For the historical record: Paul Walker.
Archive for the ‘Cars’ Category
(If you have to put this much effort into “saving” commercial radio, is it really worth saving?)
I’m not a huge NASCAR fan: if I’m home and a race is televised, I’ll put it on as background noise, and I’d happily go to a race if someone invited me. But my life doesn’t revolve around it. With that said, this is interesting:
Ryan Newman replaced Martin Truex Jr. in the Chase for the Sprint Cup championship on Monday night when NASCAR penalized Michael Waltrip Racing for manipulating the outcome of last weekend’s race.
Michael Waltrip Racing was fined $300,000, and general manager Ty Norris received an indefinite suspension. Truex, Bowyer and Vickers were docked 50 points apiece — but Bowyer’s deduction does not affect his position in the Chase, which begins Sunday at Chicago.
Isn’t “manipulating the outcome” of a race pretty much what every racing team tries to do? Is this example just particularly egregious? (And I find it surprising that there’s been no FARK thread on this yet.)
(Edited to add: Thanks to Ben for his thoughtful and enlightening comments, which you should really go read now. Also, FARK did put up a thread after I posted this.)
Ford stopped making the police variant of the Crown Victoria in 2011. We’re now in 2013, and police departments are starting to retire the last of the Crown Vics.
Law enforcement is a practical, left-brain business of protocol and procedure. But a discussion of the Crown Vic brings out a romantic side. The traditions and symbols of life behind the badge become intertwined with its tools. Two tons of rear-wheel drive and a V-8 engine up front made for a machine that could feel safe at any speed, a reliable nonhuman partner when things got crazy.
I have flirted from time to time with the idea of purchasing a former cop car as a backup vehicle. (“It’s got a cop motor, a 440 cubic inch plant, it’s got cop tires, cop suspensions, cop shocks.”) Problem is, the state surplus store wants nearly $6K for used DPS cars; at that price, I could go get a used Miata or Outback instead.
The 1933 double eagle is on display at the New York Historical Society. I’ve written previously about the strange history of the 1933 double eagle, and the linked NYT article contains a good summary, too.
Yeah, I know, I’ve been quiet. Much of Friday’s blogging time was eaten by Bluehost instability, and Saturday and Sunday were busy.
But I do have some updates and links.
- Slides for Benjamin Caudill’s “Offensive Forensics – CSI for Bad Guys” are here. See also his post on the Rhino Security Labs blog.
- Amber Baldet has a post up with links to the slides from her “Suicide Risk Assessment & Intervention Tactics” talk, and some additional resources. I’m not on Twitter, so I can’t add to the support she’s been getting there. But I will say, again: thank you, Amber, for doing this.
- Amir Etemadieh and the other Google TV hackers have a page up at the GTVHacker site with slides and resources from their DEFCON 21 presentation, “Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot”. There is also a blog entry that (I think) gives a little more context to the slides.
- Dan Crowley, David Bryan, and Jennifer Savage have slides, a white paper, and sample code from their presentation at Black Hat, “Home Invasion 2.0 – Attacking Network-Controlled Consumer Devices” up at the Black Hat site. From the descriptions, I assume tha the DEFCON 21 version is very similar to the Black Hat one.
- Chris Valasek and Charlie Miller have a blog entry up at IOActive with links to the content and their white paper on “Adventures in Automotive Networks and Control Units”.
- The LMG Security blog has a post up with links to the white paper and source code from the Sherri Davidoff/Randi Price/David Harrison/Scott Frethem talk, “Do-It-Yourself Cellular IDS”.
- Ryan W. Smith has a post up at the Lookout blog about the talk he did with Tim Strazzere, “DragonLady: An Investigation of SMS Fraud Operations in Russia”. That post, in turn, links to the white paper summarizing their presentation.
- I haven’t found the DEFCON slides for Joseph Paul Cohen’s “Blucat: Netcat For Bluetooth” presentation yet. But here’s the Blucat SourceForge page, which includes slides from a couple of other conferences, and the source code, and Mac OS X binaries for 10.6 and 10.8. Wow. I got more than what I asked for. (Edited to add 8/6: Mr. Cohen has added the DEFCON 21 slides. Praise be unto him, and may flights of angels sing him to sleep.)
- The slides for Aaron Bayles’ “Oil and Gas Infosec 101″ talk are here.
I’m going to cut things off here for right now. I’m still trying to find links to some of the other presentations I mentioned (in particular, I’d love a link of some sort to Anch’s “Pentesters Toolkit” if anyone has one) and will post updates as they come in. Depending on what I dig up, there may be a second post tomorrow. In the meantime, this should keep you busy.
