SoylentNews

"exec" submitted from IRC:

Physical Key Extraction Attacks on PCs (open, DOI: 10.1145/2851486)

For attackers, ramming the gates of cryptography is not the only option. They can instead undermine the fortification by violating basic assumptions made by the cryptographic software. One such assumption is software can control its outputs. Our programming courses explain that programs produce their outputs through designated interfaces (whether print, write, send, or mmap); so, to keep a secret, the software just needs to never output it or anything that may reveal it. (The operating system may be misused to allow someone else's process to peek into the program's memory or files, though we are getting better at avoiding such attacks, too.)

Yet programs' control over their own outputs is a convenient fiction, for a deeper reason. The hardware running the program is a physical object and, as such, interacts with its environment in complex ways, including electric currents, electromagnetic fields, sound, vibrations, and light emissions. All these "side channels" may depend on the computation performed, along with the secrets within it. "Side-channel attacks," which exploit such information leakage, have been used to break the security of numerous cryptographic implementations; see Anderson, Kocher et al., and Mangard et al. and references therein.

Original Submission

HughPickens.com writes:

For many drivers, the app Waze is a godsend, providing real-time, crowdsourced traffic tips to motorists desperate for alternatives to congested thoroughfares but to some residents of the formerly quiet neighborhoods through which Waze has rerouted countless commuters, the app has destroyed their quality of life. Steve Hendrix writes at the Washington Post that when traffic on Timothy Connor's quiet Maryland street in Tamoka Park, MD suddenly jumped by several hundred cars an hour, he knew that Waze was to blame for routing cars around a around a months-long road repair through his neighborhood. "I could see them looking down at their phones," says Connor. "We had traffic jams, people were honking. It was pretty harrowing." So Connor became a Waze Warrior. Every rush hour, he went on the Google-owned social-media app and posted false reports of a wreck, speed trap or other blockage on his street, hoping to deflect some of the flow. Neighbors filed false reports of blockages, sometimes with multiple users reporting the same issue to boost their credibility. "It used to be that only locals knew all the cut-through routes, but Google Maps and Waze are letting everyone know," says Bates Mattison. "In some extreme cases, we have to address it to preserve the sanctity of a residential neighborhood."

But Waze was way ahead of them. It's not possible to fool the system for long, according to Waze officials. For one thing, the system knows if you're not actually in motion. More important, it constantly self-corrects, based on data from other drivers. "The nature of crowdsourcing is that if you put in a fake accident, the next 10 people are going to report that it's not there," says Julie Mossler, Waze's head of communications. The company will suspend users they suspect of "tampering with the map."

Original Submission

Runaway1956 writes:

A new device that combines chemistry and synthetic biology could prove key to renewable fuels and even chemicals—and combating climate change

        By David Biello on June 2, 2016

A tree's leaf, a blade of grass, a single algal cell: all make fuel from the simple combination of water, sunlight and carbon dioxide through the miracle of photosynthesis. Now scientists say they have replicated—and improved—that trick by combining chemistry and biology in a "bionic" leaf.

Chemist Daniel Nocera of Harvard University and his team joined forces with synthetic biologist Pamela Silver of Harvard Medical School and her team to craft a kind of living battery, which they call a bionic leaf for its melding of biology and technology. The device uses solar electricity from a photovoltaic panel to power the chemistry that splits water into oxygen and hydrogen, then adds pre-starved microbes to feed on the hydrogen and convert CO2 in the air into alcohol fuels. The team's first artificial photosynthesis device appeared in 2015—pumping out 216 milligrams of alcohol fuel per liter of water—but the nickel-molybdenum-zinc catalyst that made its water-splitting chemistry possible had the unfortunate side effect of poisoning the microbes.

