SoylentNews

Arthur T Knackerbracket has found the following story at The Register:

Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder.

These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android.

What's more, it is believed it will be impossible for Microsoft to fully revoke the leaked keys.

And perhaps most importantly: it is a reminder that demands by politicians and crimefighters for special keys, which can be used by investigators to unlock devices in criminal cases, will inevitably jeopardize the security of everyone.

Microsoft's misstep was uncovered by two researchers, MY123 and Slipstream, who documented their findings here in a demoscene-themed writeup published on Tuesday. Slip believes Microsoft will find it impossible to undo its leak.

[Continues...]

Arthur T Knackerbracket has found the following story:

For the first time, retired US Air Force officers have published [PDF] an account of an incident on May 23, 1967 when a solar storm nearly fooled American high command into thinking that a Soviet nuclear attack was on the way.

On that day, the US military nuclear command went into panic mode when signals from all three of the Ballistic Missile Early Warning System (BMEWS) sites in the far northern hemisphere (one apiece at Alaska, Thule in Greenland, and a base in the UK's county of Yorkshire) shut down simultaneously.

These BMEWS stations were positioned over the most likely routes for Soviet ICBMs to come visiting the Land of the Free, and some thought the USSR had worked out a jamming technology that would blind the US ahead of an attack. When the BMEWS went down, this secondary bomber force was put on alert and flash warnings were sent to other nuclear facilities warning them that this might be the big one. But luckily a message from a series of forecasts made it through to central command telling them that it might not be the Soviets causing the issues.

"This is a grave situation," said Delores Knipp, a space physicist at the University of Colorado in Boulder, and coauthor of the paper. "But here's where the story turns: things were going horribly wrong, and then something goes commendably right."

Since the 1940s, the US military planners had had evidence of how solar radiation could affect communications systems here on earth. In the mid-1960s the Air Force's Air Weather Service (AWS) had been doing regular solar forecasts to spot this kind of radiation. On May 18, 1967 the AWS spotted an unusually large group of sunspots with intense magnetic fields in one region of the sun. Shortly afterwards this area erupted, causing one of the largest solar storms ever recorded flying towards earth.

"I specifically recall responding with excitement, 'Yes, half the sun has blown away,' and then related the event details in a calmer, more quantitative way," said retired Colonel Arnold Snyder, a solar forecaster at NORAD's Solar Forecast Center, who was on duty that day.

The loss of the BMEWS was flashed both to the military and to government heads. Knipp says that contemporary documents indicate that President Johnson would have received the news. Given the heightened state of alert at the time – Vietnam's summer offensives weren't going well and forces were massing in the Middle East for the Six Day War that broke out days later – the news could have scared some folks into pushing the button.

Original Submission

Arthur T Knackerbracket has found the following story:

Apple has launched a blistering attack on three of Australia's big banks, saying their request to collectively negotiate over digital wallet access to the iPhone will compromise the handset's security, reduce innovation and blunt Apple's entry into the payments market in Australia.

In a sign of growing acrimony between the world's largest company and the Commonwealth Bank of Australia, National Australia Bank and Westpac Banking Corp, Apple told the Australian Competition and Consumer Commission that "allowing the banks to form a cartel to collectively dictate terms to new business models and services would set a troubling precedent and delay the introduction of new, potentially disruptive technologies".

The three large banks made an application in late July with Bendigo and Adelaide Bank seeking authorisation to collectively negotiate with the technology giant, which has locked the banks and other third-party providers of digital wallets off the iPhone platform in favour of its own Apple Pay.

In a pithy, three-page submission to the ACCC, Apple says providing access to the phone's transmitter to allow bank applications to facilitate contactless payments would compromise the security of Apple's hardware.

Original Submission

Arthur T Knackerbracket has found the following story:

Five thousand robots will get busy creating a 3D map of millions of galaxies in 2019.

The Dark Energy Spectroscopic Instrument (DESI) has received US Department of Energy (DoE) approval to move from the design phase to construction, which will start next year.

That includes building the 5,000 10 cm-long, finger-width robots which will have the job of aiming fibre-optic cables at galaxies, stars, and quasars.

DESI's builders have just begun a two-month prototype run of the light collection system in Arizona.

Original Submission

Arthur T Knackerbracket has found the following story:

The government of Estonia is one of the most cyber-aware governments in the world. Recent reports have suggested that the country has been in discussion with the UK for the establishment of an overseas data embassy. Those same reports suggest that Britain's decision to leave the European Union is making Estonia reconsider the UK, and perhaps favor Luxembourg. If this is true, it could make the loss of business with Estonia the first major cyber casualty of the Brexit.

