Stories
Slash Boxes
Comments

SoylentNews is people

Log In

Log In

Create Account  |  Retrieve Password


Site News

Join our Folding@Home team:
Main F@H site
Our team page


Funding Goal
For 6-month period:
2022-07-01 to 2022-12-31
(All amounts are estimated)
Base Goal:
$3500.00

Currently:
$438.92

12.5%

Covers transactions:
2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
(SPIDs: [1838..1866])
Last Update:
2022-10-05 14:04:11 UTC --fnord666

Support us: Subscribe Here
and buy SoylentNews Swag


We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

What was highest label on your first car speedometer?

  • 80 mph
  • 88 mph
  • 100 mph
  • 120 mph
  • 150 mph
  • it was in kph like civilized countries use you insensitive clod
  • Other (please specify in comments)

[ Results | Polls ]
Comments:47 | Votes:110

posted by on Wednesday November 13 2019, @11:10PM   Printer-friendly
from the lingere dept.

Just a quick note to let those of you who care know that our load balancer finally got bumped up to openssl 1.1.x and is now TLSv1.3 happy. For those of you who are especially paranoid, "ssl_early_data" is explicitly set to "off" in the nginx conf file, actively disabling 0-RTT, even though it's disabled by default.

That's all, carry on.

posted by janrinok on Wednesday November 13 2019, @10:54PM   Printer-friendly
from the I'll-bet-that-they-are-pleased dept.

PayPal Upsets Microsoft as Phishers' Favorite Brand

Several factors edged the world's most popular payment service into the top spot.

PayPal was the most frequently spoofed brand in the third quarter of 2019, unseating Microsoft, phishers' usual favorite, which held the top spot for more than a year, Vade Secure reports.

Microsoft has been the most impersonated brand for five consecutive quarters, or as long as Vade Secure has published its quarterly Phishers' Favorites report. PayPal has consistently been a popular target; however, this year saw an uptick in PayPal attacks. Unique PayPal phishing URLs spiked 167.8% and 111.9% year-over-year in the first and second quarters, respectively. This quarter saw 69.6% growth with 16,547 unique PayPal phishing URLs, or nearly 180 per day.

[...]Phishing campaigns have capitalized on PayPal's popularity. One discovered by Vade researchers targeted more than 700,000 people, primarily located in Europe, with emails threatening legal action and requesting a small amount of money from recipients.


Original Submission

posted by janrinok on Wednesday November 13 2019, @09:25PM   Printer-friendly
from the fun-of-growing-old dept.

Arthur T Knackerbracket has found the following story:

The net clinical benefit of anticoagulants for atrial fibrillation (AF) -- one of the most important causes of irregular heartbeats and a leading cause of stroke -- decreases with age, as the risk of death from other factors diminishes their benefit in older patients, according to a study led by researchers at UC San Francisco.

The multi-institutional study of nearly 15,000 AF patients found that the anticoagulant warfarin was not beneficial after age 87 and another, apixaban, after age 92. As a result, physicians should consider all mortality risks, such as cancer and end-stage kidney disease, when recommending anticoagulants to older adults with AF, the researchers said.

[...] "Many prior studies looking at the benefit of blood thinners found older adults benefit more than younger adults, but they narrowly focus on atrial fibrillation and strokes and don't account for all other health conditions affecting older adults," said lead author Sachin Shah, MD, MPH, assistant professor of medicine at UCSF. "Our study is the first to find that when taking these factors into consideration, anticoagulant benefit actually decreases with age."

Atrial fibrillation affects an estimated 2.2 million Americans, according to the National Stroke Association, and about 15 percent of people who have strokes have AF. The stroke association estimates that up to 80 percent of strokes among people with AF could have been prevented.

While patients age 75 and older are at higher risk for stroke and advised to use anticoagulants, there is little evidence of their net benefit in this population. Advancing age also increases the likelihood of death from non-AF causes, thereby limiting the benefit or harm from AF and anticoagulant treatment.

