SoylentNews

"exec" writes:

Original URL: http://www.computerworld.com/article/3081326/security/this-company-uses-ai-to-stop-cyberattacks-before-they-start.html

An ounce of prevention is worth a pound of cure, as the old saying goes, and that's just as true in cybersecurity as it is in health. So believes Cylance, a startup that uses AI to detect and prevent cyberattacks.

[...] Cylance extracts millions of unique characteristics from the code and analyzes them against trained statistical models to determine their intention. Rather than relying on hash comparison or post-run behavior heuristics to determine what to do, Cylance evaluates objects in less than 100 milliseconds, early in the run time process. That way, if the object is determined to be malicious, execution can be stopped.

The software protects against system- and memory-based attacks, spear phishing, zero-day malware, privilege escalations, scripts and malicious programs, Cylance says, and eliminates the need for antivirus and intrusion detection and prevention systems. No Internet connection or daily software updates are required.

-- submitted from IRC

Original Submission

-- OriginalOwner_ writes:

Cult of Mac reports

Two teenage thieves reportedly pulled off an iPhone heist [in a New York City Apple Store] without employees ever noticing because they were dressed similar to Apple's staff, says the police.

Angela Ahrendts had Apple Store employees switch to wearing blue uniforms with a smaller Apple logo instead of various colorful t-shirts the company would give staff every couple weeks or months. Wearing only blue shirts was supposed to give the store more of a luxury feel, but it's also easier to exploit.

Police say the thieves worked as a team to steal 19 iPhones worth a total of $16,130. One man wearing a blue shirt reportedly walked straight into the SoHo store's electronics repair room at 5:30 on June 1st and pulled out the iPhones like it was totally normal.

With the unlocked iPhones quickly accessed, the thief handed them over to an accomplice. That person then hid the iPhones under his shirt and the pair walked out the store together.

Original Submission

steveha writes:

The new Moto Z phone doesn't have an analog headphone jack built in. This is the second high-end Android phone to be released recently without one; Chinese manufacturer LeEco also released one. According to a video by The Verge, the Moto Z will come with a plug-in adapter to let you use analog headphones with the USB C port on the phone.

http://www.theverge.com/2016/6/10/11900992/moto-z-specs-no-headphone-jack

On the plus side, the Moto Z will support "Moto Mods", backpack modules that attach via strong magnets. Available mods will include battery packs, better speakers, a micro-projector, and "style" mods that are essentially just phone cases. http://www.motorola.com/us/moto-mods

Note: There are rumors that Apple is planning to get rid of the analog headphone jack on the iPhone 7. And the iPad Pro already offers the "Smart Connector Port" so there is speculation that it may show up on the next iPhone.

Original Submission

mendax writes:

El Reg published an article that describes a clever technique Intel is considering implementing in future CPU designs to prevent certain types of malware infections called Control-flow Enforcement Technology (CET) [PDF], those that use return-orientated programming (ROP) and jump-orientated programming (JOP) to implement exploits:

CET works by introducing a shadow stack – which only contains return addresses, is held in system RAM, and is protected by the CPU's memory management unit. When a subroutine is called, the return address is stashed on the thread's stack, as per normal, and also in the shadow stack. When the processor reaches a return instruction, the processor ensures the return address on the thread stack matches the address on the shadow stack.

If they don't match, then an exception is raised, allowing the operating system to catch and stop execution. Therefore, if exploit code starts tampering with the stack to chain together malicious instructions to install malware or otherwise compromise a system, these alterations will be detected and the infiltration halted before any damage can be done.

Given that these are two of the major techniques used by exploit authors to perform arbitrary code execution, being able to block such attempts through hardware could make digital life a little bit safer.

Original Submission

"exec" writes:

http://www.cnet.com/news/spacex-aims-to-relaunch-a-rocket-for-the-first-time-later-this-year/

The fourth Falcon 9 rocket is back in the hangar, alongside the three other rockets Elon Musk's SpaceX has successfully landed after launch, he announced in a tweet on Tuesday. What's more, the Tesla founder said that one of his reusable rockets is ready to break the surly bonds of gravity again.

Musk tweeted an update on the Falcon 9 rocket that carried a load of satellites to orbit last month and then landed safely at Cape Canaveral rather than falling into the Atlantic Ocean as so many space program rockets have ended for decades. Musk says that following inspection, the rocket was found free of damage and "ready to fire again."

The launch, planned for September or October later this year, would mark the first time SpaceX has managed to launch a used rocket and make good on SpaceX's plans for reuseable rocket flights.

SpaceX rockets are already involved in completing commerical[sic] missions. Eventually, the plan is for SpaceX to be able to reuse its rockets after just a few weeks of turnaround, drastically cutting the costs of space exploration. And, as Musk hopes, putting people on Mars within the next 10 years.

-- submitted from IRC

Original Submission

An Anonymous Coward writes:

"Recently Reddit user "sammiesdog" posted claims that Visual Studio's C++ compiler was automatically adding function calls to Microsoft's telemetry services."

https://www.infoq.com/news/2016/06/visual-cpp-telemetry

The screenshot accompanying their post showed how a simple 5 line CPP file produced an assembly language file that included a function call titled "telemetry_main_invoke_trigger".