[...] Although the Ministry here describes the project as simply a data center, it has elsewhere used the term 'virtual data embassy'. This is to differentiate the concept from simple backups that have been stored in overseas embassies for the last ten years. Estonia is facing an issue now that will be faced by more and more nations as electronic government increases: secure mirrors will be required to ensure that the country itself doesn't face downtime in a catastrophe. Estonia, of course faces the additional concern of physical incursion from its neighbor and one-time overlord, Russia.

Taavi Kotka, the Government CIO, wrote, "As part of this research project, we have evaluated methods to ensure that the data and services of and for our citizens, e-residents, and institutions are kept safe, secure, and continuously available. Privacy, security, data protection, and data integrity are central to our government services." He added that after the Snowden revelations, both governments and large corporations are facing a trust-deficit. It is the combination of Snowden's GCHQ revelations combined with the potential effect of Brexit that makes the UK seem a less privacy-centric destination for Estonian government data.

Original Submission

fork(2) writes:

electrek says:

Tesla CEO Elon Musk was on SolarCity's conference call for its second quarter financial results today, which is unusual for the Chairman, but understandable considering the impending deal for Tesla to acquire the solar installer. During the call, Musk announced that SolarCity will unveil a "solar roof" as opposed to "solar modules on a roof".

[...] The CEO [Lyndon Rive] explained that it will open up a new market for the company. Rive added that there are 5 million new roofs installed every year in the US and if your roof is about to need to be replaced, you don't want to invest in solar panels to install on it since you are about to take it down, but if the solar panels are the roof and you need to redo it anyway, there's no reason not to go with a power-generating roof. Musk sees a "huge" market for the roofs nearing their end of life.

[...] Based on the comments from Musk and Rive's announcement that two products will be unveiled by the end of the year, it looks like SolarCity is about to unveil 2 solar products, one for existing roofs and one integrated with the roof. They plan to manufacture those modules at SolarCity upcoming 1 GW factory in Buffalo. Peter Rive, SolarCity's CTO, said that the company now plans for the module assembly line to start producing in Q2 2017.

Meanwhile, Bloomberg reports that:

SolarCity Corp. is facing near-term roadblocks as installations slow and the pending acquisition by Tesla Motors Inc. hinders its financing efforts. For billionaire Elon Musk, the long-term picture is more significant, as he rolls out more products and services that will make the biggest U.S. rooftop solar company a key part of his energy strategy.

[...] "Because of the Tesla Motors acquisition proposal, we experienced greater-than-usual delays in closing new project financing commitments," Chief Executive Officer Lyndon Rive said in the statement [on Tuesday, Aug 9].

[...] SolarCity's net loss in the second quarter widened to $55.5 million, or 56 cents a share, from $22.4 million, or 23 cents, a year earlier. Excluding some items, the loss was $2.32, less than the $2.53 average of 11 analysts' estimates compiled by Bloomberg. Sales rose to $185.8 million from $102.8 million.

In the meantime, SolarCity is developing a roofing product that will incorporate photovoltaic capabilities. Musk said it would appeal to homeowners who don't like the look of rooftop systems, as well as people with aging roofs.

Original Submission

MrPlow writes:

Submitted via IRC for Beige

Researchers at the University of California, Riverside (UCR) have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications completely remotely.

Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor.

Led by Yue Cao, a computer science graduate student in UCR's Bourns College of Engineering, the research will be presented on Wednesday (Aug. 10) at the USENIX Security Symposium in Austin, Texas. The project advisor is Zhiyun Qian, an assistant professor of computer science at UCR whose research focuses on identifying security vulnerabilities to help software companies improve their systems.

While most users don't interact directly with the Linux operating system, the software runs behind-the -scenes on internet servers, android phones and a range of other devices. To transfer information from one source to another, Linux and other operating systems use the Transmission Control Protocol (TCP) to package and send data, and the Internet Protocol (IP) to ensure the information gets to the correct destination.

For example, when two people communicate by email, TCP assembles their message into a series of data packets—identified by unique sequence numbers—that are transmitted, received, and reassembled into the original message. Those TCP sequence numbers are useful to attackers, but with almost 4 billion possible sequences, it's essentially impossible to identify the sequence number associated with any particular communication by chance. The UCR researchers didn't rely on chance, though. Instead, they identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties.

[...] Encrypted connections (e.g., HTTPS) are immune to data injection, but they are still subject to being forcefully terminated by the attacker. The weakness would allow attackers to degrade the privacy of anonymity networks, such as Tor, by forcing the connections to route through certain relays. The attack is fast and reliable, often taking less than a minute and showing a success rate of about 90 percent. The researchers created a short video showing how the attacks works.

