Tuesday, May 31

Cluster of “megabreaches” compromise a whopping 642 million passwords

(credit: CBS)

Less than two weeks after more than 177 million LinkedIn user passwords surfaced, security researchers have discovered three more breaches involving MySpace, Tumblr, and dating website Fling that all told bring the total number of compromised accounts to more than 642 million.

"Any one of these 4 I'm going to talk about on their own would be notable, but to see a cluster of them appear together is quite intriguing," security researcher Troy Hunt observed on Monday. The cluster involves breaches known to have happened to Fling in 2011, to LinkedIn in 2012, and to Tumblr 2013. It's still not clear when the MySpace hack took place, but Hunt, operator of the Have I been pwned? breach notification service, said it surely happened sometime after 2007 and before 2012. He continued:

There are some really interesting patterns emerging here. One is obviously the age; the newest breach of this recent spate is still more than 3 years old. This data has been lying dormant (or at least out of public sight) for long periods of time.

The other is the size and these 4 breaches are all in the top 5 largest ones HIBP has ever seen. That's out of 109 breaches to date, too. Not only that, but these 4 incidents account for two thirds of all the data in the system, or least they will once MySpace turns up.

Then there's the fact that it's all appearing within a very short period of time - all just this month. There's been some catalyst that has brought these breaches to light and to see them all fit this mould and appear in such a short period of time, I can't help but wonder if they're perhaps related.

All four of the password dumps are being sold on a darkweb forum by peace_of_mind, a user with 24 positive feedback ratings, two neutral ratings, and zero negative ratings. That's an indication the unknown person isn't exaggerating the quality of the data. The megabreach trend is troubling for at least a couple of reasons. First, it demonstrates that service providers are either unable to detect breaches or are willing to keep them secret years after they're discovered. Second, it raises the unsettling question where the trend will end, and if additional breaches are in store before we get there?

Read 2 remaining paragraphs | Comments

Recapture the glory of Radium Age sci-fi from a century ago with these books

You've probably heard of science fiction's Golden Age, that incredible period in the 1940s and '50s when masters of the genre like Isaac Asimov, Robert Heinlein, Andre Norton, and Jack Vance were in their primes. But the early 20th century was an even weirder and more fantastic time for science fiction, when the genre was still in flux and the atomic bomb hadn't yet transformed our ideas about the future forever. Sci-fi historian and editor Joshua Glenn has just finished a multi-year project to bring what he calls the Radium Age back into the public eye. He has brought ten Radium Age classics back into print through his indie press HiLo Books, and he has written a number of fascinating guides to the great books of that era. Now, with his definitive list of the 100 best stories and novels of the Radium Age (1904-33), he's bringing the project to a close. But the journey for you, dear reader, is just beginning.

I've always been fascinated by the excavation of forgotten sci-fi, which is why I asked Glenn to write some of his first essays about Radium Age books several years ago for io9. "With Radium Age sci-fi, I wanted to surface and read all the best novels from that overlooked era and then introduce the era to others—so at first, I figured that writing a series for io9 would suffice," he told Ars via e-mail. "But once I realized that some of the best sci-fi from the 1904-33 period had fallen into utter obscurity, I felt compelled to start an imprint and reissue 10 of the titles that seemed most worthy of resurrecting." Now that other publishers have started releasing some of the novels on his best-of list, it seems that Glenn was on the cutting edge of a cultural revival of futuristic tales that are a century old. What's incredible about looking back on the Radium Age is that you realize so many of the science fiction themes we think of as solidly contemporary—from post-humans and the singularity, to zombie-populated dystopias—actually got their start way back in the early 1900s.

Describing some of these themes, Glenn told Ars:

Read 4 remaining paragraphs | Comments

Sex with 17-year-old girl is legal in Texas—nude pics of her are kid porn

(credit: Pro Juventute)

Try to follow along. In Texas, it's legal to have sex with somebody as young as 17 years old. But it's considered child pornography to have nude pictures of somebody under 18, even if he or she is 17.

Aldo Leiva, 51. (credit: Harris County Sheriff's Office)

This means a 51-year-old Houston math tutor is facing 20 years in prison and may have to register as a sex offender for life in connection to accusations that his mobile phone contained child pornography—which were the nude photos that his 17-year-old student-girlfriend had texted him. The case against Aldo Leiva came to light after the girl's mother found explicit pictures on her daughter's mobile phone. The Houston Independent School District Police Department opened an investigation, which led to the charges against the Houston High tutor, according to court records.

Leiva posted $20,000 bond last week, and a local judge issued a no-contact order between the girl and the tutor. According to court records (PDF), the tutor gave police his phone and unlocked it for them, and nude images of the girl were allegedly recovered.

