Hacking a fresh Mac Remotely, Right from the Box

Apple’s supply string the most closely checked and analyzed on earth, both because of the control the organization exerts and keen interest from 3rd events. But there is nevertheless never an assurance a mass-produced item will come from the field completely pristine. In reality, it’s possible to remotely compromise a fresh Mac initially it links to Wi-Fi.

That assault, which researchers will demonstrate Thursday at Ebony Hat security conference in Las vegas, nevada, targets enterprise Macs that utilize Apple’s Device Enrollment Program and its particular Mobile Device Management platform. These enterprise tools enable employees of a company to walk through personalized IT setup of a Mac themselves, no matter if they work in a satellite workplace or from home. The idea is an organization can ship Macs to its employees straight from Apple’s warehouses, plus the products will automatically configure to participate their business ecosystem after booting up the very first time and connecting to Wi-Fi.

DEP and MDM demand a lot of privileged access to make all of that secret happen. Then when Jesse Endahl, the chief security officer for the Mac administration company Fleetsmith, and Max Bélanger, a staff engineer at Dropbox, found a bug in these setup tools, they realized they might exploit it to get unusual remote Mac access.

“We discovered a bug that allows united states to compromise the product and install harmful pc software before the user is ever also logged set for the first time,” Endahl says. “By the time they’re logging in, once they see the desktop, the computer is already compromised.”

The scientists notified Apple in regards to the issue, and the business circulated a fix in macOS High Sierra 10.13.6 last thirty days, but products which have been already manufactured and ship with an older version of the os will still be vulnerable. Bélanger and Endahl also keep in mind that Mobile Device Management vendors—third events like Fleetsmith that businesses hire to implement Apple’s enterprise scheme—also should support 10.13.6 to fully mitigate the vulnerability.

The Setup

Each time a Mac turns on and connects to Wi-Fi the very first time, it checks in with Apple’s servers basically to say, “Hey, I’m a MacBook with this particular serial quantity. Do I fit in with somebody? What should I do?”

‘If you’re capable set this up at the business level you might infect everybody.’

Max Bélanger, Dropbox

If the serial number is enrolled within DEP and MDM, that first check will automatically initiate a predetermined setup series, through a number of additional checks with Apple’s servers as well as an MDM merchant’s servers. Companies typically count on a third-party MDM facilitator to navigate Apple’s enterprise ecosystem. During each step of the process, the system uses “certificate pinning,” a method of confirming that particular internet servers are whom they claim. However the researchers found a problem during one action. Whenever MDM hands to the Mac App Store to install enterprise software, the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest’s authenticity.

In case a hacker could lurk somewhere between the MDM merchant’s internet server while the target unit, they might replace the download manifest having harmful the one that instructs the computer to as an alternative install malware. Architecting this elaborate man-in-the-middle assault is too hard or expensive the typical web criminal, but well-funded and driven hackers could manage it. The tainted download server would should also have legitimate internet certification, another hurdle that makes the assault harder but most certainly not impossible. From there, attackers could install such a thing from spyware to cryptojacking pc software on vulnerable Macs. They might even grow a malicious tool that evaluates devices on a corporate community discover susceptible systems it could distribute to. As soon as a hacker has put up the assault, it could target every Apple computer a given company places through the MDM procedure.

“among the aspects that’s scary about any of it is when you’re able to set this up at the business level you might infect everybody according to where you are doing the man-in-the-middle,” Bélanger says. “This all takes place really early in the device’s setup, so there aren’t actually limitations on what those setup elements can do. They have complete power, so they’re vulnerable to being compromised in a pretty unique method.”

Tricky Target

Bélanger and Endahl anxiety your attack isn’t effortless. They may be able only show a form of it at Black Hat because Endahl works at Fleetsmith, and that can create the certified server while the man-in-the-middle assault on MDM merchant himself. And so they praise Apple’s application security and also the MDM process general, noting that Apple has produced the capability to kill harmful apps once the company discovers them.

But they emphasize that it will be possible for a well-funded, determined attacker to exploit the flaw should they were buying method onto Macs. Plus the prospective to make use of the assault as being a leaping down point to bore deeper into corporate networks would have lots of appeal. Hackers might even simplify the assault by focusing on employees whom home based and are also more straightforward to man-in-the-middle, as a result of their consumer-grade routers.