Journal Reference:

Sachin J. Shah, Daniel E. Singer, Margaret C. Fang, Kristi Reynolds, Alan S. Go, Mark H. Eckman. Net Clinical Benefit of Oral Anticoagulation Among Older Adults With Atrial Fibrillation. Circulation: Cardiovascular Quality and Outcomes, 2019; 12 (11) DOI: 10.1161/CIRCOUTCOMES.119.006212


Original Submission

posted by janrinok on Wednesday November 13 2019, @08:03PM   Printer-friendly
from the shortest-distance-between-despair-and-hope-is-a-good-night's-sleep dept.

Submitted via IRC for Bytram

Stressed to the max? Deep sleep can rewire the anxious brain

[UC Berkeley] researchers have found that the type of sleep most apt to calm and reset the anxious brain is deep sleep, also known as non-rapid eye movement (NREM) slow-wave sleep, a state in which neural oscillations become highly synchronized, and heart rates and blood pressure drop.

"We have identified a new function of deep sleep, one that decreases anxiety overnight by reorganizing connections in the brain," said study senior author Matthew Walker, a UC Berkeley professor of neuroscience and psychology. "Deep sleep seems to be a natural anxiolytic (anxiety inhibitor), so long as we get it each and every night."

The findings, published today, Nov. 4, in the journal Nature Human Behaviour, provide one of the strongest neural links between sleep and anxiety to date. They also point to sleep as a natural, non-pharmaceutical remedy for anxiety disorders, which have been diagnosed in some 40 million American adults and are rising among children and teens.

"Our study strongly suggests that insufficient sleep amplifies levels of anxiety and, conversely, that deep sleep helps reduce such stress," said study lead author Eti Ben Simon, a postdoctoral fellow in the Center for Human Sleep Science at UC Berkeley.

In a series of experiments using functional MRI and polysomnography, among other measures, Simon and fellow researchers scanned the brains of 18 young adults as they viewed emotionally stirring video clips after a full night of sleep, and again after a sleepless night. Anxiety levels were measured following each session via a questionnaire known as the state-trait anxiety inventory.

After a night of no sleep, brain scans showed a shutdown of the medial prefrontal cortex, which normally helps keep our anxiety in check, while the brain's deeper emotional centers were overactive.

"Without sleep, it's almost as if the brain is too heavy on the emotional accelerator pedal, without enough brake," Walker said.

After a full night of sleep, during which participants' brain waves were measured via electrodes placed on their heads, the results showed their anxiety levels declined significantly, especially for those who experienced more slow-wave NREM sleep.

"Deep sleep had restored the brain's prefrontal mechanism that regulates our emotions, lowering emotional and physiological reactivity and preventing the escalation of anxiety," Simon said.

Beyond gauging the sleep-anxiety connection in the 18 original study participants, the researchers replicated the results in a study of another 30 participants. Across all the participants, the results again showed that those who got more nighttime deep sleep experienced the lowest levels of anxiety the next day.

Journal Reference: Eti Ben Simon, Aubrey Rossi, Allison G. Harvey, Matthew P. Walker. Overanxious and underslept. Nature Human Behaviour, 2019; DOI: 10.1038/s41562-019-0754-8


Original Submission

posted by janrinok on Wednesday November 13 2019, @05:33PM   Printer-friendly
from the I-imagine-so dept.

Imagined movements can alter our brains

The interdisciplinary study examined the influence of two different types of BCI on the brains of test subjects with no prior experience of this technology. The first subgroup was given the task of imagining that they were moving their arms or feet, in other words a task requiring the use of the brain's motor system. The task given to the second group addressed the brain's visual center by requiring them to recognize and select letters on a screen. Experience shows that test subjects achieve good results in visual tasks right from the outset and that further training does not improve these results, whereas addressing the brain's motor system is much more complex and requires practice. In order to document potential changes, test subjects' brains were examined before and after each BCI experiment using a special visualizing process -- MRT (magnetic resonance tomography).

