Professional software hacker demonstrates how to hack Starlink terminals

A professional software hacker not only recently succeeded in hacking the terminals SpaceX sells customers to use its Starlink satellite internet service, he first got a bounty from SpaceX for doing so, then made his technique freely available on the web for everyone else.

[Lennert] Wouters is now making his hacking tool open source on GitHub, including some of the details needed to launch the attack. “As an attacker, let’s say you wanted to attack the satellite itself,” Wouters explains, “You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”

The researcher notified Starlink of the flaws last year and the company paid Wouters through its bug bounty scheme for identifying the vulnerabilities. Wouters says that while SpaceX has issued an update to make the attack harder (he changed the modchip in response), the underlying issue can’t be fixed unless the company creates a new version of the main chip. All existing user terminals are vulnerable, Wouters says.

Starlink says it plans to release a “public update” following Wouters’ presentation at Black Hat this afternoon, but declined to share any details about that update with WIRED prior to publication.

Wouters is a researcher at the Belgian university KU Leuven.

While it can certainly help SpaceX to figure this out, by publishing the hack to the world Wouters looks like a blackmailer unsatisfied with his payoff who is now following through with his blackmail threat. One also wonders why SpaceX, as part of its bounty payment, did not require Wouters to sign a non-disclosure agreement.

Dumping Windows and Apple and switching to Linux

My regular readers know about my utter contempt for Microsoft and its terrible Windows operating system. Any company that treats its customers like dirt, as Microsoft routinely does, does not deserve the business of anyone. I realized this reality two decades ago, and successfully switched to Linux back in 2006. I have never regretted it.

Moreover, the increasingly intolerant behavior of big tech companies like Microsoft to free speech increases the need for people to free themselves from them. The willingness of these companies to also treat your privacy and personal data as a plaything for their use, without your permission, is another rational reason to stop depending on them.

Linux accomplishes this, in that its open source software structure is really controlled by no one. There is also no software company using the operating system to gather your data for its own purposes.

In 2016, after seeing a number of my posts noting the advantages of Linux (or anything) over Windows, one of my readers, James Stephens, offered to write a series for Behind the Black describing step-by-step the process by which one gets and installs Linux on either a desktop or laptop computer. Below are the links to this series. I have since used it myself as a guide to convert two used Windows 7 notebooks (purchased for $35 and $80) to my favorite flavor of Linux, both of which I use regularly as my travel computers.

I wish more people would do the same, which is why I am reposting the links to this series again. Though six years have passed, James instructions still apply perfectly, as I can attest as I used this series to convert the second laptop only a year ago. Nonetheless, James has added an addendum to Part 2, which brings the entire series up to date.

I am sure almost everyone has an old computer they don’t use anymore. It will work like new with Linux. Dig it out, follow James’ instructions below and free yourself from Windows. I guarantee you will not be disappointed.

Blender FLIP Fluids Addon

An evening pause: What you are looking at here appears to be a demo video of a software addon that provides users with all types of liquid visuals. And creating realistic flowing water is not easy, as the splashes and waves represent chaotic behavior which is very hard to model.

Hat tip Cotour, who adds, “At some point in the future there will be ‘reality’ and no one will be able to tell the difference.”

Midnight repost: Switching to Linux

The tenth anniversary retrospective of Behind the Black continues: My contempt for Microsoft and its terrible Windows operating system is quite well known. I successfully switched to Linux back in 2006 and have never regretted it.

After seeing a number of my posts noting the advantages of Linux (or anything) over Windows, one of my readers, James Stephens, offered to write a series for Behind the Black describing step-by-step the process by which one gets and installs Linux on either a desktop or laptop computer. Below are the links to this series. I have since used it myself as a guide to convert two used Windows 7 notebooks (purchased for about $35 each) to my favorite flavor of Linux, both of which I use regularly as my travel computers.

I wish more people would do the same. I am sure almost everyone has an old computer they don’t use anymore. It will work like new with Linux. Dig it out, follow James’ instructions, and free yourself from Windows. I guarantee you will not be disappointed.

Website issue solved

Because of a software issue, since last night I have been unable to access my webpage and could therefore not post anything new. In addition, one commenter emailed me to say he was having troubles posting as well.

Shane at amixa has finally fixed the problem. Expect a lot of posts in the next hour.

Another reason to avoid Windows

For once, this post is not a link to another Windows horror story. Instead, it is a link to a great deal to buy CrossOver 15, the professional version of Wine that allows you to run Windows software on Linux or Apple computers. Normally CrossOver costs $59.99. This deal sells it for $19.99. And the sale ends in one day!

So, if you were thinking of trying Linux but were hesitating because you were unsure about whether you could run Windows software on it, this helps solve the problem. CrossOver does what WINE does, but with full telephone support.

