Hackers conquer Tesla’s in-car web browser and win a Model 3

A pair of security researchers dominated Pwn2Own, the annual high-profile hacking contest, taking home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system.

Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the competition. Pwn2Own is in its 12th year and run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than $4 million over the lifetime of the program.

The pair of hackers Richard Zhu and Amat Cam, known as team Fluoroacetate, “thrilled the assembled crowd” as they entered the vehicle, according to ZDI, which noted that after a few minutes of setup, they successfully demonstrated their research on the Model 3 internet browser.

The pair used a JIT bug in the renderer to display their message — and won the prize, which included the car itself. In the most simple terms, a JIT, or just-in-time bug, bypasses memory randomization data that normally would keep secrets protected.

Tesla told TechCrunch it will release a software update to fix the vulnerability discovered by the hackers.

“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Pwn2Own’s spring vulnerability research competition, Pwn2Own Vancouver, was held March 20 to 22 and  featured five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category.

Pwn2Own awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and Tesla.

Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And it’s grown and evolved ever since.

Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Tesla’s vehicles and all directly hosted servers, services and applications are now in scope in its bounty program

Let’s block ads! (Why?)

Link to original source

Chrome 74 beta supports dark mode in Windows


SIPA USA/PA Images

Google has released the first beta version of Chrome 74, and it comes with support for Windows dark mode. You’ll find that the browser will now automatically load its darker-colored theme if you’ve switched on “Dark” in the platform’s settings. The mode will transform Chrome into a more somber affair, with coloring that’s mostly charcoal and a Google logo devoid of its usual bright hues.

In addition, it looks like Chrome 74 could turn the browser into a better friend for those susceptible to motion sickness. It can instruct websites to respect your OS-level preferences when it comes to motion and animations. If you’ve switched on options such as “Remove animations” or “Reduce motion” on iOS, Android, Windows or Mac, it could make sure that the page you’re visiting truly doesn’t play videos or agitating visual effects that can trigger dizziness and nausea. That said, it will only work for websites that choose to create calmer alternatives to their more dynamic pages.

In a post on Google Developers blog about the feature, Developer Advocate Thomas Steiner explained the technology behind the feature:

“…with flashing ads, fancy parallax effects, surprising reveal animations, autoplaying videos, etc., the web sometimes can honestly be quite overwhelming… Happily, unlike in real life, there is a solution to that. The CSS media query prefers-reduced-motion lets developers create a variant of a page for users who, well, prefer reduced motion. This can comprise anything from refraining from having autoplaying videos to disabling certain purely decorative effects, to completely redesigning a page for certain users.”

Let’s block ads! (Why?)

Link to original source

Shazam! finally lets DC superheroes be joyous fun

Shazam! takes place in the same universe as other films adapted from DC Comics, but writer Henry Gayden (Earth to Echo) and director David F. Sandberg (Lights Out) seem determined to turn that universe upside down. Or at least, they want to blow a raspberry at the glum-and-glummer world established by the Zack Snyder trilogy of Man of Steel, Batman V. Superman, and Justice League, plus their neck-tattoo-sporting companion piece Suicide Squad. The first big-screen starring vehicle for one of the oldest superheroes in existence, a kid who can turn into a superpowered grown-up with the help of a magic word, Shazam! would be tough to turn into a grim-and-gritty DC story.

And that’s because it’s too deeply based in childhood fantasy. One moment, Billy Batson (played as a teenager by Asher Angel, and in his superhero form by Chuck star Zachary Levi) is an ordinary kid with a difficult history. The next, he’s a beefy, cape-wearing hero capable of flying through the air and shooting bolts of electricity from his finger. He’s barely able to convey the joy he takes in his newfound abilities. It’s almost as if superhero stories were at heart about wish fulfillment. It’s almost as if they’re allowed to be fun.

[embedded content]

It’s certainly easier for some superhero stories to tap into this kind of gleeful power trip than others. Created by artist C.C. Beck and writer Bill Parker, Batson first appeared in the second issue of Whiz Comics, which hit newsstands in late 1939 as part of the flood of comic books inspired by Superman’s success. In the original comic, a wizard grants Batson the ability to turn himself into the hero Captain Marvel by saying the word “Shazam,” an acronym of “Samson, Hercules, Atlas, Zeus and Mercury,” whose powers contribute to his might. Over time, Captain Marvel picked up a supporting cast that included other kid heroes and a talking tiger, as well as nemeses like the fiendish Dr. Sivana and Mister Mind, an alien worm who headed the Monster Society of Evil.

Fawcett Comics aimed Captain Marvel’s adventures squarely at even younger readers than those devouring rival superhero stories, and he became a hit, outselling even Superman for a good stretch of the 1940s. But interest in superheroes waned at the end of the decade, and a copyright-infringement lawsuit launched by the company now known as DC Comics proved an enemy even Captain Marvel couldn’t defeat. His adventures temporarily ended. But by the early 1970s, Captain Marvel and his extended family had been absorbed into the DC Comics universe. He’s stayed there ever since, though he’s been retrofitted as “Shazam” to avoid confusion with that other Captain Marvel, who’s also just gotten a big-screen debut.