So the team set out in search of a better catalyst, one that would play well with living organisms while effectively splitting water. As the team reports in Science on June 2, they found it in an alloy of cobalt and phosphorus, an amalgam already in use as an anticorrosion coating for plastic and metal parts found in everything from faucets to circuit boards. With a little charge, this new catalyst can assemble itself out of a solution of regular water, cobalt and phosphate—and phosphate in water actually is good for living things like the Ralstonia eutropha bacteria that make up the back half of the bionic leaf. Run an electric current from a photovoltaic device through this solution at a high enough voltage and it splits water. That voltage is also higher than what is needed to induce the cobalt to precipitate out of the solution and form the cobalt phosphide catalyst, which means when the bionic leaf is running there are always enough electrons around to induce the catalyst's formation—and therefore no excess metal left to poison the microbes or bring the bionic leaf's water-splitting to a halt. "The catalyst can never die as it's functioning," Nocera says, noting that the new artificial leaf has been able to run for up to 16 days at a stretch.

This story appears to be an update on a previous story by the same author - http://www.scientificamerican.com/article/bionic-leaf-makes-fuel-from-sunlight/
Maybe the most informative link is this - http://news.harvard.edu/gazette/story/2016/06/bionic-leaf-turns-sunlight-into-liquid-fuel/
Similar stories appear in the Christian Science Monitor, Harvard Magazine, and Washington Post.

Original Submission

janrinok writes:

Uber's convenient $100 million settlement with drivers may not be enough to appease them:

Uber's $100m settlement with thousands of its drivers has spun around, mounted the curb and is careering back toward a California courthouse.

Following the filing of objections [PDF] from drivers who take issue with terms of the settlement that they say only favors Uber and plaintiff lead attorney Shannon Liss-Riordan, the judge overseeing the case said he also has concerns with the deal.

US District Judge Edward Chen said in a hearing in San Francisco this week that he was concerned the deal contained provisions that would too broadly shield Uber from liability concerning alleged violations of US labor laws.

This after a collection of the Uber drivers who had been part of the class action case against Uber told the court that they believe Liss-Riordan inked a settlement deal with Uber that was not in their best interests, but rather leaves them with "nothing to improve our conditions or compensate our losses."

[...] Should the settlement offer be voided, the two sides would have to negotiate a new deal or face having the case end up in front of a jury.

Previously: Uber Settles Class Action Lawsuits With California and Massachusetts Drivers

Original Submission

Fnord666 writes:

An engadget story has the following to say about KeePass2 and developer Dominik Reichl:

Original Submission

"takyon" writes:

Swiss voters have rejected a plan that would have guaranteed a monthly basic income to all adults and a lesser amount to every child:

http://www.bbc.com/news/world-europe-36454060

Final results from Sunday's referendum showed that nearly 77% opposed the plan, with only 23% backing it.

The proposal had called for adults to be paid an unconditional monthly income, whether they worked or not.

The supporters camp had suggested a monthly income of 2,500 Swiss francs (£1,755; $2,555) for adults and also SFr625 for each child.

The amounts reflected the high cost of living in Switzerland. It is not clear how the plan would have affected people on higher salaries.

Original Submission

An Anonymous Coward writes:

Shari Steele posted on the Tor blog:

Transitions:

Long time digital advocate, security researcher, and developer Jacob Appelbaum[1] stepped down[2] from his position at The Tor Project on May 25, 2016.

takyon: The short post was later followed by this longer explanation that mentions allegations of sexual misconduct against Appelbaum caused him to step down.

Over the past several days, a number of people have made serious, public allegations of sexual mistreatment by former Tor Project employee Jacob Appelbaum.

These types of allegations were not entirely new to everybody at Tor; they were consistent with rumors some of us had been hearing for some time. That said, the most recent allegations are much more serious and concrete than anything we had heard previously.

We are deeply troubled by these accounts.

We do not know exactly what happened here. We don't have all the facts, and we are undertaking several actions to determine them as best as possible. We're also not an investigatory body, and we are uncomfortable making judgments about people's private behaviors.

