SoylentNews

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Google announced back in February 2016 that it planned to improve Gmail security by adding new security indicators to the service.

One of the improvements was the introduction of a new red question mark icon in place of the profile photo, avatar or blank icon to highlight unauthenticated emails.

Google announced yesterday that the roll out of the feature started, and that Gmail users on the web and on Android will soon notice the new red question mark icon for unauthenticated messages.

[...]

Google's method for determining the authenticity of a message is the following one: if a message can't be authenticated using DKIM or Sender Policy Framework (SPF), it is marked as unauthenticated.

Gmail, on the web, displays profile icons only when an email is selected, but not in the email listing itself. This means that you will have to click on a message to find out if it is authenticated or not.

Source: http://www.ghacks.net/2016/08/11/gmail-question-marks-unauthenticated-senders/

Original Submission

fleg writes:

The Guardian reports on a new study which has found that

The world of speculative fiction publishing is plagued by "structural, institutional, personal, universal" racism, according to a new report that found less than 2% of more than 2,000 SF stories published last year were by black writers.

The report, published by the magazine Fireside Fiction, states that just 38 of the 2,039 stories published in 63 magazines in 2015 were by black writers. With the bulk of the industry based in the US, more than half of all speculative fiction publications the report considered did not publish a single original story by a black author. "The probability that it is random chance that only 1.96% of published writers are black in a country where 13.2% of the population is black is 0.00000000000000000000000000000000000000000000000000000000000000000000000000000321%," says the report.

The editor of Fireside Fiction goes on to say...

"Fiction, we have a problem. We all know this. We do. We don't need numbers to see that, like everywhere in our society, marginalisation of black people is still a huge problem in publishing ... The entire system is built to benefit whiteness – and to ignore that is to bury your head in the flaming garbage heap of history."

Original Submission

Arthur T Knackerbracket has found the following story:

If there were any doubt that IoT is for real, one fact ought to dispel it: For the first time, U.S. mobile operators are adding IoT connections to their networks faster than they’re adding phones.

In fact, cars alone are getting connected to cellular networks faster than anything else, according to statistics compiled by Chetan Sharma Consulting for the second quarter of this year. Counting all U.S. carriers, about 1.4 million cars got connected to cellular networks in the quarter, compared with 1.2 million phones and less than 900,000 tablets.

The second quarter, between April and June, isn’t a high point for new phone sales like the fourth quarter, when holiday shopping hits and new iPhone models roll out. But IoT growth has been a long-term trend.

AT&T, the carrier that’s led in connected cars, has already been adding them faster than phones and tablets combined for seven consecutive quarters, says Sharma, a longtime mobile industry analyst. AT&T’s on track to reach 10 million car connections soon, he said.

For now, most of those cars have been tuning in without their drivers lifting a finger, Sharma said. It’s the car companies that are rolling out vehicles with live cellular connections, which can help them do things like monitor the condition of their cars, update the software on board, and learn things that could help them improve future models. Keeping vehicles online may also reduce the need for expensive recalls where cars have to come back into the shop.

Original Submission

Arthur T Knackerbracket has found the following story:

Ecuador has granted a request from Swedish prosecutors to question WikiLeaks’ founder Julian Assange at its embassy in London, where he has been holed up for over four years.

Assange was given asylum by Ecuador in 2012 after he slipped into the country’s embassy in the U.K. He is wanted by police in Sweden for questioning in connection with a sexual assault investigation.

U.K. police have said that they would arrest Assange to meet an extradition request from Sweden if he steps out from the Ecuador embassy. But Assange and his supporters have expressed fear that from Sweden, he could be transferred to the U.S. to face charges under the country's Espionage Act.

It is not clear whether the restraints on Assange proceeding to Ecuador or some other destination from the U.K. will be removed after the Swedish prosecutors' proceedings.

The UN Working Group on Arbitrary Detention ruled in February that the time Assange has spent in the London embassy amounted to arbitrary detention by the U.K. and Sweden. The decision by the body is not binding on the two countries but would have put some pressure on them to resolve the outstanding issue of Assange’s prolonged stay in the embassy.

Ecuador said Wednesday it stands by its offer of asylum to Assange as long as fears of political persecution continue. It said a date for the questioning by the investigators from Sweden is expected to be finalized in the coming weeks. Ecuador said it had offered to facilitate Assange's questioning at the embassy for over four years. 

Original Submission

Arthur T Knackerbracket has found the following story:

ENISA, the European Union Agency For Network And Information Security, has taken a look at “cost of cyber attack” studies and reckons they're not much good.

The agency is far too polite to put it that way, but in this report, it says there's no consistent approach to trying to quantify the cost of attacks on what it calls critical information infrastructures (CIIs).

“The measurement of the real impact of incidents in terms of the costs needed for full recovery proved to be quite a challenging task”, the report drily notes.

The study, The cost of incidents affecting CIIs, is a review [of] eleven expert reports, two internal studies (provided by security vendors to customers), two public studies, and two reports by ENISA partners. The source studies were dated between 2013 and 2015.