In Gayden and Sandberg’s film, though, Billy’s superhero alter ego remains nameless, even by the end of the story. Billy and his pal Freddy Freeman (Jack Dylan Grazer) keep cycling through name possibilities, which are mostly awful (“Thundercrack,” for one, is quickly rejected), which serves as a thematically appropriate running gag. Shazam! is the story of a boy trying to figure out what kind of hero he wants to be — and, by extension, what kind of man he should become. He screws up a lot in the process.

With or without the name, the spirit of the old Captain Marvel adventures is very much at the heart of Shazam!, even amid a lot of just-barely PG-13 violence and a couple of gags about a strip club. That’s part of what makes it such a gleeful alternative both to the grimness of past DC films — a tone the company seems eager to shed — and the cosmos-in-the-balance stakes of the Marvel Cinematic Universe. Whether played by Angel or Levi, Billy is just a kid. It’s fun to watch him take delight in his new powers, and a little frightening to realize how little control he has over them. And where Batson’s earliest comics adventures gave him a big city to treat as a playground, Shazam! does the same with Philadelphia. His pleasure at bouncing around the city proves infectious, even though he always seems to be on the verge of accidentally leveling a city block.


His joy is all the more exciting to watch because joy doesn’t come naturally to Billy, who’s had more stacked against him than most teenage boys. He’s spent much of his childhood running away from one foster parent after another in search of the mother he hasn’t seen since he drifted away from her at a carnival at age three. Shortly after the film opens, he lands in what he expects to be another temporary living situation: a Philadelphia group home overseen by a married couple (Marta Milans and Cooper Andrews) who used to be foster kids themselves.

They’re also looking after Freddy (who’s developed a gift for wisecracks as a defense mechanism against those who bully him for using a crutch), college-bound overachiever Mary (Grace Fulton), hug-enthusiast Darla (Faithe Herman), and a handful of other kids. It’s a chaotic but loving environment that instantly embraces Billy — literally, in Darla’s case. Billy can’t wait to flee it. He’s been searching for a home so long, he can’t recognize it when he sees it, with or without superpowers.

That feeling starts to change after his fateful encounter with a wizard named Shazam (Djimon Hounsou, under a lot of facial hair). Confused by the new superheroic abilities Shazam grants him, Billy recruits Freddy to help him explore his own possibilities. After a poky start, Shazam! kicks into gear as the two try to figure out what he can and cannot do with his new powers, whether that’s flying, or buying beer without an ID.


Gayden and Sandberg attempt a difficult balancing act with Shazam! They have to fulfill a lot of superhero-movie obligations, from introducing an evil arch-nemesis to designing a climactic showdown. Mark Strong — a frequent screen heavy easing back into superhero films for the first time since playing Sinestro in 2011’s misbegotten Green Lantern — makes for an unsettling Dr. Sivana, a man given powers by the Seven Deadly Sins. He’s never as clownish as the Sivana of the comics, but his unbending malevolence makes him a fine foil for the big-screen version of Batson, whose goofiness plays nicely off his nemesis’ scowls. But even when the filmmakers let their project come across as a little frightening, they also have to find a way to stay true to the original comics’ fun, kid-friendly spirit.

It wouldn’t be out of the question for the filmmakers to put a dark spin on this material. Alan Moore’s Miracleman found a definitive way to make the Billy Batson idea nightmarish and haunting. If Gayden and Sandberg truly wanted a film more in line with the Snyderverse entries, they could have made it. But Shazam! super speeds in the opposite direction while nodding at the other films in its franchise. Billy’s world is packed with Batman and Superman merchandise, but their adventures seem to take place far from the world where he lives. Gotham and Metropolis get superhero icons who rarely smile. Philly gets a goofball, and that turns out to be a lot more fun.

Sandberg draws on the horror skills he developed through films like Annabelle: Creation. Sivana’s allies include manifestations of the Seven Deadly Sins that wouldn’t look out of place in a much more graphic movie. And though Sandberg retains the shadowy imagery of previous DCEU films, he uses that dark palette to make Billy’s shiny red suit and glowing lightning-bolt chest insignia stand out even more. If Batman branding criminals in Batman V. Superman has a polar opposite moment, it’s Batson’s unnamed hero identity smiling and dancing to “Eye of the Tiger” at the top of the Philadelphia Museum of Art’s steps while shooting lightning from his hands, to the delight of the tourists around him. This is the rare superhero film that gets more whimsical as it goes along, up to and including the final fight, a battle royale that mostly unfolds at a Philadelphia Christmas carnival.


But whimsical isn’t the same as frivolous. Both Angel and Levi play Billy as a boy who’s never had the support he’s needed, and the film suggests there’s no easy fix for his traumas, even if he’s both dropped into a supportive environment, and suddenly able to leap tall buildings in a single bound. (Or in Billy’s case, almost leap a tall building in a single bound.)

