Google’s latest security move, Hacking the VMU, and more news

The latest Ethereum hack and the security corner round out the news. Read on...

Share this using the hashtag #SWE.

Google’s latest security move: warnings. Turns out that Google doesn’t want G Suite users to be as easily phished, so they’ve decided to add a ‘verification’ system for OAuth-connected apps, with a warning dialog box for unverified apps. Learn more in my video.

Debugging is fun. Developer Scott Hanselman tells us this tale of 13 hours spent debugging a program that was segfaulting when he tried to run it after transferring it to his Raspberry Pi. The root cause ended up being a setting… so the post is really a lesson to investigate defaults.

AMD does not plan to open source their PSP. The processor manufacturer had made waves a while back when promising to “look into” open sourcing their equivalent of the Intel Management Engine backdoor coprocessor, but confirmed in their EPYC Q&A (skip to about 35:30) that they will not be doing so, instead having an unnamed company ‘vigorously test’ the PSP’s code. Sad day for anyone hoping to actually know what’s running on what is ostensibly their computer.

How to say you’re a hacker. The comments in this Hackaday post discuss how to find work in tech hacking without necessarily having a coherent background and without there readily being a word to describe the kind of thing that tinkerers want to do. It’s worth a read to learn about how people from nontraditional backgrounds have be successful.

Running code on the Dreamcast VMU. The comments in this Hackaday post are mostly of the “whoa, neat” variety, but this post discusses how one hacker got Flappy Bird running on the tiny little memory card/tamagotchi-alike.

More random dice through computer vision and custom hardware. Check the story of how gamesbyemail.com created a physical device to roll dice and use a computer vision system to read the results of the rolls. It’s a fun read and the video is great to see (and hear) exactly how the system works.

Bloom filters 101. Want to learn about how to use Bloom filters? Check out this page that explains what they are and how to use them with examples.

Verizon Wireless ‘tested’ video throttling. I’m sure this only became a ‘test’ because they got caught, but Verizon Wireless last week throttled connections to Netflix and other video providers without informing customers. The throttling (to 10 Mbps) applied to every Verizon user. Verizon insists the throttling is part of “video optimization” technology. Sure, optimizing Verizon’s profit margin perhaps.

How can your location be tracked via cell phone? There are lots of ways. Read some of them in this post from the HFT guy. Warning: math/geometry ahead.

In the security corner this week: Ethereum, jail time for the Citadel creator, and a robot meets a watery demise.

• In news I’m certain surprised absolutely nobody, another smart contract platform in Ethereum had a giant bug and caused damages of at least $30 million. This post explains what happened in more detail, as does my video. Ethereum’s answer the last time a vulnerability in a smart contract was exploited was to pretend the exploit never happened (by doing a hard fork) - something that it appears will not happen again. How can you keep a cryptocurrency wallet safe? Check out this post - although it’s worth noting that having a paper wallet would not have saved you from this attack.
• The author of Citadel malware will spend some time in a citadel. Russian hacker Mark Vartanyan, the creator of the Citadel trojan which lead to over $500 million in losses for banks, was sentenced to five years in prison. Crime doesn’t always pay.
• Stairs are apparently still difficult for robots to understand, as evidenced by a photo that went viral of a Knightscope K5 security robot in a pond. The maker of the robot called the robot’s apparent suicide an ‘isolated incident.’

Thanks for reading – as always, if you have feedback, or think there’s something I should cover next time, leave a comment!

Cover photo: Google Protect, unveiled at I/O 2017. Maybe they'll expand the branding for the OAuth warning nag. Photo ? Eric Risberg/AP