The agency says there's plenty of information about, but the studies it analysed “examines the topic from a different perspective, focusing on certain industries, using different metrics, counting only certain types of incidents etc. The lack of a common approach and criteria for performing such an analysis has allowed the development of rarely comparable standalone studies, often relevant only in a certain context.”

Original Submission

Arthur T Knackerbracket has found the following story:

EPFL scientists have invented a new type of "acoustic prism" that can split a sound into its constituent frequencies. Their acoustic prism has applications in sound detection. [...] Hervé Lissek and his team at EPFL have invented an "acoustic prism" that splits sound into its constituent frequencies using physical properties alone. Its applications in sound detection are published in the Journal of the Acoustical Society of America .

The acoustic prism is entirely man-made, unlike optial[sic] prisms, which occur naturally in the form of water droplets. Decomposing sound into its constituent frequencies relies on the physical interaction between a sound wave and the structure of the prism. The acoustic prism modifies the propagation of each individual frequency of the sound wave, without any need of computations or electronic components.

Original Submission

takyon writes:

The U.S. Drug Enforcement Agency (DEA) has once again rejected attempts to reschedule cannabis and allow medical cannabis federally:

The Obama administration has denied a bid by two Democratic governors to reconsider how it treats marijuana under federal drug control laws, keeping the drug for now, at least, in the most restrictive category for U.S. law enforcement purposes. Drug Enforcement Administration chief Chuck Rosenberg says the decision is rooted in science. Rosenberg gave "enormous weight" to conclusions by the Food and Drug Administration that marijuana has "no currently accepted medical use in treatment in the United States," and by some measures, it remains highly vulnerable to abuse as the most commonly used illicit drug across the nation.

"This decision isn't based on danger. This decision is based on whether marijuana, as determined by the FDA, is a safe and effective medicine," he said, "and it's not." Marijuana is considered a Schedule I drug under the Controlled Substances Act, alongside heroin and LSD, while other, highly addictive substances including oxycodone and methamphetamine are regulated differently under Schedule II of the law. But marijuana's designation has nothing to do with danger, Rosenberg said.

The Post article notes:

In the words of a 2015 Brookings Institution report, a move to Schedule II "would signal to the medical community that [the Food and Drug Administration and the National Institutes of Health] are ready to take medical marijuana research seriously, and help overcome a government-sponsored chilling effect on research that manifests in direct and indirect ways."

However, the DEA will expand the number of locations federally licensed to grow cannabis for research from the current total of... 1: the University of Mississippi.

Related: Compassionate Investigational New Drug program

Original Submission

Arthur T Knackerbracket has found the following story:

The developers of FreeBSD have announced they'll change the way they go about their business, after users queried why known vulnerabilities weren't being communicated to users.

This story starts with an anonymous GitHub post detailing some vulnerabilities in the OS, specifically in freebsd-update, libarchive, bspatch and portsnap. Some of the problems in that post were verified and the FreeBSD devs started working on repairs.

But over on the FreeBSD security list, threads like this started asking why users weren't being told much about the bugs or remediation efforts. That's a fair question because updating FreeBSD could in some circumstances actually expose users to the problem.

Now the FreeBSD team has answered those questions by saying “As a general rule, the FreeBSD Security Officer does not announce vulnerabilities for which there is no released patch.”

The operating system's developers and security team are now “reviewing this policy for cases where a proof-of-concept or working exploit is already public.”

That post also explains that the team is considering more detailed security advisories. There's also an admission that the proposed patch may have broken other things in the OS.

The post concludes by saying that the FreeBSB core and security teams are working with all due haste to fix things and will let those subscribed to its mailing lists know when patches are ready and the danger is past.

[The majority of SoylentNews.org's servers run Ubuntu 14.04 LTS (Long Term Stable version). Upgrading to version 16.04 LTS would expose our systems to systemd and there has been some discussion among staff about our options. One option under consideration would be FreeBSD. Are there any Soylentils who run FreeBSD? What has your experience been? Any surprises to share with the community? --martyb]

Original Submission

Arthur T Knackerbracket has found the following story:

By the end of the year, Google Chrome will block virtually all Flash content and make whatever's left click-to-play by default.

In September, Chrome 53 will kill off all background Flash content, which is about 90 per cent of Flash on the web, according to Google.

Then in December, Chrome 55 will use HTML5 for video, animations, games and similar stuff. If there is no HTML5 available and instead just Flash, you'll be asked to explicitly enable the Adobe plugin to view it.

This will pile immense pressure on web developers to use HTML5 and ditch Flash, because Chrome will deliberately stall the plugin's user experience.

It's effectively throwing Flash out into the cold winter's night. There is no more room at the inn. Google says it prefers HTML5 because it's faster to load than Flash and easier on handhelds' batteries. But the elephant in the room is Flash's dreadful security record: it is a screen door that lets the sewage of the internet seep in and infect computers.

Any Soylentils still have Flash installed on their systems? What keeps you from removing it?

Original Submission

Arthur T Knackerbracket has found the following story:

On a warm July evening, visitors Lonnie Watson and Mark Louviere from the Ft. Worth, Texas metro area did what they normally do during their frequent visits to Hawaii. They wandered out to the coastline to watch the setting sun. On this particular day they spotted something that they say has humbled and blessed them. Watson explained, "For some reason there was a beam of light...just a beam...it landed right on one of them and for some reason I just turned my head. I said, look, it was just a stroke of luck."

