SoylentNews

Bill Dimm writes:

An article in TechCrunch describes changes that the National Institute for Standards and Technology (NIST) is considering to its Digital Authentication Guideline:

Additional comments are available on Bruce Schneier's blog.

Original Submission

fork(2) writes:

AAAS' EurekaAlert describes research from University of Missouri which finds that kindergarteners are more successful when they understand the meaning of number words and can manipulate number sets.

While many studies have been conducted on infants' and preschoolers' math competencies, few have evaluated how toddlers' basic mathematics knowledge relates to early elementary school success. Now, in a study funded by the National Science Foundation (NSF), researchers at the University of Missouri discovered that preschoolers who better process words associated with numbers, such as "three" or "four," and understand the quantities associated with these words are more likely to have success with math when they enter kindergarten. Findings also reveal that children who have a basic understanding that addition increases quantity and subtraction decreases it are much better prepared for math in school. Scientists contend that emphasis on these two skillsets could lead to greater success in school.

[...] The study, "Kindergarteners' fluent processing of symbolic numerical magnitude is predicted by their cardinal knowledge and implicit understanding of arithmetic 2 years earlier," recently was published in the Journal of Experimental Child Psychology. The NSF (Grant 1250359) and the University of Missouri Research Board provided funding for the project.

[AAAS = American Association for the Advancement of Science. -Ed.]

Original Submission

Arthur T Knackerbracket has found the following story:

The threat of ransomware is becoming widespread among corporations, with almost half of U.S. businesses suffering an attack from the nasty form of malware recently, according to a new survey.

Security firm Malwarebytes sponsored the study, which found in June that 41 percent of U.S. businesses had at least encountered between one to five ransomware attacks in the previous 12 months.

Another 6 percent saw six or more attacks.

The study surveyed corporations in the U.S., Canada, U.K. and Germany to gauge how ransomware affected their operations.

The malware, which can infect a computer and take the data hostage, can be bad for business. Thirty-four percent of the victim corporations in the countries surveyed reported losing revenue because the ransomware had prevented access to important files.

U.S. businesses victimized by the malware generally didn’t suffer a heavy toll and only 6 percent of them reported losing revenue. In most cases, the malicious code only affected personal files.

[...] More amateur cybercriminals are probably indiscriminately spreading ransomware in the U.S. like spam, the survey added. Low-level ransom demands of up to $500 are prevalent in the U.S. However, high ransom demands of more than  $10,000 are more common in Germany.

Malwarebytes sponsored Osterman Research to conduct the study by surveying 540 CIOs, CISOs and IT directors across the four countries.

What steps has your company taken to protect against ransomware? Is it enough? What about your personal system(s)?

Original Submission

fork(2) writes:

TechCrunch describes a new move by Disney into the mobile messaging market:

Disney today is wading into the mobile messaging market with a new chat application called Disney Mix, aimed at kids, tweens and families. While the app will compete to some extent with popular messaging clients like WhatsApp, Facebook Messenger, Snapchat, and others, the goal with Disney Mix is to provide a safer alternative that's built with the needs of kids in mind. That means the app isn't just about chatting -- it's also about playing games, making memes, sharing stickers and more, says Disney.

The company notes that it already has over a decade of experience when it comes to building online communities for children, including things like Club Penguin, MarvelKids, and other virtual worlds.

[...] In Disney Mix, friends can chat with each other, which includes sending stickers of favorite Disney characters, like Flash from Zootopia, Hank from Finding Dory, and Jenny from Adventures in Babysitting, for example. Additional content in the app comes from Frozen, Monsters University, Toy Story, K.C. Undercover, Descendants, and other Disney franchises.

Beyond chatting with friends and family, kids can also add Disney accounts to their Friends List, like Disney Channel, Disney XD, and Disney Movies. These accounts will then message them with new photos and videos periodically, along with other news.

Perhaps the biggest differentiator between Disney Mix and a straightforward messaging client is that it has a variety of interactive games built-in, like Spikes, Elsa's Winter Walz, and Cards of D

Disney Mix is available for free for iOS and Android.

Original Submission

Arthur T Knackerbracket has found the following story:

Apple is the latest tech company to close its pay gap.

Women and minorities at Apple earn the same amount of money as their white, male co-workers in similar roles, the company said Wednesday.

