Monthly Archives: August 2015

Gear & Gadgets, metal, rosa labs, soylent

Watchdog group says Soylent’s cadmium and lead levels violate CA law

Late last week, non-profit environmental watchdog group As You Sow issued a press release indicating its intention to file suit against the makers of Soylent, the meal replacement product engineered by Silicon Valley entrepreneur Rob Rhinehart. As You Sow states that two separately tested samples of Soylent’s latest 1.5 formula contained “12 to 25 times” the amount of lead allowed under the “safe harbor for reproductive health” provisions of the state of California’s Safe Drinking Water and Toxic Enforcement Act of 1986 (commonly called “Proposition 65“). As You Sow also says it found cadmium levels at least four times higher than the safe harbor for reproductive health levels.

Soylent already displays a Proposition 65 notice on its web site—according to the information there, consuming a full day’s worth of Soylent 1.5 would indeed exceed both the Maximum Allowable Dose Levels (MADLs) and No Significant Risk Levels (NSRLs) for lead and cadmium.

California’s Proposition 65 guidelines for heavy metals are more strict than those used internationally by the World Health Organization. The MADL and NSRL numbers for lead and cadmium aren’t indicators of immediate harm; rather, they are limits below which no harm has been observed.

Read 5 remaining paragraphs | Comments

amplification, BItTorrent, DDoS, distributed denial of service, DNS, Law & Disorder, NTP, Risk Assessment, Technology Lab

How BitTorrent could let lone DDoS attackers bring down big sites

Some of the most widely used BitTorrent applications, including uTorrent, Mainline, and Vuze are also the most vulnerable to a newly discovered form of denial of service attack that makes it easy for a single person to bring down large sites.

The distributed reflective DoS (DRDoS) attacks exploit weaknesses found in the open BitTorrent protocol, which millions of people rely on to exchange files over the Internet. But it turns out that features found uTorrent, Mainline, and Vuze make them especially suitable for the technique. DRDoS allows a single BitTorrent user with only modest amounts of bandwidth to send malformed requests to other BitTorrent users.

The BitTorrent applications receiving the request, in turn, flood a third-party target with data that’s 50 to 120 times bigger than the original request. Key to making the attack possible is BitTorrent’s use of the user datagram protocol, which provides no mechanism to prevent the falsifying of IP addresses. By replacing the attacker’s IP address in the malicious request with the spoofed address of the target, the attacker causes the data flood to hit victim’s computer.

Read 4 remaining paragraphs | Comments

drones, fpv drone racing, Gear & Gadgets, quadcopter, The Multiverse, uk

The new, underground sport of first-person drone racing

If you hadn’t noticed, drones and quadcopters are rather popular right now. Hardly a day goes by without some kind of automated or remotely piloted aircraft somehow causing a ruckus, or providing a new way for militaries and cinematographers alike to get the shot they need. What you might not have noticed, however, is that there is an underground movement to turn drone flying into a sport.

Known as FPV (first-person view) drone racing, or sometimes FPV quadcopter racing, the sport involves building and modifying quadcopters for speed and manoeuvrability, adding a virtual reality-style headset with a live video feed from the drone, and then finding safe and legal places to fly. Racers compete in heats or time trials, speeding around courses at anything up to 60mph (100km/h)—and having a load of fun in the process. This sport, which seems to appeal to aspiring pilots, makers, and computer game fans alike, has all the adrenaline of flight, while also providing enough crashes, smashes, and collisions to keep even the most ardent sports fans happy.

For the past three months, I’ve been photographing the fledgling sport at various locations throughout the UK. I’ve found that there is much more to it than a bunch of geeks comparing voltage signals or PID settings in the woods on a Sunday.

Read 13 remaining paragraphs | Comments

AT&T, Law & Disorder, NSA, surveillance

AT&T’s “Extreme Willingness to Help” is key to NSA Internet surveillance

A unique and unusually productive relationship with AT&T has helped the US National Security Agency trawl through vast quantities of Internet traffic, much of it transmitted through networks located in the US, according to a media article published Saturday.

The cooperation involved a variety of classified programs that span decades, in one case more than 15 years before the September 11 terrorist attacks. In addition to providing the NSA with access to billions of e-mails flowing across its domestic networks, AT&T helped wiretap all Internet communications at the United Nations headquarters, which is, or at least was, an AT&T customer, according to the article, which was jointly reported and written by reporters from The New York Times and ProPublica. The article, which relied on NSA documents leaked by former agency contractor Edward Snowden, said that AT&T competitor Verizon participated in some of the same activities, but on a much smaller scale. One NSA document reminded officials to be polite when visiting AT&T sites since the arrangement was a “partnership, not a contractual relationship.”

One of the oldest programs is dubbed Fairview and began in 1985. A separate program known as Stormbrew included Verizon and MCI, the former telecommunications provider that Verizon acquired in 2006. The NYT and ProPublica go on to paint AT&T as a particularly willing partner. The article stated:

Read 1 remaining paragraphs | Comments

Opposable Thumbs

Gallery: Japan’s gaming centers provide joy for the kid inside

While in Hiroshima, Japan for a week, I couldn’t let the time pass without visiting a game center or two (what we call “arcades” in the US). I visited Taito Station, a massive 6-floor game center on the central Hondori shopping arcade, which caused me to have bulging-eye syndrome. Because it was mid-day during the week, it was mostly empty, so I had time to snap a few photos and marvel in its grand weirdness.

Jennifer Hahn

First stop, Taito Station Gaming Center on Hondori shopping arcade. An “arcade” in Japan is a large shopping street/center.