That’s the subtext resting beneath Shazam!’s broad humor, fun spirit, and scary monsters. The film suggests that wish fulfillment will only get people so far, and power alone can’t change what’s damaged inside. Captain Marvel (or Shazam, or Thundercrack, or whatever you call him) might be one of the simplest superheroes ever created, but Shazam! both gets what makes that simplicity so appealing, and understands the complications stirred by the common wish to grow up too fast and assume powers you don’t know how to control.

Let’s block ads! (Why?)

Link to original source

Hashtag about a world without Twitter is trending… on Twitter

What if Twitter didn't exist?
What if Twitter didn’t exist?
Image: Getty Images

If we’re being honest, tweeting about what the world would be like without Twitter is peak 2019. And, yet, here we are, with #InAWorldWithoutTwitter trending on an early Spring Saturday.

The tweets are a mix of genuine and jokes yet most of them all hold a grain of truth in them and reveal the best and worst of Twitter as a platform.

If nothing else, the tweets all get at the great dichotomy of Twitter in 2019: it can be a garbage place that allows garbage people to post their, well, garbage, no matter what Jack says. And it’s gotten pretty bad at times. Like, really bad.

On the other hand, it has certainly revolutionized the way information and news is shared and how we communicate. Those come with caveats, of course, that prove the platform is far from perfect. News spreads much quicker than before but so do mistakes and communicating with strangers can be great or it can be a hellscape

The irony of using Twitter to talk about a world without Twitter and how it would actually be better, jokes or no, is also hilarious and indicative of the way we’ve all turned into one big shruggie. After all, if you really want a world without Twitter, all you have to do is delete the app from your phone or just stop visiting Twitter-dot-com. 

So here we are, tweeting and, with this article, writing about a world without Twitter and wondering, longingly, how much happier we’d be. If that’s not the perfect way to sum up Twitter over 10 years after its debut, I don’t know what else is.

Uploads%252fvideo uploaders%252fdistribution thumb%252fimage%252f90252%252f4d74ba5a 8dc9 4e80 9610 188a8ed3b840.jpg%252foriginal.jpg?signature=eeu9iycuvqidznc3pp zbta8ofo=&source=https%3a%2f%2fblueprint api production.s3.amazonaws

Let’s block ads! (Why?)

Link to original source

Wild videos show cruise ship chaos as rough seas prompt an evacuation

The Viking Sky sits helplessly off the Norwegian coast as 1,300 passengers are evacuated from the ship.
The Viking Sky sits helplessly off the Norwegian coast as 1,300 passengers are evacuated from the ship.
Image: AFP/Getty Images

Incredible videos shared on Twitter are showing the wild rough seas that have led to the evacuation of 1,300 people from a cruise ship off the coast of Norway. 

The ship, Viking Cruise’s “Viking Sky,” sent a distress signal Saturday afternoon local time, reporting “engine problems in bad weather,” according to CNN. And videos from both inside the cruise ship and from the shore show how bad the seas are. 

The BBC reports that at least one of the ship’s engines was successfully restarted, enabling the Viking Sky to move a bit further from the rocky shore. Not surprisingly, the BBC also notes, “The area is known as the Hustadvika and is reportedly one of the most dangerous stretches of Norway’s coast.”

Multiple ships and helicopters are taking part in the evacuation; the Joint Rescue Centre for Southern Norway shared video of the rescue to YouTube.

To complicate matters, a cargo ship with nine people on board hit the same rough waters as the Viking Sky and some of the rescue helicopters had to be diverted for assistance.

A member of the rescue crew told Reuters that eight people had suffered minor injuries and that the rescue attempt will take a while, continuing into the night and maybe even into Sunday. Photos of passengers waiting for their turn at evacuation also hit social media. 

Mashable reached out to Viking Cruises for a statement and updates on the ongoing rescue and received the following message in response:

We can confirm that on March 23rd at 2pm (Norwegian time) the vessel Viking Sky a 47,800 tonne ship travelling from Tromsø to Stavanger, carrying 915 guests and 458 crew experienced a loss of engine power off the coast of Norway near Molde. We are working closely with the relevant authorities and all operational procedures were followed in line with international regulations. In addition Viking has dispatched an operational task force, including the company’s owner, to Molde.

Our first priority was for the safety and wellbeing of our passengers and our crew, and in close cooperation with the Norwegian Coast Guard, the captain decided to evacuate all guests from the vessel by helicopter. The ship is proceeding on its own power and a tugboat is on site. The evacuation is proceeding with all necessary caution. A small number of non-life threatening injuries have been reported. Guests are being accommodated in local hotels when they arrive back on shore, and Viking will arrange for return flights for all guests.

The statement also added that anyone with questions or concerns about specific guests aboard the Viking Sky can find more information right here.

Cms%252f2017%252f6%252f127c3f72 1011 8488%252fthumb%252f00001.jpg%252foriginal.jpg?signature=uclibgqpvjr abcucvwqgjzt be=&source=https%3a%2f%2fvdist.aws.mashable

Let’s block ads! (Why?)

Link to original source