I must add one more thing for full disclosure: If you buy it through the link above, you will also help support Behind the Black, as I will get a credit for the referral. I’m doing this not for that credit but because I think this is definitely a good deal. However, why not get the referral at the same time?

Note that the link above doesn’t take you directly to the CrossOver 15 deal. Click on Categories, then Software. You will see the CrossOver deal link in the second row.

Getting and Installing Linux – Part 6

Installing Windows using VirtualBox

by James Stephens

Today I will be installing Windows on VirtualBox. VirtualBox allows me to easily install and run Windows on my Linux computer without having to partition, format or otherwise disturb my hard drive. Once installed booting into the Windows guest is easy, just open VirtualBox and select Windows and hit start. Given the fact a virtual machine shares hardware resources with it’s host, generally a 64 bit host operating system can only host a 32bit guest operating system. Windows in most cases is still a 32 bit operating system.

First of all I will download VirtualBox via the my distribution’s Software Manager. Once it’s installed you will usually find its shortcut under Applications/System/Oracle VM VirtualBox in your application launcher. Click on it and VirtualBox will open to its Welcome massage. To create a virtual machine, in this case Windows, choose “new” in the VirtualBox tool bar.

Create Virtual Machine dialogue

The create virtual machine dialogue will appear where you will give the guest operating system a descriptive name and select its type and version, such as Windows XP.
» Read more

Getting and Installing Linux – Part 5

Running Windows programs on Linux:

An overview of WINE and Virtual Machine

by James Stephens

In addition to all the software available for Linux, Linux also possesses the ability to run Windows software using either WINE or in a virtual machine. This can be valuable in many ways, from running legacy software to running Windows and Linux on the same machine at the same time.

WINE is the open source implementation of CrossOver, which Apple users may already be familiar. It is essentially a translator: WINE sits between a Windows application and the Linux system, presenting what appears to be a Windows system to an application and generating Linux instructions for processing. It’s not a perfect solution, but it’s pretty good. It’s fast and efficient, requiring little more resources then the application itself, making it suitable for older machines. When properly configured, Windows applications install as if in Windows and run on Linux like any other application. The backward compatibility of WINE is actually better then that of Windows itself. So if you have beloved but outdated software you can run it again with WINE. In my case that is a Windows 3.1 controlled audio mixing console. A lot of people like to play the old Windows 95 games. For more information including a list of compatible Windows software and performance assessments go to www.winehq.org
» Read more

MRI software bug invalidates 40,000 research papers

The uncertainty of science: A bug just discovered in the computer software used by MRIs to measure brain activity could invalidate 15 years of research and 40,000 science papers.

They tested the three most popular fMRI software packages for fMRI analysis – SPM, FSL, and AFNI – and while they shouldn’t have found much difference across the groups, the software resulted in false-positive rates of up to 70 percent. And that’s a problem, because as Kate Lunau at Motherboard points out, not only did the team expect to see an average false positive rate of just 5 percent, it also suggests that some results were so inaccurate, they could be indicating brain activity where there was none.

“These results question the validity of some 40,000 fMRI studies and may have a large impact on the interpretation of neuroimaging results,” the team writes in PNAS. The bad news here is that one of the bugs the team identified has been in the system for the past 15 years, which explains why so many papers could now be affected. [emphasis mine]

The research the article described is focused entirely on the problems the software causes for past research. It makes no mention of the problems this software bug might cause for actual medical diagnosis Was the treatment of any patients effected by this bug? It does not say.

Microsoft gives people another reason to dump Windows

Why I use Linux: In its effort to convince users of earlier versions of Windows to upgrade to Windows 10, Microsoft is now inserting a full screen pop-up upgrade notification, often at decidedly unwanted moments.

The Redmond software giant confirmed today it will start showing dark blue screens urging people to install the latest version of Windows. The full-screen ads will pop up on Windows 7 and 8.1 desktops from now until July 30, when the free upgrade period ends.

Getting and Installing Linux – Part 2

Obtaining and installing a Linux Distribution

by James Stephens

Almost any Linux distribution runs great on today’s hardware. But I’m writing this with aging computers in mind. With older computers it’s a good idea to know how much RAM (often referred to as physical memory) you have in order to select a distribution that will work well with your machine.

With Windows this can be shown by opening “System” in “Control Panel.” RAM or physical memory will be expressed in Mb or Gb. Once you know this, you are armed with the knowledge to select a distribution.

For machines with 512 Mb RAM and up I recommend a distribution from LinuxMint. For machines with under 512 Mb RAM I recommend Bodhi Linux 32 bit legacy.

Operating systems come in 32 bit and 64 bit versions. With the exception of replacing Windows 8.1 and 10, a 32 bit distribution will work on any computer. (More about Microsoft and UEFI later.) At one time a 64 bit opening system allowed the use of more memory then it’s 32 bit kin. But with modern 32 bit distributions this is no longer an issue. So if you want to play it safe choose a 32 bit distribution.

