Voting machine makers are already worried about Defcon
Last year, Defcon’s Voting Village made headlines for uncovering massive security issues in America’s electronic voting machines. Unsurprisingly, voting machine makers are working to prevent a repeat performance at this year’s show.
According to Voting Village organizers, they’re having a tough time getting their hands on machines for white-hat hackers to test at the next Defcon event in Las Vegas (held in August). That’s because voting machine makers are scrambling to get the machines off eBay and keep them out of the hands of the “good guy” hackers.
Village co-organizer Harri Hursti told attendees at the Shmoocon hacking conference this month they were having a hard time preparing for this year’s show, in part because voting machine manufacturers sent threatening letters to eBay resellers. The intimidating missives told auctioneers that selling the machines is illegal — which is false.
Electronic voting machine manufacturers — and anyone with a stake in keeping their flaws secret — have oodles of reasons to prevent Defcon’s Voting Village from having a repeat performance of last year’s (perfectly legal) mass hacking of e-vote boxes.
Voting machine hacking at Defcon isn’t new; the conference has been joyfully cracking voting machines since 2004. The problems with voting machine security, and the industry’s unwillingness to acknowledge the problems discovered at Defcon, have ensured the voting machine hacking challenge has been coming back year after year.
In fact, the machines are so badly maintained, notoriously backdoored, and easily hacked that even Defcon hackers massively stress out in forums and chat spaces about their own local and federal voting process.
As you’d expect, e-vote machine hacking was more popular than ever last year at Defcon.
Voting machines displayed at Defcon’s Voting Village in Las Vegas, Nevada on July 29, 2017.
But 2017’s e-vote hackfest was markedly different because it was officially the first time a large-scale hack of voting machines had occurred (openly, anyway) because the act of hacking them is considered illegal. Not at Defcon’s 2017’s mass e-vote hack-a-palooza: That was thanks to the hard work of law professor Andrea Matwyshyn. She cleared the way for scores of hackers to legally throw everything they had at voting machines for all to see.
Voting machine makers with anything to hide couldn’t have been happy about that. If you remember the headlines after last year’s Defcon, the results that came out of the Voting Village were beyond problematic. Shocking, even.
Defcon’s hackers breached every single voting machine in the Village. Some in minutes; many in under an hour and a half. E-vote machines were popped by hackers without insider knowledge, and by hackers who didn’t even specialize in voting machines.
One attendee remarked on Twitter, “Horrifyingly, some were hacked wirelessly (ie no physical access). Many hadn’t had OS or basic software patches in over a decade.” They added, “Others had been sold off after use, but hadn’t been wiped; still had voter data on them. Didn’t hear of any with any credible audit trail.”
A hacker tries to access and alter data from an electronic poll book at Defcon’s Voting Village in Las Vegas, Nevada on July 29, 2017.
A journalist at the event tweeted: “One of the Express epollbooks at the Defcon voting machine hacking village had 600,000 voter reg records on it from Shelby County, TN.” Voting Village hackers also discovered that all Sequoia brand voting machines shared a common, hard-coded password.
Before the 2016 presidential election in the US, a study released by the Brennan Center called “America’s Voting Machines at Risk” stated forty-three states were using machines that were over a decade old in 2016. The report’s author Larry Norden said before the election “In 14 states, machines will be 15 or more years old.”
What’s worse, he added that “nearly every state is using some machines that are no longer manufactured and many election officials struggle to find replacement parts.” Before millions of electronic votes were cast for the next US president, Norden told press that “everything from software support, replacement parts and screen calibration were at risk.”
So it’s no wonder voting machine makers are keen to get their gear off eBay and keep it out of the hands of white-hat hackers equally keen to expose their collective security failings.
The Defcon Voting Village crew seems to be taking it as you’d expect — like a challenge. Harri Hursti is definitely having trouble, but said they scored at least one machine from “an e-cycling company [that] had bought 1,300 voting machines, which it acquired when the ceiling of the warehouse in which they were being stored collapsed.”
Hursti told press, “We found the company had already sold 400 of the machines, in some cases back to counties for voting duties.”
So, you know. This is fine.
