SoylentNews

robpow writes:

Techcrunch.com are reporting that MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC has been hacked. The data breach involves the theft of email addresses.

CurrentC are working hard to bring their own mobile payment solution to the market and recently made a number of retail chains turn off their contactless (NFC) card readers to prevent people paying with the competing Google Wallet and Apple Pay.

Are proprietary solutions becoming the new norm? Previously, all TVs could display all channels being broadcast and either cash or standard, mainstream credit cards were universally accepted but the new direction seems to be a plethora of incompatible technologies for the benefit of the vendor instead of the customer.

An anonymous coward writes with an article from The Atlantic:

The news is old, but The Atlantic's photo essay provides many spectacular images, courtesy of the US Geological Survey's Hawaiian Volcano Observatory.

AnonTechie writes with an article from Ars Technica:

In 2007, the FBI wrote a fake news story about bomb threats in Thurston County, Washington, and then sent out e-mail links "in the style of the Seattle Times."

The details have now been published by that very same newspaper, which today carries a story including outraged quotes from a Seattle Times editor. The FBI put an Associated Press byline on the fake news story, which was about the bomb threats in Thurston County that they were investigating.

“We are outraged that the FBI, with the apparent assistance of the US Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times editor Kathy Best. "Not only does that cross a line, it erases it."

The information comes from documents about the 2007 FBI operation, which were acquired via a Freedom of Information Act request and published by the Electronic Frontier Foundation in 2011. It wasn't until yesterday that ACLU Technologist Christopher Soghoian noted The Seattle Times/AP reference and published it on Twitter. That spurred the newspaper to express its outrage and get FBI response.

Hugh Pickens writes:

Nicolas Niarchos has a profile of 2600 in The New Yorker that is well worth reading. Some excerpts:

2600—named for the frequency that allowed early hackers and “phreakers” to gain control of land-line phones—is the photocopier to Snowden’s microprocessor. Its articles aren’t pasted up on a flashy Web site but, rather, come out in print. The magazine—which started as a three-page leaflet sent out in the mail, and became a digest-sized publication in the late nineteen-eighties—just celebrated its thirtieth anniversary. It still arrives with the turning of the seasons, in brown envelopes just a bit smaller than a 401k mailer.

“There’s been now, by any stretch of the imagination, three generations of hackers who have read 2600 magazine,” Jason Scott, a historian and Web archivist who recently reorganized a set of 2600’s legal files, said. Referring to Goldstein, whose real name is Eric Corley, he continued: “Eric really believes in the power of print, words on paper. It’s obvious for him that his heart is in the paper.”

2600 provides an important forum for hackers to discuss the most pressing issues of the day—whether it be surveillance, Internet freedom, or the security of the nation’s nuclear weapons—while sharing new code in languages like Python and C.* For example, the most recent issue of the magazine addresses how the hacking community can approach Snowden’s disclosures. After lampooning one of the leaked N.S.A. PowerPoint slides (“whoever wrote this clearly didn’t know that there are no zombies in ‘1984’ ”) and discussing how U.S. government is eroding civil rights, the piece points out the contradictions that everyone in the hacking community currently faces. “Hackers are the ones who reveal the inconvenient truths, point out security holes, and offer solutions,” it concludes. “And this is why hackers are the enemy in a world where surveillance and the status quo are the keys to power.”

AnonTechie writes with an article from Wired:

In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick. Only instead of a mistress, they’re sharing their love letters with data-stealing malware buried deep on a victim’s computer.

Here’s how the attack worked in the case Shape observed: The hacker first set up an anonymous Gmail account, then infected a computer on the target’s network with malware. (Shape declined to name the victim of the attack.) After gaining control of the target machine, the hacker opened their anonymous Gmail account on the victim’s computer in an invisible instance of Internet Explorer—IE allows itself to be run by Windows programs so that they can seamlessly query web pages for information, so the user has no idea a web page is even open on the computer.

With the Gmail drafts folder open and hidden, the malware is programmed to use a Python script to retrieve commands and code that the hacker enters into that draft field. The malware responds with its own acknowledgments in Gmail draft form, along with the target data it’s programmed to exfiltrate from the victim’s network. All the communication is encoded to prevent it being spotted by intrusion detection or data-leak prevention. The use of a reputable web service instead of the usual IRC or HTTP protocols that hackers typically use to command their malware also helps keep the hack hidden.

An Anonymous Coward writes:

wget prior to 1.16 allows for an FTP server to write arbitrary files on the client side, with the permissions of the user running wget, when performing a recursive get using FTP.

