Hasta La Gadget!

We’re not sure where to start with this one. It’s, in a word, unbelievable. Technologist Cody Oliver was digging through eBay for parts to build a robot car that Elon Musk could drive around Burning Man, when he came across surplus equipment from defense contractors Omnitech Robotics and Ionatron. The components were originally from the military’s Joint Improvised Explosive Device Neutralizers, or JINs — remote-controlled lightning guns designed to disable IEDs. But, the story quickly goes from interesting to terrifying. Oliver soon discovered the weapons were cobbled together largely from off-the-shelf parts, including a Linksys router with the serial numbers scraped off, and lacked even basic security. The now retired JINs were controlled over a standard 802.11 WiFi signal, with the encryption turned off — leaving the multimillion dollar devices vulnerable to insurgents. Ultimately the parts were deemed unfit for even Musk’s RC art car. You can read all of the horrifying details at the source link.

[Thanks, Chris]

[Image credit: Cody Oliver]

Military lightning gun parts sold on eBay, probably built in someone’s garage originally appeared on Engadget on Fri, 05 Aug 2011 20:34:00 EDT. Please see our terms for use of feeds.

Permalink   |  Wired  | Email this | Comments

Mere numbers aren’t enough to describe cash prizes for Microsoft, it seems. The firm’s inaugural Bluehat security competition’s introduction video opted for a clearer term: “mad loot, lots of it.” The big M hopes the hefty first prize of $200,000 will inspire the creation of the next generation of defensive computer security technology. The most innovative “novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities” (phew!) will take home the aforesaid mad loot, while second and third places will receive $50,000 and an MSDN Universal subscription, respectively. The winner won’t be announced until Blackhat 2012, of course, and applicants have until April to submit their prototypes and technical descriptions. Hit the break for the official announcement video, complete with CG backgrounds and prize euphemisms.

Continue reading Microsoft offers ‘mad loot’ Bluehat prize to entice security developers (video)

Microsoft offers ‘mad loot’ Bluehat prize to entice security developers (video) originally appeared on Engadget on Fri, 05 Aug 2011 09:22:00 EDT. Please see our terms for use of feeds.

Permalink   |  Microsoft  | Email this | Comments

Why do hackers hack? Why create a worm that sends out an email to everyone in your contact list, or a Trojan that deletes your term papers? Is it mischief, malice, money, or something else entirely? More »

Google, the service so great it became a verb, can now add security risk to its roster of unintended results. The search site played inadvertent host to remotely accessed Supervisory Control and Data Acquisition (SCADA) systems in a Black Hat conference demo led by FusionX’s Tom Parker. The security company CTO walked attendees through the steps required to gain control of worldwide utility infrastructure — power plants, for one — but stopped short of actually engaging the vulnerable networks. Using a string of code, unique to a Programmable Logic Controller (the computers behind amusement park rides and assembly lines) Parker was able to pull up a water treatment facility’s RTU pump, and even found its disaster-welcoming “1234” password — all through a Google search. Shaking your head in disbelief? We agree, but Parker reassured the crowd these types of outside attacks require a substantial amount of effort and coordination, and “would be extremely challenging to pull off.” Panic attack worn off yet? Good, now redirect those fears to the imminent day of robot-helmed reckoning.

Google search opens SCADA systems to doomsday scenarios originally appeared on Engadget on Thu, 04 Aug 2011 05:26:00 EDT. Please see our terms for use of feeds.

Permalink   |  CNET  | Email this | Comments

Mobile malware is nothing new, especially for Android users who have trained themselves to navigate the sometimes shady back alleys of the Market. The fine folks at CA Technologies came across an interesting new trojan though, that does something slightly more unnerving than max out your credit cards — it records your conversations. There’s no evidence that this has actually found its way into the wild yet, but it’s entirely possible that some nefarious developer could capture your calls and upload them to a remote server. Obviously, this wouldn’t hold much interest for your traditional cyber crook, but suspicious significant others and corporate spies could have a field day with such capabilities. All we can do is suggest you remain vigilant and maintain a healthy dose of paranoia about any apps on your phone.

New Android trojan can record phone calls, expose your embarrassing fantasy baseball talk originally appeared on Engadget on Tue, 02 Aug 2011 11:41:00 EDT. Please see our terms for use of feeds.

Permalink Pocket Now  |  CA Technologies  | Email this | Comments