Apple released its annual inclusion and diversity report, saying the company had achieved pay equity.

"Women earn one dollar for every dollar male employees earn. And underrepresented minorities earn one dollar for every dollar white employees earn," the report said. To put things in perspective, the White House says that in the US, women earn 78 cents to the dollar.

The pay gap is one of many issues related to diversity that companies in the tech industry face. Silicon Valley has had to confront tough questions about the treatment of women and minorities in tech, and the industry continues to struggle with issues surrounding recruitment, retention and promotion.

Apple isn't the first tech company to say it's reached equal pay. In April, Facebook and Microsoft also said they had no gender pay gap.

Apple's latest report shows that in 2016, 72 percent of the company's leadership is male, while only 28 percent is female. Whites make up 67 percent, Asians 21 percent, blacks 3 percent, Hispanics 7 percent, and 1 percent in leadership roles are multiracial. The balance is made up of other ethnicities and employees who didn't declare.

Apple's report also shows that overall, the company is 68 percent male and 32 percent female this year -- a move of one percentage point from last year when Apple reported 69 percent male and 31 percent female. Fifty-six percent of US employees at Apple are white, 19 percent are Asian, 9 percent are black, 12 percent are Hispanic and 2 percent are multiracial ethnicities.

Original Submission

Arthur T Knackerbracket has found the following story:

Elements of the payment card industry have introduced a new contactless payment card security feature, designed to defend against relay attacks.

Relay attacks were first demonstrated nine years ago by a team of computer scientists Saar Drimer and Steven Murdoch.

The pair also suggested how the security flaw can be mitigated using a technique called distance bounding). Mastercard has taken up this defence, meaning its cards (at least) are protected.

“Finally the banks are now implementing this defence, though only for contactless cards (as they are more vulnerable than the contact Chip and PIN cards that were available in 2007), and so far only for MasterCard cards,” Murdoch told El Reg.

Murdoch says that although the relay attack is real it’s unclear whether or not fraud based on the security weakness has actually taken place.

“I’m not aware of any confirmed cases, other than academic experiments. However, unless this were a widespread fraud, I don’t think I would have heard about it even if it had happened,” Murdoch explained.

“There have been bank customers who have come to me or colleagues to say that they have been refused a refund for a Chip and PIN transaction that they said did not take place. In some of these cases it might have been a relay attack, but in almost every case it is never established what happened.”

“The banks have taken the position that a relay attack is unlikely and since the decision of whether a bank refunds the customer is based on the most likely explanation, the bank always presents another scenario as being the most likely (normally customer negligence),” he added.

Original Submission

fork(2) writes:

Zika and sewage. What else could you ask for at the Olympics? How about a toxic banking trojan? From Security Intelligence:

IBM X-Force Research observed that a relatively new Zeus Trojan variant known as Panda, or Panda Banker, that started targeting banks in Europe and North America early this year has now spread to Brazil. According to IBM X-Force Research, Panda now targets 10 local bank brands and multiple payment platforms right as Brazil prepares to host a global sporting event.

[...] IBM X-Force Research has been detecting Zeus Panda variants since Q1 2016. At first, botnets spreading and attacking users with this malware primarily targeted banks in Europe and North America, focusing on the U.K., Germany, the Netherlands, Poland, Canada, the U.S. and others. While Panda configurations focus on targeting personal online banking services, they are rather diverse. Other targets include online payments, prepaid cards, airline loyalty programs and online betting accounts, to name a few.

Panda is clearly one hungry bear. The malware continues to spread to new geographies and is now targeting users in Brazil. First appearing in Brazil in July 2016, the related Panda variant likely has links to a locally operated, professional cybercrime faction. The variants fetched a new Brazil-focused configuration, which was set up to steal credentials from users of 10 major bank brands in the country, as well as those of bitcoin exchange platforms, payment card services and online payments providers, among others, per X-Force findings.

[...] Zeus Panda's Brazilian configuration file has a notable local hue. Aside from including the URLs of major banks in the country, Panda's operators are also interested in infecting users who access delivery services for a Brazilian supermarket chain, local law enforcement websites, local network security hardware vendors, Boleto payments and a loyalty program specific to Brazil-based commerce. Other targets include customer logins to a company that offers ATM management services and secure physical access technology for banks.

