SoylentNews

n1 writes:

KrebsOnSecurity reports:

Sources at several U.S. financial institutions say they have traced a pattern of credit card fraud back to accounts that all were used at different Chick-fil-A fast food restaurants around the country. Chick-fil-A told KrebsOnSecurity that it has received similar reports and is working with IT security firms and law enforcement in an ongoing investigation.

KrebsOnSecurity first began hearing from banks about possible compromised payment systems at Chick-fil-A establishments in November, but the reports were spotty at best. Then, just before Christmas, one of the major credit card associations issued an alert to several financial institutions about a breach at an unnamed retailer that lasted between Dec. 2, 2013 and Sept. 30, 2014.

One financial institution that received that alert said the bank had nearly 9,000 customer cards listed in that alert, and that the only common point-of-purchase were Chick-fil-A locations.

“It’s crazy because 9,000 customer cards is more than the total number of cards we had impacted in the Target breach,” the banking source said, speaking on condition of anonymity.

"gewg_" writes:

TechDirt reports:

[...]the FISA Court has the reputation as a rubberstamp for a reason--it almost never turns down a request.

However, in the rare instances where it does, apparently, the DOJ doesn't really care, knowing that it can just issue [a National Security Letter] instead and get the same information. At least that appears to be what the DOJ quietly admitted to doing in a now declassified Inspector General's report from 2008(PDF). EFF lawyer Nate Cardozo was going through and spotted this troubling bit:

We considered the Section 215 request for [REDACTED] discussed earlier in this report at pages 33 to 34 to be a noteworthy item. In this case, the FISA Court had twice declined to approve a Section 215 application based on First Amendment Concerns. However, the FBI subsequently issued NSLs for information [REDACTED] even though the statute authorizing the NSLs contained the same First Amendment restriction as Section 215 and the ECs authorizing the NSLs relied on the same facts contained in the Section 215 applicants...

n1 writes:

An article from Forbes:

“Boards aren’t working,” declare Dominic Barton, global managing director of McKinsey & Company and Mark Wiseman, president of CEO of Canada Pension Plan Investment in an article in the January-February 2015 issue of Harvard Business Review. That’s true, but should we, as they suggest, reward poor performance with a big bonus?

The delinquencies of board directors, the authors rightly point out, are “shocking.” The authors cite research showing that:

Only 34 percent of directors “fully comprehend their companies’ strategies.”
Only 22 percent are “completely aware of how their firms created value.”
Only 16 percent have “a strong understanding of the dynamics of their firms’ industries.”
Worse, fully 74 percent of directors themselves consider “the source of pressure most responsible for their organizations’ over-emphasis on short-term financial results and under-emphasis on long-term value creation” is the board itself.

And for these catastrophic results, each director is currently paid on average the meager sum of $249,000 for a backbreaking workload of 20-30 days of work per year.

The solution proposed by Barton and Wiseman? Ask these delinquent directors to increase their workload to a grueling 35 days of honest work per year and also—get this—give them “a substantial raise.”

“Good capitalists believe in incentives. If we are going to ask directors to engage more deeply and more publicly, to spend a lot more time exploring and communicating long-term strategy, and to take on any attendant reputational risk, then we should give them a substantial raise.”

n1 writes:

MIT Technology Review reports:

A new form of computer memory might help machines match the capabilities of the human brain when it comes to tasks such as interpreting images or video footage.

Researchers at IBM used what’s known as phase-change memory to build a device that processes data in a way inspired by the workings of a biological brain. Using a prototype phase-change memory chip, the researchers configured the system to act like a network of 913 neurons with 165,000 connections, or synapses, between them. The strength of those connections change as the chip processes incoming data, altering how the virtual neurons influence one another. By exploiting that property, the researchers got the system to learn to recognize handwritten numbers.

n1 writes:

Reuters reports

South Korean authorities have found evidence that a low-risk computer "worm" had been removed from devices connected to some nuclear plant control systems, but no harmful virus was found in reactor controls threatened by a hacker.

Korea Hydro & Nuclear Power Co Ltd said it would beef up cyber security by hiring more IT security experts and forming an oversight committee, as it came in for fresh criticism from lawmakers following recent hacks against its headquarters.