"We know that intensive physical training affects the plasticity of the brain," says Till Nierhaus of the Max Planck Institute for Human Cognitive and Brain Sciences. Plasticity refers to the brain's ability to alter depending on how it is used. Scientists distinguish here between functional plasticity, where changes only occur in the intensity of the signals between the individual synapses, and structural plasticity. Structural plasticity refers to a change in nerve cells or even the forming of new nerve cells. "We asked ourselves if these impacts on the brain's plasticity would also occur in purely mental BCI experimental tasks, in other words if test subjects only think of a task without actually performing it," says Carmen Vidaurre, researcher at the Public University of Navarre.

The results did indeed show measurable changes in precisely those regions of the brain specifically required to conduct the tasks. In other words, changes in the visual areas of the brain in test subjects given the visual task and changes in the motor area in test subjects who practiced imagining moving a part of their body. It is particularly worth noting that changes occurred within very short periods of time (one hour) using BCI, rather than weeks as is the case in physical training. "It is still not clear if these changes would also occur if test subjects were not provided with feedback via the BCI system that their brain signals could be successfully read," Dr. Nierhaus points out. However the results do in general demonstrate that the effects of training with a brain-computer interface could have therapeutic benefits by stimulating specific regions of the brain.

Journal Reference:

Till Nierhaus, Carmen Vidaurre, Claudia Sannelli, Klaus‐Robert Mueller, Arno Villringer. Immediate brain plasticity after one hour of brain–computer interface (BCI). The Journal of Physiology, 2019; DOI: 10.1113/JP278118


Original Submission

posted by janrinok on Wednesday November 13 2019, @04:09PM   Printer-friendly
from the Internet-of-Leaks dept.

Submitted via IRC for soylent_lavender

Ring Flaw Underscores Impact of IoT Vulnerabilities

A vulnerability in Amazon’s Ring Video Doorbell Pro IoT device could have allowed a nearby attacker to imitate a disconnected device and then sniff the credentials of the wireless networks when the owner reconfigured the device, according to a report issued by security firm Bitdefender.

The issue, which was fixed by Amazon in September, underscores the impact of a single insecure Internet-of-Things device on the organization in which it is deployed. While the vulnerability may only occur in a single network device, the result of the flaw could be leaked information — the wireless network password, for example — which  would have far more serious repercussions.

"IoT is a security disaster, any way you look at it," says Alexandru Balan, Bitdefender's chief security researcher. "Security is not the strong suit of IoT vendors — only rarely, do we see vendors who take security seriously."

The discovery of a serious vulnerability in a popular IoT product comes as businesses and consumers increasingly worry about the impact that such devices may have on their own security. Only about half of security teams have a response plan in place to deal with attacks on connected devices, according to recent report from Neustar. Even critical-infrastructure firms, such as utilities that have to deal with connected operational technology, a widespread class of Internet-of-Things devices, are ill-prepared to deal with vulnerabilities and attacks, the report says.

Vulnerabilities in IoT devices can have serious repercussions. In July, a team of researchers found widespread flaws in the networking software deployed in as many as 200 million embedded devices and found millions more that could be impacted by a variant of the issue in other real-time operating systems.

The issue with Amazon Ring is not as serious but it is a reminder that vulnerabilities can still be easily found in the devices by attackers paying attention, says Balan"We tend to look at the popular devices, and those tend to have better security than the less popular devices," 


Original Submission

posted by Fnord666 on Wednesday November 13 2019, @02:39PM   Printer-friendly
from the according-to-Samsung-size-matters dept.

Galaxy S11 giant screen sizes, 108MP camera and colors just leaked.

A new leak says that all of the Samsung Galaxy S11 phones will come in even bigger sizes than the S10 line, reaching up a skateboard-worthy 6.9 inches for the S11 Plus, which will come only as a 5G phone. Moreover, software leaks confirm they will come with an oversized 108MP camera sensor.

Read more about it here.


Original Submission

posted by Fnord666 on Wednesday November 13 2019, @01:07PM   Printer-friendly
from the the-people-have-spoken dept.