“The attack is so powerful that some federal government would be incentivized to set up the task doing it,” Endahl says.

Apple’s patch will proliferate quickly to negate the flaw, but it is a good reminder no matter that also minute weaknesses in an ecosystem since elaborate as Apple’s can have possibly severe effects.

More Great WIRED Stories

Smartphone Voting Is Happening, but No One Knows if It’s Safe

When news hit this week that West Virginian military members serving abroad will become the first people to vote by phone in a major US election this November, security experts were dismayed. For years, they have warned that all forms of online voting are particularly vulnerable to attacks, and with signs that the midterm elections are already being targeted, they worry this is exactly the wrong time to roll out a new method. Experts who spoke to WIRED doubt that Voatz, the Boston-based startup whose app will run the West Virginia mobile voting, has figured out how to secure online voting when no one else has. At the very least, they are concerned about the lack of transparency.

“From what is available publicly about this app, it’s no different from sending voting materials over the internet,” says Marian Schneider, president of the nonpartisan advocacy group Verified Voting. “So that means that all the built-in vulnerability of doing the voting transactions over the internet is present.”

And there are a lot of vulnerabilities when it comes to voting over the internet. The device a person is using could be compromised by malware. Or their browser could be compromised. In many online voting systems, voters receive a link to an online portal in an email from their election officials—a link that could be spoofed to redirect to a different website. There’s also the risk that someone could impersonate the voter. The servers that online voting systems rely on could themselves be targeted by viruses to tamper with votes or by DDoS attacks to bring down the whole system. Crucially, electronic votes don’t create the paper trail that allows officials to audit elections after the fact, or to serve as a backup if there is in fact tampering.

But the thing is, people want to vote by phone. In a 2016 Consumer Reports survey of 3,649 voting-age Americans, 33 percent of respondents said that they would be more likely to vote if they could do it from an internet-connected device like a smartphone. (Whether it would actually increase voter turnout is unclear; a 2014 report conducted by an independent panel on internet voting in British Columbia concludes that, when all factors are considered, online voting doesn’t actually lead more people to vote.)

Thirty-one states and Washington, DC, already allow certain people, mostly service members abroad, to file absentee ballots online, according to Verified Voting. But in 28 of those states—including Alaska, where any registered voter can vote online—online voters must waive their right to a secret ballot, underscoring another major risk that security experts worry about with online voting: that it can’t protect voter privacy.

“Because of current technological limitations, and the unique challenges of running public elections, it is impossible to maintain separation of voters’ identities from their votes when Internet voting is used,” concludes a 2016 joint report from Common Cause, Verified Voting, and the Electronic Privacy Information Center. That’s true whether those votes were logged by email, fax, or an online portal.

Enter Voatz

Voatz says it’s different. The 12-person startup, which raised $2.2 million in venture capital in January, has worked on dozens of pilot elections, including primaries in two West Virginia counties this May. On a website FAQ, it notes, “There are several important differences between traditional Internet voting and the West Virginia pilot—mainly, security.”

Voatz CEO Nimit Sawhney says the app has two features that make it more secure than other forms of online voting: the biometrics it uses to authenticate a voter and the blockchain ledger where it stores the votes.

The biometrics part occurs when a voter authenticates their identity using a fingerprint scan on their phones. The app works only on certain Androids and recent iPhones with that feature. Voters must also upload a photo of an official ID—which Sawhney says Voatz verifies by scanning their barcodes—and a video selfie, which Voatz will match to the ID using facial-recognition technology. (“You have to move your face and blink your eyes to make sure you are not taking a video of somebody else or taking a picture of a picture,” Sawhney says.) It’s up to election officials to decide whether a voter should have to upload a new selfie or fingerprint scan each time they access the app or just the first time.

“We feel like that extra level of anonymization on the phone and on the network makes it really really hard to reverse-engineer.”

Nimit Sawhney, Voatz

The blockchain comes in after the votes are entered. “The network then verifies it—there’s a whole bunch of checks—then adds it to the blockchain, where it stays in a lockbox until election night,” Sawhney says. Voatz uses a permissioned blockchain, which is run by a specific group of people with granted access, as opposed to a public blockchain like Bitcoin. And in order for election officials to access the votes on election night, they need Voatz to hand deliver them the cryptographic keys.