LinuxMint offers a choice of desktops and the website does a good job explaining the advantages of each. I would recommend LinuxMint 17.3 MATE 32 bit edition as most likely to work on any computer. But take a look at each of them and see which one you like. As long as you follow the minimum RAM requirements guidelines as listed in the description you will be okay.
» Read more

Getting and Installing Linux

After seeing the response to a number of my posts on the advantages of Linux (or anything) over Windows, one of my readers, James Stephens, offered to write a series of posts for Behind the Black, describing step-by-step the process by which one gets and installs Linux on a desktop or laptop computer. James is like almost every other user of Linux, self-taught and unafraid to play with the software. As he emailed me, “Over my long career I’ve had my hands in everything from vacuum tube televisions to sophisticated aerospace systems some of which are orbit today. I have designed and built recording studios, radio and television studios and serviced the equipment as well as the transmitters. But I must say I really enjoyed repairing televisions the most. I loved every aspect of the business and really enjoyed doing business with my customers.” At the present time James makes his living maintaining what he calls “a fleet of computers, Windows, Mac, and Linux.”

So, today we begin this series. If all goes as planned, James will be sending these to me on a weekly basis, whereby I will post them each Saturday. So, get one of your old unused computers out of the garage now and get ready to make it useful again, while simultaneously freeing yourself from Microsoft!

An Introduction

By James Stephens

Your phone your TV, most of the devices you use everyday use Linux. So too most of the world’s web sites including this one. So why not your PC? The purpose of this series, which we hope to post on a weekly basis every Saturday, is to at least in a general way acquaint you with desktop Linux and some of its advantages. More importantly, we hope to assist you with representative instructions for the installation and use of this most excellent computer operating system.

But first a few words of explanation.
» Read more

Beware new javascript ransomware

A new ransomware attack, designed to kidnap your computer and demand money from you before releasing it, has been written entirely in javascript and is thus more dangerous because many email programs, like Gmail, will not block the running of the .js file.

The bottom like is always the same: Don’t run attachments sent to you unexpectedly, even from friends. Check with them to confirm that they meant to send it, and if they don’t confirm, delete it.

I could also label this story as another reason I don’t use gmail, but that really is a different story entirely.

SLS software over budget and behind schedule

Surprise! The launch control software NASA is writing from scratch for its SLS rocket is way behind schedule and way over budget.

Development of this new launch control software is now projected to exceed $207 million, 77 percent above 2012 projections. The software won’t be ready until fall 2017, instead of this summer as planned, and important capabilities like automatic failure detection, are being deferred, the audit noted. The system is vital, needed to control pumps, motors, valves and other ground equipment during countdowns and launches, and to monitor data before and during liftoff.

NASA decided to write its own computer code to “glue together” existing software products a decade ago — while space shuttles still were flying and commercial shippers had yet to service the space station. Both delivery companies, SpaceX and Orbital ATK, rely on commercial software, the audit noted. [emphasis mine]

In other words, even though NASA could have simply purchased already available software that other launch companies were using successfully, the agency decided to write its own. And that decision really didn’t come before the arrival of these commercial companies, because when it was made a decade ago that was exactly the time that SpaceX was beginning to build its rocket.

This is simply more proof that SLS is nothing more than a pork-laden waste of money designed not to explore space but to generate non-productive jobs in congressional districts.

Computer program learns and then wins at Go

A computer program, dubbed AlphaGo, has successfully beaten a professional player of Go for the first time.

What is significant however is the method used by that computer program to win:

The IBM chess computer Deep Blue, which famously beat grandmaster Garry Kasparov in 1997, was explicitly programmed to win at the game. But AlphaGo was not preprogrammed to play Go: rather, it learned using a general-purpose algorithm that allowed it to interpret the game’s patterns, in a similar way to how a DeepMind program learned to play 49 different arcade games2.

This means that similar techniques could be applied to other AI domains that require recognition of complex patterns, long-term planning and decision-making, says Hassabis. “A lot of the things we’re trying to do in the world come under that rubric.” Examples are using medical images to make diagnoses or treatment plans, and improving climate-change models.

If computer programs are now successfully able to learn and adapt it means that it will become increasingly difficult to distinguish between those programs and actual humans.

Make Trump go away with software!

The coming dark age: Want to be hip, cool, and with it? Then what you need is the Trump filter, a Chrome extension that will block any access to any website that mentions Republican Presidential candidate Donald Trump.

Dubbed as the “Trump Filter,” the Google Chrome extension will filter all Trump-related articles while users surf the Internet. The extension is described as “part of the antidote for this toxic candidacy.” The extension will identify parts of a web page that contain Donald Trump and remove them from the Internet, according to the creator’s description on his Trump Filter website.