Read 5 remaining paragraphs | Comments

Leg Mounted Beer Bottles for Underwater Propulsion

Sitting on the beach, finishing off a beer one day, [Rulof] realized that if he put a motor in the beer bottle with a propeller at the bottle’s mouth, he could attach the result to his leg and use it to propel himself through the water. Even without the added bonus of the beautiful Mediterranean waters through which he propels himself, this is one hack we all wish we’d thought of.

These particular beer bottles were aluminum, making cutting them open to put the motor inside easy to do using his angle grinder. And [Rulof] made good use of that grinder because not only did he use it to round out parts of the motor mounting bracket and to cut a piston housing, he also used the grinder to cut up some old sneakers on which he mounted the bottles.

You might wonder where the pistons come into play. He didn’t actually use the whole pistons but just a part of their housing and the shaft that extends out of them. That’s because where the shaft emerges from the housing has a water tight seal. And as you can see from the video below, the seal works well in the shallow waters in which he swims.

The batteries for powering the motor go in a separate watertight PVC cylinder mounted on his upper body, with watertight seals for the wiring going from the battery cylinder to the bottled motors. But how to make a watertight on-off switch? For that [Rulof] put a reed switch inside the battery housing. The reed switch energizes a relay, and the relay electrically connects the motor to the batteries. He made sure to mount the reed switch near the PVC cylinder’s wall. To close the reed switch he brings a magnet outside the cylinder to near where the reed switch is inside the cylinder. To open the reed switch again he moves the magnet away. So the reed switch remains inside the watertight cylinder while the switch is opened and closed using a magnet field from the magnet outside the cylinder.

[Rulof] isn’t the only electric fish in the sea. There’s also this fin propelled robofish that can communicate with others of its kind using Sonar. And then there’s jet propulsion, sucking water in one intake and expelling it out the other as does this ROV.


Filed under: transportation hacks

Finally, you can load Fallout 4 mods on Xbox One

A Eurogamer video lays out how to use Fallout 4 mods on Xbox One in detail

For decades, PC gaming elitists have lorded their ability to download imaginative game mods over their dirty console gaming peasant cousins. That advantage goes away today... at least for one major recent release. Bethesda just launched an update that allows Xbox One players to download and run Fallout 4 mods (though the Bethesda mod servers seem to be melting under the strain at the moment). A similar update for the PS4 is promised for later in June.

There are a few caveats to consider before exploring the freewheeling modding scene, as Bethesda discussed in a livestream last week. All mods have to be downloaded to the console through the in-game interface (which requires a BethesdaNet account), and there's a 2GB limit to total mod storage per system. While loading the wrong mods (or loading them in the wrong order) could make the game temporarily unplayable, you don't have to worry about screwing up your save game while playing with mods loaded—a separate "modded save" will be stored alongside the standard version. Achievements and Trophies can't be earned while using mods.

Bethesda says it will be cracking down on nudity and the use of outside copyrighted content in the console mods it hosts, so forget about your dreams of running a naked Master Chief through the post-apocalyptic wasteland. As of now, 888 of the 1375 PC mods listed on the Bethesda Workshop for the game have been approved for the Xbox One, and that ratio will likely go up as Bethesda does more testing.

Read 2 remaining paragraphs | Comments

No Man’s Anger: A peaceful game’s delay sparks online hate

Artist's rendition of some random Internet user reacting to a two-month game delay. (credit: Flickr / Thoth, God of Knowledge)

As someone who has been immersed in gaming and Internet culture for decades, I'm no stranger to how fans with enflamed passions can spew some heated and at times hateful rhetoric about their favorite properties online. Random Internet users can and do generate huge volumes of uncivil discussion, harassment, and sometimes even threats over everything from Mass Effect 3's ending to arguments over review scores.

Still, a portion of the reaction to news of the No Man's Sky delay in recent days seems fundamentally different in a way that has been troubling me.

The basic news being discussed here is pretty boring by game industry standards. No Man's Sky, which developer Hello Games has been targeting for a June 2016 release since last October, was first rumored and then confirmed to be delayed to early August over the past week.

Read 11 remaining paragraphs | Comments

Exquisite LED Handbag in the Wild

There is a lot of spectacle on display at Maker Faire. But to be honest, what I love seeing the most are well-executed builds pulled off by passionate hackers. Such is the case with [Debra Ansell]. She wasn’t exhibiting, just taking in all the sights like I was. But her bag was much better than my drab grey camera-equipment filled backpack; she build a handbag with an LED matrix and did it so well you will scratch your head trying to figure out if she bought it that way or not.