Submitted via IRC for soylent_lavender

How Airbnb's fight to overturn a New Jersey law imploded

Residents of Jersey City, New Jersey, voted overwhelmingly in favor of strict short-term rental regulations on Tuesday, putting an end to the high-profile feud between Airbnb and local officials that had engulfed the city in recent months. The move comes as a major blow to Airbnb, which spent more than $4.2 million blanketing Jersey City in television ads, handouts, and pro-Airbnb canvassers in a campaign to quash the restrictions, which will affect a popular destination for guests looking to visit Manhattan (which is just across the Hudson River and several minutes away on public transit) without running afoul of New York's tight rules on short-term rentals.

The new rules crack down on Jersey City's booming short-term rental industry—which has grown by an order of magnitude since city officials effectively legalized the practice in 2015—by requiring that owners obtain permits and limiting who can rent out their spaces and for how long. Despite an aggressive opposition campaign, voters approved the regulations in a landslide, with current estimates suggesting nearly 70% voted in favor of the measure.

Jersey City's rejection of Airbnb suggests that the tide may be changing for the so-called tech unicorn, as the city joins the growing ranks of former Airbnb defenders turned defectors. Local government officials around the nation that had been early advocates of the company, from Arizona and Louisiana to Oregon, are now turning against it. And with Airbnb looking to do an IPO in 2020—a process that involves airing out its dirty laundry for investors—every bit of regulatory backlash counts.

This story originally appeared on wired.com.


Original Submission

posted by Fnord666 on Wednesday November 13 2019, @11:35AM   Printer-friendly
from the one-sheep-two-sheep-red-sheep-blue-sheep dept.

Submitted via IRC for Bytram

More Americans struggle to fall asleep, stay asleep

Getting the recommended seven to eight hours of sleep every night is a struggle for most people, but even those who do may not have the best sleep.

New research from Iowa State University finds more Americans have trouble falling asleep and staying asleep. The changes were independent of sleep duration, and difficulties were most prevalent in people with healthy sleep length, the findings show. The study, published in the journal Sleep Health, is one of the first to look at how multiple dimensions of sleep health change over time.

Zlatan Krizan, professor of psychology, and his research team analyzed data collected from nearly 165,000 individuals from 2013 to 2017, as part of the National Health Interview Survey. Over the course of five years, adults who reported at least one day a week with difficulty falling asleep increased by 1.43% and those reporting at least one day with trouble staying asleep increased by 2.70%. While the percentages may seem small, Krizan says based on 2018 population estimates this means as many as five million more Americans are experiencing some sleep difficulties.

"Indeed, how long we sleep is important, but how well we sleep and how we feel about our sleep is important in its own right," Krizan said. "Sleep health is a multidimensional phenomenon, so examining all the aspects of sleep is crucial for future research."

Garrett C. Hisler, Diana Muranovic, Zlatan Krizan. Changes in sleep difficulties among the U.S. population from 2013 to 2017: results from the National Health Interview Survey. Sleep Health, 2019; DOI: 10.1016/j.sleh.2019.08.008


Original Submission

posted by Fnord666 on Wednesday November 13 2019, @10:03AM   Printer-friendly
from the plant-more-trees? dept.

Submitted via IRC for Bytram

MIT engineers develop a new way to remove carbon dioxide from air.

Most methods of removing carbon dioxide from a stream of gas require higher concentrations, such as those found in the flue emissions from fossil fuel-based power plants. A few variations have been developed that can work with the low concentrations found in air, but the new method is significantly less energy-intensive and expensive, the researchers say.

The technique, based on passing air through a stack of charged electrochemical plates, is described in a new paper in the journal Energy and Environmental Science, by MIT postdoc Sahag Voskian, who developed the work during his PhD, and T. Alan Hatton, the Ralph Landau Professor of Chemical Engineering.

