2018-01-01 00:00:00 ..
2018-05-22 22:25:53 UTC
2018-05-23 01:23:37 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
Submitted via IRC for SoyCow3941
German researchers reckon they have devised a method to thwart the security mechanisms AMD's Epyc server chips use to automatically encrypt virtual machines in memory.
So much so, they said they can exfiltrate plaintext data from an encrypted guest via a hijacked hypervisor and simple HTTP requests to a web server running in a second guest on the same machine.
AMD's data-center processors, as well as its Ryzen Pro line, support what's called Secure Encrypted Virtualization. This decrypts and encrypts virtual machines on the fly while stored in RAM so that the host operating system, hypervisor, and any malware on the host computer, cannot snoop on protected VMs. Each virtual machine is assigned an address space ID which is linked to a cryptographic key to cipher and decipher data as it moves between memory and the CPU cores. The key never leaves the system-on-chip, and each VM gets its own key.
That means, in theory, not even a malicious or hijacked hypervisor, kernel, driver, or other privileged code, should be able to inspect the contents of a protected virtual machine, which is a good safety feature for multi-tenant cloud platforms. Now you can be sure that a BOFH isn't peeking into your guest instance. AMD marketed SEV as a feature to stop cloud and off-premises hosts from spying on sensitive virtual machines.
However, a technique dubbed SEVered [PDF] can, it is claimed, be used by a rogue host-level administrator, or malware within a hypervisor, or similar, to bypass SEV protections and copy information out of a customer or user's virtual machine.
The problem, said Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that miscreants at the host level can alter a guest's physical memory mappings, using standard page tables, so that the SEV mechanism fails to properly isolate and scramble parts of the VM in RAM. Here's the team's outline of the attack:
With SEVered, we demonstrate that it is nevertheless possible for a malicious HV [hypervisor] to extract all memory of an SEV-encrypted VM [virtual machine] in plaintext. We base SEVered on the observation that the page-wise encryption of main memory lacks integrity protection.
While the VM’s Guest Virtual Address (GVA) to Guest Physical Address (GPA) translation is controlled by the VM itself and opaque to the HV, the HV remains responsible for the Second Level Address Translation (SLAT), meaning that it maintains the VM’s GPA to Host Physical Address (HPA) mapping in main memory. This enables us to change the memory layout of the VM in the HV. We use this capability to trick a service in the VM, such as a web server, into returning arbitrary pages of the VM in plaintext upon the request of a resource from outside.
Submitted via IRC for guy_
The Trump administration told lawmakers the U.S. government has reached a deal to put Chinese telecommunications company ZTE Corp back in business after it pays a significant fine and makes management changes, a senior congressional aide said on Friday.
U.S. President Donald Trump appeared to confirm the deal in a tweet late on Friday. “I closed it down then let it reopen with high level security guarantees, change of management and board, must purchase U.S. parts and pay a $1.3 Billion fine.”
The reported deal involving China’s second-largest telecommunications equipment maker ran into immediate resistance in Congress, where Democrats and Trump’s fellow Republicans accused him of bending to pressure from Beijing to ease up on a company that U.S. intelligence officials have suggested poses a significant risk to U.S. national security.
ZTE was banned in April from buying U.S. technology components for seven years for breaking an agreement reached after it violated U.S. sanctions against Iran and North Korea.. After ZTE makes a series of changes it would now be allowed to resume business with U.S. companies, including chipmaker Qualcomm Inc.
The deal, earlier communicated to officials on Capitol Hill by the Commerce Department, requires ZTE to pay a substantial fine, place U.S. compliance officers at the company and change its management team, the aide said.
The Commerce Department would then lift an order issued in April preventing ZTE from buying U.S. products. ZTE shut down most of its production after the ruling was announced.
Fox News said Trump told them on Thursday that he had negotiated the $1.3 billion fine with Chinese President Xi Jinping in a phone call.
