SoylentNews

Anonymous Coward writes:

It turns out that Lenovo has code in their BIOS which creates and maintains a backdoor executable in Windows 7 and Windows 8.x installs. Simply wiping the machine when you bring it home to remove the factory crap-ware is not enough to overcome this implementation. This issue is supposed to have been resolved via a recently released patch that doesn't remove but rather disables this 'feature' which is being called the Lenovo Service Engine.

Original Source for the news:
http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=ddf3e32512932172454de515091db014#p29497693

Link to patch:
https://support.lenovo.com/us/en/product_security/lse_bios_notebook

This exploit takes advantage of a Windows feature called Windows Platform Binary Table. This is essentially a method created for the purpose of enabling UEFI bioses to load extra binaries at boot time.

link to paper on WPBT:
http://feishare.com/attachments/article/298/windows-platform-binary-table.pdf

Original Submission

An Anonymous Coward writes:

Breaking: Massive Explosions Rock China's Tianjin

At least two major explosions tore through Tianjin in eastern China on Wednesday night. According to Xinhua, the shockwaves from the blasts "were felt kilometers away" and shattered windows.

Chinese media reports indicated that the blasts occurred around 11:30 p.m. local time. People's Daily tweeted that the "quake" from the blast was "felt 10 km away." In a separate tweet, People's Daily cited the China Earthquake Network Center as saying that two explosions had occurred within 30 seconds, one magnitude 2.3 M_L (or Richter magnitude) and [the] other magnitude 2.9 M_L.

The number of casualties is still unknown; Xinhua's official report (issued at around 3 a.m. local time) noted "at least 50" people injured, while the official Twitter account of People's Daily said a local hospital "has received 300-400 injured." No deaths have been confirmed as of this writing, but two firefighters have been reported missing.

Update: People's Daily is now reporting 13 dead.

There were conflicting reports as to the cause of the blast. Initial speculation suggested the cause was gas or oil-related, possibly connected to the liquid natural gas (LNG) terminal in Tianjin. By around 3 a.m. local time, official Chinese media sources were reporting that the explosion started at a warehouse in the Binhai New Area of Tianjin, where "dangerous goods" were being stored.

CCTV had the most specific information, citing the Tianjin Public Security Bureau as saying that the explosion occurred at the Tianjin Dongjiang Port Rui Hai International Logistics Co. Ltd, "which handles the transport of hazardous goods." Xing Zheming of CCTV America said the first explosion involved flammable materials; the second involved oil.

Update: People's Daily reports that a representative from Rui Hai is being questioned in connection with the explosion.

Original Submission

AnonTechie writes:

Artificial-intelligence researchers have long struggled to make computers perform a task that is simple for humans: picking out one person's speech when multiple people nearby are talking simultaneously.

It is called the 'cocktail-party problem'. Typical approaches to solving it have either involved systems with multiple microphones, which distinguish speakers based on their position in a room, or complex artificial-intelligence algorithms that try to separate different voices on a recording.

But the latest invention, described in this week's Proceedings of the National Academy of Sciences, is a simple 3D-printed device that can pinpoint the origin of a sound without the need for any sophisticated electronics.

The device is a thick plastic disk, about as wide as a pizza. Openings around the edge channel sound through 36 passages towards a microphone in the middle. Each passage modifies the sound in a subtly different way as it travels towards the centre — roughly as if an equalizer with different settings were affecting the sound in each slice, explains senior author Steven Cummer, an electrical engineer at Duke University in Durham, North Carolina.

http://www.nature.com/news/3d-printed-device-helps-computers-solve-cocktail-party-problem-1.18173

[Abstract]: http://www.pnas.org/content/early/2015/08/05/1502276112

[Also Covered By]: http://phys.org/news/2015-08-metamaterial-device-cocktail-party-problem.html

Original Submission

Arthur T Knackerbracket writes in with a disturbing article from The Register:

Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max.

The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open "world readable" folder.

"Any unprivileged processes or apps can steal user’s fingerprints by reading this file," the team says, adding that the images can be made into clear prints by adding some padding.

It is one of four vulnerability scenarios in which biometric data normally secure in an Android phone's TrustedZone can be pilfered.

One such scenario shows how attackers can have money transfers authenticated by throwing a fake lock screen prompting a victim to scan their fingerprints to unlock a device.

Yulong Zhang, Zhaofeng Chen, Hui Xue, Tao Wei say in the paper Fingerprints On Mobile Devices: Abusing and Leaking [PDF] presented at Black Hat in Las Vegas last week that most device manufacturers fail to use Android's Trust Zone protection to safeguard biometric data.