TechCrunch says, "IBM notes that while the software behind Zeus Panda isn't particularly new, nor is the cybercrime scene in Brazil particularly advanced -- so Panda may be as a wolf (or rather bear) among lambs."

Original Submission

Arthur T Knackerbracket has found the following story:

Cray has revealed that its products' Q2 profits have literally gone up in smoke.

The company this week announced second quarter revenue of US$100.2m, down from $186.2m in 2015's corresponding quarter. That dip meant the company incurred a loss of $13.1m compared to last year's $5.8m profit.

Things aren't going to be much easier in Q3, due to “a very recent electrical smoke event caused by a failed manufacturing facility power component that will delay the Company's ability to deliver on some customer contracts in 2016, including an impact on anticipated third quarter revenue.”

On the company's earnings call CEO Peter Ungaro said the smoke “damaged five relatively smaller customer systems that were being tested and prep[ped] for shipping, and for which we expected to achieve acceptances before the end of the year including some in the third quarter.”

“Some of these systems were key pieces of larger customer solutions,” he added. “And as a result, their impact to our overall revenue outlook was more significant than just the value of the revenue type to those systems themselves. This event just happened and we're still evaluating the full extent of the impact, as well as our recovery plan. But I want to note that the majority of the loss is expected to be covered by insurance."

Original Submission

frojack writes:

NBCNews reports that changes are coming for the music industry, and Big Music is not happy about it.

For years, in cases where ASCAP (the American Society of Composers, Authors and Publishers) or BMI (Broadcast Music Inc) did not represent all of the authors of a song, they would issue fractional licenses and presume that the licensee would ensure others were paid. Instead, the Justice Department's new rules would require "full-work" licenses.

We've all heard stories about some song-writers or lyricists being cut out out of the proceeds of music sales because they were not members of these big licensing agencies, never signed a release of rights, or a variety of other issues. Big Music (ASCAP and BMI) more or less ignored these artists, assuming they would get their share via some other means. Of course, in the end, that usually meant somebody pocketed all the money and somebody else didn't get paid. That's not how it is supposed to work.

BMI said in a statement that it would fight the change in court, while ASCAP said it would press for legislative reform. The groups said in a press release that the decision "will cause unnecessary chaos in the marketplace and place unfair financial burdens and creative constraints on songwriters and composers."

This all arose after Big Music claimed that the internet music streaming services were under-paying for song streamed, and cheating artists. They complained to the DOJ and wanted to renegotiate a 1941 era consent decree. It appears the DOJ agrees that some artists were indeed being cheated, but not necessarily by streaming services.

Some artists refuse to let their music be streamed simply because they believe it is being pirated at alarming rates. Other artists are waking up to the music industry's games.

Original Submission

Arthur T Knackerbracket has found the following story:

Olympic gymnast Kohei Uchimura racked up a £3,700 ($4,850) mobile phone bill playing Pokemon GO in Rio.

The 27-year-old Japanese, who won all-around gold at London 2012, incurred data roaming charges playing the augmented reality game after arriving in Brazil for this month's Games. After receiving the bill, Uchimura "looked dead at the team meal that day", team-mate Kenzo Shirai said.

However, his phone company has agreed to let him pay a daily flat rate.

It means Uchimura, who is favourite to retain his title, will be charged 3000 yen (£22) per day for mobile use abroad instead of the 500,000 yen (£3,700) he thought he would have to pay.

"I really lucked out," the six-time all-around world champion told Japan's Kyodo news agency.

Original Submission

martyb writes:

Imagine you are responsible for providing legal representation for indigent people in your state (the public defender's office). Seven years ago, a request for additional funding to meet increased case load was vetoed. Your budget was cut in 2015 and now the governor's office is recommending further cuts. Making things worse is the fact that the number of cases has increased 12%. What would you do?

The Director of the Missouri Public Defender System came up with a novel approach to help meet the increased caseload burden and sent a letter to the Governor (PDF) compelling him to work cases.

Additional reporting here, here, and here.

Original Submission   Alternate Submission

Arthur T Knackerbracket has found the following story:

Even the biggest living creatures sometimes die quietly and slip unnoticed to their rest. A giant whale might have done just that if not for the crew of the research vessel Nautilus. They spotted the whale's mostly complete skeleton decomposing off the California coast on Monday.