ZTE, which is publicly traded but whose largest shareholder is a Chinese state-owned enterprise, agreed last year to pay a nearly $900 million penalty and open its books to a U.S. monitor. The penalty stemmed from for breaking an agreement after it was caught illegally shipping U.S. goods to Iran and North Korea, in an investigation dating to the Obama administration.
Earlier this week, a game called Active Shooter appeared on Steam. It'd be nothing more than another heap of hacked-together pre-purchased assets—or an "asset flip," as they're known on Steam—if not for its subject matter. It's about mass shootings.
The unreleased game's Steam store page describes it as a "dynamic S.W.A.T. simulator" in which you play as a shooter, a S.W.A.T. team member trying to neutralize them, or a civilian. Its trailer depicts a player running down school halls and through classrooms, indiscriminately murdering teachers until a S.W.A.T. team shows up.
Complaints about the game have been fierce, and yesterday the person behind the game said they'll probably remove the option to play as the mass shooter. Almost as soon as the game's store listing went up, Steam users took to the game's forums to voice their distaste.
The developer will send "press review" copies out on May 30.
The Hill mistakenly claimed that Active Shooter is "created by video game company Valve" (they have since corrected their article).
Recently, Valve made headlines when it demanded that developers remove "pornographic content" from visual novel games. Some developers/publishers have since received apologies and their games are under re-review.
Submitted via IRC for guy_
A former commander of the USS John S. McCain pleaded guilty Friday to dereliction of duty when the destroyer collided with a commercial tanker, killing 10 people and injuring five in the Straits of Singapore last August.
Cmdr. Alfredo Sanchez, who has served in the Navy for more than 20 years, testified during a special court-martial at the Washington Navy Yard, Stars and Stripes reported.
“I am ultimately responsible and stand accountable,” Sanchez said. “I will forever question my decisions that contributed to this tragic event.”
Per disciplinary proceedings, Sanchez agreed to retire from service, forfeit $6,000 in wages, and was issued a letter of reprimand.
Sanchez claimed responsibility for the deadly collision. He said had failed to put a well-rested, well-trained crew in place to steer the destroyer into the Straits.
The former commander, who was immediately reassigned after the collision, initially faced negligent homicide charges, CBS News reported.
According to Sanchez, an 18-year-old undertrained helmsman had been navigating the destroyer, known as "Big Bad John," leading up to the collision.
FiveThirtyEight takes a look inside the balls used in major league baseball using X-rays to see what has been pysically changed in recent times. The physical changes are probably the main cause of the upswing in home runs noticed. Multiple independent investigations have shown differences in the characteristics of the balls and the way they perform.
MLB and its commissioner, Rob Manfred, have repeatedly denied rumors that the ball has been altered in any way — or "juiced" — to generate more homers. But a large and growing body of research shows that, beginning in the middle of the 2015 season, the MLB baseball began to fly further. And new research commissioned by "ESPN Sport Science," a show that breaks down the science of sports, suggests that MLB baseballs used after the 2015 All-Star Game were subtly but consistently different than older baseballs. The research, performed by the Keck School of Medicine at the University of Southern California and Kent State University's Department of Chemistry and Biochemistry, reveals changes in the density and chemical composition of the baseball's core — and provides our first glimpse inside the newer baseballs.
Alan Bean, the fourth person to walk on the moon and the last surviving member of the Apollo 12 mission, died Saturday in Houston, according to his family and NASA. He was 86.
[...] His first mission to space was in November 1969 as a member of the Apollo 12 crew, the second to land on the moon, it said. He became the fourth man -- and one of only 12 in history -- to walk on the moon.
Bean also commanded the second crewed flight to the first US space station Skylab in July 1973.
Submitted via IRC for Fnord666
Ad-blocking tool Ghostery suffered from a pretty impressive, self-inflicted screwup Friday when the privacy-minded company accidentally CCed hundreds of its users in an email, revealing their addresses to all recipients.
