Thursday, January 18, 2018
Home Tags Petrol

Tag: petrol

VW Group will invest $11.8 billion, plans 10 new EVs for China by 2020.
A mix of fully electric, plug-in hybrid, and mild hybrid vehicles are promised.
New air pollution plan is hard-hitting, but 23 years is a long time to wait.

Insert coin, drive home car

Carvana opens a five-story vending machine filled with petrol-head style goodies.
Sound familiar? Yes, you read it on El Reg last July The Ministry of Defence has today re-announced for the third time that it has awarded a £30m contract to build a great big feck-off laser cannon for zapping the Queen's enemies. Originally awarded in July 2016 to the Dragonfire consortium, the Laser Directed Energy Weapons (LDEW) contract immediately stalled after a challenge to the contract award by an unknown number of losing companies. The MoD eventually settled the contract dispute last September, stating at the time that the deal had gone through. While exciting, in the way that setting about an old shed with a sledgehammer and a couple of gallons of petrol is exciting, the LDEW project is certainly not new. The Dragonfire consortium – made up of BAE Systems, Leonardo (formerly known as Finmeccanica, parent company of infamous British helicopter firm AgustaWestland), Cambridge-based Marshall Defence and Aerospace, and Hampshire-based defence research company Qinetiq – is charged with building the demonstrator weapon, and a working prototype is hoped for by 2019. It will have to meet five criteria to satisfy defence chiefs, including tracking targets in all weathers, maintaining sustained operation over a period of time, and various safety-related criteria, mostly aimed at ensuring the laser's operators or innocent bystanders don't get accidentally fried. Harriet Baldwin, minister for defence procurement, said in a canned statement: "The UK has long enjoyed a reputation as a world leader in innovation and it is truly ground-breaking projects like the Laser Directed Energy Weapon which will keep this country ahead of the curve." The obvious long-term practical application for the laser would be aboard a warship, and perhaps one of the first aged Type 23 frigates to be retired in the next five or six years could have her hull life extended to serve as a trials platform. As the press get excited over the new laser cannon, however, it is important to remember that the Type 45 air defence destroyers are not completely reliable when operating in warm seas, HMS Queen Elizabeth's sea trials date is quietly slipping back, F-35 deliveries still continue at a pathetic drip-feed rate, and the RN still has no replacement anti-ship missiles lined up for when its current weapons are retired in 2018 – though sources tell El Reg that the UK is exploring options for this with France. Various news outlets including the BBC, the Sun and the Daily Star (traditionally a very fertile ground for planted Andy McNabb-type tales of carefully anonymised derring-do from the front line) decided to run this hoary old news about the laser cannon today as if it was actually new. It's one thing to get excited over a new giant zapper but it's begun to wear a bit thin after the third repetition without any actual progress having been made. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub
Account-sniffing electronics hidden in cash-machine slots Black Hat America's belated move to EMV (Europay, MasterCard and Visa) chip-equipped cards won't be the panacea some had hoped.

As it turns out, the cards are just as easy to clone as their magnetic stripe predecessors. At the Black Hat 2016 security conference in Las Vegas this week, engineers from Rapid7 demonstrated how a few small pieces of electronics could be used to stage a man-in-the-middle attack against an ATM. The shimmer device is so named because it is inserted in the card slot like a shim, and it then takes a snapshot of the transaction data as a request for cash is processed. Tod Beardsley, security research manager at Rapid7, told The Register that the equipment needed was tiny and could be installed quickly without access to the internals of the hardware. Once retrieved, he was able to use the information to set up fraudulent accounts and potentially start siphoning money. The now-traditional ATM spewing money shot Shimming systems have already started cropping up, particularly in areas of South America where tourists congregate, he said. With the introduction of chipped cards in the US you can expect shimmers to spread north, and he predicted that petrol pump card readers would be a likely target, since they are easily accessible and in frequent use. The move to chipped cards isn't all gloom and doom, however.

Data stolen from a magstripe card is easy to sell online and reuse on cloned cards for long periods after it's stolen. With chip cards, the window of opportunity to sell the information is much smaller.