Sawhney says that election officials print out a copy of each vote once they access them, in order to do an audit. He also tells WIRED that in the version of the app that people will use in November, Voatz will add a way for voters to take a screenshot of their vote and have that separately sent to election officials for a secondary audit.

To address concerns about ballot secrecy, Sawhney says Voatz deletes all personal identification data from its servers, assigns each person a unique but anonymous identifier within the system, and employs a mix of network encryption methods. “We feel like that extra level of anonymization on the phone and on the network makes it really really hard to reverse-engineer,” he says.

Experts Are Concerned

Very little information is publicly available about the technical architecture behind the Voatz app. The company says it has done a security audit with three third-party security firms, but the results of that audit are not public. Sawhney says the audit contains proprietary and security information that can’t leak to the public. He invited any security researchers who want to see the audit to come to Boston and view it in Voatz’s secure room after signing an NDA.

This lack of transparency worries people who’ve been studying voting security for a long time. “In over a decade, multiple studies by the top experts in the field have concluded that internet voting cannot be made secure with current technology. VOATZ claims to have done something that is not doable with current technology, but WON’T TELL US HOW,” writes Stanford computer scientist and Verified Voting founder David Dill in an email to WIRED.

Voatz shared one white paper with WIRED, but it lacks the kind of information experts might expect—details on the system architecture, threat tests, how the system responds to specific attacks, verification from third parties. “In my opinion, anybody purporting to have securely and robustly applied blockchain technology to voting should have prepared a detailed analysis of how their system would respond to a long list of known threats that voting systems must respond to, and should have made their analysis public,” Carnegie Mellon computer scientist David Eckhardt wrote in an email.

Ideally, experts say, Voatz would have held a public testing period of its app before deploying it in a live election. Back in 2010, for example, Washington, DC, was developing an open-source system for online voting and invited the public to try to hack the system in a mock trial. Researchers from the University of Michigan were able to compromise the election server in 48 hours and change all the vote tallies, according to their report afterward. They also found evidence of foreign operatives already in the DC election server. This kind of testing is now considered best practice for any online voting implementation, according to Eckhardt. Voatz’s trials have been in real primaries.

“West Virginia is handing over its votes to a mystery box.”

David Dill, Stanford University

Voatz’s use of blockchain itself does not inspire security experts, either, who dismissed it mostly as marketing. When asked for his thoughts on Voatz’s blockchain technology, University of Michigan computer scientist Alex Halderman, who was part of the group that threat-tested the DC voting portal in 2010, sent WIRED a recent XKCD cartoon about voting software. In the last panel, a stick figure with a microphone tells two software engineers, “They say they’ve fixed it with something called ‘blockchain.’” The engineers’ response? “Aaaaa!!!” “Whatever they’ve sold you, don’t touch it.” “Bury it in the desert.” “Wear gloves.”

“Voting from an app on a mobile phone is as bad an idea as voting online from a computer,” says Avi Rubin, technical director of the Information Security Institute at Johns Hopkins, who has studied electronic voting systems since 1997. “The fact that someone is throwing around the blockchain buzzword does nothing to make this more secure. This is as bad an idea as there is.”

Blockchain has its own limitations, and it’s far from a perfect security solution for something like voting. First of all, information can be manipulated before it enters the chain. “In fact, there is an entire industry in viruses to manipulate cryptocurrency transactions before they enter the blockchain, and there is nothing to prevent the use of similar viruses to change the vote,” says Poorvi Vora, a computer scientist and election security expert at George Washington University.

She adds that if the blockchain is a permissioned version, as Voatz’s is, “It is possible for those maintaining the blockchain to collude to change the data, as well as to introduce denial of service type attacks.”

Sawhney pushes back against this last critique, telling WIRED that the blockchain verifiers in the Voatz system is a collection of vetted stakeholders such as Voatz itself, election officials, nonprofit voting auditors, and politicians.

And even though the transaction is through an app rather than a browser, Vora says previously identified risks of internet voting remain. “Both the browser and the app run on the operating system underneath, and both, hence, inherit the vulnerabilities that go with relying entirely on software,” she says.

