SoylentNews

"exec" writes with this story from The Register:

Gaming two-factor authentication systems with premium rate phone numbers can be very profitable – or it was until the flaws got reported.

Belgian security researcher Arne Swinnen noticed that the authentication systems used by Facebook-owned Instagram, Google and Microsoft allow access tokens to be received by a voice call as well as a text message. By linking accounts to a premium-rate phone number he controlled and could pocket money from, he was able to scam the three companies out of cash – in some cases potentially thousands of dollars a day.

"Microsoft was exceptionally vulnerable to mass exploitation by supporting virtually unlimited concurrent calls to one premium number," he said. "The vulnerabilities were submitted to the respective Bug Bounty programs and properly resolved."

In the Microsoft case, he set up an Office 365 trial account and linked it back to a premium-rate number he owned. Redmond's servers will block authentication calls to a number after seven failed attempts to call it, but there were ways around that.

Swinnen found that by preceding the high-cost calling number with up to 18 zeros fooled the Office authentication system into making many more calls. Adding in a country code had the same effect, as did adding up to four digits at the end of the phone number string. All these techniques tricked Office into thinking it was calling new numbers rather than the same one over and over.

By writing a script to automate this process, a single premium rate number could yield €668,882 ($740,485) in call charges before the app refused to dial any more. To make matters worse, multiple accounts could be linked to the same phone number, meaning Swinnen could potentially have coined in one Euro in profit every minute.

After informing Microsoft of the flaw, the Office team quickly fixed the issue. The company gave Swinnen a $500 bug bounty, saying it would have been more but no customer data was stolen in the attack.

-- submitted from IRC

Original Submission

fork(2) writes:

ScienceDaily reports on research from University of Adelaide:

Almost like a regular fingerprint, a person's browser fingerprint -- or "browserprint" -- is often unique to the individual. Such a fingerprint can be monitored, tracked and identified by companies and hackers. Researchers at the University of Adelaide are working to find new methods of protecting against the fingerprinting of personal computers -- and are now giving members of the community the chance to see firsthand their own computer browserprint.

[...] "Eventually we hope that people will be able to protect themselves from being fingerprinted, or tracked without their consent. But in order to do this, we need to analyze a large number of online fingerprints -- as many as 10,000 of them would be helpful. Currently we have 2500, which is a great start," he says.

"No personal information will be retained for our project. We're simply looking for the data, which will be rendered anonymous for ethical reasons." For more information or to see your own browserprint, visit: https://browserprint.info

Your humble correspondent asked to be fingerprinted.

Your browser fingerprint appears to be unique among the 3,225 tested so far.

Currently, we estimate that your browser has a fingerprint that conveys 11.66 bits of identifying information.

The measurements we used to obtain this result are listed below.

Sometimes it's nice to be unique, but this isn't one of those times...

Original Submission

takyon writes:

Bitmanagement, the German developer of "BS Contact Geo," a geographic visualization application similar to Google Earth, is suing the U.S. Navy for copyright infringement:

The case centers around "BS Contact Geo," a 3D virtual reality application developed by the German company Bitmanagement. The Navy was enthusiastic about the geographical modeling capabilities of the software and in 2011 and 2012 it agreed to license its use for 38 computers. "Those individual PC-based licenses authorized the Navy to install BS Contact Geo on a total of just 38 computers for the purposes of testing, trial runs, and integration into Navy systems," the software vendor states in the federal claims court complaint (pdf).

After testing the application for a while, both parties started negotiating the licensing of additional computers. However, before any deals were made, the software maker learned that the Navy had already installed it on over 100,000 computers. According to emails Bitmanagement executives received in 2013, the software had been rolled onto at least 558,466 computers on the Navy's network, without their permission.

"Even as it negotiated with Bitmanagement over the proposed large-scale licensing of its product, the Navy was simultaneously copying and installing that software, without Bitmanagement's advance knowledge or authorization, on a massive scale," the complaint reads. In addition, the Navy allegedly disabled the software that is supposed to track on how many computers the software is being used. This violation of the terms of service prevents the software vendor from stopping the unauthorized copying.