That said, after we talked with some of the complainants, and after extensive internal deliberation and discussion, Jacob stepped down from his position as an employee of The Tor Project.

We have been working with a legal firm that specializes in employment issues including sexual misconduct. They are advising us on how to handle this, and we intend to follow their advice. This will include investigations of specific allegations where that is possible. We don't know yet where those investigations will lead or if other people involved with Tor are implicated. We will act as quickly as possible to accurately determine the facts as best we can. Out of respect for the individuals involved, we do not expect results to be made public.

[Continues...]

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

A congressional committee has launched an investigation to find out more information about cyber breaches at the Federal Reserve which were reported recently. Concerns about the Fed's cyber security measures were raised few days ago, when Reuters obtained cyber security reports through a Freedom of Information Act request. The reports were heavily redacted, so not all the details were known, but it did reveal that the Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, several of which were considered to be acts of espionage. The redacted version of the reports did not say who was responsible for the breaches, or if any money or sensitive information was stolen.

The House Committee on Science, Space and Technology sent a letter to Federal Reserve Chair Janet Yellen, seeking more information about these breaches. Citing the Reuters article about the breaches, the letter states, "These reports raise serious concerns about the Federal Reserve's cyber security posture, including its ability to prevent threats from compromising highly sensitive financial information housed on the agency's systems."

Source: http://techraptor.net/content/congress-investigates-cyber-breaches-federal-reserve

Original Submission

"exec" writes:

Original URL: http://www.cnet.com/news/a-toxic-russian-rocket-is-about-to-splash-into-the-arctic/

Why are polar bears still fighting our cold war battles? Is it just for the pun?

As if polar bears and the other great Arctic mammals didn't have enough to deal with between climate change and pooping glitter, they now have to worry about toxic chemicals from Russia literally falling on their home.

No, really. A section from a Russian rocket used to launch commercial satellites is expected to splash down into the pristine Baffin Bay between Canada and Greenland on Saturday.

One of the chemicals used in the rocket's fuel is hydrazine, a particularly nasty substance that's been linked to all sort of malformities and cancer. Some toad embryos exposed to the stuff in experiments in the 1970s developed into deformed, one-eyed cyclops amphibians.

NASA has been working to replace hydrazine in its launches for years and plans to begin using a greener, hydrazine-free rocket fuel starting next year.

-- submitted from IRC

Original Submission

martyb writes:

The Register is reporting the upcoming release of Unicode 9.0:

On 21 June, the world will become a slightly more agreeable place with the release of Unicode 9.0 - not because the standard will offer "Arabic characters to support Bravanese and Warsh, which are used in North and West Africa, along with Pakistani Quranic marks" and "significant updates to segmentation algorithms", but rather for the inclusion of a bacon emoji.

For the curious, emojipedia has offered their renditions of these for your perusal.

Thanks to the work of TheMightyBuzzard, SoylentNews supports UTF-8 character encoding. This would be a good time to consider finding an updated Unicode font to embrace these additions.

Though it may seem like we are falling back to an age of Egyptian hieroglyphics, there are some more prosaic changes as well. The Unicode 9.0 Summary follows.

[Continues...]

Runaway1956 writes:

A suspected great white shark is terrorizing the waters off Perth after fatally attacking a diver on Sunday morning. The woman is the second person to be killed in the area in six days after a surfer died after his leg was bitten off by a great white.

Three fishermen involved in aiding the diver described the shark as longer than their 5.3m boat.

Traps have now been set for the predator.The 60-year-old woman was diving two kilometers off the coast of Mindarie, northern Perth, when the attack happened, according to police. The woman's diving partner told police he felt "something go past him" in the water before surfacing to see her being attacked.