The ensuing discussion then revolved around how to disable this unannounced "feature" while also speculating its purpose. "sammiesdog" noted that this appears in release builds, while user "ssylvan" also indicated that it appeared in debug builds too. The telemetry function is intended to communicate with ETW (Event Tracing (Windows)).

The ensuing controversy and conversation about the discovery of this function led to a response from Microsoft's Steve Carroll, Development Manager for the Visual C++ team. First and foremost in his response is the unequivocal statement that this functionality will be removed in Visual Studio 2015's Update 3. Carroll goes on to explain Microsoft's thought process behind including this functionality:

...what the code does is trigger an ETW event which, when it's turned on, will emit timestamps and module loads events. The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. We haven't actually gone through this full exercise with any customers to date though, and we are so far relying on our established approaches to investigate and address potential problems instead.

.... according to a Microsoft spokesperson while this behavior does currently exist in "[VisualStudio20]15", it will be removed in a future preview release.

Could we expect any less?

Original Submission

n1 writes:

U.N. Secretary General Ban Ki-moon admitted Thursday Saudi Arabia had been removed from a blacklist for maiming and killing children as a result of unnamed sources' threats to defund United Nations programs. In plain language, an unknown entity used extortion to force the U.N. to reverse an important move toward ensuring the safety of children.

According to an as-yet unsubstantiated report from Foreign Policy, that threat came directly from the Saudi government — though immediately after the report blacklisting the Saudi-led coalition went public, the kingdom vociferously denounced its placement, and was removed within 72 hours — perhaps lending an air of credibility to the allegation.

Ban came under sharp criticism for the abrupt backtracking; but on Thursday, his reasoning for the move became all-too apparent.

"The report describes horrors no child should have to face," Ban told a press conference, as The Intercept reported. "At the same time, I also had to consider the very real prospect that millions of other children would suffer grievously if, as was suggested to me, countries would defund many UN programs. Children already at risk in Palestine, South Sudan, Syria, Yemen and so many other places would fall further into despair."

Source: Claire Bernish at theAntiMedia.org

Original Submission

"exec" writes:

Original URL: http://www.cnet.com/news/monkey-knocks-out-a-whole-nations-power/#ftag=CAD590a51e

The announcement on Facebook was sober.

"At 1129 hours this morning [Tuesday]," it said, "a monkey climbed on the roof of Gitaru Power Station and dropped onto a transformer tripping it. This caused other machines at the power station to trip on overload resulting in a loss of more than 180MW from this plant which triggered a national power blackout."

Such were the words of KenGen, Kenya's national power company, after an incident that seems to veer between the disastrous and the comical.

A monkey got into a power station and accidentally blew the power for the whole country. This was less a military coup than just sheer monkeying about.

KenGen says that power has now been restored. It added on Facebook: "KenGen power installations are secured by electric fencing which keeps away marauding wild animals. We regret this isolated incident and the company is looking at ways of further enhancing security at all our power plants."

-- submitted from IRC

Original Submission

hubie writes:

The event production company ALE Co. has big plans to provide impressive light shows for outdoor events: Sky Canvas. The idea is to launch a cubesat that deploys millimeter-sized particles in orbit that create artificial shooting stars.

We will launch a satellite loaded with about five hundred to a thousand "source particles" that become ingredients for a shooting star. When the satellite stabilizes in orbit, we will discharge the particles using a specially designed device on board. The particles will travel about one-thirds[sic] of the way around the Earth and enter the atmosphere. It will then begin plasma emission and become a shooting star.

They plan on launching a test satellite in 2017 and hope to partner with major events such as the 2020 Olympics in Japan.

Original Submission

HughPickens.com writes:

John Markoff reports that researchers at Microsoft have demonstrated that in some cases they may be able to identify internet users who are suffering from pancreatic cancer by their search queries, even before they have received a diagnosis of the disease. The researchers looked at searches conducted on Bing that indicated someone had been diagnosed with pancreatic cancer, then worked backward, looking for earlier queries that could have shown that the Bing user was experiencing symptoms before the diagnosis. Those early searches, they believe, can be warning flags.

While five-year survival rates for pancreatic cancer are extremely low, early detection of the disease can prolong life in a very small percentage of cases. The study suggests that early screening can increase the five-year survival rate of pancreatic patients to 5 to 7 percent, from just 3 percent. (Steve Jobs died in 2011 after battling pancreatic cancer for years.) ""We find that signals about patterns of queries in search logs can predict the future appearance of queries that are highly suggestive of a diagnosis of pancreatic adenocarcinoma," the researchrs write. "We show specifically that we can identify 5 to 15 percent of cases while preserving extremely low false positive rates" of as low as 1 in 100,000."