Source: https://ucrtoday.ucr.edu/39030

Original Submission

takyon writes:

http://www.nextplatform.com/2016/08/08/deep-learning-chip-upstart-set-take-gpus-task/

Bringing a new chip to market is no simple or cheap task, but as a new wave of specialized processors for targeted workloads brings fresh startup tales to bear, we are reminded again how risky such a business can be.

Of course, with high risk comes potential for great reward, that is, if a company is producing a chip that far outpaces general purpose processors for workloads that are high enough in number to validate the cost of design and production. The stand-by figure there is usually stated at around $50 million, but that is assuming a chip requires validation, testing, and configuration rounds to prove its ready to be plugged into a diverse array of systems. Of course, if one chooses to create and manufacture a chip and make it available only via a cloud offering or as an appliance, the economics change—shaving off more than a few million.

These sentiments are echoed by Naveen Rao, CEO of Nervana Systems, a deep learning startup that has put its $28 million in funding to the TSMC 28 nanometer test with a chip expected in Q1 of 2017. With a cloud-based deep learning business to keep customers, including Monsanto, on the hook for deep learning workloads crunched via their on-site, TitanX GPU cluster stacked with their own "Neon" software libraries for accelerated deep learning training and inference, the company has been focused on the potential for dramatic speedups via their stripped-down tensor-based architecture in the forthcoming Nervana Engine processor.

UPDATE: Intel bought the company for around $350 million to $408 million.

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

The accounts with Telegram, a secure messaging service based in Germany, were compromised by exploiting the fact that Telegram sends would-be users an SMS with authorization codes so that they can activate their devices.

The researchers believe the attackers have intercepted these text messages, and this allowed them to add new devices to the targets' account, and access everything in it.

This SMS interception has been performed either by compromising Iranian phone companies, or by colluding with them. The researchers believe that the latter theory is not far-fetched, as Rocket Kitten – the hacker group that they believe performed the attacks – is believed to be composed of Iranian hackers, possibly tied to the Iranian Revolutionary Guard Corps...

Rocket Kitten is known for targeting individuals, businesses and government organizations across the the Middle East, but also researchers (Iranian and European), Iranian citizens/activists, and Islamic and anti-Islamic preachers and groups, political parties and government officials.

The same group apparently also managed to misuse Telegram's API to identify 15 million Iranian phone numbers and user IDs tied with Telegram accounts earlier this year. This information can come in handy for orchestrating future attacks and help with investigations.

Source: https://www.helpnetsecurity.com/2016/08/03/compromised-telegram-accounts/

Original Submission

An Anonymous Coward writes:

Desktop / Laptop privacy & security of web browsers on Linux part 1: concepts and theory

Web browsers today are everywhere, and they are a huge pile of shit code, full of shiny things that hide sometimes bad surprises, but, despite this fact, you want to use it daily cause of too many things today depend on you to visit a web site often requiring you[r] latest web technologies.

Even if many vendor[s] today take browser security seriously, the fast evolution of web standards make [it] very hard to care about that on such big projects, and almost everyday in the wild appear a new method to fuck poor users using the web as a vector of evil code, using both browser vulnerability or user stupidity innocence.

There is no 100% security, if anyone tell[s] you he has the panacea of all evil things and can show you how to be 100% protected online, it's a liar, no exception. Despite that, something can be done to be at least a little bit more secure and block the most common attack vectors, with a cost in terms of usability that is really cheap.

[Continues...]

n1 writes:

Washington's ambassador to the U.N. this week circulated a draft resolution to the 15-member Security Council, seen by Reuters, that would approve a regional protection force "to use all necessary means, including undertaking robust and active steps and engaging in direct operations where necessary," to secure Juba and protect the airport and other key facilities.

Meanwhile a U.N. report released Friday said the organization's own peacekeepers failed through a "combination of inaction, abandonment of post and refusal to engage" to protect people who were attacked by gunmen within a U.N. Protection of Civilians site in the city of Malakal.

[...] Beyond failing to do their job, U.N. peacekeepers have been embroiled in sexual abuse scandals involving children being paid for sex and raped at the hands of soldiers.

A report last March revealed that at least 98 girls from the Central African Republic were sexually abused by U.N. peacekeepers and French troops, with four of the girls forced to have sex with a dog by a French commander. The soldiers were deployed as part of the U.N.'s mission in CAR known as MINUSCA.

[...] In June, The Intercept reported that rebel forces in South Sudan used child soldiers and that the U.S. State Department, under Hillary Clinton, sent arms despite a law that bans providing military assistance to nations that arm children.