The software licenses were sold for €800 a copy ($1067.76 at the time, according to the complaint). They multiplied that by the 558,466 computers on which the software was installed to seek damages of over $596.3 million. Also at The Register . Alt PDF link.

Original Submission

fork(2) writes:

Phys.org reports on research from the Department of Computer Science and Engineering at Toyohashi University of Technology:

Vision-based face detection and recognition is one of the most rapidly growing research areas in computer vision and robotics and is widely used in several human related applications. However, vision-based face detection and recognition has been shown to be effective only under normal illumination conditions. In developing an algorithm for face detection and recognition, it is crucial to consider both normal and severe illumination conditions. One approach is to convert face images under various illumination conditions into ones with invariant face appearance while preserving the face-specific characteristics such as texture and facial features.

Now, researchers at the Department of Computer Science and Engineering at Toyohashi University of Technology have developed a novel technique to adaptively adjust the effect of lighting on human faces by employing an extended reflectance model. The model has one variable (illumination ratio), which is controlled by Fuzzy Inference System (FIS). To cope with a vast variety of illumination conditions, the FIS rule was optimized using Genetic Algorithm (GA).

[...] "By just adding this contrast adjustment to present face recognition systems, we can largely improve the accuracy and performance of face detection and recognition. Moreover, this adjustment runs in real-time, and therefore, it is appropriate for real-time applications such as robot and human-interaction systems."

A face not only provides a person's identity but also provides other information such as a person's focus of attention and the degree of tiredness. Obtaining such information is useful for a comfortable human-machine interaction, and researchers expect that the proposed contrast adjustment method will also be useful in various situations, especially under severe illumination conditions.

The research results were published on July 15 in Machine Vision and Applications (paywalled).

Original Submission

MrPlow writes:

Submitted via IRC for Bytram

This week Samuel Arbesman, a complexity scientist and writer, will publish "Overcomplicated: Technology at the Limits of Comprehension." It's a well-developed guide for dealing with technologies that elude our full understanding. In his book, Arbesman writes we're entering the entanglement age, a phrase coined by Danny Hillis, "in which we are building systems that can't be grasped in their totality or held in the mind of a single person." In the case of driverless cars, machine learning systems build their own algorithms to teach themselves — and in the process become too complex to reverse engineer.

And it's not just software that's become unknowable to individual experts, says Arbesman.

Machines like particle accelerators and Boeing airplanes have millions of individual parts and miles of internal wiring. Even a technology like the U.S. Constitution, which began as an elegantly simple operating system, has grown to include a collection of federal laws "22 million words long with 80,000 connections between one section and another."

In the face of increasing complexity, experts are ever more likely to be taken by surprise when systems behave in unpredictable and unexpected ways.

Source: http://singularityhub.com/2016/07/17/the-world-will-soon-depend-on-technology-no-one-understands/

For a collection of over three decades of these (among other things) see The Risks Digest - Forum On Risks To The Public In Computers And Related Systems. It's not so much that this is a new problem, as it is an increasingly common one as technology becomes ever more complicated.

Original Submission

HughPickens.com writes:

Josh Katz has an interesting statistical analysis of the presidential race at The New York Times that concludes that Hillary Clinton has about a 76% chance of winning the presidency, about the same probability that an NBA player will hit a free throw. To forecast each party's chance of winning the presidency, the model calculates win probabilities for each state using a state's past election results and national polling.

The most interesting part of the analysis is an interactive tree diagram (at the bottom of the page) that shows the paths to victory for each candidate depending on the results from the most important swing states and what would be required to compensate for a states' loss. Clinton starts out with 186 electoral votes from solidly Democratic states while Trump starts out with 149. What's left are the toss-up states — states whose electoral votes could potentially be in play.

As it turns out Florida is the big prize. If Clinton wins Florida, Trump's only path to victory involves winning Pennsylvania, Ohio, Georgia, North Carolina, Virginia, Arizona, Iowa, Nevada, and New Hampshire. Although Florida is a state that tilted just slightly to the right of the country in previous elections, Republicans might not be able to keep up with Florida's demographic shift any longer.

