Error’d: Luck of the Draw

"One of these icons closes the current window, one completely exits the program," observed Sam Oldak.

 

"Anna asked me if she was helpful and I tried to be honest," wrote Virginia, "Part of the problem could be she doesn't understand the most important word in the English language."

 

"I spotted this amazing offer in WH Smith a while back. I decided not to go for it though," wrote Colin Cameron.

 

"Not only do they not have technology to add spaces to their error messages," writes Aiden, "the monospace messages don't even fit in the div properly."

 

Daniel apparently likes to plan things well in advance.

 

Jack Botner received this less-than-stellar offer after purchasing an item on eBay.

 

"I thought I was just saving a nine page PDF, but I must've miscounted. Apparently the real number was 18,446,744,073,709,600,000," wrote Brett.

 

Steve Jones wrote, "The box it came in definitely implied that printing was a supported feature."

 

Huge natural gas producer severs Website, email after malware attack

A liquefied natural gas plant in operation.

One of the world’s biggest producers of liquefied natural gas has been hit by a malware attack that has taken down its website and e-mail servers. This is the second documented computer attack to hit a large energy company this month.

Officials with Qatar-based RasGas first identified an “unknown virus” on Monday and took their RasGas.com website and e-mail servers offline in response, Bloomberg News and other news agencies reported on Thursday morning, citing company representatives. Operational systems weren’t affected and production and deliveries remain intact. A joint venture between Qatar Petroleum and ExxonMobil, RasGas exports about 36.3 million tons of liquefied natural gas per year.

News of the attack comes four days after Saudi Aramco, the world’s largest oil producer, confirmed it was the victim of a separate malware attack that took down 30,000 workstations. The assault against the Saudi Arabia-based company was launched on August 15 as the malware entered through its network of personal computers. Oil production wasn’t affected, company officials have said.

Read 6 remaining paragraphs | Comments

IBM taking two paths toward making solar power cheaper than fossil fuels

IBM’s thin film device under test.
IBM

The price of photovoltaic hardware has dropped so dramatically in recent years that, according to some projections, a well-sited panel may become competitive with fossil fuels before the decade is out. To reach that point, which comes when panels cost below $2 per Watt, prices will have to continue their steep decline. During our visit to IBM’s Watson research center, we talked to two people who are working on ways to drive the cost down—but they are taking radically different approaches.

The panels that most people are familiar with use silicon as a semiconductor. That has a few advantages, like cheap raw materials and reasonably high efficiency. But manufacturing panels remains expensive, and there aren’t obvious ways of squeezing large gains in efficiency out of standard silicon. So, IBM is looking at materials that don’t involve silicon: thin films and concentrating photovoltaics.

Thin is in

We talked with David Mitzi, who manages the thin film project. These materials currently tend to be less efficient than silicon-based devices, but they have a large advantage: they can be much less expensive to manufacture. One key to this difference is that the boundaries between crystals in thin-film materials don’t pose a barrier to the charge carriers (electrons and holes) generated by incoming light. While high performance silicon cells require a manufacturing technique that produces a single large crystal, it’s possible to use polycrystalline forms of thin film materials.

Read 15 remaining paragraphs | Comments

Password hints easily extracted from Windows 7, 8

Output of a Metasploit Meterpreter session that extracts Windows 7 and Windows 8 password hints.

Our recent feature on the growing vulnerability of passwords chronicled the myriad ways crackers extract clues used to guess other people’s login credentials. Add to that list a password reminder feature built in to recent versions of Microsoft’s Windows operating system.

It turns out the password clues for Windows 7 and 8 are stored in the OS registry in a scrambled format that can be easily converted into human-readable form. That information would undoubtedly be useful to hackers who intercept a cryptographic hash of a targeted computer, but are unable to crack it. Jonathan Claudius, the SpiderLabs vulnerability researcher who documented the new Windows behavior, has written a script that automates the attack and added it to Metasploit, an open-source toolkit popular among whitehat and blackhat hackers alike.

The clue is added to the OS registry when users configure a Windows account to provide a hint about the password needed to access it. When he first saw the long string of letters and numbers that stored the hint, he thought it had been encrypted. Upon further examination, he learned that an eight-line Ruby script quickly decoded the text chunks.

Read 3 remaining paragraphs | Comments

Chinese Gang Sells Fake Professional Certifications

They were able to hack into government websites:

The gang’s USP, and the reason it could charge up to 10,000 yuan (£1,000) per certificate, was that it could hack the relevant government site and tamper with the back-end database to ensure that the fake cert’s name and registration number appeared legitimate.

The gang made £30M before being arrested.

$200 for a Fake Security System

This is pretty funny:

  • Moving red laser beams scare away potential intruders
  • Laser beams move along floor and wall 180 degrees
  • Easy to install, 110v comes on automatically w/timer

Watch the video. This is not an alarm, and it doesn’t do anything other than the laser light show. But, as the product advertisement says, “perception can be an excellent deterrent to crime.” Although this only works if the product isn’t very successful — or widely known.

Hotel Door Lock Vulnerability

The attack only works sometimes, but it does allow access to millions of hotel rooms worldwide that are secured by Onity brand locks. Basically, you can read the unit’s key out of the power port on the bottom of the lock, and then feed it back to the lock to authenticate an open command using the same power port.