Do you develop on GitHub? You can keep using GitHub but automatically
sync your GitHub releases to SourceForge quickly and easily with
this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today! ×
165471583 story "Hyundai predictably fails in attempting to secure their car infotainment system with a default key lifted from programming examples," writes Slashdot reader sinij. "This level of security is unfortunately expected from auto manufacturers, who also would like to sell you always-connected Car2Car self-driving automobiles." Cryptographer and security experience Bruce Schneier writes:
"Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]," writes an unidentified developer under the name "greenluigi1." Luck held out, in a way. "Greenluigi1" found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. The search results pointed to a common public key that shows up in online tutorials like "RSA Encryption & Decryption Example with OpenSSL in C." Two questions remain: 1.) How did the test key get left behind? 2) Was it by accident or design?
An engineering environment unlike any other We pride ourselves on being a challenger to Big Tech. But we're no small fry - with up to 11 million queries per second, SLAs in the milliseconds, and up to 120 terabytes of data generated each day, we're tackling data and software challenges at massive scale.
You can apply here.