Redhat's bug is here: https://bugzilla.redhat.com/show_bug.cgi?id=1139181 and notes:

It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP.

There is a workaround:

This issue can be mitigated by ensuring that all invocations of wget in the mirror mode also specify --retr-symlinks command line option. Doing so is equivalent to applying the upstream commit linked in comment 14, which changes the default for the retr-symlinks options from off/no to on/yes, preventing creation of symbolic links locally.

In addition to changing arguments in all scripts or programs that invoke wget, it is possible to enabled[sic] retr-symlinks option via wget configuration file - either global /etc/wgetrc, or user specific ~/.wgetrc - by adding the following line:

  retr-symlinks=on

Separately, Metasploit has released both a disclosure and a Metasploit module for testing.

[Update: Corrected story title and introduction.]

AnonTechie writes:

Federal officials on Tuesday sued AT&T, the nation’s second-largest cellular carrier, for allegedly deceiving millions of customers by selling them supposedly “unlimited” data plans that the company later “throttled” by slowing Internet speeds when customers surfed the Web too much.

The Federal Trade Commission said the practice, used by AT&T since 2011, resulted in slower speeds for customers on at least 25 million occasions – in some cases cutting user Internet speeds by 90 percent, to the point where they resembled dial-up services of old. The 3.5 million affected customers experienced these slowdowns an average of 12 days each month, said the FTC, which received thousands of complaints about the practice.

See also Ars Technica's coverage: US sues AT&T, alleges severe throttling of unlimited data customers which notes that customers were throttled by as much as 90% once they reached 3GB or 5GB of data.

The FTC has made available both a press release and the AT&T lawsuit (pdf).

gewg_ writes:

AlterNet reports:

Imagine a world where fast food workers can pay their rent and utility bills plus buy their children food and clothes. Well, you don't have to imagine it because such a place exists. It's called Denmark.

A New York Times article on Tuesday (paywalled) chronicled the life of a Danish fast food worker named Hampus Elofsson, who works 40 hours a week at a Burger King in Copenhagen, and makes enough not only to pay his bills, but to save some money and enjoy a night out with friends. His wage: $20 per hour. Yep, you read that right. The base wage in Denmark is close to two and a half times what American fast food workers make.

Elofsson's pay is the kind of wage that Anthony Moore, a shift manager in Tampa, Florida can only dream about. [Moore] earns $9 an hour for his low-level management job, or about $300 per week, and like half of America's fast food workers, he relies on some form of public assistance to make up the difference between that wage and barely eking out a living.

[...] What Danish fast food workers have that their American counterparts do not is a powerful union and fast food franchise owners who are willing to make a little less of a profit...though they still do make a profit.

Economics professor Richard Wolff talked about Denmark in a webcast (20MB MP3) back in July.

I also found his discussion of the "recovery" of the USA economy (between the segment on the GM bailout and the one on "US" megacorps evading taxes) to be especially worthwhile. His weekly webcasts are also available for about half the bandwidth and storage space from KPFA's archive.

Sir Finkus writes:

A supply rocket carrying cargo and experiments to the ISS exploded shortly after liftoff. NASA and Orbital Sciences (the company operating the rocket) have not released any information about what may have caused the incident, pending further investigation.

The mission was unmanned, and all personnel are safe and accounted for. The extent of the damage to the launch facility has not yet been determined.

Phil Plait, author of the Bad Astronomy blog speculates that the 60s-70s era refurbished Russian engines the vehicle used will come under heavy scrutiny.

crutchy writes:

Small blue Queensland Police tags are stuck to cement lids covering gas, electricity, telecommunications and water services that open up along some Brisbane footpaths.

Each tag includes a bar code and separate identifying number, and they're placed across joins to access covers, allowing police to quickly see if they've been lifted.

JNCF writes:

A Bay Area news site is reporting that California Highway Patrol officers regularly steal nude photos from female arrestees' phones and share them with each other (and outsiders) in what one officer has described as "a game."

The California Highway Patrol officer accused of stealing nude photos from a DUI suspect's phone told investigators that he and his fellow officers have been trading such images for years, in a practice that stretches from its Los Angeles office to his own Dublin station, according to court documents obtained by this newspaper Friday.

CHP Officer Sean Harrington, 35, of Martinez, also confessed to stealing explicit photos from the cellphone of a second Contra Costa County DUI suspect in August and forwarding those images to at least two CHP colleagues. The five-year CHP veteran called it a "game" among officers, according to an Oct. 14 search warrant affidavit.

