This class of hack is known as a relay attack, a close cousin of the person-in-the-middle attack. In its simplest form, a relay attack requires two attackers. In the case of the locked Tesla, the first attacker, which we’ll call Attacker 1, is in close proximity to the car while it’s out of range of the authenticating phone. Attacker 2, meanwhile, is in close proximity to the legitimate phone used to unlock the vehicle. Attacker 1 and Attacker 2 have an open Internet connection that allows them to exchange data.
Source: New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica
The RFID cards contain chips, that combined with readers in the poker table, transmit information about each player’s hole cards, so that viewers can see the cards on the broadcast (which is on a 30-minute delay to protect game integrity).
Source: Cheating allegations against poker player Mike Postle halt livestreamed games
Attackers could lure users on malicious pages and exploit the vulnerability to extract the credentials users had entered on previously-visited sites. According to Ormandy, this isn’t as hard as it sounds, as an attacker could easily disguise a malicious link behind a Google Translate URL, trick users into visiting the link, and then extract credentials from a previously visited site.
Source: LastPass bug leaks credentials from previous site | ZDNet
By replacing independent, fragmented databases with a distributed system, banks can reduce data reconciliation costs while also improving data quality and ensuring data security.
Source: Blockchain Tech Could Save Banks $12 Billion A Year
It has become increasingly obvious in recent months that blockchain will be key to the future of the banking industry, with the majority of banks expected to adopt the technology within the next three years.
Each processor core can run its own small program independently of the others, which is a fundamentally more flexible approach than so-called Single-Instruction-Multiple-Data approaches utilized by processors such as GPUs; the idea is to break an application up into many small pieces, each of which can run in parallel on different processors, enabling high throughput with lower energy use, Baas said.
Because each processor is independently clocked, it can shut itself down to further save energy when not needed, said graduate student Brent Bohnenstiehl, who developed the principal architecture.
Source: World’s First 1,000-Processor Chip | UC Davis
In the modern day, the ability to work through a problem and decipher it is essential to anyone who works in cybersecurity, partly because a lot of what they do involves working out what is going on with less than perfect knowledge.
The puzzles below have been drawn up with the help of the team behind the UK’s Cyber Security Challenge, which uses similar tests to find people who are good at problem solving who could be of use for attacking and defending computer networks.
Source: Do you have the brains for cybersecurity? – BBC News
Like records of land ownership. Creating and maintaining incorruptible registers of land titles is a huge – and mostly unsolved – problem for developing countries. So when the government of Honduras launched an investigation into whether a blockchain-based land registry could solve it, the non-geek world sat up and began to take notice. The unmistakable message was that this technology could be much more useful than merely securing cryptocurrencies. It might actually turn out to be one of the biggest IT inventions of our time.
Source: Is Blockchain the most important IT invention of our age? | John Naughton | Opinion | The Guardian
There are several key building blocks that combine to make SDR possible. The first is some input device (a source) that is sampled at some sampling rate. For an audio device, the samples will be real numbers. However, radio devices will more likely provide complex numbers with an I and Q component.
Source: Getting Started with GNU Radio | Hackaday
Diffie-Hellman is the thing where Alice and Bob first agree on a huge prime number p and a number g, then Alice picks a secret a and sends Bob ga (mod p), and Bob picks a secret b and sends Alice gb (mod p), and then Alice and Bob can both compute (ga)b=(gb)a=gab (mod p), but an eavesdropper who’s listening in only knows p, g, ga (mod p), and gb (mod p), and one can plausibly conjecture that it’s hard from those things alone to get gab (mod p). So then Alice and Bob share a secret unknown to the eavesdropper, which they didn’t before, and they can use that secret to start doing cryptography.
Source: Shtetl-Optimized » Blog Archive » NSA in P/poly: The Power of Precomputation
But there is another type of biometrics that can be used to authenticate users – behavioral biometrics (“something you do”: speaking, typing, etc.).
The latter – information about how a user types on a keyboard – is particularly problematic if he or she wants to maintain their privacy online, as there are likely many websites that record these patterns and use (or might use them in the future) to identify users with a very high degree of certainty.
Source: Chrome extension thwarts user profiling based on typing behavior
So, he challenged infosec consultant Paul Moore to come up with a working solution to thwart this type of behavioral profiling.
The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.