Skip to main content

World markets dive as Trump sparks trade, North Korea worries

Global stocks sank Wednesday after US President Donald Trump said he was not satisfied with talks that are aimed at averting a trade war with China. Equities were also dented by poor eurozone economic data, and as Trump cast doubt on a planned summit with North Korean leader Kim Jong Un. “Trump (is) continuing to drive uncertainty over global trade,” said analyst Joshua Mahony at trading firm IG. “European markets are following their Asian counterparts lower, as a pessimistic tone from Trump is compounded by downbeat economic data,” he added. Markets had surged Monday after US Treasury Secretary Steven Mnuchin and Chinese Vice Premier Liu He said they had agreed to pull back from imposing threatened tariffs on billions of dollars of goods, and continue talks on a variety of trade issues. However, Trump has declared that he was “not satisfied” with the status of the talks, fuelling worries that the world’s top two economies could still slug out an economically pain...

Github shrugs off drone maker DJI's crypto key DMCA takedown effort.

Github rejected a DMCA takedown request from Chinese drone-maker DJI after someone forked source code left in the open by a naughty DJI developer, The Register can reveal.
This included AES keys permitting decryption of flight control firmware, which could allow drone fliers with technical skills to remove geofencing from the flight control software: this software prevents DJI drones from flying in certain areas such as the approach paths for airports, or near government buildings deemed to be sensitive.
Though the released key is not for the latest firmware version, The Register has seen evidence (detailed below) that drone hackers are already incorporating it in modified firmware available for anyone to download and flash to their drones.
DJI declined to comment for this article. Github ignored The Register's invitation to comment.

Read the small print carefully

While the keys themselves were left online for "two to four years", as we previously reported, DJI only noticed the public repo forks in December, submitting a takedown request that month.
"It has come to our attention that some of our confidential and proprietary information has been posted on your website by unauthorized parties. These [sic] information has not been and would not be posted online by us, and includes but is not limited to our code related to our internal systems and confidential information of our websites," said the company in its DMCA (Digital Millennium Copyright Act, an American copyright enforcement law) notice to Github.
In fact the people who posted the keys to DJI's kingdom, as well as source code for various projects, were DJI devs. The company said in a later statement that they were sacked.
The code was forked by drone researcher Kevin Finisterre, who submitted a successful rebuttal to the takedown request on the grounds that Github's terms and conditions explicitly permit forking of public repos.
"DJI mistakenly marked code repositories as public subsequently granting license for anyone to fork said repos. This accident can be evidenced by their press release," wrote Finisterre, linking to a DJI statement.
Section 5 of Github's terms of service states:
By setting your repositories to be viewed publicly, you agree to allow others to view and "fork" your repositories (this means that others may make their own copies of Content from your repositories in repositories they control). If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking).
Finisterre told us:
"They had 10 days to present GitHub with a legal notice preventing me from keeping the forks, they failed to do so. MLK (Martin Luther King) Day was technically day 10, but it was a holiday, so the following day GitHub opened the repos back up."

+Comment

Forking publicly available code is as old as the internet. That DJI fell victim to this because it evidently didn't understand how Github's ToS worked is concerning, particularly given the implications of users being able to disable flight restrictions at will. While DJI presents itself to the world as a responsible manufacturer with enough control over its products to fend off impending government regulation, shoddy developer practices are publicly undermining that position and making the company's statements on drone control much less credible.
Drone hackers have already begun distributing modded firmware for DJI's popular Phantom drones, as we can see on – where else? – Github:
As posted on Github in a public repo for world+dog to view
Original caption: "The key for encryption type 1 was published by Dji, so adding it to the code. Firmwares will now be automatically decrypted during extraction, and encrypted when adding to package"
What are the lessons here? Train your people in how Github works; check, check and check again that your private repos really are set to private; and, above all, don't put encryption keys on the internet. Ever. ®

Update

After publication DJI corp comms veep Barbara Stelzner got in touch with us to say: "We support reasonable regulations, from registration to remote ID to penalties for improper flight, because we believe the overwhelming majority of drone pilots want to fly safely and responsibly. That has nothing to do with our software/security issues, and it’s irresponsible to imply otherwise."

Comments

Popular posts from this blog

How to Migrate from Bootstrap Version 3 to Advance Bootstrap 4.

This article would illustrate and expatiate on how to  migrate from Bootstrap 3 to Bootstrap 4 ? You’re in luck; today we’ll walk through the changes and new features between versions. The changes you need to make are generally just class renames and some set-up. To save you a lot of time scouring the changelog, I have compiled a list of the things you need to know when migrating from Bootstrap 3 to Bootstrap 4. We will start by discussing the changes made in Bootstrap 4 framework and how it will affect your website performance. Then we will examine the new way of  installing bootstrap and how the grid measurement unit  has change and how  flexbox can help on responsive designs . We will also discuss changes to some of the components and take a look what happens to JavaScript on the new version. Finally, we’ll take a look at some of the new components including cards, tooltips and flexbox. If you are getting ready to migrate a site from the old Bootst...

World markets dive as Trump sparks trade, North Korea worries

Global stocks sank Wednesday after US President Donald Trump said he was not satisfied with talks that are aimed at averting a trade war with China. Equities were also dented by poor eurozone economic data, and as Trump cast doubt on a planned summit with North Korean leader Kim Jong Un. “Trump (is) continuing to drive uncertainty over global trade,” said analyst Joshua Mahony at trading firm IG. “European markets are following their Asian counterparts lower, as a pessimistic tone from Trump is compounded by downbeat economic data,” he added. Markets had surged Monday after US Treasury Secretary Steven Mnuchin and Chinese Vice Premier Liu He said they had agreed to pull back from imposing threatened tariffs on billions of dollars of goods, and continue talks on a variety of trade issues. However, Trump has declared that he was “not satisfied” with the status of the talks, fuelling worries that the world’s top two economies could still slug out an economically pain...

Saturated Fats vs. Unsaturated Fats.

Saturated Fats vs. Unsaturated Fats Diffen  ›  Food  ›  Diet & Nutrition The human body needs both  saturated fats  and  unsaturated fats  to remain healthy. Most dietary recommendations suggest that, of the daily intake of fat, a higher proportion should be from unsaturated fats, as they are thought to promote  good cholesterol  and help prevent cardiovascular disease, whereas an overabundance of saturated fats is thought to promote bad cholesterol. However,  a few studies  have found that little evidence for a strong link between the consumption of saturated fat and cardiovascular disease. Note: It is technically more accurate to call saturated and unsaturated fats types of  fatty acids , as it is specifically the  fatty acid  found in a fat that is either saturated or unsaturated. However, referring to fatty acids as fats is common. Comparison chart Saturated Fats versus Unsaturated F...