Here's the unsurprising reason: Trump has alienated Hispanic voters, making the last decade of demographic shifts even more potent. According to estimates, Trump is losing among Hispanic voters in Florida by a 30-point margin, up from Romney's 22-point deficit in similar estimates of 2012. Without Florida, the Republican path to the presidency gets very rocky.

Original Submission

butthurt writes:

The BBC reports that thousands of government employees are losing their jobs, in what it calls a "purge" after Friday's attempted coup in Turkey. The ministry of education suspended "more than 15,000"; "more than 1,500 university deans have also been ordered to resign"; thousands in the military have been arrested; thousands of judges have been suspended and thousands of police officers have been fired.

Executions have been proposed, but the European Union warned that Turkey would not be allowed to join the EU if a death penalty were instituted.

Original Submission

martyb writes:

About this time last year, we reported Tesla's New 'Ludicrous Mode' Will Get You from 0-60 in Under 3 Seconds. The Tesla P90D reportedly completed the quarter mile in just 10.9 seconds. Some owners have reported difficulty in attaining that result, but still it's a wonderful display of using the latest and greatest technology around. Besides, it will certainly out-accelerate almost anything else you'd find on the road today.

Jonny Smith, on the other hand, had other ideas and turned an ungainly-looking, forty-plus year old vehicle into the world's fastest street-legal electric car:

Smith a British automotive journalist, took an old Enfield 8000 electric city car (built in small numbers in the 1970s) and transformed it into something a lot wilder. Out went the array of 12v batteries and 8hp (6kW) electric motor, to be replaced by an altogether more potent powertrain. And on July 16, Smith and the Flux Capacitor entered the record books as the world's fastest street-legal EV, running the quarter-mile in 9.87 seconds.

When last we checked in with Smith, the Flux Capacitor was only Europe's fastest street-legal EV, with a sub-11 second, 1/4-mile time under its (bright orange) belt. Since then, the existing 144-cell Hyperdrive Innovation lithium-ion battery pack has been supplemented by an extra 44 cells located in the trunk. That upgrade has boosted the car from 370v to 400v, and together with lower gearing on the differential, the times at Santa Pod Raceway in the UK began to fall.

From Smith's web site:

Here ...is the pathetic little piece of crumpled paper which we have been working hard – with the invaluable help of Current Racing – for over 3 years to achieve. These are the runs we ran this weekend. The pair of 10.24s were backed up within 5 mins of one another to clinch a world record quickest EV. Then came the 10.1, followed later that day with the breaking well into the 9 bracket. The lower gear and added power shrunk our crucial 60ft time down, while pushing the RPM limit on the motors made the car sound quite different from the driving seat.

Here is a video of the record-breaking run.

At the end of the quarter-mile the numbers show: 9.869 seconds at 121.73 mph (~200 kph).

Original Submission

-- OriginalOwner_ writes:

The Guardian reports

A federal appeals court ruled on [July 15] that the US Navy was wrongly allowed to use sonar in the nation's oceans [which can injure whales, dolphins, seals, and walruses and disrupt their feeding and mating.].

The ninth circuit court of appeals reversed a lower court decision upholding approval granted in 2012 for the Navy to use low-frequency sonar for training, testing, and routine operations.

[...] The 2012 rules adopted by the National Marine Fisheries Service permitted Navy sonar use to affect about 30 [species of] whales and two dozen [species of] pinnipeds (marine mammals with front and rear flippers such as seals and sea lions) each year.

The Navy was required to shut down or delay sonar use if a marine mammal was detected near the ship. Loud sonar pulses also were banned near coastlines and in certain protected waters.

[...] The appellate court ruled 3-0 that the approval rules failed to meet a section of the [Marine Mammal Protection Act] requiring peacetime oceanic programs to have "the least practicable adverse impact on marine mammals".

Scientific American continues

Sonar systems--first developed by the U.S. Navy to detect enemy submarines--generate slow-rolling sound waves topping out at around 235 decibels; the world's loudest rock bands top out at only 130. These sound waves can travel for hundreds of miles under water and can retain an intensity of 140 decibels as far as 300 miles from their source.