The nuclear operator, part of state-run utility Korea Electric Power Corp, said earlier this month that non-critical data had been stolen from its systems, while a hacker threatened in Twitter messages to close three reactors.

n1 writes:

Found this article on ScienceDaily:

Scientists have discovered the oldest recorded stone tool ever to be found in Turkey, revealing that humans passed through the gateway from Asia to Europe much earlier than previously thought, approximately 1.2 million years ago.

According to research published in the journal Quaternary Science Reviews, the chance find of a humanly-worked quartzite flake, in ancient deposits of the river Gediz, in western Turkey, provides a major new insight into when and how early humans dispersed out of Africa and Asia.

Researchers from Royal Holloway, University of London, together with an international team from the UK, Turkey and the Netherlands, used high-precision equipment to date the deposits of the ancient river meander, giving the first accurate timeframe for when humans occupied the area.

Professor Danielle Schreve, from the Department of Geography at Royal Holloway, said: "This discovery is critical for establishing the timing and route of early human dispersal into Europe. Our research suggests that the flake is the earliest securely-dated artefact from Turkey ever recorded and was dropped on the floodplain by an early hominin well over a million years ago."

"gewg_" writes:

Tech writer Eric Meyer calls out the designers and programmers at Facebook who had an intrusive idea for a "Year in Review" app.

He blogs

Knowing what kind of year I'd had, though, I avoided making one of my own. I kept seeing them pop up in my feed, created by others, almost all of them with the default caption, "It's been a great year! Thanks for being a part of it." Which was, by itself, jarring enough, the idea that any year I was part of could be described as great.

Still, they were easy enough to pass over, and I did. Until today, when I got this in my feed, exhorting me to create one of my own. "Eric, here's what your year looked like!"

A picture of my daughter, who is dead. Who died this year.

Yes, my year looked like that. True enough. My year looked like the now-absent face of my little girl. It was still unkind to remind me so forcefully.

And I know, of course, that this is not a deliberate assault. This inadvertent algorithmic cruelty is the result of code that works in the overwhelming majority of cases, reminding people of the awesomeness of their years, showing them selfies at a party or whale spouts from sailing boats or the marina outside their vacation house.

But for those of us who lived through the death of loved ones, or spent extended time in the hospital, or were hit by divorce or losing a job or any one of a hundred crises, we might not want another look at this past year.

Hugh Pickens writes:

It’s been shown that even small delays in response time on websites can result in sharp declines in user retention. Now Ori Livneh writes on the Wikimedia Blog that over the last six months the Wikimedia Foundation has deployed a new technology that speeds up MediaWiki, Wikipedia’s underlying PHP-based code using a just-in-time compiler. HipHop Virtual Machine (HHVM) , an open-source virtual machine designed for executing programs written in Hack and PHP, reduces the median page-saving time for editors from about 7.5 seconds to 2.5 seconds, and the mean page-saving time from about 6 to 3 seconds which with than 100 million edits in 2014, means saving a decade’s worth of latency every year.

PHP is a dynamic, interpreted language, so it has the inherent performance disadvantage all interpreter languages have when compared to compiled languages such as C. HHVM is able to extract high performance from PHP code by acting as a just-in-time (JIT) compiler, optimizing the compiled code while the program is already running. The basic assumption guiding HHVM’s JIT is that while PHP is a dynamically typed language, the types flowing through PHP programs aren’t very dynamic in practice. HHVM observes the types present at runtime and generates machine code optimized to operate on these types. HHVM still fulfills the role of a PHP runtime interpreter, serving requests immediately upon starting up, without pre-compiling code. But while running, HHVM analyzes the code in order to find opportunities for optimization. The first few times a piece of code is executed, HHVM doesn’t optimize at all; it executes it in the most naive way possible. But as it’s doing that, it keeps a count of the number of times it has been asked to execute various bits of code, and gradually it builds up a profile of the “hot” (frequently invoked and expensive to execute) code paths in a program. This way, it can be strategic about which code paths to study and optimize.