Beardsley said that banks had gotten much better at spotting likely cases of fraud using the technique, and blocking access to accounts. Rapid7 has contacted vendors of ATMs to tell them about the research, and praised the pioneering work of the late Barnaby Jack for making this possible without lawsuit threats. Jack's ATM hacking nearly got him arrested, but these days manufacturers recognize that white-hat hackers can do them a lot of good. ® Sponsored: Global DDoS threat landscape report
Forget filter coffee, jerks in suits, and awful hors d'oeuvre.

Expect metal, craft beer and zero-days galore Special report In Australia and New Zealand, hackers are doing it for themselves by creating vibrant security conferences that run on their own terms and actively avoid the corporate-speak and fear-mongering that characterises so many vendor-led events. These conferences, or "cons", are booming and showcase security skills that rival the best the global security industry can offer. The hacker-run conferences are nothing like commercial technology confabs: vendor pitches are universally banned, so are trade show booths.

Bars replace bain maries full of conference casseroles and black metal-inspired custom shirts are the de facto uniform. At these events hackers reveal holes in the world's most popular technology and public transport systems to a soundtrack of sweeping moans of derision, laughter, and, for some cons, bursts of on-stage pyrotechnics. Most hacker presenters follow the modern line and push the companies they hack to fix holes ahead of their on-stage disclosures, yet blasé promises to fix earn retribution as zero-days are still dropped. Delegates at these cons are a mix of professional penetration testers and security admins, hackers of dubious history, curious developers, and students.
Some of those attending are partly responsible for defending the nation’s biggest and most important companies. Most of these volunteer-run and continually sold-out events cost between A$50 and A$150, with some occasionally free for the most broke hacker, and are home to a staple of community-run lockpick and capture the flag competitions lasting what is a typically two-day conference. After an arguable decade of hiatus, the cheap grassroots cons have spread out to cover almost all Australian states. Hackers have WAHCKON in Perth, CrikeyCon in Brisbane, Platypuscon in Sydney, BSides in Canberra, Unrest in Melbourne, and regional pillar Kiwicon in Wellington. These could not be further from the typical C-level security event where ticket prices demand up to A$2000, technical talks are scarce, and vendor booths and pressed suits are as prolific as branded backpacks. Of the six community cons, three have or will launch this year. What: BSides Canberra When: 17 - 18 March 2017 Where: Canberra How much: A$50 Who: Silvio, Kylie, Andrew, Rick, Ryan, Topy, Wily, Klepas, Iggy, Ed, Pete, Villain, Matt, Sam, George, Peter, Nathan, Neal, Joffy, and Paul. Stories: EFF revises IM safety ratings after pen testers pop 'secure' tools Lock-hackers crack restricted keys used to secure data centres Bug bounty blitzers open-source sick subdomain-spotter Plotting 'mass damage' in Australia? SMBs' crappy login hygiene really helps – hacker BSides Canberra, held on the shoulder of the Government’s large defence sector-orientated Australian Cyber Security Conference (ACSC), concluded its second and last day to a standing ovation.

The $50 hacker meet run by security pair Silvio Cesare and Kylie McDevitt sold out quickly. “There are many reasons we started BSides Canberra,” co-organiser Cesare says. “We wanted to provide a local conference for Canberra at which we could inspire the next generation of hackers.” The popular pair have a focus on encouraging new blood into the security sector at large, and more specifically into the conference circuit to consume and present new research.

To that end they have kept the ticket prices rock bottom to ensure it is accessible to anyone interested in the field. Sponsorship from community-centric security firms means the conference breaks even, throws two open-bar parties, and gives each of the 290 delegates a custom t-shirt and home-made Arduino badge that displays the conference running order.
Says Cesare: “… we think there will be people at corporate conference that will go nowhere near a hackercon and vice versa but there will also be an overlap,” Cesare says. “We don’t make a profit … this is just our passion.” Highlights of the con include auctioning nasty Oracle zeroday flaws – one written on a napkin – to fund a ‘steak dinner’ for the organisers, a “nail-biting” capture the flag competition decided in the last four minutes, and some delegate badge re-tweaking. What: Kiwicon When: 17 - 18 November Where: Wellington How much: About A$80 Who: A stable core 'Crüe' of Bogan, Pipes (retired), metlstorm, Sharrow, Ad, Vex, Madman, Squirrelboy, and Lisa, along with a retinue of volunteers who make the ship sail, and SiteHost who host the con's web presence gratis. Stories (2015): Kiwi hackers crack crap algo, showcase 40c-a-litre DIY fuel discounts Hundreds of thousands of engine immobilisers hackable over the net Overhaul Wassenaar or ruin next Heartbleed fix, top policy boffin says Brit-American hacker duo throws pwns on IoT BBQs, grills open admin Aussie hacker flips Coin into fraudster fob Brit hardware hacker turns Raspberry Pi Zeros into selfie slayers Kiwi hacker 'menace' pops home detention tracker cuffs Kiwicon celebrates its tenth year in November and is placed at the top of many Aussie and Kiwi hacker con wish lists.
It has ballooned in size from a small gathering at a university campus building to outgrow Wellington's iconic Opera House and the St. James Theatre. Local and overseas speakers come to offer technical strolls, highlight horrid holes in enterprise software and advice to improve delegates' exploitation prowess, and a litany of illustrations that paint the sorry state of information security.

