SoylentNews

AnonTechie writes:

The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another banner year, paying $442,000 for 21 critical bugs in all four major browsers, as well as Windows, Adobe Flash, and Adobe Reader.

The crowning achievement came Thursday as contestant Jung Hoon Lee, aka lokihardt, demonstrated an exploit that felled both the stable and beta versions of Chrome, the Google-developed browser that's famously hard to compromise. His hack started with a buffer overflow race condition in Chrome. To allow that attack to break past anti-exploit mechanisms such as the sandbox and address space layout randomization, it also targeted an information leak and a race condition in two Windows kernel drivers, an impressive feat that allowed the exploit to achieve full System access.

[Related]: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2015-Day-Two-results/ba-p/6722884#.VQwyVuF7S_Y

stormwyrm writes:

EFF Deeplinks reports that the Senate Select Committee on Intelligence has advanced a new cybersecurity bill to the Senate floor last March 13, the Cybersecurity Information Sharing Act of 2015. The EFF believes the bill to be terribly flawed, as rather than advancing cybersecurity it facilitates surveillance. From the article:

....the Senate Intelligence bill grants two new authorities to companies. First, the bill authorizes companies to launch countermeasures (now called "defensive measures" in the bill) for a "cybersecurity purpose" against a "cybersecurity threat." "Cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of the information system. [...]

Second, the bill adds a new authority for companies to monitor information systems to protect an entity's hardware or software. Here again, the broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information, which is also called “cyber threat indicators,” freely with government agencies like the NSA. [...]

The bill also retains near-blanket immunity for companies to monitor information systems and to share the information as long as it's conducted according to the act. Again, "cybersecurity purpose" rears its overly broad head since a wide range of actions conducted for a cybersecurity purpose are allowed by the bill. The high bar immunizes an incredible amount of activity. Existing private rights of action for violations of the Wiretap Act, Stored Communications Act, and potentially the Computer Fraud and Abuse Act would be precluded or at least sharply restricted by the clause.

The EFF urges action to stop this bill, which in their opinion is fatally flawed. It is the fifth such bill in as many years.

An Anonymous Coward writes:

The Gaurdian is celebrating "the world’s worst ebook artwork", as discovered by the creator of a new Tumblr feed.

It's the hubris of it that people get a kick out of—the devil-may-care attitude of an author who, with zero arts training, says to themselves: "How hard can it be?"

Two different authors simply cut-and-pasted smaller images over a background showing the planets, according to one Kindle blog, which notes that one author actually pasted eyes and lips onto the planets, creating an inadvertently creepy montage. But the site's creator tells the newspaper that it's ultimately meant to be an affectionate tribute to their rejection of the mundane and appreciating each creative and beautiful mess.

tonyPick writes:

There's an article over at ScienceDaily on research into the workings of the parasite Toxoplasma gondii, which has the interesting effect of altering important functions in the brain of the infected host.

Rodents infected with a common parasite lose their fear of cats, resulting in easy meals for the felines. Now IU School of Medicine researchers have identified a new way the parasite may modify brain cells, possibly helping explain changes in the behavior of mice—and humans.

This is based on research from Indiana University School of Medicine. The original research is available as an open access publication on PLOS ONE.

The parasite also inhabits the brains of (an estimated) three billion people worldwide, and the piece references an article in Scientific American MIND which suggests human hosts may also experience behavioural changes.

Intriguingly—and much more speculatively, Drs. Arrizabalaga and Sullivan warn—some research has suggested that Toxoplasma infection could alter human behavior, and that changes could vary by gender. One study found that infected men tend to be introverted, suspicious and rebellious, while infected women tended to be extroverted, trusting and obedient. Others have suggested an association with schizophrenia.

"The studies in humans have been relatively small and are correlative. In contrast, the behavioral changes seen in mice infected with Toxoplasma are much better characterized, although we still don't know the mechanisms the parasite employs to alter host behavior," Dr. Sullivan said. "But our analysis of the astrocyte acetylome changes could move us toward better understanding of Toxoplasma's actions and the implications for behavioral impacts."

mrcoolbp writes:

SpallsHurgenson dropped a link in IRC.

Apparently, an Imgur user uploaded 142 behind the scenes photos of miniatures [wikipedia] used in the filming of Ridley Scott's 1982 film Blade Runner.

A massive gallery of behind-the-scenes Blade Runner slides has been uploaded to the internet, revealing a teeny, tiny world of space blimps and flying cars, all crafted with special care and beautiful attention to detail. Take a look at the dystopian miniatures, each tiny car hand painted with future dirt from riding clouds stuffed with future smog.

Two submissions came in about the BMW i3 electric car. There is also a review over at arstechnica.

carguy writes:

Well known reverse-engineering shop Munro & Associates take apart a BMW i3 and come up very impressed by many aspects of the car.