Sahag Voskian, T. Alan Hatton. Faradaic electro-swing reactive adsorption for CO2 capture. Energy & Environmental Science, 2019; DOI: 10.1039/C9EE02412C


Original Submission

posted by Fnord666 on Wednesday November 13 2019, @08:31AM   Printer-friendly
from the business-as-usual dept.

Submitted via IRC for soylent_red

DirecTV kept charging regional sports fee while channel was blacked out

DirecTV and Comcast are being investigated by Colorado Attorney General Phil Weiser, who objects to the TV providers continuing to charge regional sports network (RSN) fees despite not providing one of the major regional sports networks. While Comcast is giving customers partial bill credits, DirecTV apparently hasn't done so.

Weiser sent letters to the AT&T-owned DirecTV and Comcast on October 23, asking why the companies kept charging RSN fees after they stopped providing the Altitude Sports network. The network broadcasts games played by the state's major professional basketball, hockey, and soccer teams (the Denver Nuggets, Colorado Avalanche, and Colorado Rapids, respectively). The AG's letters said that Comcast's and DirecTV's conduct "may constitute a deceptive trade practice under the Colorado Consumer Protection Act" and "may result in the imposition of civil penalties up to $20,000 per violation." The letters also said the AG is investigating other potentially misleading fees.

[...] Weiser's office gave both companies until November 7 to respond. Comcast said it will provide an additional, more detailed response to the AG by then. AT&T's DirecTV division hasn't responded to Weiser's office yet, Weiser's office told Ars today. We contacted AT&T today and will update this article if we get a response.

The actions of DirecTV, which apparently hasn't offered credits to customers, have been "very concerning," Weiser told The Denver Post.

"Based on early conversations with DirecTV and AT&T, we didn't believe they were taking the request with the seriousness that they should," a spokesperson for Weiser also told the Post.


Original Submission

posted by Fnord666 on Wednesday November 13 2019, @06:59AM   Printer-friendly
from the clever-hackers dept.

Submitted via IRC for soylent_aqua

Specially Crafted ZIP Files Used to Bypass Secure Email Gateways

Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing campaign that utilized a specially crafted ZIP file that was designed to bypass secure email gateways to distribute the NanoCore RAT.

Every ZIP archive contains a special structure that contains the compressed data and information about the compressed files. Each ZIP archive also contains a single "End of Central Directory” (EOCD) record, which is used to indicate the end of the archive structure.

In a new spam campaign discovered by Trustwave, researchers encountered a spam email pretending to be shipping information from an Export Operation Specialist of USCO Logistics.

Attached to this email was a ZIP archive named SHIPPING_MX00034900_PL_INV_pdf.zip that looked suspicious as its file size was greater than its uncompressed content.

"The attachment “SHIPPING_MX00034900_PL_INV_pdf.zip“ makes this message stand out," Trustwave stated in a report. "The ZIP file had a file size significantly greater than that of its uncompressed content. Typically, the size of the ZIP file should be less than the uncompressed content or, in some cases, ZIP files will grow larger than the original files by a reasonable number of bytes."

When examining the file, the Trustwave researchers discovered that the ZIP archive contained two distinct archive structures, each marked by their own EOCD record.

This is illustrated by the file opened in 010 Editor, which shows two different ZIDENDLOCATOR structures.


Original Submission

posted by Fnord666 on Wednesday November 13 2019, @05:27AM   Printer-friendly

Arthur T Knackerbracket has found the following story:

Microsoft has said that not only will it embrace a new data privacy law in California, due to come into force in the New Year, but will extend the same protections to everyone in the US.

In a blog post by the software giant’s chief privacy officer, Julie Brill is enthusiastic about the new law which has been the subject to extensive lobbying by tech giants like Google and Facebook to water down its contents.

Microsoft, as with Apple, appears to view strong privacy as an opportunity to differentiate itself from its online competitors. “Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual,” Brill wrote, adding: “We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents.”

She also took several pot shots at Congress’ ongoing failure to agree on a federal data privacy policy, noting that “a lack of action by the United States Congress to pass comprehensive privacy legislation continues to be a serious issue for people who are concerned about how their data is collected, used and shared… In the absence of strong national legislation, California has enacted a landmark privacy law.” Brill is a former commissioner of the Federal Trade Commission (FTC).

