post-Brexit trade agreement in next-to-no time. In the usual manner of such international agreements both sides are claiming some kind of victory over fish, but the really interesting parts of the document lie in the small print. In particular it was left to eagle-eyed security researchers to spot that Netscape Communicator 4, SHA-1, and RSA encryption with a 1024-bit key length are recommended to secure the transfer of DNA data between states. The paragraphs in question can be found on page 932 of the 1256-page agreement.

It’s likely that some readers under 30 years old will never have used a Netscape product even though they will be familiar with Firefox, the descendant Mozilla software. Netscape were a pioneer of early web browsers, and  Communicator 4 was the company’s all-in-one browser and email offering from the late 1990s. It and its successors steadily lost ground against Microsoft’s Internet Explorer, and ultimately faded away along with the company under AOL ownership in the late 2000s. Meanwhile the SHA-1 hashing algorithm has been demonstrated to be vulnerable to collision attacks, and computing power has advanced such that 1024-bit RSA encryption can be broken in a sensible time frame by anyone with sufficient GPU power to give it a try. It’s clear that something is amiss in the drafting of this treaty, and we’d go so far as to venture the opinion that a tired civil servant simply cut-and-pasted from a late-1990s security document.

So will the lawmakers of Europe now have to dig for ancient software as mandated by treaty? We hope not, as from our reading they are given as examples rather than as directives. We worry however that their agencies might turn out to be as clueless on digital security as evidently the civil servants are, so maybe Verizon Communications, current owners of the Netscape brand, could be in for a few support calls.

Uber Traded Away Its In-House Self-Driving Effort

December 22, 2020 by 44 Comments

Perhaps the best-known ridesharing service, Uber has grown rapidly over the last decade. Since its founding in 2009, it has expanded into markets around the globe, and entered the world of food delivery and even helicopter transport.

One of the main headline research areas for the company was the development of autonomous cars, which would revolutionize the company’s business model by eliminating the need to pay human drivers. However, as of December, the company has announced that it it spinning off its driverless car division in a deal reportedly worth $4 billion, though that’s all on paper — Uber is trading its autonomous driving division, and a promise to invest a further $400 million, in return for a 26% share in the self-driving tech company Aurora Innovation.

Playing A Long Game

Uber’s self-driving efforts have been undertaken in close partnership with Volvo in recent years.

Uber’s driverless car research was handled by the internal Advanced Technologies Group, made up of 1,200 employees dedicated to working on the new technology. The push to eliminate human drivers from the ride-sharing business model was a major consideration for investors of Uber’s Initial Public Offering on the NYSE in 2019. The company is yet to post a profit, and reducing the amount of fares going to human drivers would make it much easier for the company to achieve that crucial goal.

However, Uber’s efforts have not been without incident. Tragically, in 2018, a development vehicle running in autonomous mode hit and killed a pedestrian in Tempe, Arizona. This marked the first pedestrian fatality caused by an autonomous car, and led to the suspension of on-road testing by the company. The incident revealed shortcomings in the company’s technology and processes, and was a black mark on the company moving forward.

The Advanced Technology Group (ATG) has been purchased by a Mountain View startup by the name of Aurora Innovation, Inc. The company counts several self-driving luminaries amongst its cofounders. Chris Urmson, now CEO, was a technical leader during his time at Google’s self-driving research group. Drew Bagnell worked on autonomous driving at Uber, and Sterling Anderson came to the startup from Tesla’s Autopilot program. The company was founded in 2017, and counts Hyundai and Amazon among its venture capital investors.

Aurora could also have links with Toyota, which also invested in ATG under Uber’s ownership in 2019. Unlike Uber, which solely focused on building viable robotaxis for use in limited geographical locations, the Aurora Driver, the core of the company’s technology, aims to be adaptable to everything from “passenger sedans to class-8 trucks”.

Aurora has been developing self-driving technology to handle real-world situations since its founding in 2017. Being able to master the challenges of a crowded city will be key to succeeding in the marketplace.

Getting rid of ATG certainly spells the end of Uber’s in-house autonomous driving effort, but it doesn’t mean they’re getting out of the game. Holding a stake in Aurora, Uber still stands to profit from early investment, and will retain access to the technology as it develops. At the same time, trading ATG off to an outside firm puts daylight between the rideshare company and any negative press from future testing incidents.

Even if Aurora only retains 75% of ATG’s 1,200 employees, it’s doubling in size, and will be worth keeping an eye on in the future.

Did ET Finally Call Us?