Fittingly, the inadvertent data exposure came in the form of an email updating Ghostery users about the company's data collection policies. The ad blocker was sending out the message to affirm its commitment to user privacy as the European Union's digital privacy law, known as the General Data Protection Regulation (GDPR), goes into effect.
The email arrived in inboxes with the subject line "Happy GDPR Day — We've got you covered!" In the body of the email, the company informed users, "We at Ghostery hold ourselves to a high standard when it comes to users' privacy, and have implemented measures to reinforce security and ensure compliance with all aspects of this new legislation."
Submitted via IRC for TheMightyBuzzard
We have a lot of respect for the hackers at NASA's Jet Propulsion Laboratory (JPL). When their stuff has a problem, it is often millions of miles away and yet they often find a way to fix it anyway. Case in point is the Curiosity Mars rover. Back in 2016, the probe's rock drill broke. This is critical because one of the main things the rover does is drill into rock samples, collect the powder and subject it to analysis. JPL announced they had devised a way to successfully drill again.
The drill failed after fifteen uses. It uses two stabilizers to steady itself against the target rock. A failed motor prevents the drill bit from retracting and extending between the stabilizers. Of course, sending a repair tech 60 million miles is not in the budget, so they had to find another way. You can see a video about the way they found, below.
The California medical board is threatening to revoke the license of Dr. William Edwin Gray III for selling homeopathic sound files over the Internet that he claims—without evidence or reason—can cure a variety of ailments, including life-threatening infections such as Ebola, SARS, swine flu, malaria, typhoid, and cholera.
If that can cure me of my old age too, I'm all game! Which button must I press?
Fiat Chrysler wanted to use software in its diesel engines that was capable of "cycle detection", meaning it could sense when the vehicle was undergoing emissions evaluations and activate controls to pass tests, Sergio Pasini, the controls and calibration director at supplier VM Motori, wrote in a 2010 email to colleagues. An employee within the automaker's powertrain division had tried to convince him the software, called "t_engine", didn't count as cycle detection.
The automaker's emissions control "will be managed mainly on t_engine which is, no matter what Fiat says, a cycle detection", Pasini wrote in an email, according to a court document that was unsealed on [May 16].
[...] The lawsuit, filed on behalf of consumers as a class action, claims that Fiat Chrysler misled buyers of its Jeep Grand Cherokee sport utility vehicles and Ram 1500 pickups by touting the fuel economy and performance of its EcoDiesel engines while cheating on emissions tests to win regulatory approval.
In 2012, another VM Motori employee, Emanuele Palma, wrote to colleagues that Fiat Chrysler "knows tEng is the only way to get to 30 mpg, so don't worry about this topic", The automaker touted the 30 miles per gallon highway gas mileage in marketing materials for its 2014 Jeep Grand Cherokee.
[...] Fiat Chrysler bought a 50 percent stake in VM Motori in 2011 and purchased the remaining shares from General Motors Co. in 2013.
The complaint with sealed material was filed April 23 then re-filed [May 16] with redacted portions that were newly visible.
[...] In a separate lawsuit brought by shareholders in 2015 claiming the company misled investors about vehicle safety problems, an unsealed document filed in federal court in Manhattan on [May 21] alleged that several employees knew the company's diesel vehicles contained defeat devices before regulators made their concerns public.
The document alleged that a Fiat Chrysler employee claimed to have alerted upper management that diesel engines contained such devices and indicated that a description of an emissions control strategy the company provided to regulators was inaccurate in internal messaging communications in 2014.
 Does anyone know what that is saying? Was new stuff added, increasing the bulk of the document--but that new stuff was blacked out?
...or is it that portions which were previously blacked out are now readable? Heh. "Journalists" and "editors".
In related news, Auto Express reports
Porsche [corporate overlord: Volkswagen AG] to recall 53,000 diesel Macans and 6,750 diesel Cayennes in Europe at request of German motor authorities
The recall affects the 3.0-litre V6 diesel Macan and 4.2-litre V8 diesel Cayenne, which both feature engines developed by Audi.