This all takes place against a backdrop of metal music and pyrotechnics.

Attendees gain perspective on the event with the aid of local craft beer bearing Kiwicon insignia. "The genesis was simple; if the Aussies can do it, surely we can?" con organiser Metlstorm says. "How hard can it be to get 80 people in a room, talk about computer hacking, then go to the pub? … From there Kiwicon just burgeoned into a monster that fundamentally is built in our own image of not taking ourselves very seriously." Metlstorm among the pyrotechnics at Kiwicon 8.
Image: 4nitsirk What is now more of a "hacker themed variety show" Kiwicon has become a slick entertaining production that balances showmanship with technical content that guarantees the expanded 2200 seats this year will again fill fast.

The upcoming event will likely be the biggest antipodean security con, despite its banishment of the immortal trade event annoyances: "vendor shillin', big money illin', no booth babes, no booths, no paid talks, no swag bags full of crap you're gonna throw out immediately, no bullshit, and of course the sticker shock of the ticket price," the respected penetration tester says. Recent notable talks include William Turner's evisceration of then still-vulnerable Christchurch bus system, a feat which led to the then kid hacker winning 'most likely to be arrested' and, through subsequent bureaucratic hamfisting, led to admin credentials being disclosed in public freedom of information documents. Another year hacker Denis Andzakovic outfitted his Yamaha with a HUD and hardware to build a Wi-Fi war bike.

At last year's con two hackers displayed equal measures of daring and showmanship when revealing algorithm flaws that allowed Kiwis to print their own non-expiring discount petrol coupons scanned at the pump.

They even printed and successfully demonstrated the barcodes printed on teeshirts. Kiwicon is like all the community cons that followed it a manifestation of hacker imaginings. "We built the con we wanted to go to; cheap, real, friendly and interesting," Metlstorm says.

That probably excludes the national-security "F35-lovin'" conference crowd. "Tradeshow events showcase the root cause of the problems in the infosec industry," Metlstorm says. "We humbly aim to be the opposite". The con bears a different theme each year which of late tend to mock the corporate technology world and the military industrial complex: 'it's always 1989 in computer security' chimed one 8-bit motif, while "cyber-friends" was painted on Kiwicon 7 as an answer to the vacuous cries of cyber war. Still, Kiwicon is an inclusive event and Meltstorm welcomes the errant military industrial tradeshow traveller: "So, if the day comes when they're ready to accept empiricism into their cold dead hearts, after all their shit got owned via the security products they bought or sold, we'll be here still, actual practitioners doing the actual work that actually advances the state of the motherf**kin' art." What: Unrestcon When: 1 and 2 July Where: Melbourne How much: A$100 - A$130 Who: Wily, Nanomebia, Buffy, Filsy, Sully, Topy, McCormack, Liam, and a 'few other random miscreants'. Discount code: Enter code DARREN POORLY for a 10 percent discount on tickets. Unrest is a "brand spanking new" security con set to hold the first of what history says will be many events in Melbourne's north.