These rolling walls of noise are no doubt too much for some marine wildlife. While little is known about any direct physiological effects of sonar waves on marine species, evidence shows that whales will swim hundreds of miles, rapidly change their depth (sometime leading to bleeding from the eyes and ears), and even beach themselves to get away from the sounds of sonar.

Original Submission

HughPickens.com writes:

Mid-range prostitution is a relatively new market, enabled by technology. Before the internet, it was hard for escorts to find customers: They had to either walk the streets searching for customers, rely on word-of-mouth, or work with agencies. The internet changed all that as Allison Schrager writes at Quartz that if you work at Goldman Sachs in NYC and you want to tie up a woman and then have sex with her, you'll first have to talk to Rita. Rita will "insist on calling your office, speaking to the switchboard operator, and being patched through to your desk. Then she will want to check out your profile on the company website and LinkedIn. She'll demand you send her message from your work email, and require a scan of either your passport or driver's license."

Though some escorts rely on sex work-specific sites that maintain "bad date" lists of potentially dangerous clients, others make use of more mainstream sources to gather information about and verify the identities of potential johns. Rita is addressing a problem that every business, both legal and illegal, has. Before the internet, more commerce occurred locally—customers knew their merchants or service providers and went back to them repeatedly. As technology has expanded our transactional networks, it must also offer new ways of building trust and reputation.

"The lesson here is that, while you'd think all the technological options for finding customers would make Rita's job as a madam obsolete, it has actually made her services more critical," says Schrager. "One step ahead of the mainstream economy, Rita's thriving business shows that some jobs won't disappear. They just need to be recast in a way that capitalizes on what made them valuable in the first place."

Original Submission

Appalbarry writes:

The Globe and Mail reports that Canadian aircraft maker Bombardier is planning to trial adding urinals to the aircraft that they produce.

Bombardier reasons that 65% of passengers are male, and that eliminating one sit down space for two standups will "save space and reduce waiting times* for bathrooms."

"I think it's a good idea because you save weight and you actually reduce waiting times for the lavatory," he added. "We have built mock ups and studied it as well. And so we are discussing that with our customers to see their interest."

Typically airplanes have one bathroom for every 60 passengers. That means for Bombardier's CS300, which has up to 160 seats, there is one bathroom in the front and two at the back. To accommodate both rear washrooms, Bombardier has to remove as many as three seats. Replacing one bathroom with urinals would mean those seats could remain.

* Female Soylentils will no doubt point out that women's washrooms invariably have longer lines than men's, and that everyone interviewed for the story was male.

Original Submission

fork(2) writes:

A knuckleball or knuckler is a baseball pitch thrown so as to minimize the spin of the ball in flight, causing an erratic, unpredictable motion. The air flow over a seam of the ball causes the ball to transition from laminar to turbulent flow. This transition adds a deflecting force on the side of the baseball. This makes the pitch difficult for batters to hit, but also difficult for pitchers to control and catchers to catch; umpires are challenged as well, as the ball's irregular motion through the air makes it harder to call balls and strikes." (Wikipedia)

Gizmodo reports on scientific results that attempt to explain the knuckleball's behavior.

In 2012, scientists at the Ecole Polytechnique in France managed to devise a set of laws predicting how much different ball sizes, moving through a fluid (notably air and water), would "knuckle." They conducted a series of experiments that included dropping steel, glass, and plastic beads into a tank of water spiked with fluorescent dye, the better to study their trajectories with ultrafast cameras. All the beads zigzagged in the water, regardless of density, and the less dense the beads, the more they knuckled.

But those findings predicted that soccor balls wouldn't knuckle -- which just happens to be "a specialty of Real Madrid star player Christiano Ronaldo. In Brazil it's known as pombo sem asa ('dove without wings')."

The key is something physicists call the drag crisis. "When a sphere is in a flow, there is a critical velocity at which the wake behind the sphere and the drag force acting on the ball sharply decreases," co-author Caroline Cohen told Inside Science News at the time. That asymmetry in the wake creates a sideways force resulting in the zigzagging motion.

[...] Now Cohen and her Ecole Polytechnique colleagues are back with a new analysis of the knuckleball effect. This time around, the team built their own custom kicking machine to launch balls through the air in a wind tunnel at different speeds, with very little spin.