Here is part of a text conversation between Harrington and another officer, Robert Hazelwood. When Hazelwood mentions "the dl" he's probably refering to the victim's driver's license photo.

Hazelwood: Nudes are always better with the face

Harrington: Maybe she knows she has a jacked up horse face?!?!?

Hazelwood: Let's see the dl.

Harrington: When we get back to the office. And we'll have MDF mug shot, too

Hazelwood: Haha ok.

Harrington: But trust me. She's like a 5 or 6 at best.

No officers have been charged, obviously.

AnonTechie writes:

If there is a “holy grail” to be found in modern astrophysics, it probably has something to do with finding out what’s going on inside of black holes. Since no light escapes from their event horizons, studying their insides directly is impossible. As if that wasn’t bad enough, our best theories tend to break down inside the event horizon, limiting our ability to study them even theoretically with present models.

Despite all that, there are ways to get at the behavior of black holes. A recent line of work is approaching the problem in a different way—by analogy. Rather than trying to observe real black holes or trying to simulate them mathematically, researchers are constructing analogs of black holes. These constructions can be observed in a lab, right here on Earth.

Of course, scientists have no way of creating an actual gravitational singularity on a table-top, so they had to rely on the next best thing. The essence of a black hole is that it has an event horizon—a point of no return from which no light can escape. By analogy, in a fluid, there can be a point of no return for sound waves. If, for example, the fluid is moving faster than the speed of sound, no sound can outrun the fluid to escape in the opposite direction. That’s the basic idea behind a new experiment published in the journal Nature Physics (abstract) —an experiment that apparently makes a Hawking radiation laser out of a sonic black hole.

[Additional Coverage]: http://www.universetoday.com/115307/hawking-radiation-replicated-in-a-laboratory/

tonyPick writes:

LiveScience has a story on evidence of life 12 Miles below the Earth's Surface.

Telltale signs of life have been discovered in rocks that were once 12 miles (20 kilometers) below Earth's surface — some of the deepest chemical evidence for life ever found.

[...] Researchers found carbon isotopes in rocks on Washington state's South Lopez Island that suggest the minerals grew from fluids flush with microbial methane

Also covered at IFL Science.

azrael writes:

After months of reports of defects with certain models of MacBook Pros a class action suit has finally been filed for residents of California and Florida against Apple. For more details peruse the thread on the Apple support website which has over 9,000 entries and view the petition with over 22,000 signatures.

To summarise thousands of Apple customers believe that there are faults with the design of early 2011 MacBook Pros with discrete graphics cards which leave them liable to overheating, crashing, and becoming unusable. In many cases Apple has replaced logic boards only for repeated failures to occur - further lending credence to accusations of a defective design.

Our firm [Whitfield Bryson & Mason] recently filed a class-action lawsuit in a California federal court against Apple, Inc. on behalf of residents in the States of California and Florida who purchased 2011 MacBook Pro Laptops with AMD GPUs who experienced graphical distortions and system failures.

[the link to the Apple support is apparently under duress and may not work. - Ed.]

Hugh Pickens writes:

Ron Nixon reports in the NYT that the United States Postal Service reported that it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations in many cases without adequately describing the reason or having proper written authorization.

In addition to raising privacy concerns, the audit questioned the efficiency and accuracy of the Postal Service in handling the requests. The surveillance program, officially called mail covers, is more than a century old, but is still considered a powerful investigative tool. The Postal Service said that from 2001 through 2012, local, state and federal law enforcement agencies made more than 100,000 requests to monitor the mail of Americans. That would amount to an average of some 8,000 requests a year — far fewer than the nearly 50,000 requests in 2013 that the Postal Service reported in the audit (PDF).

In Arizona in 2011, Mary Rose Wilcox, a Maricopa County supervisor, discovered that her mail was being monitored by the county’s sheriff, Joe Arpaio. Wilcox had been a frequent critic of Arpaio, objecting to what she considered the targeting of Hispanics in his immigration sweeps. Wilcox sued the county, was awarded nearly $1 million in a settlement in 2011 and received the money this June when the Ninth Circuit Court of Appeals upheld the ruling. Mr. Thomas, the former county attorney, was disbarred for his role in investigations into the business dealings of Wilcox and other officials and for other unprofessional conduct. “I don’t blame the Postal Service," says Wilcox, "but you shouldn’t be able to just use these mail covers to go on a fishing expedition. There needs to be more control.”