Original Submission

Phoenix666 writes:

a new study published in AJPH indicates that adults who are cohabitating have midlife health outcomes that are similar to adults in formal marriages. So in terms of the benefits specific to marriage, we can probably strike "longer, healthier life" from the list.

The study in question used 10,000 subjects from the British national Child Development Study, a birth cohort study that includes all people born in Britain during one week in March 1958. Participants were able to select their partnership status as married, cohabitating, or single. Health was measured using blood and inflammatory biomarkers, as well as respiratory capacity. The researchers controlled for previous socioeconomic status, previous health status, educational attainment, income, employment, and other demographic variables.

The study's results varied by gender. Among men, those who had never married/cohabitated displayed poorer overall health than men who were married during the observation period. By contrast, not marrying or cohabitating had less of a detrimental effect on women than on men. For women, the timing of the marriage mattered. Those who were married in their late 20s or early 30s had the overall best health, beating out both women who had married in their early 20s and women were never married/cohabitating.

Does co-habitating with cats or dogs count?

Original Submission

"exec" writes:

From Electronics Weekly:

Imagination Technologies will demonstrate a prototype of the new Vulkan open-source graphics API on a Google Nexus Player with its PowerVR GPU. The intention is to demonstrate at the Siggraph computer graphics conference in Los Angeles this week, the capability of the soon to launched Vulkan API for the Android graphics developer community. Vulkan, which is not yet publicly available, will mark the entry of open standards consortium Khronos into the low-level graphics API field.

-- submitted from IRC

takyon: Anandtech reports that Vulkan will use defined feature sets. Khronos Group expects implementations and the first revision of Vulkan to be released by the end of 2015.

Original Submission

Phoenix666 writes:

The most comprehensive assessment of the energy output in the nearby universe reveals that today's produced energy is only about half of what it was 2 billion years ago. A team of international scientists used several of the world's most powerful telescopes to study the energy of the universe and concluded that the universe is slowly dying.

"We used as many space- and ground-based telescopes as we could get our hands on to measure the energy output of over 200,000 galaxies across as broad a wavelength range as possible," Galaxy And Mass Assembly (GAMA) team leader Simon Driver, of the University of Western Australia, said in a statement. The astronomers created a video explaining the slow death of the universe to illustrate the discovery.

A chance to roll out your cosmology humor...

Original Submission

Arthur T Knackerbracket hopes that the following isn't blocked:

Ads have long been part of the trade-off for users of the free Web, but the rise of ad blockers is making it increasingly difficult for publishers to sustain that ad-supported model.

That's according to a report published Monday by Adobe Systems and PageFair, a startup focused on assessing the cost of ad blocking and proposing alternatives.

While PageFair clearly has a vested interest in illustrating the negative effects of ad blocking, the findings of its study with Adobe are difficult to ignore. Most notably, ad blocking will cost publishers nearly $22 billion this year, it reported.

Ad blocking has grown by 41% globally in the last 12 months, the report found, amounting now to about 198 million active ad-block users around the world.

There were some interesting geographical differences highlighted in the report, too. For instance, in the U.S., ad blocking grew by 48% over the preceding 12 months to reach 45 million active users by June. In the U.K., ad blocking grew by 82% to reach 12 million active users over that same time frame.

Meanwhile, those numbers will surely be on the rise on the mobile side, Adobe noted in a blog post, given that Apple's iOS 9 will likely include ad-blocking features in Safari by default while Adblock Plus is already available in limited beta for Android.

Ad blocking represents "a major, growing problem for both digital publishers and marketers," said Greg Sterling, vice president for strategy and insights with the Local Search Association.

In many ways, the ad-blocking phenomenon is a response to security and privacy fears that have arisen in the culture at large and a rejection of the state of advertising on the PC internet, Sterling said.

Original Submission

"gewg_" writes:

El Reg reports Brassiere belays boob-bound bullet, begetting bruised breastbone

[A] woman, who was cycling through Germany's least densely populated state of Mecklenberg-Western Pomerania, was saved by the wire lining of her bra, reported Germany's Gadebusch-Rehnaer Zeitung.

[A] couple had chosen to cycle across a field between the towns of Gadebusch and Kochelstor in Germany, when they unwittingly entered a conflict between man and beast.

Feeling a sudden pain in her chest, and glancing thither, she noted that she'd been struck by a rebounded shot and was saved only by the underwire of her brassiere, leaving her with but a bruise.