Just because I’m not going to DEFCON 21 doesn’t mean I can’t try to cover it. From 1,500 miles away. Sort of half-assedly.
DEFCON hasn’t even started yet, but Black Hat is going on, and some stuff is coming out. The biggest story so far has been Barnaby Jack’s death. I haven’t mentioned it previously because I’ve felt like it was well covered elsewhere (even FARK).
Another “big” (well, I think it is) story that I haven’t seen very much coverage of is the phone cracking bot. Justin Engler (@justinengler on Twitter) and Paul Vines, according to the synopsis of their talk and the linked article, built a robot for under $200 that can brute force PINs. Like the one on your phone.
Robotic Reconfigurable Button Basher (R2B2) is a ~$200 robot designed to manually brute force PINs or other passwords via manual entry. R2B2 can operate on touch screens or physical buttons. R2B2 can also handle more esoteric lockscreen types such as pattern tracing.
This is one I’ll be keeping an eye on.
Borepatch is in Vegas this year, attending both Black Hat and DEFCON. He’s got a couple of posts up: a liveblog of the NSA director’s presentation at Black Hat, and another post about the links between black hats and political candidates.
So the DEFCON schedule is up. If I was going, what would get me excited? (I’ve included the Twitter handles of the speakers from the DEFCON 21 schedule information; I figure this gives a central source for looking up someone’s feed and getting copies of their presentation.)
From Thursday’s talks: I’d probably go to “Hacker Law School“, as I’m a frustrated wanna-be lawyer anyway. Why not?
Anch’s (@boneheadsanon) “Pentesters Toolkit” talk makes my heart skip a beat:
You’ve been hired to perform a penetration test, you have one week to prepare. What goes in the bag? What is worth lugging through airport security and what do you leave home. I’ll go through my assessment bag and show you what I think is important and not, talk about tools and livecd’s, what comes in handy and what I’ve cut out of my normal pen-test rig.
Push some more of my buttons, please.
The Aaron Bayles (@AlxRogan) “Oil and Gas Infosec 101” talk kind of intrigues me, but it would depend on my mood at the time as to whether I went to that one, or skipped out for a break.
Likewise with the Beaker and Flipper talk on robot building: yeah, robot building is something I’m interested in doing, but I might just be in a mood to visit the Atomic Testing Museum instead, and read your slides later. Nothing personal: I’m sure it will be a great talk.
I’m intrigued by the ZeroChaos (@pentoo_linux) panel on the Pentoo LINUX distribution for penetration testing. I’m not sure how that differs from, say, BackTrack, but I’d probably show up just so I could find out.
The “Wireless Penetration Testing 101 & Wireless Contesting” talk by DaKahuna and Rick Mellendick (@rmellendick) hits yet another of my hot buttons. I can’t tell from the description how much of this is going to be describing contests in the Hacker Village, and how much will be practical advice, but I’d show up anyway.
That takes us into Friday. Just from a preliminary look at the schedule, it looks like the big thing this year is hacking femtocells. Doug DePerry (@dugdep) and Tom Ritter (@TomRitterVG) are doing a talk on “I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell”:
During this talk, we will demonstrate how we’ve used a femtocell for traffic interception of voice/SMS/data, active network attacks and explain how we were able to clone a mobile device without physical access.
The Charlie Miller (@0xcharlie) and Chris Valasek (@nudehaberdasher) talk, “Adventures in Automotive Networks and Control Units“, sounds interesting as well. I’m just slightly more interested in femtocells than automotive hacking, so apologies to Mr. Miller and Mr. Valasek: if the two weren’t in conflict, I’d hit your talk for sure.
And if you haven’t been to a software defined radio talk, Balint Seeber’s (@spenchdotnet) sounds promising.
“The Secret Life of SIM Cards” by Karl Koscher (@supersat) and Eric Butler (@codebutler) intrigues me the most out of the 11:00 talks. And I’m kind of interested in the Ryan W. Smith (@ryanwsmith13) and Tim Strazzere “DragonLady: An Investigation of SMS Fraud Operations in Russia” presentation because, well…
This presentation will show key findings and methods of this investigation into top Android malware distributors operating in Russia and the surrounding region. The investigation includes the discovery of 10’s of thousands of bot-controlled twitter accounts spreading links to this type of SMS fraud malware, tracing distribution through thousands of domains and custom websites, and the identification of multiple “affiliate web traffic monetization” websites based in Russia which provide custom Android SMS fraud malware packaging for their “affiliates”. During this investigation we have mapped out an entire ecosystem of actors, each providing their own tool or trade to help this underground community thrive.