For example, he points to a section of the frame, where there is an aluminum die casting welded to an extrusion. “Talk to any engineers who knows anything, and they’ll tell you it can’t be done...including me, until I saw that.” (The issue: hydrogen embrittlement). Says Mark Ellis, senior associate at Munro: “When you try to weld the two together, the die casting material tends to crumble. Whatever changes they made to the die casting to allow it to be welded like that is marvelous.”

More past the break:

hash14 writes:

Although Microsoft has not yet finalized Windows 10 hardware requirements, but at the WinHEC conference in Shenzhen China, they stated that OEMs will no longer be required to provide an option for disabling UEFI Secure Boot in order to receive Windows 10 hardware certification.

For those unaware when Secure Boot is enabled, the UEFI will verify the boot image's cryptographic signature prior to loading and if the signature cannot be verified, the system will refuse to boot; for Windows 8 hardware certification, OEMs were required to provide an option to disable this behaviour on x86 platforms (ARM devices running Windows RT however required that Secure Boot be locked on). Developers and users must have their boot image signed using Microsoft's private key to successfully install or boot a system. Major distributors like Red Hat or Ubuntu have gone through this process, using shim to chainload into a vendor signed kernel. While this allows for stock distro kernels to be used, it would still lock users from compiling and running their own custom kernel, as well as preventing smaller distros such as Slackware from being installed on these systems.

NCommander notes: I heavily edited this before posting as I'm personally familar with secure boot (and UEFI in general), and wanted to prevent this from being overly alarmist.

AnonTechie writes:

Have you ever seen the blimp on television when you’re watching a football or baseball game and think to yourself, “Hey, they must have an amazing view of the game.”

Now say you don’t have a blimp anchored outside your home, but you happen to own a personal drone equipped with a video camera. What sporting event would you fly over? Game seven of the World Series? The Super Bowl?

For Nigel Wilson of Nottingham, England, it was English Premier League soccer games, and as a result of his actions, Wilson ended up behind bars.

Wilson is scheduled to appear in Westminster Magistrates Court on April 16 to answer to 17 counts in connection with his purported flight activity. Metropolitan Police charged Wilson with violating the United Kingdom’s Civil Aviation Authority’s (CAA) Air Navigation Order 2009, which banned operators from flying their drones in London’s eight royal parks, according to Engadget. The police report mentions Wilson flying near the Queen Victoria Memorial, which is close to one of the Queen’s favored London residences, according to the report.

The Air Navigation Order also mandates that pilots remain within 400 vertical feet and roughly 1,500 horizontal feet of the aircraft and cannot fly drones in areas with more than 1,000 people, which Wilson was also violating when he flew over some seven soccer stadiums. Soccer stadiums can hold up to 60,000.

TLA writes:

According to the BBC, reports abound on social media that the UK's energy grid is to see a fall then a surge during the eclipse on the 20th March as people stop what they're doing and go outside to watch the event.

The National Grid, however, says that it is an entirely manageable event from their end, as the UK only generates 1GW of power from solar at this time of day. Amazingly, the fall is expected to exceed the dropoff from loss of solar capacity (1100MW vs. 850MW), post eclipse to surge by just 950MW which is still less than the total solar capacity (5GW). The math bears out NG's statement, as does practically the entire history of power distribution in the UK, which has seen large swings in power demand on an hourly basis and the Grid managing to cope just fine.

Previous Major Event Surges:

• 1990 West Germany v England World Cup Semi-final: 2,800 MW
• 1999 Solar eclipse: 3,000 MW
• 2002 England v Brazil match: 2,340 MW
• 2013 Andy Murray wins Wimbledon final: 1,610 MW
• 2014 Great British Bake Off Opening Episode: 650 MW
• 2015 EastEnders murder revelation first episode: 500 MW

It should be noted that these power surges did not generate any significant problems worthy of reporting anywhere. The last actual power crisis in England occurred during the 1984 coal strike, when baseline generators actually ran out of fuel.

Phoenix666 writes:

The New York Times reports:

But on Thursday, Elon Musk, chief executive of Tesla, took a big step in that direction when he announced that the maker of high-end electric cars would introduce autonomous technology by this summer. The technology would allow drivers to have their cars take control on what he called “major roads” like highways.

Mr. Musk said that a software update—not a repair performed by a mechanic—would give Tesla’s Model S sedans the ability to start driving themselves, at least part of the time, in a hands-free mode that the company refers to as autopilot.

The article is short on specifics and the Tesla site itself does not yet have anything on the announcement, but if it's true it will be another example of how aggressively the company is pushing the envelope, much as it did with the Roadster, Model S, battery swapping stations, and supercharger network. Perhaps the most interesting aspect of this is that it will require no mechanical adjustment or modification of the Model S's that are already out in the wild--it's an over-the-air software update. It seems to be quite unique for a car company's models to continue to improve *after* you've bought them.