Source: TeleSUR

South Sudan gained independence from Sudan in 2011, following a referendum that passed with 98.83% of the vote.

Original Submission

takyon writes:

Chemists have made an expensive precursor chemical (levoglucosan) from three kinds of biomass:

Chemical engineers and chemists from Rice University and China's Dalian Institute of Chemical Physics have made something so useful and unusual they aren't yet sure how much it's worth. In a new paper [DOI: 10.1039/C6GC01600F] in the journal Green Chemistry, a team led by Rice's Michael Wong describes a new process for making extremely pure levoglucosan (LGA), a naturally occurring organic compound that has been so rare and expensive that drugmakers and chemical engineers typically haven't considered using it.

"A couple of years ago, we got to thinking about chemistries that could turn biomass into something of greater value than heat or biofuels," said Wong, professor and chair of Rice's Department of Chemical and Biomolecular Engineering and professor of chemistry. "Most chemicals are made from oil and gas, but you can't make LGA from petrochemicals. LGA has a very interesting structure that makes it a much better starter molecule than sugar, but it's been hard for researchers to work with LGA when quantities are limited. LGA is so difficult and inefficient to make that whatever small amounts were commercially available were very expensive."

Wong said LGA's value derives from the options it presents to drugmakers and chemical engineers who specialize in chemical synthesis, a branch of chemistry that lies at the center of some of the world's largest industries, including pharmaceuticals, petrochemicals, plastics and polymers. The complex chemicals these industries produce are built up from smaller chemicals, much like a Lego model is built from individual bricks. LGA is an organic precursor chemical, one of the organic "bricks" that a chemist could use in a synthesis reaction.

Original Submission

takyon writes:

Three young scientists thing they have a way to defeat antibiotic resistance:

Three college-age scientists think they know how to solve a huge problem facing medicine. They think they've found a way to overcome antibiotic resistance. Many of the most powerful antibiotics have lost their efficacy against dangerous bacteria, so finding new antibiotics is a priority. It's too soon to say for sure if the young researchers are right, but if gumption and enthusiasm count for anything, they stand a fighting chance.

[...] Last October, Stanford launched a competition for students interested in developing solutions for big problems in health care. Not just theoretical solutions, but practical, patentable solutions that could lead to real products. The three young scientists thought they had figured out a way to make a set of proteins that would kill antibiotic resistant bacteria. They convinced a jury of Stanford faculty, biotech types and investors that they were onto something, and got $10,000 to develop their idea.

[...] "The way that our proteins operate, that if the bacteria evolve resistance to them, actually the bacteria can no longer live anymore," says Rosenthal. "We target something that's essential to bacterial survival." Bacteria have managed to evolve a way around even the most sophisticated attempts to kill them, so I was curious to know more about how the proteins these young inventors say they've found worked. "We're not able to disclose, unfortunately," says Filsinger Interrante. It's their intellectual property, she explains, that they hope will attract investors. "We think that our protein has the potential to target very dangerous, multidrug-resistant bacteria."

Peer review, meet news review.

Original Submission

DiarrhoeaChaChaCha writes:

Facebook is going to start forcing ads to appear for all users of its desktop website, even if they use ad-blocking software. The social network said on Tuesday that it will change the way advertising is loaded into its desktop website to make its ad units considerably more difficult for ad blockers to detect. “Facebook is ad-supported. Ads are a part of the Facebook experience; they’re not a tack on,” said Andrew “Boz” Bosworth, vice president of Facebook’s ads and business platform.

Source: The Wall Street Journal

Original Submission

takyon writes:

Seagate has put a new lower limit on the maximum amount of NAND flash that can be crammed into a 3.5" enclosure, by demonstrating a 60 TB solid state drive:

With the Nytro XP7200 moving toward production, Seagate has brought out another SSD tech demo with eye-catching specifications. The unnamed SAS SSD packs 60TB of 3D TLC into a 3.5" drive. In order to connect over a thousand dies of Micron's 3D TLC NAND to a single SSD controller, Seagate has introduced ONFi bridge chips to multiplex the controller's NAND channels across far more dies than would otherwise be possible. The rest of the specs for the 60TB SSD look fairly mundane and make for a drive that's better suited to read-intensive workloads, but the capacity puts even the latest hard drives to shame.

The 60TB SSD is currently just a technology demonstration, and won't be appearing as a product until next year. When it does, it will probably have a very tiny market, but for now it will give Seagate some bragging rights.

Previously: Seagate Unveils Fastest Ever Solid State Drive

Original Submission