"Coming across a natural whale fall is pretty uncommon," one of the researchers says in a video posted to YouTube. A "whale fall" is the rather romantic phrase used when a whale's carcass sinks to the ocean floor, where it provides a buffet bonanza for smaller sea creatures.

"The whale skeleton can support rich communities for years to decades, both as a hard substrate (or surface) for invertebrate colonization and as a source of sulfides from the decay of organic compounds of whale bones," the National Ocean Service explains on its site. "Microbes live off of the energy released from these chemical reactions and form the basis of ecosystems for as long as the food source lasts.

Original Submission

butthurt writes:

The Computer History Museum has released part of the memoir of Gary Kildall. Kildall founded Digital Research, Inc., co-hosted The Computer Chronicles on television and wrote CP/M, the first operating system for personal computers. The extract from his memoir Computer Connections can be downloaded after agreeing to a lengthy EULA (Javascript required). It was provided by Kildall's family, who wrote

In related news, a presentation comparing the source code of MS-DOS to that of CP/M will be given at the museum, in Mountain View, California, on Saturday during the Vintage Computer Festival.

additional coverage:

• IEEE Spectrum
• The Register (alternate link)

Original Submission

Arthur T Knackerbracket has found the following story:

The HTTPS cryptographic scheme protecting millions of websites is vulnerable to a newly revived attack that exposes encrypted e-mail addresses, social security numbers, and other sensitive data even when attackers don't have the ability to monitor a targeted end user's Internet connection.

The exploit is notable because it doesn't require a man-in-the-middle position. Instead, an end user need only encounter an innocuous-looking JavaScript file hidden in an Web advertisement or hosted directly on a webpage. The malicious code can then query a variety of pages protected by the secure sockets layer or transport layer security protocols and measure the precise file sizes of the encrypted data they transmit. As its name suggests, the HEIST technique—short for HTTP Encrypted Information can be Stolen Through TCP-Windows—works by exploiting the way HTTPS responses are delivered over the transmission control protocol, one of the Internet's most basic building blocks.

[...] "HEIST makes a number of attacks much easier to execute," Tom Van Goethem, one of the researchers who devised the technique, told Ars. "Before, the attacker needed to be in a Man-in-the-Middle position to perform attacks such as CRIME and BREACH. Now, by simply visiting a website owned by a malicious party, you are placing your online security at risk."

Using HEIST in combination with BREACH allows attackers to pluck out and decrypt e-mail addresses, social security numbers, and other small pieces of data included in an encrypted response. BREACH achieves this feat by including intelligent guesses—say, @gmail.com, in the case of an e-mail address—in an HTTPS request that gets echoed in the response. Because the compression used by just about every website works by eliminating repetitions of text strings, correct guesses result in no appreciable increase in data size while incorrect guesses cause the response to grow larger.

[Continues...]

takyon writes:

The National Institutes of Health (NIH) is planning to lift its moratorium on chimeric embryo research:

The National Institutes of Health is proposing a new policy to permit scientists to get federal money to make embryos, known as chimeras, under certain carefully monitored conditions. The NIH imposed a moratorium on funding these experiments in September because they could raise ethical concerns.

[...] [Scientists] hope to use the embryos to create animal models of human diseases, which could lead to new ways to prevent and treat illnesses. Researchers also hope to produce sheep, pigs and cows with human hearts, kidneys, livers, pancreases and possibly other organs that could be used for transplants.

To address the ethical concerns, the NIH's new policy imposes several restrictions. The policy prohibits the introduction of any human cells into embryos of nonhuman primates, such as monkeys and chimps, at their early stages of development. Previously, the NIH wouldn't allow such experiments that involved human stem cells but it didn't address the use of other types of human cells that scientists have created. In addition, the old rules didn't bar adding the cells very early in embryonic development. The extra protections are being added because these animals are so closely related to humans. But the policy would lift the moratorium on funding experiments involving other species. Because of the ethical concerns, though, at least some of the experiments would go through an extra layer of review by a new, special committee of government officials.

You can submit a response to the proposal here up until the end of the day on September 4.

Related: NIH Won't Fund Human Germline Modification
U.S. Congress Moves to Block Human Embryo Editing
China's Bold Push into Genetically Customized Animals
Human-Animal Chimeras are Gestating on U.S. Research Farms

Original Submission