In another more enlightened age, this would have instead been called “putting one’s head in the sand” to avoid dealing with reality. Donald Trump is not my first or second choice for president, but he is leading the polls and could very well win. To make believe he doesn’t exist is the height of close-minded foolishness.

Comments restored

The software problem with nested comments forced me to disable nested comments last week. Unfortunately, it appears that act made it impossible for many to comment at all. Shane Rollin of Amixa has looked into it and adjusted things so that comments should once again be possible, though nested comments remain disabled.

So, if you wanted to comment earlier you can now. Go for it!

Hackers demonstrate they can remotely take over moving vehicle

Does this make you feel safer? In a demonstration of the vulnerability of modern cars that are linked to the internet, two hackers took over the operation of an unmodified moving Jeep Cherokee.

A pair of Missouri-based hackers have put on an extraordinary demonstration by logging into a Jeep Cherokee remotely, while it was being driven by a Wired reporter Andy Greenberg, and systematically taking over the car’s functionality. First, they hit him with cold air through the air-con system, then they blasted Kanye West through the stereo at full volume, rendering the volume knob completely useless. They flashed up a picture of themselves on the car’s console and set the windscreen wipers going full blast, squirting cleaning fluid onto the windscreen and making it difficult to see.

But these were just warmups to the main event – next, they took over the engine and shut it off completely, leaving the driver powerless and coasting on the freeway as traffic flashed past around him. Then, once he was off the highway, they showed how they could completely disable the brakes, and take over the steering of the car – only at slow speeds and in reverse, but they’re working on unlocking new abilities every day.

This suggests to me that linking any car directly to the internet is probably a very bad idea.

Comments down

On arrival in Israel I have discovered that the comments feature on Behind the Black is not working. No one can post comments. This failure began when I update the ReCaptcha anti-spam feature earlier this week.

Shane of amixa is working on it and, if I know Shane, should have it fixed momentarily.

Website upgrade

Update: The upgrade is mostly finished. There are still a few tweaks that either I or Shane will do over the weekend but essentially the site is up and running.
——————–
This evening Behind the Black will be undergoing a significant upgrade. For this reason posting will cease beginning with this post at 3 pm (Pacific) until the upgrade is completed later tonight. When completed the site will be slightly different. Most of the changes will be irrelevant to readers, as I have tried in this upgrade to keep the website how I like it, clean, thoughtful, and not cluttered with unnecessary internet stuff.

Two issues will affect my readers.

  • The spam filter for comments will once again be working. In addition, comments will not be accepted until the commenter completes a Captcha screen. Once this is done, however, the comment will then be instantly approved. I will no longer have to manually approve each comment. This will speed the dialogue. It will also mean that comment threads will remain open forever. Since the spam filter failed in January I have had to close comments on posts after three weeks.
  • The look of the website will change somewhat. These changes are mostly designed to increase traffic, which will not only increase my readership but will help pay for this site. For example, it will be easier to share a post from Behind the Black in many other venues, such as Facebook and Twitter.

To complete the upgrade my software guy, Shane Rolin of Amixa, and I will have to do a number of tweaks and changes after the new site goes live. Thus, be prepared for a short period on Friday where things might not work as they should. By the end of the evening, however, all should be fixed and working properly. If you see a problem after that please feel free to comment here, describing what you see and what you think could be done to fix it. Also feel free to comment here with any additional suggestions for making Behind the Black a better experience. I am always open to new ideas.

Website software expert needed

I am in need of someone willing to manage the backroom software aspects of Behind the Black. My first software designer found he no longer had the time to do it, and the person I found to replace him decided suddenly that he didn’t like my political opinions and unless I wrote my opinions the way he liked he couldn’t do it.

The work wouldn’t be difficult nor very time consuming, but there are several areas of the website software that need cleaning up. If you are familiar with WordPress and website design and would like to help me keep this website up and running, please comment here. I will email you immediately.

This post will remain at the top of the site for the rest of today.

The same software guy who refused to certify the Obamacare website as secure is also the same guy who now says the website’s security problems are “limitless.”

The same software guy who refused to certify the Obamacare website as secure is also the same guy who now says the website’s security problems are “limitless.”

He is also the same guy the Obama administration forced out of his job for saying so. As noted at the story above, the House should “subpoena this man.” He will have some very interesting things to say in public.

FBI accused of planting backdoor in OpenBSD IPSEC stack

This story should give everyone the willies: One of the developers of the OpenBSD operating system (an open source OS comparable but different than Linux) has admitted that ten years ago, in exchange for cash, he and others helped the FBI place “surveillance-friendly holes” in the operating system.

I wonder what part of this sentence the FBI does not know how to read: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”