Bypassing Google’s Two-Factor Authentication

Posted on by

TL;DR – An attacker can bypass Google’s two-step login verification, reset a user’s master password, and otherwise gain full account control, simply by capturing a user’s application-specific password (ASP).

via Bypassing Google’s Two-Factor Authentication – Blog · Duo Security.

Also From:  Google Security Vulnerability Allowed Two-Step Verification Bypass – Dark Reading.

A successful attack would require first stealing a user’s ASP, which could theoretically be accomplished via malware or a phishing attack.

A Race, a Crash and the Nascar Approach to YouTube Video Takedowns

Posted on by

A video of the wreck, shot by a fan and uploaded almost immediately to YouTube, detailed some of the carnage that swept across the stands and the race-goers that filled them. In a particularly intense moment, one person appeared to be pinned down by an errant wheel that flew off one of the wrecked cars.

But just as quickly as it was uploaded, the video was taken down from YouTube at Nascar’s request, citing copyright concerns.

via A Race, a Crash and the Nascar Approach to YouTube Video Takedowns – Mike Isaac – Media – AllThingsD.

The copyright to any video or photograph is owned by the person taking that video or photograph.  This is clearly an abuse of DMCA.  Here’s an update from the above linked to site with a restored link to the video in question.

Update 7:45 pm PT: Well would you look at that. Not more than a few hours later, the video in question has been unblocked, and is now viewable on YouTube user Tyler4DX’s page.

The Tunnels of NYC’s East Side Access Project

Posted on by

A huge public works project is currently under construction in New York City, connecting Long Island to Manhattan’s East Side. Deep underground, rail tunnels are extending from Sunnyside, Queens, to a new Long Island Rail Road terminal being excavated beneath Grand Central Terminal. Construction began in 2007, with an estimated cost of $6.3 billion and completion date of 2013. Since then, the cost estimate has been raised to $8.4 billion, and the completion date moved back to 2019. When finished, the line will accommodate 24 trains per hour at peak traffic, cutting down on commute times from Long Island, and opening up access to John F. Kennedy International Airport from Manhattan’s East Side. Collected here are images of the progress to date, deep beneath Queens and Manhattan.

via The Tunnels of NYC’s East Side Access Project – In Focus – The Atlantic.

Scammers Extort BitTorrent Users Posing as Law Enforcement

Posted on by

According to information obtained by SJD the accusations are not made up. This means that the IP-addresses were indeed “caught” sharing the files listed in the letter. However, it is a mystery how the “Internet Copyright Law Enforcement Agency” obtained the home addresses of the subscribers.

via Scammers Extort BitTorrent Users Posing as Law Enforcement | TorrentFreak.

It was only a matter of time before these kind scams surfaced.  The outfit in question is here.  Fearful of real life charges of real crimes involving interstate commerce probably convinced them to publish this on their site:

Effective immediately, the Internet Copyright Law Enforcement Agency has ceased operations. Please disregard any notices you received from us, and please do not send us any payments.

Throwing and catching an inverted pendulum

Posted on by

Armed with a good theoretical model and knowledge of its strengths and limitations, the researchers set out on a process of engineering the complete system of balancing, throwing, catching, and re-balancing the pendulum. This involved leveraging the theoretic insights on the problem’s key design parameters to adapt the physical system. For example, they equipped both quadrocopters with a 12cm plate that could hold the pendulum while balancing and developed shock absorbers to add at the pendulum’s tips.

via Video: Throwing and catching an inverted pendulum – with quadrocopters | Robohub.

Below is the Youtube video.

More info at the Flying Machine Arena.

The Flying Machine Arena (FMA) is a portable space devoted to autonomous flight. Measuring up to 10 x 10 x 10 meters, it consists of a high-precision motion capture system, a wireless communication network, and custom software executing sophisticated algorithms for estimation and control.

What is AP Isolation Mode and why should I disable it on my router?

Posted on by

In the computer networking world, AP stands for Access Point, or in this case, a wireless access point. AP Isolation effectively creates a “virtual” network among wireless clients, in which each device is an individual entity that cannot communicate with other wireless devices on the same Wi-Fi access point. This configuration can be useful for public Wi-Fi hotspots to separate potentially malicious network traffic from other.

via What is AP Isolation Mode and why should I disable it on my router? – Customer Feedback & Ideas for Photosmith.

The tomato router has this option.  Other APs do not.

Attribution Is Much More Than A Source IP

Posted on by

What seems to be happening in many intrusion cases is that an IP located in China has been associated with the attack. The immediate assumption, often by inexperienced persons involved in the investigation, is that someone in China, most likely state-sponsored, targeted their incredibly important information.

via Tech Insight: Attribution Is Much More Than A Source IP – Dark Reading.