Phoenix666 writes:

Science Daily reports:

An international team, led by researchers from the University of Oxford, UCL (University College London) and the Murdoch Childrens Research Institute in Australia, used DNA samples collected from more than 2,000 people to create the first fine-scale genetic map of any country in the world.

Their findings, published in Nature, show that prior to the mass migrations of the 20th century there was a striking pattern of rich but subtle genetic variation across the UK, with distinct groups of genetically similar individuals clustered together geographically...

Key findings

• There was not a single "Celtic" genetic group. In fact the Celtic parts of the UK (Scotland, Northern Ireland, Wales and Cornwall) are among the most different from each other genetically. For example, the Cornish are much more similar genetically to other English groups than they are to the Welsh or the Scots.
• There are separate genetic groups in Cornwall and Devon, with a division almost exactly along the modern county boundary.
• The majority of eastern, central and southern England is made up of a single, relatively homogeneous, genetic group with a significant DNA contribution from Anglo-Saxon migrations (10-40% of total ancestry). This settles a historical controversy in showing that the Anglo-Saxons intermarried with, rather than replaced, the existing populations.

Phoenix666 writes:

Bruce Schneier writes:

If a policeman sits down within earshot, it's within your rights to move your conversation someplace else. If the FBI parks a van bristling with cameras outside your house, you are perfectly justified in closing your blinds.

Likewise, there are many ways we can protect our personal data and defend ourselves against surveillance. I'm going to break them down into categories...

• Avoid Surveillance
• Distort Surveillance
• Block Surveillance
• Break Surveillance

The article has a lot of practical tips and techniques under those categories in easy, accessible language. They are useful even for those of us who work in technology, and are fine to hand to non-techie friends and family. Thanks, Bruce, for the 21st-century samizdat! [*]

[*] Editor's note: Samizdat (Russian: самизда́т, IPA: [səmɨzˈdat]) was a key form of dissident activity across the Soviet bloc in which individuals reproduced censored publications by hand and passed the documents from reader to reader.

Phoenix666 writes:

Der Spiegel reports:

[Approximate Translation from German:] An Airbus A321 Lufthansa with 109 passengers on the flight from Bilbao to Munich nearly crashed when the misguided on-board computer took control.

The report in Der Speigel is using dramatic language although it is a serious incident - the aircraft began its descent at approximately 32,000 feet and was recovered by around 27,000 feet - and was far from 'nearly crashing'. Additionally, the maximum rate of descent achieved during the incident was approx 4000 ft/min. Normal rate of descent at landing would be around 1800 ft/min but descents at altitude of 14,000 ft/min are practised in the simulator.

The Aviation Safety Network report [in English] states:

During climb, 12 NM NW of Pamplona, at approximately Flight Level 310, the aircraft unexpectedly decreased the pitch autonomous and started to descend. The aircraft reached a rate of descent of up to 4,000 ft/min. The crew was able to stop the descent at Flight Level 270. The flight was continued and the aircraft landed safely at its destination Munich Airport.

Following this occurrence EASA released Emergency AD 2014-0266-E_1 to introduce a new flight crew procedure. The EAD described this incident as follows: An occurrence was reported where an Airbus A321 aeroplane encountered a blockage of two Angle Of Attack (AOA) probes during climb, leading to activation of the Alpha Protection (Alpha Prot) while the Mach number increased. The flight crew managed to regain full control and the flight landed uneventfully.

With the era of self-driving cars dawning, is this a glimpse of things to come on the ground as sensors come into contact with real-world wear & tear, weather, and randomness?

The BBC reports:

The Internet Research Agency ("Agentstvo Internet Issledovaniya") employs at least 400 people and occupies an unremarkable office in one of the residential areas in St Petersburg.

Behind the plain facade, however, there is a Kremlin "troll den", an investigative report by independent local newspaper Moy Rayon ("My District") suggests. [article in Russian]

The organisation, which the paper ties to Yevgeny Prigozhin, a restaurateur with close links to President Vladimir Putin who allegedly pays bloggers to produce hundreds of comments on top news websites and manage multiple accounts on Twitter, LiveJournal and other social media platforms.

cubancigar11 writes:

Daniel Stenberg lets the world know that cURL, the little command line utility that lets you download stuff off the internet via HTTP along with a bunch of other protocols, has turned 17 today (March 20). Considering that it is also available to all of us for use in our programs as a nifty little library called 'libcurl', and that PHP, the most common web development language depends on libcurl for handling HTTP requests, we can be happy that cURL exists. I personally cannot count the number of times it has saved me and the machines I administer.