December 21, 2020 by 73 Comments

An Australian radio telescope picked up unusual signals back in 2019 and thinks they originated from Proxima Centauri, a scant 4.3 light years from our blue marble. Researchers caution that it almost certainly is a signal of human or natural origin and that more analysis will probably show it didn’t come from Proxima Centauri. But they can’t yet explain it.

The research is from the Breakthrough Listen project, a decade-long SETI project. The 980 MHz BLC-1 signal, as it’s called, meets the tests that identify the signal as interesting. It has a narrow bandwidth, it drifts in frequency consistent with a signal moving away or towards the Earth, and it disappears when the radio telescope points elsewhere.

Continue reading “Did ET Finally Call Us?”

A Synth Of Your Own, For Not A Lot

December 20, 2020 by 19 Comments

Despite the lingering reality that most of us don’t have what it takes to make it to the upper reaches of the Hit Parade, there remain many who still harbour a secret desire to make music. What better way to realise this dream, than by making [Blog Hoskins’] $20 MIDI synth project!

The write-up goes into a staggering level of detail to ensure that it’s accessible at all levels, to the extent that a complete beginner could probably assemble a working synth by following it. For some of the fancier parts of front panel there’s a reliance on a laser cutter, but even without such wizardry the Average Joe with an electric drill could still do a pretty good job.

Behind the panel though it’s not short on features it’s a surprisingly simple design. At its heart is an Arduino Nano, surrounded by potentiometers and switches for user control, and an opto-coupler for the MIDI lines. Sadly for analogue synth fans there’s not much else in the way of circuitry, but the point of a build such as this one is to create a playable instrument with the shortest path to usability. A video full fo those glorious synth sounds is below the break.

MIDI synthesisers are a frequent feature here at Hackaday. A recent favourite is this four-voice instrument that uses servos as its active element.

Continue reading “A Synth Of Your Own, For Not A Lot”

This Week In Security: SolarWinds And FireEye, WordPress DDoS, And Enhance!

December 18, 2020 by 11 Comments

The big story this week is Solarwinds. This IT management company supplies network monitoring and other security equipment, and it seems that malicious code was included in a product update as early as last spring. Their equipment is present in a multitude of high-profile networks, like Fireeye, many branches of the US government, and pretty much any other large company you can think of. To say that this supply chain attack is a big deal is an understatement. The blame has initially been placed on APT42, AKA, the Russian hacking pros.

The attack hasn’t been without some positive effects, as Fireeye has released some of their internal tooling as open source as a result. Microsoft has led the official response to the attack, managing to win control of the C&C domain in court, and black-holing it.

The last wrinkle to this story is the interesting timing of the sale of some Solarwinds stock by a pair of investment firms. If those firms were aware of the breech, and sold their shares before the news was made public, this would be a classic case of illegal insider trading. Continue reading “This Week In Security: SolarWinds And FireEye, WordPress DDoS, And Enhance!”

Stacked Material Makes Kitchen Temperature Superconductors

December 18, 2020 by 35 Comments

Belgian, Italian, and Australian researchers are proposing that by stacking semiconductor sheets, they should be able to observe superconducting behavior at what is known as “kitchen temperature” or temperatures you could get in a household freezer. That’s not quite as good as room temperature, but it isn’t bad, either. The paper is a bit technical but there is a very accessible write-up at Sci-Tech Daily that gives a good explanation.

Superconductors show no loss but currently require very cold temperatures outside of a few special cases. The new material exploits the idea that an electron and a hole in a semiconducting material will have a strong attraction to each other and will form a pair known as an exciton. Excitons move in a superfluid state which should exhibit superconductivity regardless of the temperature. However, the attraction is so strong that in conventional materials, the excitons only exist for the briefest blip of time before they cancel each other out.

Continue reading “Stacked Material Makes Kitchen Temperature Superconductors”

Russian Doomsday Radios Go Missing

December 15, 2020 by 42 Comments

Normally we like hearing about old military gear going on the surplus market. But if you encounter some late-model Russian radio and crypto equipment for sale you might want to make sure it isn’t hot (English translation). If you prefer not picking through the machine translation to English, the BBC also has a good write-up.

The Russians maintain four large planes set up as flying command and control bunkers in case of nuclear war — so-called “doomsday planes.” Like the U.S. ABNBC (better known as Looking Glass) fleet, the planes can provide the President or other senior leaders a complete command capability while in flight. As you might expect, the radios and gear on the plane are highly classified.

Continue reading “Russian Doomsday Radios Go Missing”