The hacker con is billed as an "audiovisual experience" which will eschew the traditional conference space along with its "filter coffee, jerks in suits, and awful hors d'oeuvre" for an unconventional audio-visual experience. The con with its fictitious Ministry of Unrest and Illuminati-esque iconography is home to promising technical and social engineering talks, workshops, and a chill-out art and gaming area. It is the brainchild of penetration tester, lockpicker, and hopeful comedian Wily. "We wanted to do something different," he says. "A non-traditional venue, no corporate sponsorship, low cost, and high impact." Wily gives a nod to Ruxcon, the established but more pricer Melbourne hacker con that since 2003 has regularly sold out with technical talks and workshops. "Ruxcon has been around in Australia since 2003, and has always brought together the Australian community," Wily says. "Other community hacker conferences have sprung up around the country, and there is certainly room for more of these events." Ruxcon will be held 22 and 23 October. There is, Wily says, space for both the pricer cons such as the recently held AusCERT corporate conference in Queensland's Gold Coast, and the more expensive Syscan technical hacker con in Singapore, and the grassroots community events. But without the big ticket price tag, Wily is merely aiming to break even: "We are hoping to break even, and if we're lucky we might," he says. When asked by Vulture South if he and his fellow con organisers 'hate money', the hacker sums up their collective commitment to community: "we are a bunch of overpaid infosec jerks". This Sydney startup con is a hands-on hacker meet where the policy is show up with a laptop or not at all.

Co-organiser lin_s has, with a little help from his friends, developed a conference that emphasises practical hacker experimentation. “We started the con and our community (Just Hack Shit) on the basis that we wanted to see something different from the traditional security content of just speakers talking at the audience,” she says. “We wanted to build a group where people from all walks of life could come and do infosec nerd stuff on the proviso that they had to participate.” It is a popular and unique concept born of a night spent on the museum lawns in Sydney’s Circular Quay where lin_s and her friends got together to hack in a capture the flag competition.

Total cost was munchies and beer. "It turns out lots of people were interested in this kind of thing - we couldn't find anything similar already, so we built something ourselves." Now in its fourth year, WAHCKon remains Perth's first and only hacker con home to a repeat solid line-up of security talks ranging from the technical to the absurd.

For the former, speakers this year detailed the security chops of Docker, the perils of SSL, and PHP malware debriding.

The latter was catered by the opening talk given by WAHCKon organisers who took delegates on a journey into the skulking malware PC assistant known as Bonzi Buddy who was this year's mascot. "These (grassroots cons) are absolutely a thing now, and we're continually hearing about new cons starting all over Australia," Kronicd says. "When we began there really wasn't anything of the sort." The Perth confab was fired up to bridge the 4000 kilometre void between Perth and Australia's big east coast cities. "Western Australia is pretty isolated from the community, and we saw that it just wasn't possible for a lot of less established hackers to attend existing hacker cons due to the prohibitive cost of travel and lack of corporate sponsorship," he says. WAHCKon 3 this year.
Image: Darren Pauli He also misses the casual vibe of bygone Aussie hacker cons, and so sought with colleagues to build the conference they wanted to attend. "The scene in Australia had become extremely corporate, and we wanted a return to the hacker cons we remembered -- we wanted to bring together the WA hacker community and to ensure that everyone had a chance to attend." To this end, organisers are willing to hand out free tickets to those who can't afford the $60 face price. Kronicd like his kin beg each year for their complicated conferences to come to an end, but persistent popularity serves as a defibrillator: "Honestly, we've wanted this to stop for years. We're tired. People keep showing up and incredible speakers keep submitting talks.
It really isn't up to us anymore." What: CrikeyCon When: 25 February 2017 Where: Brisbane How much: A$80 - A$150 Who: Wade Alcorn, Scotty Brown, Robert Winkel, Glyn Geoghegan, Gary Gaskell, Ashley Deuble, Anne Luk. CrikeyCon is another community-led charitable not-for-profit con based in Australia's Sunshine State that offers a diverse range of security talks and capture the flag and lock picking events over a day and a half.

Co-founder Wade Alcorn says the concept was found at the bottom of a beer glass in a Brisbane pub. "Crikey was born over a few beers between mates in Brisbane lamenting the lack of a local con," Alcorn says. "We wanted to give something back to the security community that's been great to all of us … and create a local event where people can share, learn and socialise with like-minded enthusiasts. The crew expected the first event to host numbers resembling a large night out, but instead 60 hackers turned up, with 150 attending cons soon after.

This year pulled 250. Those punters are a mix of hackers and business infosec types both of whom Alcorn credits with sufficient olfactory sense to sniff out the good cons from the bad. "True security nerds try to get to as many things as they can that they get value from - even if it is on their own time," he says. ® Sponsored: Rise of the machines