Germany's federal motor authority (KBA) made the request after the discovery of "inadmissible defeat devices", which could lead to increased NOx emissions during on-road driving compared to laboratory tests.
 All content is behind scripts.
We've previously talked a lot about Volkswagen AG getting busted for this.
Submitted via IRC for SoyCow3941
The US National Oceanic and Atmospheric Administration released some bad news today: the GOES-17 weather satellite that launched almost two months ago has a cooling problem that could endanger the majority of the satellite's value.
GOES-17 is the second of a new generation of weather satellite to join NOAA's orbital fleet. Its predecessor is covering the US East Coast, with GOES-17 meant to become "GOES-West." While providing higher-resolution images of atmospheric conditions, it also tracks fires, lightning strikes, and solar behavior. It's important that NOAA stays ahead of the loss of dying satellites by launching new satellites that ensure no gap in global coverage ever occurs.
The various instruments onboard the satellite have been put through their paces to make sure everything is working properly before it goes into official operation. Several weeks ago, it became clear that the most important instrument—the Advanced Baseline Imager—had a cooling problem. This instrument images the Earth at a number of different wavelengths, including the visible portion of the spectrum as well as infrared wavelengths that help detect clouds and water vapor content.
The infrared wavelengths are currently offline. The satellite has to be actively cooled for these precision instruments to function, and the infrared wavelengths only work if the sensor stays below 60K—that's about a cool -350°F. The cooling system is only reaching that temperature 12 hours a day. The satellite can still produce visible spectrum images, as well as the solar and lightning monitoring, but it's not a glorious next-gen weather satellite without that infrared data.
NPR reports: Law Firms Send Ads To Patients' Phones Inside ERs
Most consumers realize that their phones are basically a tracking device, says Bill McGeveran, an attorney who teaches Internet and technology law at the University of Minnesota. It is one thing to feel targeted in a grocery store, he says, but it feels far more intrusive when it creeps into other parts of daily life.
Geofencing, or placing a digital perimeter around a specific location, has been deployed by retailers for years to offer coupons and special offers to customers as they shop. Bringing it into health care spaces, however, is raising alarm among privacy experts.
Lawyers are now using the technology to send ads targeting people sitting in hospitals, chiropractors, and pain clinics. Once someone crosses the digital fence the ads can show up for more than a month — and on multiple devices.
Is it legal? For the most part, yes... HIPAA applies to hospitals and clinics and doctors and insurance companies, not to the lawyers and the marketers working on their behalf. However, the Massachusetts AG has successfully gone after this type of marketing before.
Submitted via IRC for SoyCow3941
Apple issued one of its bi-annual transparency reports today, and apart from the usual numbers on account takedown requests, the company issued a statement saying that it'll soon start reporting government requests to take down apps from the App Store. These requests will relate to alleged legal and / or policy provision violations, Apple says.
These numbers will tell us just how often governments are trying to block access to certain apps, and how many of those orders are actually obeyed. Google doesn't yet report these numbers specifically for the Play Store. I'd be interested to know why the requests were filed and what apps were affected, but Apple hasn't said if it'll call apps out by name.
Researchers from ETH Zurich have developed tiny valves that enable individual nanoparticles in liquids to be separated and sorted. The valves can be used for a very broad range of tiny particles, including individual metal and semiconductor nanoparticles, virus particles, liposomes and larger biomolecules such as antibodies.
The nanovalves work differently than classic valves, which are used to mechanically close and open flow in pipelines, as in a tap. "These mechanical valves can be miniaturised, but not as far as we would need for nanoscale applications," explains ETH professor Poulikakos. "If channels are thinner than a few dozen micrometres, they cannot be mechanically closed and opened with any regularity."