Pancreatic cancer — the fourth leading cause of cancer death in the United States – was in many ways the ideal subject for the study because it typically produces a series of subtle symptoms, like itchy skin, weight loss, light-colored stools, patterns of back pain and a slight yellowing of the eyes and skin that often don't prompt a patient to seek medical attention. Although Microsoft has no plans to develop any products linked to the discovery, Eric Horvitz, who says he lost his best childhood friend and, soon after, a close colleague in computer science to pancreatic cancer, says the stakes are too high to delay getting the word out. "People are being diagnosed too late. We believe that these results frame a new approach to pre-screening or screening, but there's work to do to go from the feasibility study to real-world fielding."

Original Submission

butthurt writes:

According to The Guardian, the U.S. National Highway Safety Administration (NHTSA) is gathering information that may bring about a "formal investigation," potentially resulting in a recall of Tesla Motors' Model S electric automobile. The agency has been told of "a possible defect causing suspension control arms to break and the driver to lose control" over which car owners were allegedly asked to sign non-disclosure agreements.

Meanwhile, Reuters reports that the company will again sell its Model S 60, which will come in an all-wheel-drive and a rear-wheel-drive variant; "the two newer Model S versions offer more capabilities than the discontinued one." The offerings are named for their 60 kWh charging capacity. With a software update costing $8.500 to $9,500 (variously reported; may depend on whether it is bought as part of the original sale or later), charging capacity increases to 70 kWh or 75 kWh (variously reported). The rear-wheel-drive Model S 60 is to be the company's lowest-priced vehicle. Tesla had recently been selling a Model S with a charging capacity of as much as 90 kWh, which will remain available.

further coverage:

• San Jose Mercury News (about suspension and new models)
• Chicago Tribune (about new models)
• Teslarati (about new models)
• Teslarati (about suspension)
• Wired (about new models)
• The Verge (about new models)
• Seattle Times (about suspension)
• Los Angeles Times (about new models)
• CNet (about suspension; Javascript required (alternate link))

Original Submission

takyon writes:

A new atlas has illustrated that 80% of North Americans are prevented from seeing the Milky Way's bulge by light pollution:

The luminous glow of light pollution prevents nearly 80 percent of people in North America from seeing the Milky Way in the night sky. That's according to a new atlas of artificial night sky brightness that found our home galaxy is now hidden from more than one-third of humanity.

While there are countries were the majority of people still live under pristine, ink-black sky conditions — places such as Chad, Central African Republic and Madagascar — more than 99 percent of the people living in the U.S. and Europe look up and see light-polluted skies.

The country with the worst light-pollution is Singapore, where researchers found that "the entire population lives under skies so bright that the eye cannot fully dark-adapt to night vision." Other countries with large percentages of people living under skies this bright include Qatar, Kuwait and the United Arab Emirates.

The new world atlas of artificial night sky brightness (open, DOI: 10.1126/sciadv.1600377)

Original Submission

An Anonymous Coward writes:

...since February 2015, roughly 67% of prosecutions involving suspected ISIS supporters include evidence from undercover operations, according to The New York Times.

In many cases, agents will seek out people who have somehow demonstrated radical views, and then coax them into plotting an act of terrorism - often providing weapons and money. Before the suspects can carry out their plans, though, they're arrested.

[...] "They're manufacturing terrorism cases," Michael German, a former undercover agent with the FBI who now researches national-security law at New York University's Brennan Center for Justice, told The Times. "These people are five steps away from being a danger to the United States."

"exec" writes:

Original URL: http://www.theregister.co.uk/2016/06/09/chromes_pdf_reader_has_arbitrary_code_execution_flaw/

A Researcher at Cisco's Talos limb have discovered an arbitrary code execution flaw in PDFium, the PDF reader installed by default in Google's Chrome browser.

The flaw looks like it is down to a tiny error by Chrome's developers, as Nikolic writes that “An existing assert call in the OpenJPEG library prevents the heap overflow in standalone builds, but in the build included in release versions of Chrome, the assertions are omitted.”

That omission means that when PDFium invokes the OpenJPEG library, it can create a buffer overflow. Once that's happened, bad guys can go to town with their own code.

[...] You can take advantage of that change by simply keeping Chrome up to date: version 51.0.2704.63 makes the change to knock the bug on the head. Chrome auto-updates unless instructed to do otherwise, so most users will be protected.

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Microsoft has created its own cut of FreeBSD 10.3 in order to make the OS available and supported in Azure

Jason Anderson, principal PM manager at Microsoft's Open Source Technology Center says Redmond “took on the work of building, testing, releasing and maintaining the image” so it could “ensure our customers have an enterprise SLA for their FreeBSD VMs running in Azure”.

Microsoft did so “to remove that burden” from the FreeBSD Foundation, which relies on community contributions.

Redmond is not keeping its work on FreeBSD to itself: Anderson says “the majority of the investments we make at the kernel level to enable network and storage performance were up-streamed into the FreeBSD 10.3 release, so anyone who downloads a FreeBSD 10.3 image from the FreeBSD Foundation will get those investments from Microsoft built in to the OS.”

Source: http://www.theregister.co.uk/2016/06/09/microsoft_freebsd/

Original Submission