Amazon and Walmart Have Tesla-related Solar Panel Fires

More bad press for Tesla that the fanbois will ignore. Amazon Joins Walmart in Saying Tesla Solar Panel Caught Fire.

On Friday, Amazon.com Inc. said a June 2018 blaze on the roof of one of its warehouses in Redlands, California, involved a solar panel system that Tesla’s SolarCity division had installed. The Seattle-based retail giant said by email that it has since taken steps to protect its facilities and has no plans to install more Tesla systems.

News of the Amazon fire comes just three days after Walmart dropped a bombshell lawsuit against Tesla, accusing it of shoddy panel installations that led to fires at more than a half-dozen stores.

In general, solar panels are a mature and safe technology. Not sure what problems Tesla could be having, though apparently there is a faulty connector that Tesla is trying to replace. (I’m sure they specified custom parts, because buying electrical connectors from Molex or McMaster-Carr or wherever is SO 20th Century. Or something.)

Advertisements

“Teachers have been using pens and paper and blackboards in place of technology”

The horror! Cyber attack shut down Idaho school district.

District spokeswoman Kathleen Tuck said the attack came from an email, but officials have not found the specific email that caused it. The district has shut down its network, cutting off internet access to all schools.

There is virtually no technical information on the nature of the attack, but given that it appears to be “Microsoft” only that’s impacted, and an email source, I’m going out on a limb and guess phishing, and ransomware, and probably something that should not be in the news like WannaCry, because I’m betting all those PCs were running un-patched WindowsXP. But admitting that after all the news on WannaCry, the news of the Florida cities hit with ransomware, and the latest incident hitting Texas cities, actually admitting that you haven’t done a damn thing about cyber security in more than two years won’t look good on a résumé.

23 Texas Cities Hit by Ransomware

Are cities ready to do anything about this yet? New ransomware strike kicks 23 Texas agencies offline.

That’s the regular media article, so it contains virtually no technical info. But that’s the state of the regular media. Well at almost the end of the article, they do quote ZDNet by mentioning Sodinokibi ransomware also known as REvil.

So let’s look at ZDNet: Over 20 Texas local governments hit in ‘coordinated ransomware attack’

The attack took place on Friday morning, August 16, US time, when several smaller local Texas governments reported problems with accessing their data to the Texas Department of Information Resources (DIR).

Texas does have a statewide office for dealing with this crap, so at least there is someone for the impacted cities to call, but being hit by 23 cities at one time is going to stretch their resources. (That’s a guess on my part BTW.) And in a statement that surprises no one, this is all the result of a single bad person or group.

There are some indications that the OSTAP Trojan is how this thing moved around in the networks.

UPDATE: Lubbock County was also targeted, but was able to contain the ransomware fairly early on, and was not impacted. The Texas DIR reports that about one quarter of the towns hit in this attack have been able to resume operations. Via ARS Technica.

I am still trying to find some info on how this attack got into 20 plus cities/counties at the same time. At a guess, I would say phishing. The bad guys formulated an email, pretended to be from someone people working for cities and counties in Texas would trust. (Someone from the state, or an association of mayors or something.) And they were in with either TrickBot or OSTAP Trojan. (Both of those are often found together.) But the FBI likes to limit any information coming out while they investigate, though most of the “press people” from the cities wouldn’t understand the technical side of things, even if the DIR/Tech support folks had time to brief them.

Bluetooth Is Not Secure

More observations on Bluetooth security from Steve Gibson. Via the Show Notes from Security Now, episode 728. Security Now! #728 – 08-20-19

Our longtime listeners will recall that I have several times observed that there is a large though brief period of inherent vulnerability during Bluetooth pairing. You have two unauthenticated devices hoping to perform a secure negotiation. It’s simply not possible to do that securely without some covert out-of-band channel. It’s just not.

There is a constant push today for everything to be easy. Easy is not secure.

You can find the video for Security Now at This Week In Tech TV. Security Now 728 – The KNOB is Broken. If you aren’t interested in all of Security Now, the bit on Bluetooth starts at 1 hour and 45 minutes from the start of this week’s episode. Also see my first posting on this vulnerability.

You Think Amazon Follows the Law?

The LAW is for little people. They are your tech masters. Amazon Above the Law in California.

In February, Amazon, doing business as Prime Now, was issued a liquor license to open a liquor store in Los Angeles. California requires businesses that offer alcohol for home delivery to have a brick-and-mortar store. So Amazon got a license for a store that would be in the same building as its enormous Prime Now warehouse in an industrial part of north Los Angeles.

But of course there is no store, nor any plans to have one. But as I noted, the LAW isn’t for the likes of Amazon.

You can order whiskey or wine from the Amazon warehouse at 3334 N San Fernando Rd in Los Angeles. But there’s no liquor store open to the public there, in clear violation of California law.

A Solar Road. What Could Go Wrong?

Color me shocked. France’s Wattway solar road proves to be a big, expensive failure. The term “abject failure” came up.

Do people with these dreams of solar everything have any idea how much stress is imposed by vehicles? I’m guessing, “No.”

The solar roadway is constructed from panels with a special silicon resin acting as the driving surface, and while its designer, a company called Colas, claimed it would stand up to a semi-truck, tractors seem to have been enough to cause the silicon layer to flake and crack, damaging the delicate solar panels underneath.

The Wattway is also loud. So loud, in fact, that the local government has been forced to limit traffic to just 70 kilometers per hour (around 43 miles per hour) to cut down on the sound. So, it seems like the Wattway is a failure at being a road, but how is it at generating solar energy?

Miserable.

The “shade” from cars driving on the road. Where it was placed, wasn’t a great solar location, and the flat nature of roads added up to less than expected performance.

The best quote is really from the Popular Mechanics article on the Wattway.

“If they really want this to work, they should first stop cars driving on it,” Marc Jedliczka, vice president of the Network for Energetic Transition (CLER), which promotes renewable energy

Stop driving on your solar “road.” That’s probably a Progressive dream. Or something.

Never Use Any “Found” USB or Lightning Cables

Or anything found for that matter. And you probably need to be aware of anything offered at an incredibly low price. These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer.

Because you are not smarter than the hackers.

It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.

The prototypes (released at Def Con) were hand made from purchased Lightning cables. Not only did they provide a way to access them remotely (via the internet if connected to a PC so connected) but you could also remotely “self-destruct” the cable if it looked like it was going to be found out. (It would still work as a Lightning cable, just not as a “persistent threat.”) And in close-range, you don’t need the internet, just a phone and an app.

There’s a Hak5 talk about how they did a “USB drive” drop – which were actually Hak5 Rubber Duckies – at a security conference. 60 percent (or more) were plugged into a computer. They were dropped at a security conference. Don’t plug stuff into your computer if you just find it.