Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushback -- including a threat of charges under the Computer Fraud and Abuse Act. DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."
The company says they're now investigating "unauthorized access of one of DJI's servers containing personal information," adding that "the hacker in question" refused to agree to their terms and shared "confidential communications with DJI employees."
The dispute stems from an article EFF published in June 2016, featuring GEMSA in its "Stupid Patent of the Month" series. The GEMSA patent is for a "virtual cabinet" to store data. In the article, EFF staff attorney Daniel Nazer called GEMSA a "classic patent troll" that uses its patent on graphic representations of data storage to sue "just about anyone who runs a website." The article also says GEMSA "appears to have no business other than patent litigation."
The judge granted EFF a default judgment, saying the Australian court's injunction was not only unenforceable in the United States but also "repugnant" to the U. S. Constitution.
Specifically, an analysis of argon isotopes contained in crystals from the Bishop Tuff -- the large rocky outcrop produced when the Long Valley Caldera was created -- shows the magma from the supereruption was heated rapidly, not slowly simmered. Geologically speaking, that is -- meaning the heating forces that produced the supereruption occurred over decades, or perhaps a couple of centuries. (A long time for people, sure, but a blink of an eye in the life-time of a supervolcano.) The reasoning is that argon quickly escapes from hot crystals, so it wouldn't have a chance to accumulate in the rock if the rock were super-heated for a long time... Unfortunately, while scientists are doing everything they can to read the signs of volcanic supereruptions -- something NASA views as more dangerous than asteroid strikes -- the reality is, the new findings don't bring us any closer to seeing the future.
"This does not point to prediction in any concrete way," warns geologist Brad Singer, "but it does point to the fact that we don't understand what is going on in these systems, in the period of 10 to 1,000 years that precedes a large eruption."
In an effort to force the state to scrap the system, a number of Georgia voters bandied together and sued. They asked for an independent security review of the server, expecting to find flaws that would lend weight to their argument for investment in a more modern and secure system. But emails released this week following a Freedom of Information Act request reveal that technicians at the election center deleted the server's data on July 7 -- just days after the lawsuit was filed. The memos reveal multiple references to the data wipe, including a message sent just last week from an assistant state attorney general to the plaintiffs in the case. That same email also notes that backups of the server data were also deleted more than a month after the initial wipe -- just as the lawsuit moved to a federal court. It is unclear who ordered the destruction of the data, and why, but they have raised yet more suspicions of collusion between the Trump campaign team, the Republican Party, and the Russian government.
Fanuc's clients include Amazon and Tesla, but U.S. orders "are dwarfed by those from China -- some 90,000 units, almost a third of the world's total industrial robot orders last year."
The botnet reuses some Mirai source code, but it's unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet's author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there.
Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that "This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."