The radio navigation planes use to land safely is insecure and can be hacked

A plane in the researchers' demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway.

Enlarge / A plane in the researchers’ demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway. (credit: Sathaye et al.)

software defined radio, the researchers can spoof airport signals in a way that causes a pilot’s navigation instruments to falsely indicate a plane is off course. Normal training will call for the pilot to adjust the plane’s descent rate or alignment accordingly and create a potential accident as a result.

Read 36 remaining paragraphs | Comments

“How can they be so good?”: The strange story of Skype

Article intro image

From a company powerpoint, here’s an artist’s impression of the moment when Skype’s idea was fostered. (Zennström on the left, next to Friis.) (credit: Malthe Sigurdsson)

Fifteen years ago this week—on August 29, 2003—Skype went live for the first time. In the time since, of course, the service has undergone a number of big changes. This origin story of the service originally ran on September 2, 2013, when Skype’s partnership with Microsoft was still new and before the Redmond company closed its London office. But given Skype’s recent anniversary (and Labor Day weekend for Ars staff), we’re resurfacing it. The story appears unchanged below.

Read 104 remaining paragraphs | Comments

How to win (or at least not lose) the war on phishing? Enlist machine learning

Enlarge / Coming to a device near you: Freddi Fish 666—the Phishing Apocalypse. (credit: collage by Sean Gallagher from urraheesh iStock & Humongous Entertainment)

StreamingPhish, a tool that identifies potential phishing sites by mining data on newly registered certificates, I’ve spotted an Apple phishing site before it’s even ready for victims. Conveniently, the operator has even left a Web shell wide open for me to watch him at work.

The site’s fully qualified domain name is appleld.apple.0a2.com, and there’s another registered at the same domain—appleld.applle.0a2.com. As I download the phishing kit, I take a look at the site access logs from within the shell. Evidently, I’ve caught the site just a few hours after the certificate was registered.

As I poke around, I find other phishing sites on the same server in other directories. One targets French users of the telecommunications company Orange; others have more generic names intended to disguise them as part of a seemingly legitimate URL, such as Secrty-ID.com-Logine-1.0a2.com. Others still are spam blogs filled with affiliate links to e-commerce sites.

Read 39 remaining paragraphs | Comments