That law - the California Consumer Privacy Act (CCPA) - “marks an important step toward providing people with more robust control over their data in the United States,” she wrote, adding that it “also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”


Original Submission

posted by chromas on Wednesday November 13 2019, @03:55AM   Printer-friendly
from the NOO-GOD!-NO.-GOD.-PLEASE.-NO.-NO!!!-NO!!!-NOOOOOO!!! dept.

Mozilla partners with Intel, Red Hat and Fastly to take WebAssembly beyond the browser – TechCrunch

Mozilla, Intel, Red Hat and Fastly today announced the launch of the Bytecode Alliance, a new open-source group that focuses on “creating new software foundations, building on standards such as WebAssembly and WebAssembly System Interface (WASI).”

Mozilla has long championed WebAssembly, the open standard that allows browsers to execute compiled programs in the browser. This allows developers to write their applications in languages like C, C++ and Rust and have those programs execute at native speed, all without having to rely on JavaScript, which would take much longer to parse and execute, especially on mobile devices.

[...] The mission of this new group goes beyond the browser, though. It wants to establish “a capable, secure platform that allows application developers and service providers to confidently run untrusted code, on any infrastructure, for any operating system or device, leveraging decades of experience doing so inside web browsers.” The argument here is that there is plenty of potential for WebAssembly outside of the browser because it allows untrusted code components to interact with trusted code inside of a sandboxed environment. Indeed, a Mozilla spokesperson noted that WebAssembly has generated more interest from businesses that are interested in this use case than from the traditional application developers and web technologists. Hence this new alliance.


Original Submission

posted by chromas on Wednesday November 13 2019, @02:22AM   Printer-friendly
from the its-a-feature-not-a-bug dept.

Facebook bug shows camera activated in background during app use

Some people have complained their cameras got turned on while they were looking through Facebook's app.

When you're scrolling through Facebook's app, the social network could be watching you back, concerned users have found. Multiple people have found and reported that their iPhone cameras were turned on in the background while they were looking at their feed.

The issue came to light through several posts on Twitter. Users noted that their cameras were activated behind Facebook's app as they were watching videos or looking at photos on the social network.

After people clicked on the video to full screen, returning it back to normal would create a bug in which Facebook's mobile layout was slightly shifted to the right. With the open space on the left, you could now see the phone's camera activated in the background.

This was documented in multiple cases, with the earliest incident on Nov. 2.

[...] "I thought it was just my phone or the app acting up," Lasafin said in a direct message. "Then I observed it became more persistent that evening."

Facebook would like to assure users that it was unintentional that the layout bug revealed that the camera was secretly activated.


Original Submission

posted by martyb on Wednesday November 13 2019, @12:55AM   Printer-friendly
from the we-should-all-be-using-riscv dept.

Intel Warns of Critical Info-Disclosure Bug in Security Engine

A critical security bug in the Intel Converged Security and Manageability Engine (CSME) could allow escalation of privilege, denial of service or information disclosure.

The details are included in a bug advisory that in total covers 77 vulnerabilities, 67 of which were found by internal Intel staff. The silicon giant has rolled out firmware updates and software patches to address these, which range in severity from the one critical flaw to a low-severity local privilege-escalation issue.

The affected products are: Intel CSME, Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL).

[...]The critical flaw is a heap overflow bug with a score of 9.6 out of 10 on the CVSS v.3 severity scale (CVE-2019-0169). It exists in the subsystem in the Intel CSME, which is a standalone chip on Intel CPUs that is used for remote management. The vulnerability and[sic] could allow an unauthenticated user to enable escalation of privileges, information disclosure or denial of service via adjacent access.

“Adjacent access” means that an attack must be launched from the same shared physical network or local IP subnet, or from within the same secure VPN or administrative network zone.

Read the rest of the article for details on the additional vulnerabilities that were addressed.


Original Submission