57 more images in gallery

Taito Station is organized by gaming maturity level: starting from the first floor’s cute-and-easy crane games, upwards to casino games (it also gets smokier as you go up), then to physical/sport and “starter” video games, and as you reach floor 4 and 5, you’re pretty much in shooter game heaven. But be careful before stepping onto floor 6!

When I could tear myself away, I headed down Hondori to Animate, a massive Manga/anime shop, which also offered a large amount of card games. Card games seem to be very popular in Japan, and there were also a few smaller shops around the city catering to card gamers only.

Read 2 remaining paragraphs | Comments

Gear & Gadgets, Risk Assessment

Parrot drones easily taken down or hijacked, researchers demonstrate

In two separate presentations at Def Con in Las Vegas last weekend, security experts demonstrated vulnerabilities in two consumer drones from Parrot. The simplest of the attacks could make Parrot drones, including the company’s Bebop model, fall from the sky with a keystroke.

In a live demonstration at Def Con’s Internet of Things Village on August 8, Ryan Satterfield of the security consulting firm Planet Zuda demonstrated a takedown of a Parrot A.R.Drone by exploiting the drone’s built-in Wi-Fi and an open telnet port on the drone’s implementation of the  BusyBox real-time operating system. Connecting to the drone gave him root access to the controller, and he was able to kill the processes controlling flight—causing the drone to drop to the ground.

Ryan Satterfield reproduces the Parrot A.R.Drone 2.0 hack he demonstrated at DEF CON.

In a session at DEF CON on August 9, researcher Michael Robinson, a security analyst and adjunct professor at Stevenson University in Maryland and George Mason University in Northern Virginia, dove further into the vulnerabilities of Parrot’s drones, discussing his research on the Bebop drone in a session entitled, “Knocking My Neighbor’s Kid’s Cruddy Drone Offline.” Robinson noted that because of the Parrot’s open Wi-Fi connection, it would allow anyone with the free Parrot app on a mobile device to pair with the drone in-flight. Using a Wi-Fi “de-auth” attack, he was able to disconnect the control app on the operator’s device and take control with the app from another while the operator of the original controlling device attempted to re-establish a Wi-Fi connection. The new pilot could then simply fly the drone wherever he desired. Robinson warned anyone who planned to take over someone else’s Parrot drone that the mobile app left forensic artifacts on mobile devices—including the serial number of the drone.

Read 4 remaining paragraphs | Comments

Ministry of Innovation, torquing group, zano

Most-funded European Kickstarter project ever still hasn’t shipped yet

Torquing Group, the British drone startup that raked in £2.3 million ($3.4 million) in under two months earlier this year, becoming the most crowdfunded European project ever, has been beset by further inexplicable delays.

On Monday, CEO Ivan Reedman told Ars that the company would begin shipping to its United Kingdom-based backers, however as of Friday, none have actually been sent out.

The handheld drone was originally scheduled to ship in June 2015, a deadline that the company obviously missed. When Ars visited Torquing Group’s offices in Pembroke Dock, Wales in April 2015, Reedman said that the Zano, its handheld drone, would be shipping in early July.

Read 7 remaining paragraphs | Comments

Law & Disorder, Minnesota, reid sagehorn, Twitter

Lawsuit over two-word tweet—“actually yes”—can move ahead, judge finds

A federal judge in Minnesota has allowed a First Amendment and defamation lawsuit filed by a high school student who was suspended over a two-word tweet—“actually yes”—to move forward.

The suit was first filed in June 2014 by Reid Sagehorn, then a high school student at Rogers High School, in Rogers, Minnesota—he sued the Elk River School District, the principal of his former school, and two district officials for violating his constitutional rights. Sagehorn was the captain of the school’s football and basketball teams, and by all accounts had a spotless disciplinary record—save for one parking ticket at the school.

Sagehorn, who declined to comment for this story, is now a student at North Dakota State University.

Read 12 remaining paragraphs | Comments

epic, Freedom of information act, Law & Disorder, lawsuits, mobile phone service, national security

Will Supreme Court force DHS to divulge secret plan to cut cell service?

The Supreme Court was asked in a petition to force the government to disclose the US clandestine plan to disable cell service during emergencies.

The case concerns Standard Operating Procedure 303. A federal appeals court in May said the government did not have to release its full contents because the Freedom of Information Act (FOIA) allows the authorities to withhold records if they would “endanger” public safety.

The Electronic Privacy Information Center told the high court’s justices Tuesday that the US Court of Appeals for the District of Columbia Circuit’s decision created a new “catchall provision that can be used in any case involving records related to domestic and national security programs.” (PDF)

Read 3 remaining paragraphs | Comments

AT&T, Comcast, Ministry of Innovation, verizon, video, Watchable, Xfinity, YouTube

Comcast will launch short-form video platform in coming weeks

Comcast has long been rumored to be developing a short-form video platform, but now it appears the platform has a name and a time frame. Apparently, the platform could be called “Watchable”—although the name is not set in stone yet—and it will be launching in the next few weeks.

Business Insider reports that Comcast’s platform will host videos produced by Vox and Buzzfeed, which are backed by Comcast, in addition to videos made by “lifestyle and comedy sites like AwesomenessTV, Refinery29, and The Onion, news sites like Mic and Vice, as well as legacy brands like NBC Sports.” The video producers have agreed to let Watchable stream any unlicensed, original videos, which will be curated for Comcast customers that have an Xfinity X1 set top box, so the Web videos would appear alongside more traditional TV.

Video producers might be interested in distributing to Comcast’s new platform because of its advertising muscle. A source speaking to Business Insider said that the company wouldn’t pay its short-form video producers any licensing fees, but they would a portion of any advertising revenue. Also, the deals will be non-exclusive, so producers will be able to post the video in multiple places.

Read 1 remaining paragraphs | Comments