The question occurred to me: "Why would a shark attack a human, then not consume that human?" Sharks routinely attack various creatures, then they consume those creatures. There may be some waste, but that isn't how predators operate - they kill, they consume all that they can consume, they rest, then they kill and consume again. So, why do they leave all that waste behind, when they attack a human? Some links for thought and discussion:

http://www.driftsurfing.eu/why-do-sharks-attack-humans-more-than-just-mistaken-identity/

http://ipfactly.com/why-do-great-white-sharks-attack-humans/

http://www.theguardian.com/environment/2015/jul/20/sharks-dont-like-to-eat-people-attack-statistics-contradict-untested-theories

https://motherboard.vice.com/read/a-town-wants-to-kill-sharks-after-shark-attacks-heres-why-it-wont-work

Original Submission

"x" writes:

FireEye threat researchers have found a complex malware instance that borrows tricks from Stuxnet and is specifically designed to work on Siemens industrial control systems. Josh Homan, Sean McBride, and Rob Caldwell named the malware "Irongate" and say it is probably a proof-of-concept that is likely not used in wild.

Industrial control system malware are complex beasts in large part because exploitation requires knowledge of often weird, archaic, and proprietary systems. The steep learning curve required to grok such systems limits the risk presented by the many holes they contain. It is this that makes Irongate interesting. The malware is also unique in that it employs man-in-the-middle attacks to capture normal traffic on human machine interfaces to replay it in a bid to mask anomalies during attacks.

That replay trick is reminiscent of work by IOActive researcher Alexander Bolshev who told The Register how frequency and amplitude modifications in waves generated by control programmable logic controllers could allow attacks to be masked.

The malware operates in Siemens simulated programmable logic controller environments which are used before live deployment, seeking out and replacing proprietary DLL files, but does not function in standard environments.

Its infection vector is unknown.

-- submitted from IRC

Original Submission

gznork26 writes:

In discussions here, across the Internet and IRL [In Real Life], one of the checks against the lure of conflating some minor offense with Naziism is the specter of Godwin's Law. In most situations, the conflation is unfounded, and the law's effect is beneficial. But what about a situation in which it is appropriate to draw such a comparison?

In an article at MediaPost ( http://www.mediapost.com/publications/article/276936/silence-death.html ) Bob Garfield has asserted that such a comparison is apt in the case of Donald Trump. Opinions among Soylentils will vary about this, but I'm submitting this story, not to incite a conflagration about the results of Trump winning the US presidential election, but rather to explore how even the most well-intentioned and beneficial curb on behavior, embodied in law or in Law, can fail.

All of us who write code know that edge cases are the ones that deserve the most attention, even though they are also unlikely to occur, because that is where sloppy logic fails. In this way, a body of laws acts as the operating system of governance, and refusal to test an edge case opens the way for that OS to be subverted and destroyed.

I challenge you to keep this discussion meta. Once we have explored the problem space, we can apply our insights as we see fit.

Original Submission

An Anonymous Coward writes:

VICE got an 800 page FOIA (Freedom Of Information Act) dump from the NSA (National Security Agency) Friday evening. It contains no smoking gun, but does indicate that NSA's denials that Edward Snowden had tried to follow so-called proper channels are pretty flimsy and, in part, depend on a very self-forgiving interpretation of events. It's a long read.

https://news.vice.com/article/edward-snowden-leaks-tried-to-tell-nsa-about-surveillance-concerns-exclusive

takyon: The PDF is reachable here. The download is around 43.3 megabytes.

Original Submission

"exec" writes:

http://www.bbc.com/news/technology-36425879

A UK-developed system capable of jamming signals to small drones is to be trialled by the US aviation authority.

The Federal Aviation Administration (FAA) is expanding efforts to source technology that can detect small, unmanned aerial vehicles near airports.

Three British companies developed the Anti-UAV Defence System (Auds), due to be included in new trials.

It works by jamming signals to drones, making them unresponsive.

A thermal imaging camera allows the Auds operator to target the unwanted drone before signal jamming, via a high-powered radio signal, is activated.

-- submitted from IRC

Original Submission