In order to open and close the nanoparticle flow in ultrathin channels, the ETH scientists made use of electric forces. They worked with channels etched into a silicon chip. These had a diameter of just 300 to 500 nanometres -- less than a hundredth of the diameter of a human hair. They then constructed nanovalves in these channels by narrowing the channels at desired valve locations using nanolithography and placing an electrode on both sides of these bottlenecks.
Nanoparticles in pure water cannot simply pass through the bottleneck; for them, the valve in its basic state is closed. By activating the electrode in particular ways, the electrical field in the bottleneck can be changed. This leads to a force acting on any nanoparticles present, which pushes the particles through the bottleneck -- this is how the valve is "opened."
Nanoparticles in a saline solution, however, behave differently: they can pass through the bottleneck in its basic state -- for them, the valve is "open." Yet as the scientists were able to show these particles can be stopped at the electrodes through a skilful application of alternating electrical fields. In this way, for example, biological particles such as viruses, liposomes and antibodies that are usually present in saline fluids both in nature and in the laboratory can be easily manipulated.
"It is fundamentally difficult to examine individual nanoparticles in a liquid, because Brownian motion acts on the nanoscale," explains Hadi Eghlidi, Senior Scientist in Poulikakos' group. The tiny particles do not remain still but instead vibrate constantly, with a movement radius that is many times their diameter. "However, we can capture the molecules in a small space between two or more valves and then examine them under a microscope, for example."
Patric Eberle, Christian Höller, Philipp Müller, Maarit Suomalainen, Urs F. Greber, Hadi Eghlidi, Dimos Poulikakos. Single entity resolution valving of nanoscopic species in liquids. Nature Nanotechnology, 2018; DOI: 10.1038/s41565-018-0150-y
Samsung has replaced planned "6nm" and "5nm" nodes with a new "5nm" node on its roadmap, and plans to continue scaling down to "3nm", which will use gate-all-around transistors instead of Fin Field-effect transistors. Extreme ultraviolet lithography (EUV) will be required for everything below "7nm" (TSMC and GlobalFoundries will start producing "7nm" chips without EUV initially):
Last year Samsung said that its 7LPP manufacturing technology will be followed up by 5LPP and 6LPP in 2019 (risk production). The new roadmap does not mention either processes, but introduces the 5LPE (5 nm low power early) that promises to "allow greater area scaling and ultra-low power benefits" when compared to 7LPP. It is unclear when Samsung plans to start using 5LPE for commercial products, but since it is set to replace 7LPP, expect the tech to be ready for risk production in 2019.
[...] Samsung will have two 4 nm process technologies instead of one — 4LPE and 4LPP. Both will be based on proven FinFETs and usage of this transistor structure is expected to allow timely ramp-up to the stable yield level. Meanwhile, the manufacturer claims that their 4 nm nodes will enable higher performance and geometry scaling when compared to the 5LPE, but is not elaborating beyond that (in fact, even the key differences between the three technologies are unclear). Furthermore, Samsung claims that 4LPE/4LPP will enable easy migration from 5LPE, but is not providing any details.
[...] The most advanced process technologies that Samsung announced this week are the 3GAAE/GAAP (3nm gate-all-around early/plus). Both will rely on Samsung's own GAAFET implementation that the company calls MBCFET (multi-bridge-channel FETs), but again, Samsung is not elaborating on any details. The only thing that it does say is that the MBCFET has been in development since 2002, so it will have taken the tech at least twenty years to get from an early concept to production.
MBCFETs are intended to enable Samsung to continue increasing transistor density while reducing power consumption and increasing the performance of its SoCs. Since the 3GAAE/GAAP technologies are three or four generations away, it is hard to make predictions about their actual benefits. What is safe to say is that the 3GAAE will be Samsung's fifth-generation EUV process technology and therefore will extensively use appropriate tools. Therefore, the success of the[sic] EUV in general will have a clear impact on Samsung's technologies several years down the road.
Previously: Samsung Plans a "4nm" Process