And they found a more universal culprit for the knuckling effect: unsteady lift forces. However, "Unsteady lift forces are inherent to balls traveling through the air in every sport, so to complete our work we needed to find out why zigzag shots are associated with just a few games, such as soccer or baseball," co-author Baptise Darbois Texier said in a statement.

Once again, the drag crisis proved critical: there is a sweet spot in terms of velocity that produces larger lift forces and more side-to-side movement. The typical shooting distance for any given sport also matters. "In bocce, for example, a zigzag path should occur over a length of 27 meters, but this distance is much longer than the typical shooting length and so the knuckleball effect will be incomplete," said Darbois Texier.

And that's why we typically don't see the knuckling effect in bocce, handball, table tennis, or basketball.

Original Submission

Arthur T Knackerbracket has found the following story:

Microsoft says it will take more time than it thought to get a billion devices running Windows 10 because of its sharply curtailed ambitions in the smartphone business. The company last year set a goal of reaching 1 billion devices running the new operating system by mid-2018. But in a statement to ZDNet, the company says it will "take longer" to reach that goal. Yusuf Mehdi, who runs the Windows marketing team, attributed that to "the focusing of our phone hardware business."

In a statement confirming the delayed target, the company didn't offer a new expected date. Microsoft last month said there were 350 million devices running Windows 10, a tally that analysts say predominantly involves personal computers.

Windows 10, released in July 2015, is designed to run with a similar look and feel across personal computers, tablets, smartphones, and Microsoft's Xbox One game consoles. The operating system was pitched in part as a way to broaden the company's reach beyond its PC comfort zone.When Terry Myerson, who leads Microsoft's Windows and Devices Group, announced the 1 billion target, the company had just wrapped up a year in which it sold about 34 million Windows smartphones.

Since then, Microsoft has all but eliminated the smartphone hardware unit it acquired from Nokia in 2014, taking about $10 billion in writedowns and restructuring costs, laying off thousands of employees, and shuttering or selling factories worldwide. The company's smartphone sales totaled just 2.3 million in the first three months of 2016.

Original Submission

takyon writes:

Germany is planning to require "black boxes" in autonomous and semi-autonomous cars:

Germany plans new legislation to require manufacturers of cars equipped with an autopilot function to install a black box to help determine responsibility in the event of an accident, transport ministry sources told Reuters on Monday. The fatal crash of a Tesla Motors Inc Model S car in its Autopilot mode has increased the pressure on industry executives and regulators to ensure that automated driving technology can be deployed safely.

Under the proposal from Transport Minister Alexander Dobrindt, drivers will not have to pay attention to traffic or concentrate on steering, but must remain seated at the wheel so they can intervene in the event of an emergency. Manufacturers will also be required to install a black box that records when the autopilot system was active, when the driver drove and when the system requested that the driver take over, according to the proposals. The draft is due to be sent to other ministries for approval this summer, a transport ministry spokesman said.

Look for the kill switch next. Also at Ars Technica.

Original Submission

Ethanol-fueled writes:

CBS Reports:

Comedian Leslie Jones, one of the four all-female stars of the new Ghostbusters remake, should have been celebrating the opening weekend of the new movie but instead contended with a whole different kind of specter.

On Monday, Jones decided she was tired of simply blocking the constant flood of racist and hateful messages she received on Twitter and shared some of them with her followers, asking quite pointedly why the social media app wasn't doing more to stop them:

" I leave Twitter tonight with tears and a very sad heart. All this cause I did a movie.You can hate the movie but the sh*t I got today...wrong

— Leslie Jones (@Lesdoggg) July 19, 2016 "

[...]

Twitter has struggled to gain control over racist users in the past, previously admitting to having "a lot of work" to do to improve how it handles the problem. You can see more of the tweets involved in this [warning: offensive] RT article.

As the submitter I have not seen, and have no plans to see Ghostbusters or any recent Hollywood offering, but a major theme of debate surrounding the movie is whether or not the movie is actually good or is getting a perceptual ratings boost on the basis of having a diverse all-female cast alone. This is where those of you who've actually seen the movie and can provide an unbiased opinion would come in handy - so what say you all?

Original Submission