Images: Steve Marcus / Reuters (Voting machine display, poll book hacking, I voted)
Google Bulletin is powered by your hyperlocal news updates
Google has been toying with the idea of hyperlocal news for a while now. It tested Google Now cards back in 2013 that could display information as close as your neighborhood, for example. The company’s latest take, Bulletin, is in testing as an app to create and instantly publish those hyperlocal stories from your phone. Currently only in early access in Nashville and Oakland, Bulletin encourages local journalists and everyday folk to capture a video, take a snapshot and build a story around events wherever they happen.
Google confirmed the project to Slate on Friday. “This is very much in the testing phase and aimed at hyperlocal stories and events for people to share, and for local media to take advantage of,” a Google spokesperson explained to Slate. “People everywhere want to know what is going on in their own backyard at a very local level, ranging from local bookstore readings to high school sporting events to information about local street closures.”
It’s not hard to see a tool like Bulletin as a boon to local reporters and news outlets looking for stories closer to home. While fake news might may be a concern for Google overall, this project seems focused on events and happenings rather than hard news stories. Either way it pans out, putting power like this in the hands of the people just might make a lot of sense for regional communities looking to share what’s going on in their own neck of the woods.
Via: Slate
Source: Google
Apple details the energy use of its always-on HomePod speaker
Now that the HomePod is nearly here, Apple is dribbling out details of what its first smart speaker will do… including, apparently, that it’s a power miser. The company has posted environmental data showing that the HomePod uses no more than 9.25W of power when playing music at 50 percent volume. As MacRumors noted, that’s less than the consumption of a typical LED light bulb (such as the 10W of a Philips Hue A19). You’re going to use more power if you crank it up, of course, but you probably won’t cringe at your electricity bill if you stream music all day.
And importantly, the speaker should consume little power when it’s silent. Apple said that the speaker draws a maximum of 1.76W in idle mode, or about 50 percent less than the latest Energy Star specs require. The trick, Apple says, is the combination of “optimized power management features,” such as dropping into low-power mode after 8 minutes of inactivity, and a high-efficiency power supply.
How well does this stack up to the competition? That’s difficult to say, but there are some ballpark figures to work with. E Source observed that the original Google Home speaker used around 2W while idle and 3W while playing at high volume, while the initial Amazon Echo used 2.8W at idle and 7W at high volume. The idle power draw is slightly better, then, but it’s hard to compare power use — the HomePod is clearly aimed more at premium connected speakers (like the Sonos Play:3 or Google Home Max) than the basic output of the Echo or Home. The one certainty is that Apple isn’t using so much more electricity that you’ll pay dearly for sweeter tunes… beyond the outlay for the speaker itself, of course.
Via: MacRumors
Source: Apple (PDF)
Facebook takes on Twitch and YouTube in game streaming push
Last year Facebook launched a Creator app for video hosts to create more video content for the social network. Now it’s doubling down on the concept, this time for those who make gaming videos. It’s a pretty clear bid to compete with YouTube, Twitch and Mixer for the attention of gaming fans who love watching other people play video games.
Facebook points to the success of gaming creators like StoneMountain64 (above), who has more than 1 million followers watching his Facebook Live streams of PUBG and Fortnite. The social network now allows creators in the program to stream in 1080p at 60 frames per second, the holy grail of gaming resolution.
The company also wants to add monetization systems for those in the creators program, likely through payments during live streams. On Saturday the 27th at 5:15 PM Pacific, Facebook will host an event on Daybreak’s H1Z1 Facebook page to bring dozens of these creators into the new program. The group includes livestreamers like Misses Mae, Doom49 and The Warp Zone. You’ll also see more of the creators at April’s PAX East conference.
Source: Facebook
Hawaii senator wants feds to handle future nuclear attack warnings
On January 13th, a statewide alert warned Hawaiians about an incoming nuclear attack — which turned out to be a mistake caused by human error. Whoops! The resulting finger-pointing revealed serious shortcomings about the state government’s disaster response, including the governor’s difficulty logging in to his Twitter account to tweet out an all-clear. But US senator Brian Schatz of Hawaii doesn’t think fixes are enough: He wants to take the responsibility for nuclear warnings away from local and state governments and give it to the feds alone.
Any city, county or state can participate in a program that lets them send these alerts, but it doesn’t make them experts, Schatz said in Congressional testimony at a hearing about the failure. So he proposed legislation with several other senators that would put the responsibility solely with the federal government.
“States are the laboratories for democracy, they should not be the laboratory for missile alerts,” Schatz said. “A missile attack is federal. A missile attack is not a local responsibility. Confirmation and notification of something like a missile attack should reside with the agency that knows first and knows for sure. In other words, the people who know should be the people who tell us.”