The minimalist technology involved surprised me. I expected something much more exotic.

Original Submission

DeathMonkey writes:

A familiar name to many in this community; Lawrence Lessig is considering a run at US President.

For those unaware, Lessig is a prominent advocate for copyright/trademark and campaign finance reform.

From the article:

Lessig, a Harvard law professor and government reform activist, announced Tuesday morning that he was launching a presidential exploratory committee to run as what he called a "referendum president" with the chief purpose of enacting sweeping changes to the nation's political system and ethics laws.

"Until we find a way to fix the rigged system, none of the other things that people talk about doing are going to be possible," Lessig said in an interview with The Washington Post, borrowing a phrase that has become Massachusetts Sen. Elizabeth Warren's rallying cry. "We have this fantasy politics right now where people are talking about all the wonderful things they're going to do while we know these things can't happen inside the rigged system."

Original Submission

Arthur T Knackerbracket found the following DefCon from ComputerWorld:

With their own dedicated processor and operating system, LTE/3G modems built into new business laptops and tablets could be a valuable target for hackers by providing a stealthy way to maintain persistent access to an infected device.

In a presentation Saturday at the DEF CON security conference in Las Vegas, researchers Mickey Shkatov and Jesse Michael from Intel's security group demonstrated how a malware program installed on a computer could rewrite the firmware of a popular Huawei LTE modem module that's included in many devices.

The module runs a Linux-based OS, more specifically a modification of Android, that is completely independent from the computer's main operating system. It's connected to the computer through an internal USB interface, which means that it could be instructed to emulate a keyboard, mouse, CD-ROM drive, network card, or other USB device. Those would appear connected to the primary OS.

The main problem found by the Intel researchers was that the update process for the modem's firmware was insecure, lacking a cryptographic signature verification. This allowed them to create a malicious firmware image that could be written through the Windows update utility provided by the vendor.

The malicious firmware could be flashed by a malicious program that already runs on the computer, or by users themselves if an attacker tricks them into thinking that a new update is available.

If successful, the attack would provide a way to reinfect the main OS even if it is reinstalled. Moreover, the rogue firmware could be modified to ignore any subsequent firmware update requests, leaving the user with no option to recover from such a compromise, except for taking his laptop or tablet apart and pulling out the infected modem module.

Huawei has addressed the issue and the module now performs a secure boot, preventing the use of unauthorized firmware images, the researchers said, adding that the company has been very responsive and great to work with.

There is a platform risk with these modems and other components that provide independent execution environments where malware can survive OS wiping and which are not visible to antivirus and other security programs. That's why secure software updates are really important, the researchers said.

Original Submission

The New York Times reports some good news from the health front: it's been a year since anybody was diagnosed with polio in Africa.

According to Wikipedia, there were 416 cases worldwide in 2013, down from 350,000 in 1988. Since the polio virus only infects humans, this means that total eradication of the disease is now within reach.

The bad news is, polio still exists in Afghanistan and Pakistan, and we have the CIA and the Taliban to thank for that. In 2011, while looking for Osama bin Laden, the CIA used an immunization campaign as a cover. When this news came out, it reinforced an already widespread belief that vaccines are a Western conspiracy to sterilize Moslems. This means that a lot of people in the region are now either avoiding immunization, or shooting at health workers.

Original Submission

Arthur T Knackerbracket says, listen carefully, he will say this only once...:

Researchers from Simon Fraser University's Beedie School of Business have found that organizations implementing rules that govern confidential information (CI) can make it difficult for employees to fulfill their roles – resulting in rule breaking or bending.

Their paper, "Why and How Do Employees Break and Bend Confidential Information Protection Rules?" was co-authored by Dave Hannah, an associate professor in the Beedie School and Kirsten Robertson, an assistant professor at the University of the Fraser Valley, and published in the spring in the Journal of Management Studies.

The study examined two high-tech organizations that enforce CI protection rules. It found that these rules sometimes proved to be restrictive for employees, forcing them to choose between rule compliance and working efficiently.

Employees were often required to break the rules in order to carry out their jobs effectively, or bend them in ways that enabled them to meet some rule requirements.

"Many organizations rely on CI – the formula for Coca Cola, for example – which they must entrust to employees to allow them to do their jobs," says Hannah.

"Yet as soon as employees know this CI they become a potential vulnerability, forcing organizations to put in place rules to protect their CI that employees must follow."

The researchers found that by implementing CI rules they can create three types of tension among employees: obstruction tension, making it difficult for people to work; knowledge network tension, disrupting information flow in personal networks; and identity tension, where employees cannot fulfill the role with which they identify.