Sawhney admits the concern about malware on a person’s device is legitimate but thinks that creating a program to manipulate votes would be so hard as to be impractical. “It’s theoretically possible, if that malware had been specifically written to intercept votes passing, to reverse-engineer our application, break all our keys, specifically modify if somebody marks oval A change it to oval B, and then bypass the identifier and send it to the network, but that is so, so hard to do in real time,” he says. “It is possible, but we haven’t found a way to do it.” He adds that the app checks the phone for malware before downloading on a device, though he admits it could be possible for malware to go undetected.

The role of facial recognition in authenticating voter identities is another thing that concerns experts. Schneider worries that there could be ways to trick that technology using videos available elsewhere on the internet, for instance. And Vora notes that facial-recognition technology has known racial biases that could affect who even is able to access Voatz.

Sawhney tells WIRED that Voatz has people manually check the facial-recognition authorization. This is possible at the moment but could become an issue if the technology were to be introduced to a wider electorate, as Voatz states on its website is the ultimate goal. In fact, Voatz has already encountered a scaling problem. When Utah GOP voters tried to use the app during their caucus in April, many couldn’t get it to work. You can read about many voters’ experience in bad reviews of Voatz they left in Apple’s App Store. Sawhney tells WIRED that the issues stemmed from voters attempting to download the app and authenticate themselves minutes before polls closed, which didn’t give Voatz enough time.

Though Voatz has answers for much of the criticism it has faced this week, none of its responses are likely to convince security experts that the smartphone voting app is ready for November. At the very least, the security world’s reaction to Voatz underscores how important transparency is in the rollout of any new voting system. “West Virginia is handing over its votes to a mystery box,” Dill says.

But election officials in West Virginia are enthusiastic about the app. “They used it in the primary in a couple of the other counties to do a test drive, and they said it was wonderful,” says Kanawha County Clerk Vera McCormick, who oversees voting in the state capital of Charleston and plans to allow the 60 overseas military members registered in her county to use Voatz to vote. “We’re excited and my understanding is the security is wonderful, so we’ll find out.”

More Great WIRED Stories

Blueair Sense+ Review: Inhale Easy Using This WiFi-Enabled Air Purifier

Your house might be your sanctuary, nevertheless the atmosphere within it is probably not that perfect for you. Specially during the summer time, available windows allow in exhaust from moving vehicles, on top of dust, and pollen. My dogs shed constantly, putting dander and locks in the air, too. I’m able to usually find my spouse cheerfully drilling into walls or cutting holes into the floor, and my kids keep sopping damp towels to incubate mildew in bizarre, concealed places. Although I vacuum everyday, it is perhaps not nearly enough.

Regular wildfires and summer heat in western united states of america also donate to bad quality of air. While many people are fine with washing their sheets, vacuuming, and changing filters within their HVAC system, those may not be adequate measures if you’ve ever stepped outside to find your entire neighbor hood veiled in a fine, ashy haze.

Many moms and dads of young children purchase and run an air cleanser during the summer. Being an sensitivity and asthma sufferer with two young kids, I do, too.

Simply Breathe

Launched two decades ago by the Electrolux alum in Stockholm, Sweden, Blueair makes the best electronic home air cleaners available. We elected to test the Sense+, their Wi-Fi-enabled model. While it isn’t quite as aesthetically striking whilst the Dyson Pure Cool, the sleek cuboid does may be found in a selection of vivid colors. My tester model was in a brilliant leaf green.

At 19 inches high and 18.5 inches wide, the Sense+ is a floor unit. It willn’t have an outside fan, and that means you need to be just a little thoughtful about positioning in order for the maximum amount of air to obtain experience of the filter. Blueair advises which you place it about 10 centimeters, or nearly four ins, from other things. In my bedroom, the actual only real destination that both fit the machine and had an electric socket was at the path across the base of our bed.

Setup is straightforward. Just connect it in, download the Blueair Friend software to your phone, and swipe your pay the top the system, which will start to glow like one thing from Minority Report. Then, you stick to the in-app directions to connect the Sense+.

Blueair

The LED screen along with the Sense+ looks pretty cool, and it’s really fun to modify the fan speed or transform it down by just waving your hand. But for more fine-tuned control, you have to make use of the software (the Sense+ can also be Alexa-compatible). On your phone, you are able to adjust the fan rate and/or LED brightness. You can set night mode, which will dial down the fan rate and LED intensity throughout a set of pre-programmed time constraints. Finally, there’s a kid lock function, if you too have a toddler that is delighted to find out that they can turn the purifier on / off by waving a little fist.