There’s not much that intrigues me after Benjamin Caudill’s (@RhinoSecurity) presentation on “Offensive Forensics: CSI for the Bad Guy“. If I was at DEFCON, this is the time where I’d probably be browsing the dealer’s room, though I might go to the Amir Etemadieh (@Zenofex)/Mike Baker (@gtvhacker)/CJ Heres (@cj_000)/Hans Nielsen (@n0nst1ck) Google TV panel: these are the same folks who did the Google TV talk at DEFCON 20.
I feel kind of conflicted at 4:00. The Daniel Selifonov talk, “A Password is Not Enough: Why Disk Encryption is Broken and How We Might Fix It” sounds interesting. But I’m also intrigued by the “Decapping Chips the
Easy Hard Way” with Adam Laurie and Zac Franken. Decapping chips is something I’ve been fascinated by, and it looks like Adam and Zac have found methods that don’t involve things like fuming nitric acid (and thus, are suitable for an apartment).
This is also the time when we, once again, present the “Hippie, please!” award to Richard Thieme for “The Government and UFOs: A Historical Analysis“.
I’m slightly intrigued by Nicolas Oberli’s (@Baldanos) talk about the ccTalk protocol, “Please
Insert Inject More Coins”:
The ccTalk protocol is widely used in the vending machine sector as well as casino gaming industry, but is actually not that much known, and very little information exists about it except the official documentation. This protocol is used to transfer money-related information between various devices and the machine mainboard like the value of the inserted bill or how many coins need to be given as change to the customer.
Saturday morning, we have the second femtocell talk, “Do-It-Yourself Cellular IDS”, by Sherri Davidoff (@sherridavidoff), Scott Fretheim, David Harrison, and Randi Price:
For less than $500, you can build your own cellular intrusion detection system to detect malicious activity through your own local femtocell. Our team will show how we leveraged root access on a femtocell, reverse engineered the activation process, and turned it into a proof-of-concept cellular network intrusion monitoring system.
More than likely, I’d hit the Daniel Crowley et al (@dan_crowley) talk, “Home Invasion 2.0 – Attacking Network-Controlled Consumer Devices“, and the Philip Polstra (@ppolstra) presentation “We are Legion: Pentesting with an Army of Low-power Low-cost Devices“. I’m particularly intrigued by the Polstra talk, as one of my areas of interest is how small can we make devices that can still do useful hacking? What’s the smallest feasible wardriving system, for example?
I do want to give Jaime Sanchez (@segofensiva) a shout-out for his talk on “Building an Android IDS on Network Level“. This is worth watching.
I’d have to go to the Phorkus (@PeakSec)/Evilrob “Doing Bad Things to ‘Good’ Security Appliances” talk:
The problem with security appliances is verifying that they are as good as the marketing has lead you to believe. You need to spend lots of money to buy a unit, or figure out how to obtain it another way; we chose eBay. We now have a hardened, encrypted, AES 256 tape storage unit and a mission, break it every way possible!
Because, tape! But the Wesley McGrew “Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices” talk also interests me.
The PIN cracking device talk is on Saturday, opposite Amber Baldet’s (@AmberBaldet) talk on “Suicide Risk Assessment and Intervention Tactics“. I’m glad DEFCON accepted her talk, and I am looking forward to seeing the presentation online.
Also noteworthy, I think: James Snodgrass and Josh Hoover (@wishbone1138) on “BYO-Disaster and Why Corporate Wireless Security Still Sucks“.
Todd Manning (@tmanning) and Zach Lanier (@quine) are doing a presentation on “GoPro or GTFO: A Tale of Reversing an Embedded System“. I don’t have a GoPro (yet) or much of a use for one (yet) but I think they are interesting devices, so I’ll be watching for slides from this talk. Same for the conflicting Melissa Elliott talk, “Noise Floor: Exploring the World of Unintentional Radio Emissions“.
This takes us to Sunday. There’s not a whole lot that really turns me on early, though I admit to some interest in the Jaime Filson/Rob Fuller talk on harvesting github to build word lists:
I like the idea behind John Ortiz’s “Fast Forensics Using Simple Statistics and Cool Tools“, and he teaches at the University of Texas – San Antonio, so I’d probably go to that.
Now is when things start heating up from my perspective. Joseph Paul Cohen is giving a talk on his new tool, “Blucat: Netcat For Bluetooth“:
Holy crap, this sounds awesome. All I ask for is code that compiles.