The study revealed that employees react to these types of tension by breaking or bending the rules in specific ways: shortcutting, circumventing rules that slowed work; conspiring, where they work together to get around rules; and selectively disclosing, where they allow external networks access to certain aspects of the CI.

Original Submission

takyon writes:

Nine men have been charged with crimes related to a $30 million insider trading scheme that exploited knowledge obtained from hacked press releases:

In morning raids in Georgia and Pennsylvania, federal agents arrested five men in the plot, while four others indicted on hacking and securities fraud charges remain at large. The hackers, who are thought to be in Ukraine and possibly Russia, allegedly infiltrated the computer servers of PRNewswire Association LLC, Marketwired and Business Wire, a unit of Warren Buffett's Berkshire Hathaway Inc., over a five-year period. They siphoned more than 100,000 press releases including corporate data on earnings that could be used to anticipate stock market moves and make profitable trades. The hackers passed the information to associates in the U.S., who allegedly used it to buy and sell shares of dozens of companies, including Panera Bread Co., Boeing Co., Hewlett-Packard Co., Caterpillar Inc. and Oracle Corp., through retail brokerage accounts.

Prosecutors said the men targeted more than 100 companies and made "approximately 1,000 inside the window trades." Money was then shifted offshore through Estonian banks, according to one of two federal indictments unsealed Tuesday. While U.S. prosecutors said the nine men netted $30 million, a broader lawsuit by the Securities and Exchange Commission listed 12 men and 15 companies as defendants in a scheme that allegedly earned more than $100 million. By way of comparison, Manhattan U.S. Attorney Preet Bharara described the $275 million insider trading case of SAC Capital Advisors LP portfolio manager Mathew Martoma as the biggest ever against a single person.

From Reuters:

"This is the story of a traditional securities fraud scheme with a twist - one that employed a contemporary approach to a conventional crime," FBI Assistant Director-in-Charge Diego Rodriguez said in a statement. Prosecutors said that hackers based in Ukraine infiltrated press releases before they were due to be released by the distributors. They included those that traders had put on "shopping lists" of releases that they wanted, prosecutors said. The hackers created a "video tutorial" to help traders view the stolen releases, and were paid a portion of the profits from trades based on information contained there, prosecutors said.

New Jersey indictment [PDF], NPR.

Original Submission

Phoenix666 writes:

Nine states now generate more than 10 percent of their electricity from wind.

After years of uninterrupted success, wind power experienced a bit of a pause around the start of this decade. Prices for hardware reversed a decline and bounced upwards slightly, with installations dropping accordingly. But a new report from the Department of Energy shows that this bounce is now over. The price paid for wind-generated electricity has now reached an all-time low, and construction is bouncing back. Still, regulatory uncertainty may now be creating a boom/bust cycle for wind.

The report starts by reviewing the size of the wind market in the US. In 2014, it represented a quarter of the new additions to the US' generating capacity, a bit down from the average of 2007-2014, when it represented a third. Just under five GigaWatts were installed by the US, placing it third, and well behind China's 23GW. China now has nearly doubled the US 66GW of cumulative capacity.

Because of the US' excellent wind resources, however, it led the world in generating electricity last year. As a percentage of a country's total electricity generated by wind, the US ranked 15th, at roughly five percent. There are sharp regional differences however, with nine states generating more than double that percentage of their electricity using wind, led by Iowa, which generated 29 percent of its energy from the air.

The report expects the number of new wind farm installations to drop off because a federal production tax credit expired in 2014.

Original Submission

miljo writes:

In a combination of artistic expression and cutting edge medical technology, Curtin University professor and artist Stelarc is working on a project to grow a human ear on his forearm and connect it, via microphone, to the Internet.

A medical team built a scaffold of the ear under the skin, within six months blood vessels and tissue began to grow around it.

Selarc's plan is to embed a microphone into the ear and connect it to the Internet, so anyone, anywhere, anytime can listen in. He's not planning to wire in an off-line option.

Original story from the ABC.

An interview with Stelarc.

Stelarc's web page for the project.

Original Submission

Freebirth Toad writes:

From the press release:

The laws of classical mechanics are independent of the direction of time, but whether the same is true in quantum mechanics has been a subject of debate. While it is agreed that the laws that govern isolated quantum systems are time-symmetric, measurement changes the state of a system according to rules that only appear to hold forward in time, and there is difference in opinion about the interpretation of this effect.