And unlike the Pure Cool, the Sense+ does not have a built-in air quality monitor. For that, you’ll want to purchase the optional Blueair Aware, which is really a little unit that both cannot look like it costs $200, and is apparently comparably priced to other consumer-grade quality of air sensors. AQ monitors evaluate your interior air quality predicated on a variety of factors, like temperature, moisture, or particulate matter.

The manual advises setting the Aware at “nose level”, but considering that the purifier is inside our room, a bedside dining table seemed to be a good option for it. The Aware takes a week’s worth of test readings before it is calibrated.

The Aware monitors particulate matter which are as much as 2.5 micrometers in proportions, which could start around anything from fine dust to smells; volatile organic substances (VOCs) like acetaldehyde from cooking or tobacco smoke; and carbon dioxide, along with temperature and moisture. The Aware provides you with alerts on your phone as soon as the air quality in your space is poor. You could link it on Sense+ to increase the purifier’s interior fan rate immediately whenever room is more polluted; examine charts for every single pollutant over time; and compare your interior quality of air to outdoor air quality.

The app uses the U.S. ecological Protection Agency’s standard for calculating the quality of air index (AQI), while the Blueair Friend’s outside AQI readings tallied utilizing the real time neighborhood readings from my state’s Department of Environmental Quality.

As could be expected, when I first create the purifier and turned on the app, it registered our bed room was extremely polluted with both total VOCs and carbon dioxide (it ought to be noted that high quantities of co2 are a definite ventilation problem, and can’t be fixed having an air cleaner). It took about one hour in the day the Sense+ and Aware to cut back the readings from polluted to exemplary.

Searching back on schedule of this Aware’s readings ended up being like looking straight back at a timeline of my time. Yup, those particulate matter spikes have reached exactly the same time whenever my partner and I also belong to our dusty sheets at the end of time. The co2 surges are timed exactly when we get fully up in the morning, so when our dogs walk (or run) at night air cleanser through the night to chase skunks or possums. Every thing flatlines in the day, while we’re at the job. So that as utilizing the Dyson Pure Cool, I have stopped getting out of bed to note our neighbor skunks’ nighttime journeys past our bed room window. Maybe they’ve began taking another path?

In the Air Tonight

At $400, the Sense+ is extremely high priced. A $200 quality of air monitor in addition to that is pricier still. And after operating the Sense+ for about per month, my Blueair buddy informs me personally that i’ve merely a 122 days left on the filter, an alternative which is why generally seems to cost around $80. This is not a cheap investment, even though Blueair possesses cheaper choices. Including, the Blueair Pure 211 is almost half the cost and purifies equivalent square footage.

As anyone who has chronic asthma-induced bronchitis, it’s good to understand when your indoor quality of air worsens—even whether it’s because your son or daughter has begun breathing straight into the top the AQ monitor. Improving your interior air quality can boost your total well being, even though you’re not an asthmatic or perhaps a information hound whom likes poring over maps. Vulnerable demographics, like young children or the senior, can especially benefit.

After all, easily’m planning to endure the constant aromas of fish sticks, scented markers, and Play-Doh while hiding through the sun this summer, I’ll gladly simply take all of the help i will get.

This Robot Hand Taught Itself How to Grab Stuff Like a Human

Elon Musk is kinda worried about AI. (“AI is a fundamental existential risk for human civilization and I don’t think people fully appreciate that,” as he put it in 2017.) So he helped found a research nonprofit, OpenAI, to help cut a path to “safe” artificial general intelligence, as opposed to machines that pop our civilization like a pimple. Yes, Musk’s very public fears may distract from other more real problems in AI. But OpenAI just took a big step toward robots that better integrate into our world by not, well, breaking everything they pick up.

OpenAI researchers have built a system in which a simulated robotic hand learns to manipulate a block through trial and error, then seamlessly transfers that knowledge to a robotic hand in the real world. Incredibly, the system ends up “inventing” characteristic grasps that humans already commonly use to handle objects. Not in a quest to pop us like pimples—to be clear.

