Monthly Archives: August 2013

You are browsing the site archives by month.

Got an account on a site like Github? Hackers may know your e-mail address

LAS VEGAS—If you have an account on Github, StackExchange, or any one of countless other sites, there’s a good chance hackers can identify the e-mail address you used to register it. That’s because Gravatar, a behind-the-scenes service that says it works with millions of sites, broadcasts the information using cryptography that in many cases is trivial to crack.

People have been warning about the privacy risk posed by Gravatar, short for Globally recognized avatar, since at least 2009. That’s when a blogger showed he was able to crack the cryptographic hashes that the service uses to uniquely identify its users. Gravatar, it turned out, derived the hashes with the user’s e-mail address, and the blogger was able to translate about 10 percent of the more than 80,000 user IDs he harvested. Now, a researcher has upped the ante by using a more advanced cracking technique to de-anonymize participants advocating racial hatred and other extreme topics in online forums hosted in France.

Speaking at the PasswordsCon conference in Las Vegas Wednesday, security researcher Dominique Bongard said he identified the e-mail addresses of 45 percent of the e-mail addresses used to post comments he found in France’s most well-known political forum, which he declined to mention by name. His job was made easier by Gravatar’s use of the MD5 hash function, which is designed to generate hashes quickly and with a minimum of computing resources. Had Gravatar used bcrypt or another “slow” algorithm, his task would have taken considerably longer. In a country such as France, where there can be severe legal penalties for voicing extreme opinions, extracting the e-mail addresses isn’t without it’s consequences.

Read 5 remaining paragraphs | Comments

    



Engadget HD Podcast 360 – 07.31.13

Engadget HD Podcast 347 - 04.30.13

More Google Chromecast news than you can handle? Check. Further discussion about our review of said $35 video-streaming dongle? Double check. If Chromecast isn’t your thing, we also cover the likes of some cheap 4K TVs and our anticipation for the rest of Breaking Bad. The voices of Richard and Ben are ready to be heard below. This is episode 360 of the Engadget HD Podcast.

Hosts: Ben Drawbaugh (@bjdraw), Richard Lawler (@rjcc)

Producer: Joe Pollicino (@akaTRENT)

Hear the podcast

Filed under: ,

Comments

Photoshoot with KITT From Knight Rider And The A Team Van

Photoshoot with KITT From Knight Rider And The A Team Van

I’ve been working on a personal photo series capturing movie and television cars (real and replica)for about 5 years now under the title “The Unicorn Project”. Most recently, I had an opportunity to photograph a replica A-Team Van and KITT from Knight Rider while I was in Los Angeles. These happen to be two of my favorite television cars of all time. Watch the video below and read the full behind the scenes post here to learn how it was done.

Read more…

TI intros single-chip DockPort technology destined for laptops and tablets

TI intros singlechip DockPort tailored for laptops and tablets

The DockPort standard is only just getting off the ground with support in AMD’s Elite Performance processors. TI could soon make the technology fly, however: its new (if awkwardly named) HD3SS2521 controller handles all the tasks of DockPort on a single chip. The hardware is both simpler and cheaper than past multi-chip designs, and makes it easier for laptops and tablets to deliver DisplayPort video, USB 3.0 and power through a single cable. Whether or not we see more DockPort-equipped mobile gadgets is another matter. While the TI chip is available today, device builders still have to choose DockPort over a more established standard like Intel’s Thunderbolt.

Filed under: ,

Comments

Source: Texas Instruments

Trusting iPhones plugged into bogus chargers get a dose of malware

The Mactans charger uses a BeagleBoard for its computational power.
Billy Lau, Yeongjin Jang, and Chengyu Song

Plugging your phone into a charger should be pretty safe to do. It should fill your phone with electricity, not malware. But researchers from Georgia Institute of Technology have produced fake chargers they’ve named Mactans that do more than just charge your phone: they install custom, malicious applications onto iPhones.

Their bogus chargers—which do, incidentally, charge the phone—contain small computers instead of mere transformers. The iPhone treats these computers just as it does any other computer; instead of just charging, it responds to USB commands. It turns out that the iPhone is very trusting of USB-attached computers; as long as the iPhone is unlocked (if only for a split second) while attached to a USB host, then the host has considerable control over the iPhone.

The researchers used their USB host to install an app package onto any iPhone that gets plugged in. iOS guards against installation of arbitrary applications with a strict sandboxing system, a feature that has led to the widespread practice of jailbreaking. This attack doesn’t need to jailbreak, however.

Read 6 remaining paragraphs | Comments