Want to see something crazy? Open this link on your phone with WiFi turned off.

But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.

Source: Want to see something crazy? Open this link on your phone with WiFi turned off.

Solar car race kicks off 30th anniversary with a fresh challenge

This year, the race regulations are a clear sign of how rapidly solar technology is changing. Teams have to use a smaller solar collector than before: cars in the Challenger class can have no more than 43 square feet of solar cells versus nearly 65 square feet for the previous race, in 2015. That’s half the area allowed on cars from the original 1987 race. In other words, technology is advanced enough now (both in solar cells and the underlying vehicle designs) that you don’t need a sea of panels to keep a car running.

Source: Solar car race kicks off 30th anniversary with a fresh challenge

The Equifax Hack Has the Hallmarks of State-Sponsored Pros

The average American had no reason to notice Apache’s post but it caught the attention of the global hacking community. Within 24 hours, the information was posted to FreeBuf.com, a Chinese security website, and showed up the same day in Metasploit, a popular free hacking tool. On March 10, hackers scanning the internet for computer systems vulnerable to the attack got a hit on an Equifax server in Atlanta, according to people familiar with the investigation.

Source: The Equifax Hack Has the Hallmarks of State-Sponsored Pros – Bloomberg

The massive breach occurred even though Equifax had invested millions in sophisticated security measures, ran a dedicated operations center and deployed a suite of expensive anti-intrusion software. The effectiveness of that armory appears to have been compromised by poor implementation and the departure of key personnel in recent years. But the company’s challenges may go still deeper. One U.S. government official said leads being pursued by investigators include the possibility that the hackers had help from someone inside the company. “We have no evidence of malicious inside activity,” the Equifax spokesperson said. “We understand that law enforcement has an ongoing investigation.”

Windows 10 is possibly the worst spyware ever made

But there are worse offenders. Microsoft’s service agreement is a monstrous 12,000 words in length, about the size of a novella. And who reads those, right? Well, here’s one excerpt from Microsoft’s terms of use that you might want to read:

We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to.

Source: Windows 10 is possibly the worst spyware ever made

China orders bitcoin exchanges to shut down

Bitcoin is created and exchanged without the involvement of banks or governments. Transactions allow anonymity, which has made bitcoin popular with people who want to conceal their activity. Bitcoin can be converted to cash when deposited into accounts at prices set in online trading.

Source: Reports: China orders bitcoin exchanges to shut down – ABC News

The hackers who broke into Equifax exploited a flaw in open-source server software

That vulnerability, according to a report on the data breach by William Baird & Co., was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017. One was announced in March, and another was announced earlier this week on Sept. 4. At the moment, it’s unclear which vulnerability the Baird report was referring to.

Source: The hackers who broke into Equifax exploited a flaw in open-source server software — Quartz

The bug specifically affects a popular plugin called REST, which developers use to handle web requests, like data sent to a server from a form a user has filled out. The vulnerability relates to how Struts parses that kind of data and converts it into information that can be interpreted by the Java programming language. When the vulnerability is successfully exploited, malicious code can be hidden inside of such data, and executed when Struts attempts to convert it.

Equifax Breach Response Turns Dumpster Fire

I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans.

Source: Equifax Breach Response Turns Dumpster Fire — Krebs on Security

Spinning metal sails could slash fuel consumption, emissions on cargo ships

Rotor sails rely on a bit of aerodynamics known as the Magnus effect. In the 1850s, German physicist Heinrich Gustav Magnus noticed that when moving through air a spinning object such as a ball experiences a sideways force. The force comes about as follows. If the ball were not spinning, air would stream straight past it, creating a swirling wake that would stretch out directly behind the ball like the tail of a comet. The turning surface of a spinning ball, however, drags some air with it. The rotation deflects the wake so that it comes off the ball at an angle, closer to the side of the ball that’s rotating into the oncoming air. Thanks to Isaac Newton’s third law that every action must have an equal and opposite reaction, the deflected wake pushes the ball in the opposite direction, toward the side of the ball that’s turning away from the oncoming air. Thus, the spinning ball gets a sideways shove.

Source: Spinning metal sails could slash fuel consumption, emissions on cargo ships