According to Livneh, in addition to the improved response time the CPU load on MediaWiki's app servers has dropped drastically, from about 50% to 10%. MediaWiki IT "has been able to slash their planned purchases for new MediaWiki application servers substantially, compared to what would have been necessary without HHVM."

tt1349853 writes:

Bunnie Huang, author of the seminal 2003 Hacking the Xbox: An Introduction to Reverse Engineering, has been working on bridging the western concept of formal and legalistic open source with the eastern implementation of an informal quid pro quo approach to intellectual property that he has dubbed "gongkai" which is a transliteration of the chinese word most closest in meaning to the "open" in "open source."

One of the benefits of chinese gongkai is the extremely broad variety and rapid evolution of consumer electronics, he writes:

Chinese entrepreneurs, on the other hand, churn out new phones at an almost alarming pace. Phone models change on a seasonal basis. Entrepreneurs experiment all the time, integrating whacky features into phones, such as cigarette lighters, extra-large battery packs (that can be used to charge another phone), huge buttons (for the visually impaired), reduced buttons (to give to children as emergency-call phones), watch form factors, and so forth. This is enabled because very small teams of engineers can obtain complete design packages for working phones – case, board, and firmware – allowing them to fork the design and focus only on the pieces they really care about.

To that end he's created the Fernvale project to fully reverse engineer and publicly document a feature-rich mobile-phone board. His goal is to take widely available hardware and make it as accessible as the Raspberry Pi but price it at one fifth the price, roughly $6 in single quantities.

AnonTechie writes with an article from Ars Technica:

The Next Generation Science Standards ( http://www.nextgenscience.org/ ) were intended to provide a set of guidelines that would improve education in public schools. In the process, they seem to have introduced state legislators to the reality that evolution and climate change are widely accepted by the scientific community. That has led to a showdown between legislators and the governor (Kentucky), the rejection of the standards in two states (Oklahoma and Wyoming), and a private lawsuit (Kansas). Now, thanks to West Virginia, we can add another option to the list: modifying the sections that deal with climate change.

The Charleston Gazette ( http://www.wvgazette.com/article/20141228/GZ01/141229489/1419 )has a report on the aftermath of the adoption of the standards by the West Virginia state school board. It turns out that one board member, Wade Linger, made some changes to the sections that dealt with climate change. He apparently objected to a question about the planet's rising temperatures because, "If you have that as a standard, then that presupposes that global temperatures have risen over the past century, and, of course, there’s debate about that.” So, he amended the question to read "rise and fall in global temperatures over the last century"—even though the temperature trend for the last century is clearly upward.

Hugh Pickens writes:

Lindsey Kaufman writes in the Washington Post that despite its obvious problems, the open-office model has continued to encroach on workers across the country with about 70 percent of US. offices having no or low partitions. Silcon Valley has led the way with Facebook CEO Mark Zuckerberg enlisting famed architect Frank Gehry to design the largest open floor plan in the world, housing nearly 3,000 engineers with a single room, stretching 10 acres, where everyone will sit in the open with moveable furniture. Michael Bloomberg was an early adopter of the open-space trend, saying it promoted transparency and fairness. Bosses love the ability to keep a closer eye on their employees, ensuring clandestine porn-watching, constant social media-browsing and unlimited personal cellphone use isn’t occupying billing hours. But according to Kaufman employers are getting a false sense of improved productivity with a 2013 study showing that many workers in open offices are frustrated by distractions that lead to poorer work performance. Nearly half of the surveyed workers in open offices said the lack of sound privacy was a significant problem for them and more than 30 percent complained about the lack of visual privacy. The New Yorker, in a review of research on this nouveau workplace design, determined that the benefits in building camaraderie simply mask the negative effects on work performance. While employees feel like they’re part of a laid-back, innovative enterprise, the environment ultimately damages workers’ attention spans, productivity, creative thinking, and satisfaction says Kaufman. "Though multitasking millennials seem to be more open to distraction as a workplace norm, the wholehearted embrace of open offices may be ingraining a cycle of under-performance in their generation," writes Maria Konnikova. "They enjoy, build, and proselytize for open offices, but may also suffer the most from them in the long run."

tonyPick writes:

IEEE Spectrum has an article on the Google Ara project, due for a "market pilot" release in 2015. Project Ara is the basis for a modular mobile phone ecosystem, where the end user can dynamically swap hardware modules to upgrade or alter the configuration of the smartphone:

you’ll plug everything into an “endoskeleton” that has built-in electronics to manage the flow of data and distribute power among modules. This supporting framework will also contain a tiny backup battery, which can keep the phone alive while you swap a dead battery module for a charged one. While Google will build the endoskeleton, the module design will be left to independent developers. Members of the design team expect that a basic Ara phone could be built from materials and components that cost between US $50 and $100. The retail cost of the phone could, of course, be more, depending on the specific modules the customer chooses.