Video by OpenAI

The researchers’ trick is a technique called reinforcement learning. In a simulation, a hand, powered by a neural network, is free to experiment with different ways to grasp and fiddle with a block. “It’s just doing random things and failing miserably all the time,” says OpenAI engineer Matthias Plappert. “Then what we do is we give it a reward whenever it does something that slightly moves it toward the goal it actually wants to achieve, which is rotating the block.” The idea is to spin the block to show certain sides, each marked with an uppercase letter, without dropping it.

If the system does something random that brings the block slightly closer to the right position, a reward tells the hand to keep doing that sort of thing. Conversely, if it does something dumb, it’s punished, and learns to not do that sort of thing. (Think of it like a score: -20 for something very bad like dropping the object.) “Over time with a lot of experience it gradually becomes more and more versatile at rotating the block in hand,” says Plappert.

The trick with this new system is that the researchers have essentially built many different worlds within the digital world. “So for each simulation we randomize certain aspects,” says Plappert. Maybe the mass of the block is a bit different, for example, or gravity is slightly different. “Maybe it can’t move its fingers as quickly as it normally could.” As if it’s living in a simulated multiverse, the robot finds itself practicing in lots of different “realities” that are slightly different from one another.

This prepares it for the leap into the real world. “Because it sees so many of these simulated worlds during its training, what we were able to show here is that the actual physical world is just yet one more randomization from the perspective of the learning system,” says Plappert. If it only trains in a single simulated world, once it transfers to the real world, random variables will confuse the hell out of it.

For instance: Typically in the lab these researchers would position the robot hand palm-up, completely flat. Sitting in the hand, a block wouldn’t slide off. (Cameras positioned around the hand track LEDs at the tip of each finger, and also the position of the block itself.) But if the researchers tilted the hand slightly, gravity could potentially pull the block off the hand.

The system could compensate for this, though, because of “gravity randomization,” which comes in the form of not just tweaking the strength of gravity in simulation, but the direction it’s pulling. “Our model that is trained with lots of randomizations, including the gravity randomization, adapted to this environment pretty well,” says OpenAI engineer Lilian Weng. “Another one without this gravity randomization just dropped the cube all the time because the angle was different.” The tilted palm was confused because in the real world, the gravitational force wasn’t perpendicular to the plane of the palm. But the hand that trained with gravity randomization could learn how to correct for this anomaly.

To keep its grip on the block, the robot has five fingers and 24 degrees of freedom, making it very dexterous. (Hence its name, the Shadow Dexterous Hand. It’s actually made by a company in the UK.) Keep in mind that it’s learning to use those fingers from scratch, through trial and error in simulation. And it actually learns to grip the block like we would with our own fingers, essentially inventing human grasps.

Interestingly, the robot goes about something called a finger pivot a bit differently. Humans would typically pinch the block with the thumb and either the middle or ring finger, and pivot the block with flicks of the index finger. The robot hand, though, learns to grip with the thumb and little finger instead. “We believe the reason for this is simply in the Shadow Hand, the little finger is actually more dextrous because it has an extra degree of freedom” in the palm, says Plappert. “In effect this means that the little finger has a much bigger area it can easily reach.” For a robot learning to manipulate objects, this is simply the more efficient way to go about things.

It’s an aritificial intelligence figuring out how to do a complex task that would take ungodly amounts of time for a human to precisely program piece by piece. “In some sense, that’s what reinforcement learning is about, AI on its own discovering things that normally would take an enormous amount of human expertise to design controllers for,” says Pieter Abbeel, a roboticist at UC Berkeley. “This is a wonderful example of that happening.”

Now, this isn’t the first time researchers have trained a robot in simulation so a physical robot could adopt that knowledge. The challenge is, there’s a massive disconnect between simulation and the real world. There are just too many variables to account for in this great big complicated physical universe. “In the past, when people built simulators, they tried to build very accurate simulators and rely on the accuracy to make it work,” says Abbeel. “And if they can’t make it accurate enough, then the system wouldn’t work. This idea gets around that.”

Sure, you could try to apply this kind of reinforcement learning on a robot in the real world and skip the simulation. But because this robot first trains in a purely digital world, it can pack in a lot of practice—the equivalent of 100 years of experience when you consider all the parallel “realities” the researchers factored in, all running quickly on very powerful computers. That kind of learning will grow all the more important as robots assume more responsibilities.

Responsibilities that don’t including exterminating the human race. OpenAI will make sure of that.

More Great WIRED Stories