Gerrit and I walked right up and asked if she’d show it to us. We weren’t the only ones either. [Debra’s] bag started drawing a crowd as she pulled out her cellphone and sent “Hackaday” to the 10×15 matrix over Bluetooth. Check out our video interview below.

I think what makes this really special is her work on obscuring the LED strips that make up the matrix. She laid out the LEDs, cut leather strips to perfectly space out each of the APA102c pixels, then proceeded to weave, sew, and glue the assembly together.

An Adafruit Feather board, with an optional Bluefruit LE, drives the display. It’s a sweet solution because it gets [Debra] the cellphone connectivity all in a single board. She doesn’t have this version of the bag up on her site yet but is working on it. For now, check out the earlier revision that puts a grid of LEDs behind grommets. A cool idea but I think this new version is much better.

She has a bunch of other great builds up on her website so make sure to browse around a little bit. I’m still delighted by [Debra’s] EtchABot which we looked at earlier this year. It adds automation to a pocket-sized Etch a Sketch, including erase functionality and she’s even selling a kit for it on Tindie.


Filed under: cons, led hacks, wearable hacks

Cops can easily get hundreds of days of location data, appeals court rules

(credit: Julian Carvajal)

A full panel of judges at the Fourth US Circuit Court of Appeals has now overturned last summer’s notable decision by the standard trio of appellate judges, which had found that police needed a warrant to obtain more than 200 days' worth of cell-site location information (CSLI) for two criminal suspects.

In the Tuesday en banc decision, the Fourth Circuit relied heavily upon the third-party doctrine, the 1970s-era Supreme Court case holding that there is no privacy interest in data voluntarily given up to a third party like a cell phone provider. That case, known as Smith v. Maryland, is what has provided the legal underpinning for lots of surveillance programs, ranging from local police all the way up to the National Security Agency.

The Fourth Circuit concluded in US v. Graham:

Read 12 remaining paragraphs | Comments

Make Your Own Kitchen Tools

kitchenTools_1Here are some of our favorite kitchen tool projects from Make:.

Read more on MAKE

The post Make Your Own Kitchen Tools appeared first on Make: DIY Projects and Ideas for Makers.

How to Fail at Laser Cutting

Microsoft lowers Xbox One’s entry price to $299

In a surprise move ahead of next month's Electronic Entertainment Expo, Microsoft has lowered the price on almost all of its Xbox One bundles by $50. That means you can now get a 500GB Xbox One bundled with either Quantum Break, Gears of War: Ultimate Edition, The Lego Movie Videogame, Forza Motorsport 6, Rise of the Tomb Raider, or Rare Replay for just $299. Systems with a 1TB hard drive and other bundled games range from $319 to $349.

A system with a Kinect camera and three compatible games is now $349, while one with an Elite controller and a 1TB hard drive is $449.

While the prices are listed as "for a limited time" on the Microsoft website, other online retailers seem to be matching the sudden, platform-wide price drop. The Xbox One previously dropped to $299 as part of some holiday season deals in 2015 and again as part of a Microsoft Store promotion in March.

Read 2 remaining paragraphs | Comments

Gravitational waves may reveal stringy Universe

Everyone has been pretty excited by the recent observation of gravitational waves. I know that I am prone to exaggeration, but gravitational waves really do open up a new way to observe the Universe.

At the moment, when we observe the night sky, the farther into the distance we look, the further back in time we see. But relationship is based on an assumption: the light we see has not bounced off anything in between us and its origin. Normally, this is a pretty safe assumption, because space is pretty big, and most of the material in it (like dust, etc) doesn't do much.

But in the very early Universe, before atoms had formed, things were very dense, so light scattered a lot. The scattering means that the information that a photon carried about its origin was lost. As a result, we can't really see much beyond the time when all the charged particles all agreed to stick together and create the first three elements of the periodic table.

Read 15 remaining paragraphs | Comments

Kraftwerk loses hip-hop music-sampling copyright case

(credit: Tobias Helfrich)

After a decades-long battle, the Bundesverfassungsgericht (the supreme German Constitutional Court) has overturned a ban on a song that used a two-second sample of a Kraftwerk recording.

In 1997, music producer Moses Pelham used a clip from 1977 release Metall auf Metall (Metal on Metal) in the song Nur mir (Only Mine) performed by Sabrina Setlur.

Lead singer of Kraftwerk, Ralf Huetter, sued Pelham, and in 2012 the electropop pioneer won his case for copyright infringement in Germany's Federal Court of Justice (Bundesgerichtshof), gaining damages and a block on Nur mir. However, in today’s judgment, the eight judges of the First Senate of the Federal Constitutional Court decided that the lower court did not sufficiently consider whether the impact of the sample on Krafwerk might be “negligible.”

Read 5 remaining paragraphs | Comments