(Unfortunately, this is up against the Eric Robi (@ericrobi)/Michael Perklin talk on “Forensic Fails“, which sounds like fun. But Bluetooth hacking is a big area of interest for me; sorry, guys.)
Speaking of Bluetooth hacking, Ryan Holeman (@hackgnar) is doing a talk on “The Bluetooth Device Database”. Which is exactly what it sounds like:
During this presentation I will go over the current community driven, distributed, real time, client/server architecture of the project. I will show off some of analytics that can be leveraged from the projects data sets. Finally, I will be releasing various open source open source bluetooth scanning clients (Linux, iOS, OSX).
Dude lives in Austin, too! Holy crap^2!
And that takes us through to the closing ceremonies and the end of DEFCON 21. I will try to link to presentations as they go up, significant news stories, other people’s blogs, and anything else I think you guys might be interested in. If you have specific requests or tips, please either let me know in comments or by email to stainles at mac dot com, stainles at gmail dot com, or stainles at sportsfirings dot com.
This story has been buried; I had to dig pretty far down in the HouChron sports section to find it.
Formula One boss Bernie Ecclestone has been charged by German prosecutors with bribery in connection with the sale of a stake in the global racing series.
Ecclestone has been under investigation since a German banker was convicted of taking an illegal payment from him worth $44 million.
The court said in a statement Wednesday that Ecclestone had been charged with bribery and incitement to breach of trust in connection with [Gerhard] Gribkowsky’s [the German banker in question - DB] management of BayernLB’s stake in F1. It said the indictment was dated May 10 and has since been translated into English and delivered to Ecclestone and his lawyers.
The latest in-dash “infotainment” systems are turning into a giant headache for drivers. Problems with phone, entertainment and navigation functions were the biggest source of complaints in the latest J.D. Power & Associates survey of new-car quality, easily outstripping traditional issues such as fit and finish and wind noise.
But the next generation of in-car technology will get much more interesting, with embedded systems making a comeback of sorts, in more sophisticated form.
Such systems may focus on collecting data that only the car can provide — and transferring it to Web-based systems to large numbers of drivers. If cars signaled that their windshield wipers were on, for instance, that information could be fed into a navigation system that could warn other drivers of a rainstorm ahead.
Why do you need cars signaling that their windshield wipers are on to warn of a rainstorm ahead? I have a close friend who recently bought a 2013 Ford: it has weather information integrated into the navigation system. As I recall, his 2011 Ford had the same feature.
But my primary reason for blogging this is so I can link to episode 11 of the Neutral podcast, in which John Siracusa, Marco Arment, and Casey Liss discuss why car software stinks. I think all of the Neutral podcasts are worth listening to, but if you’re only going to listen to one, this is the one I’d recommend.
Last Friday, the city’s emergency manager, Kevyn D. Orr, started negotiations with creditors, asking them to accept pennies on the dollar for the $15 billion to $17 billion they are owed. Short of bankruptcy, he says, he has no plans to sell off assets.
But if Detroit does file for bankruptcy, one of the great tragedies (at least, according to the NYT) is that the historical society might have to sell off all or part of its collection of “62 lovingly maintained classic cars”. This collection includes a 1924 two-door Hupmobile, Henry M. Leland’s 1905 Cadillac Osceola, a 1960 Chevrolet Corvair…and an AMC Pacer as well as a 1984 Dodge Caravan.
I never did like The Dukes of Hazzard.
However, the Wikipedia page on the General Lee is interesting.
Even if it doesn’t go into specifics about what kind of gas mileage a 1968 or 1969 Dodge Charger gets. (I have seen estimates elsewhere on the Internet ranging from 9 MPG to 11-13 MPG, so perhaps that tweet isn’t too far off. But those estimates and Wikipedia are distinguished by a notable lack of sources.)
I found this at the grocery store yesterday, and it amused me even more than the NCIS car. Plus, you know, it is an actual Hot Wheels car, not some cheap knockoff.
I think this is going to wind up in my collection for now, as my brother’s youngest boy is just a little young to appreciate The Rockford Files. However, I am looking for a Hot Wheels Porsche 911, so the three of us can sit at the kitchen table with it and a copy of the June issue of Road and Track and have an intellectual discussion of why the handling on the early 911s was so vicious.
Actual headline on an AP story from the NYT:
Well, you see, when a mommy anteater and a daddy anteater love each other very much….
Obit watch: NASCAR driver Dick Trickle. The NYT obit (by way of the AP) is just awful: here’s a better obit from the HouChron.