Specifically, the DoD and DHS should have the authority to send alerts, Schatz concluded. Also at the hearing, an FCC official described the agency’s investigation, which faulted inefficient safeguards and process controls for the false alert. The Hawaii Emergency Management Agency is currently working to add safeguards to prevent such a mistake from happening again by requiring two people to confirm a live alert before it goes off, according to CNET.
Via: CNET
Source: Big Island Video News
SpaceX’s Falcon Heavy launch is reportedly set for February 6th
It looks as though it’s finally happening. SpaceX’s Falcon Heavy rocket may have a launch date, according to Chris G. of NASASpaceflight.com. The rocket will launch no earlier than February 6th, with a window of 1:30 PM ET to 4:30 PM ET. There’s a backup window on February 7th, just in case. We’ve reached out to SpaceX for confirmation.
Guys… are you ready!? #FalconHeavy LAUNCH DATE!
February 6th, with a backup on the 7th.
Launch time is 13:30-16:30 EST (18:30-21:30 UTC)#ItsHappening
— Chris G – NSF (@ChrisG_NSF) January 26, 2018
This has been a long road for the Falcon Heavy, but SpaceX appears to be moving swiftly, following the successful static fire test earlier this week. It’s worth mentioning that this launch date is not set in stone; there’s a Falcon 9 launch that must happen next week to clear the way for the Falcon Heavy. Still, it’s exciting to have an actual date after so much waiting.
Source: Twitter
Washington state bill would make hard-to-repair electronics illegal
A number of states are considering right to repair bills, legislation which if passed would make it easier for individuals and repair shops to replace or repair electronics parts. Repair.org reports that 17 states have already introduced bills this year and while most aim to make repair parts and manuals accessible, Washington’s proposed legislation would straight up ban electronics that prevent easy repair. “Original manufacturers of digital electronic products sold on or after January 1, 2019, in Washington state are prohibited from designing or manufacturing digital electronic products in such a way as to prevent reasonable diagnostic or repair functions by an independent repair provider,” says the bill. “Preventing reasonable diagnostic or repair functions includes permanently affixing a battery in a manner that makes it difficult or impossible to remove.”
Motherboard reports that the bill is cosponsored by a dozen representatives, a group that includes both Democrats and Republicans, and was recently moved out of committee, meaning it’s closer to a vote than similar bills in other states. “With Apple phones in particular, they glue the battery in the case, so for me, that sounds like a purposeful attempt to make it so you couldn’t repair the phone,” Jeff Morris, the representative who introduced the bill, told Motherboard. “It helps accelerate the path of those devices to the waste stream. So we’re trying to keep the philosophy our state is behind, which is recycle, repair, reuse.”
Naturally, tech groups have jumped to make their opposition clear. In a letter to Morris, groups such as the Consumer Technology Association, the Telecommunications Industry Association and the Computer Technology Industry Association said the bill was “unwarranted” and added, “With access to technical information, criminals can more easily circumvent security protections, harming not only the product owner but also everyone who shares their network.”
The bill is still in its early stages, so there’s no guarantee it will pass. Also, the January 2019 cutoff that it currently sets for manufacturers to abide by the proposed legislation is very soon, which could cause some pushback, and not just from the tech industry. However, it’s an interesting addition to the pile of right to repair bills under consideration across the country and if it does pass, it stands to help consumers, third-party repair shops and even the environment.
Via: Motherboard
Source: Washington State Legislature (1), (2)
Roland announces software versions of its 808 and 909 drum machines
The Roland TR-808 and TR-909 are iconic drum machines that powered a ton of the music from the ’80s and ’90s. While both hardware units were recently revived as the TR-08 and TR-09, they haven’t been officially emulated in software yet. That changes now as Roland announces VST and AU plugins for both of the iconic rhythm modules (along with a new SRX Orchestra virtual instrument set) as part of the company’s Roland Cloud service.
The TR-808 and TR-909 virtual instruments are full reproductions of the original hardware, according to Roland. The SRX Orchestra is the first one of the SRX series Expansion Library (from the 2000s) available as a software instrument. Roland Cloud will be a suite of high-resolution software synths and sampled instruments that musicians will be able to pull from while creating their own musical works. It sounds similar to what Adobe has done with its own photo and graphics-based Adobe Cloud. All three new additions are headed as updates to the Roland Cloud service starting in February of this year.