Now theoretical physicists at the Université libre de Bruxelles have developed a fully time-symmetric formulation of quantum theory which establishes an exact link between this asymmetry and the fact that we can remember the past but not the future – a phenomenon that physicist Stephen Hawking has named the "psychological" arrow of time.

The study offers new insights into the concepts of free choice and causality, and suggests that causality need not be considered a fundamental principle of physics. It also extends a cornerstone theorem in quantum mechanics due to Eugene Paul Wigner, pointing to new directions for search of physics beyond the known models. The findings by Ognyan Oreshkov and Nicolas Cerf have been published this week in the journal Nature Physics.

The paper is pay-walled, but the preprint is free.

Original Submission

Phoenix666 writes:

Researchers at University College London (UCL) have devised a system for detecting the Doppler shifts of ubiquitous Wi-Fi and mobile telephone signals to "see" people moving, even behind masonry walls 25 centimeters thick. The method, which could be useful in situations from hostage-takings to traffic control, won the Engineering Impact Award in the RF and Communications category at this National Instrument's NI Week 2015 meeting (which convened in Austin, Tex., 3-9 August).

Other researchers—notably Dina Katabi and Fadel Adib of MIT—have built through-wall radars in the household communication bands, but these are active radars that transmit as well as receive. The UCL technique uses only passive radiation—from Wi-Fi routers (using emissions in any of the IEEE 802.11 b, g, n, ac), ambient GSM and LTE mobile signals, and other sources—so there is nothing to betray the surveillance. The system calculates the positions of hidden target by comparing two signals: a reference channel, receiving the baseline signal from the Wi-Fi access point or other RF source, and a surveillance channel, which picks up Doppler-shifted waves reflecting from the moving subject.

Tan and company built their "high Doppler resolution passive Wi-Fi radar" on two multi-frequency, software-defined, FPGA-based transceivers (National Instruments' USRP, or Universal Software Radio Peripheral. The system compares the reference and surveillance signals, interprets the very small frequency shifts, and reveals the hidden subject's location and motion.

This article has been visited 15 million times by teenage boys.

Original Submission

The New York Times features a joint (and very one sided) opinion piece by prosecutors from Manhattan, Paris, London and Spain, in which they decry the default use by Apple and Google of full disk encryption in their latest smartphone OSes. They talk about the murder scene of a father of six, where an iPhone 6 and a Samsung Galaxy S6 Edge were found.

Except, there is no proof that having such a backdoor would conclusively allow them to solve the case and wouldn't require actual police work.

Original Submission

Arthur T Knackerbracket looks up and writes:

According to The Register, the BBC is pulling its annual trick of promising skygazers a "dazzling display" of Perseid meteors this week, as the Earth passes through the trail of debris left by Comet Swift-Tuttle.

Peak meteor activity will be tomorrow night (Wednesday August 12) from around 2300 UK time [2200 UTC], and enthusiasts can expect "at least one every few minutes". Alan MacRobert, senior ed at Sky & Telescope told Auntie: "The nearly moonless sky this year means the viewing will be excellent."

Back in 2009, Reg reader Bill Pinnell caught some open sky and got this nice snap of a small piece of Swift-Tuttle going out in a blaze of glory: [See the original article for the picture]

The Perseids are so named because they appear to originate from a "radiant" in the constellation Perseus. Whether Perseus itself will be visible tomorrow night depends of course on the weather gods, who frequently thwart mankind's dreams of endazzlement. ®

Original Submission

mendax writes:

El Reg published an article about a security flaw introduced by Intel starting with its Pentium Pro line of processors--and left in place for fifteen years, fixing it only in 2011--and also comes with instructions on how to exploit it. So, if you have any pre-2011 processor running some important machine, perhaps you should be thinking of an upgrade after you finish reading the article.

From the article:

It allows smart hackers to run rootkit code at the very lowest level on the computer, out of reach of the operating system, its applications, and even the hypervisor. This means the rootkit can, among other things, silently monitor and record the user's every keypress, mouse click, and download.

Efforts to detect the rootkit and eradicate it from a computer can be blocked, or hampered, by the malware itself. A nightmare, in other words.

The good news is that Intel spotted the howler in its processor blueprints, and corrected the issue: chips built from January 2011 and onwards (Sandy Bridge Core CPUs and later) are not affected. Also, operating systems can mitigate against the security hole at the hypervisor level, thus protecting themselves from miscreants exploiting the design flaw...

This kind of thing makes me want to go back to using a pocket calculator.

Original Submission