The Ara Homepage has some additional details, and information on the Module Developer Kits, and although they're not formally linked there's some overlap with the Phonebloks project which has similar goals and contains news and information links.

janrinok writes:

A researcher has found a way to upload potentially malicious code to Facebook's servers by hiding it inside a harmless-looking Microsoft Word document file.

In July, Egypt-based security researcher Mohamed Ramadan discovered what he called a blind XML External Entity (XXE) out-of-band (OOB) vulnerability on Facebook's facebook.com/careers website.

On this site, users who want to apply for a job with Facebook can upload their résumé in .pdf or .docx format. This normally prevents the uploading of malicious files. However, .docx (Office Open XML) is a zipped, XML-based file format, which allowed the researcher to extract its contents using a file archiving application.

By altering the extracted files and placing them inside a .docx file, the expert managed to upload arbitrary code to Facebook's server. The test code developed by the researcher was simply designed to contact an HTTP server running on his computer. It took roughly 15 minutes for the file uploaded to Facebook to contact Ramadan's server, but the attack method had worked.

According to the researcher, the security hole could have been leveraged for a wide range of malicious tasks, including denial-of-service (DoS) attacks, TCP scans, and access to XML files. In certain circumstances, an attacker could have also gained access to sensitive information and launch DDoS attacks, the expert believes.

Facebook initially failed to reproduce the attack, but after further investigations the social media giant admitted it was a security issue and fixed it. In August, the company rewarded Ramadan with $6,300 for his findings.

AnonTechie writes:

After the baffling disappearance in March of Flight MH370, critics accused the aviation industry of "dithering" over equipping jets with real-time tracking systems. Now, with another passenger plane lost, the call for action is becoming more insistent.

Tracking aircraft by satellite and live-streaming of black box data were cited as top priorities by industry insiders after the disappearance of Malaysia Airlines Flight 370 with 239 people on board. Its fate remains a mystery despite a long underwater search west of Australia. Members of the International Civil Aviation Organization (ICAO)—the UN's aviation body—agreed in the aftermath of the incident to mandate real-time tracking.

But they did not set a timeline as airlines mulled the additional costs involved. Many carriers have been losing money for years. Now, with the apparent loss of AirAsia Flight QZ8501 on Sunday off Indonesia, the calls for immediate changes have returned with vehemence.

http://phys.org/news/2014-12-airasia-fuels-real-time-tracking.html

[Related]: http://www.airtrafficmanagement.net/2014/12/iata-no-silver-bullet-solution-on-tracking-in-wake-of-mh370/

AnonTechie writes with article from El Reg:

Microsoft is working on a new scheme to strip away some of the legacy bloat that has burdened its Internet Explorer web browser, sources claim.

According to the prolific Redmond rumormongers at Neowin, the software giant has forked ( http://www.neowin.net/news/internet-explorer-12-big-changes-are-coming-to-trident ) the code for IE's Trident rendering engine into a new, leaner version that should consume fewer resources – and Windows 10 will ship with both versions.

Microsoft has been crowing about the web standards compliance of IE11 for some time now. The problem is, enterprises have been coding their bespoke web applications around IE's non-standard quirks and idiosyncrasies for so long that they break when accessed using a modern version. Even some of Microsoft's own products have fallen into this snare.

It's a big part of the reason why truly awful browsers like IE6 have lingered around for so long, even though everyone knows they're buggy, render standards-compliant pages poorly, and are rife with security holes.

[Related]: http://www.zdnet.com/article/microsoft-is-building-a-new-browser-as-part-of-its-windows-10-push/