Via: Fact Mag
Source: Roland
MacRumors Giveaway: Win an Anki OVERDRIVE Fast & Furious Edition Racing Game
For this week’s giveaway, we’ve teamed up with Anki to offer MacRumors readers a chance to win the Anki OVERDRIVE: Fast & Furious Edition iPhone-compatible racing game.
Anki OVERDRIVE is an intelligent battle racing system where players construct different battle tracks for AI-controlled cars to race on. Each car that races on the OVERDRIVE track is equipped with unique capabilities, strengths, and weaknesses and the idea is to pit your strategic skills against your friends or the computer to win.
With Anki OVERDRIVE, you don’t control the car yourself — you build the track and use your car’s features to win out against the opponent, initiating races via the iPhone and using your car’s unique abilities and weapons at the right times.
The latest version of Anki OVERDRIVE, the Fast & Furious Edition, is based on the “Fast & Furious” movie franchise. It comes equipped with unique cars from the “Fast & Furious” movies and a new game mode, Hyperspeed, that lets you cars race faster than ever.
Priced at $170, Anki OVERDRIVE Fast & Furious comes with a full track for you to build and super detailed replicas of movie vehicles, including Dom’s Ice Charger and Hobbs’ MXT. Each vehicle has unique skills, such as a Grappling Hook on Dom’s Ice Charger, which can slow down opponents while giving your car a boost, and Spike Strips for the MXT.
As for weapons, each car is equipped with short range, long range, and area of effect weapons, and there are a range of support items available like shields, tractor beams, scramblers, and boosts. Car abilities, items, and weapons can all be used during races with the Anki Overdrive app on the iPhone.
You can engage in six game modes, all with different gameplay mechanics: Race, Battle, Battle-Race, King of the Hill, Time Trial, and Takeover, and when not racing against friends, you’ll be able to race characters from the movie like Letty, Tej, Hobbs, and Dom.
We have three Anki OVERDRIVE Fast & Furious sets to give away to MacRumors readers. To enter to win, use the Rafflecopter widget below and enter an email address. Email addresses will be used solely for contact purposes to reach the winners and send the prizes. You can earn additional entries by subscribing to our weekly newsletter, subscribing to our YouTube channel, following us on Twitter, or visiting the MacRumors Facebook page.
Due to the complexities of international laws regarding giveaways, only U.S. residents who are 18 years or older and Canadian residents (excluding Quebec) who have reached the age of majority in their province or territory are eligible to enter. To offer feedback or get more information on the giveaway restrictions, please refer to our Site Feedback section, as that is where discussion of the rules will be redirected.
a Rafflecopter giveawayThe contest will run from today (January 26) at 11:30 a.m. Pacific Time through 11:30 a.m. Pacific Time on February 2. The winners will be chosen randomly on February 2 and will be contacted by email. The winners will have 48 hours to respond and provide a shipping address before new winners are chosen.
Tags: Anki, Anki Overdrive, giveaway
Discuss this article in our forums
Apple Releases First Beta of macOS High Sierra 10.13.4 to Public Beta Testers
Apple today released the first beta of an upcoming macOS High Sierra 10.134 update to public beta testers, two days after seeding the update to developers and a few days after releasing macOS High Sierra 10.13.3.
Beta testers who have signed up for Apple’s beta testing program will be able to download the new macOS High Sierra beta through the Software Update mechanism in the Mac App Store.
Those who want to be a part of Apple’s beta testing program can sign up to participate through the beta testing website, which gives users access to iOS, macOS, and tvOS betas.
macOS High Sierra 10.13.4 introduces support for some features that are also available in iOS 11.3, like Messages on iCloud, which uploads all of your iMessages to the cloud. It will also support Business Chat, a feature coming when iOS 11.3 and macOS 10.13.4 are released to the public.
The new macOS update also includes the smoke cloud wallpaper that was previously only available on the iMac Pro, and it introduces a warning when opening up a 32-bit app as part of an effort to phase them out.
In the future, Apple plans to phase out 32-bit Mac apps, just like it did with 32-bit iOS apps. Apple says macOS High Sierra is the last version of macOS that will support 32-bit apps without compromises.
Related Roundup: macOS High Sierra
Discuss this article in our forums
AIVAnet 