The flaws in smart contracts and the security corner round out the news. Read on...
The Russian cheats who won millions on US poker machines weren't riding a lucky streak — they used the maths behind the seemingly random play of poker machines to really shorten the odds in. Online gambling news in Russia keeps reporting about the group of hackers who found out how to trick a slot machine. One of the best slot machine cheats of all time is actually quite elegant. Especially casinos cannot really do anything against it. Shop by department, purchase cars, fashion apparel, collectibles, sporting goods, cameras, baby items, and everything else on eBay, the world's online marketplace. Escape from Tarkov Hacks and Cheats: Get the ultimate solution of undetected EFT cheats and hacks Escape from Tarkov is a wonderful game for the shooting lovers. This game is all about the task to escape from the fiction city Tarkov, safe and alive.
Share this using the hashtag #SWE.
Reverse-engineering a 45-year old ALU.This post from Ken Shirriff explains how the ALU worked in Intel’s first 8-bit microprocessor, the 8008. If you don’t know why that matters, “the 8008 is historically important because it essentially started the microprocessor revolution and is the ancestor of the x86 processor family that you are probably using right now.”
Understanding htop. htop is a powerful process monitor that reveals much more data about a machine’s performance than regular top. Here’s a great overview that explains what all the fields, graphs, and related stuff means.
“Smart Contracts” are neither?This post from Ed Felten’s Freedom to Tinker explains how smart contracts, as used in some blockchain-based systems, aren’t really smart and aren’t really contracts.
Have $55? This tool will destroy many devices just by plugging it in. The “USB Killer” device does what it says on the tin, permanently damaging the USB port or entire device in many pieces of hardware. It does this by sucking power from the device, storing it in a series of onboard capacitors, then barfing a giant voltage spike across the USB/Lightning port of the target device, causing it to have a bad day. Maybe Apple’s courage in removing ports was just a brilliant bit of foresight.
A hole in the cloud. Another great 33C3 talk was this series of talks discussing how memory deduplication in virtual machines can be exploited. The three methods (CAIN, CAIN+Rowhammer, and Flip Feng Shui) combine to enable things like SSH login, browser exploits, and a compromise of the software update process.
Cheating a slot machine through the power of random numbers. Using a cell phone app to exploit the PRNG in a slot machine lead to huge casino losses. Read more in this piece from Wired. How much can you exploit the machines for? Try “upwards of $250,000 in a single week.”
The people responsible for sending the missile warning have been sacked. An alerting system test at Spangadhlem Air Base in Germany probably lead to much freaking-out, as a message was sent telling airmen that a missile was inbound to the base and to seek shelter immediately. Eight minutes later, the all clear was sent.
“Web Bluetooth” - two words I never wanted to see together. Chrome version 56 has added support for the Web Bluetooth API, opening up your Bluetooth devices to fun and exciting exploits from the Internet… I mean, opening up your Bluetooth devices to interact with websites for things like data exchange or software updates. Ostensibly, you must affirmatively opt-in before any data about your Bluetooth devices is shared with the website, but we’ll see how well that actually is implemented.
In the security corner: websites continue to find ways to fingerprint users, that doll might be a spy, and new Mac malware comes from Russia, with love:
As a programming note, we won’t produce a rundown next week. Look for the next one on Monday, March 6. Further, we’re continuing to experiment with the best way to deliver this content. Look for video features to join this rundown soon. If you have feedback, or think there’s something I should cover next time, leave a comment!
Cover photo: A slot machine interface. Note: the machine pictured is not made by the manufacturer of the machines that were exploited in the slot machine story. It's just a flashy pic of a slot machine. Credit: Bloomberg / Getty