What they saw was a large petroglyph, etched into the sandstone. Upon further investigation, they discovered at least 10 figures, stretching over roughly 60 feet of beach. While it's likely this series of petroglyphs, created by aboriginal inhabitants of the Waianae coast, have revealed themselves in the past, this is the first time they've come to the attention of the DLNR State Historic Preservation Division (SHPD) and the U.S. Army. Both agencies have been working together to record and document the petroglyphs; which now number at least 17 figures.

Army archaeologist and Waianae native Alton Exzabe was one of the first officials to arrive at the site. He said, "What's interesting is the Army in Hawaiʻi manages several thousand archaeological sites, but this is the first one with petroglyphs directly on the shoreline.

What's exciting for me, is I grew up coming to this beach and now as an archaeologist working for the Army, helping to manage this site, we discovered these petroglyphs that have never been recorded. Some people have said they've seen them before, but this is quite a significant find."

Glen Kila is a lineal descendent of the aboriginal families who first settled in Nene'u on the Waianae Coast. His family home is a short ways from the petroglyph field, and he says until now he was unaware of these particular figures. "They record our genealogy and religion. It's very important to know about the lineal descendants of the area and their understanding of these petroglyphs. The interpretation of these petroglyphs can only be interpreted by the lineal descendants who are familiar with its history and culture," Kila said.

Several days after the Texas families first saw the petroglyphs, a small group of people stood atop the rocks as sand was washing back in to recover them. Exzabe and fellow archaeologists from the SHPD encourage people to look and not touch. Even the process of scraping sand away by hand or with brushes can damage the integrity of the figures.

And don't even think of trying to 'improve' their appearance like some Norwegian youths who 'ruined' 5,000-year-old rock carving [and] could face prosecution.

Original Submission

An Anonymous Coward writes:

Dr. Lowe (of Things I Won't Work With" fame) has a blog, In The Pipeline, to which he recently posted an interesting commentary on the topic of direct-to-consumer pharmaceutical marketing:

Much more money is spent on pharmaceutical marketing than on research and about 12.5% of the marketing budget is devoted to direct to consumer advertising. Except for the US and New Zealand, the rest of the world does not allow direct to consumer advertising of prescription drugs.

Some US companies, such as Insys Therapeutics, also pay doctors through "speaker programs" and employ former exotic dancers as sales representatives.

http://blogs.sciencemag.org/pipeline/archives/2016/08/09/a-painful-cancer-advertisement
http://www.nytimes.com/2016/08/09/opinion/cancer-drug-ads-vs-cancer-drug-reality.html
https://en.wikipedia.org/wiki/Pharmaceutical_marketing
http://sirf-online.org/2015/04/24/the-new-killing-it/

Original Submission

Arthur T Knackerbracket has found the following story:

Russian security outfit Dr. Web says it's found new malware for Linux.

The firms[sic] says the “Linux.Lady.1” trojan does the following three things:

• Collect information about an infected computer and transfer it to the command and control server.
• Download and launch a cryptocurrency mining utility.
• Attack other computers of the network in order to install its own copy on them.

The good news is that while the Trojan targets Linux systems, it doesn't rely on a Linux flaw to run. The problem is instead between the ears of those who run Redis without requiring a password for connections. If that's you, know that the trojan will use Redis to make a connection and start downloading the parts of itself that do real damage.

Once it worms its way in the trojan phones home to its command and control server and sends information including the flavour of Linux installed, number of CPUs on the infected machine and the number of running processes. The Register imagines that information means whoever runs the malware can make a decent guess at whether it is worth getting down to some mining, as there's little point working with an ancient CPU that's already maxed out.

Original Submission

Arthur T Knackerbracket has found the following story:

Cisco has dropped an open reference design for DOCSIS silicon into the CableLabs standards body.

The group has been working on Full Duplex DOCSIS for some time, and in February announced that the gigabit up / gigabit down effort was worth pursuing.

Switchzilla has been pursuing it, and has handed over its design for a digital echo canceller that integrates with DOCSIS Cable Modem Termination System (CMTS) standards (CMTS specifications cover the cable hubs on the provider side of the network).

Cisco says the echo canceller will work for upstream carrier frequencies from 200 MHz (1.7 Gbps) all the way to 1.2 GHz (for a 10 Gbps upstream channel).

While Cisco hasn't detailed the specifics of the echo cancellation reference design, by providing it royalty-free through CableLabs the company hopes to give the Full Duplex effort a kick along.

The current DOCSIS 3.1 spec supports 10 Gbps down but a maximum of only 1 Gbps upstream.

The CableLabs feasibility study in February was followed by a Nokia demonstration in May. Nokia's Bell Labs showed that a point-to-point hybrid fibre-coax network can hit 10 Gbps symmetrical speeds.

Original Submission

Arthur T Knackerbracket has found the following story:

A researcher has earned a significant bug bounty after finding a severe vulnerability in Facebook's Rights Manager copyright management tool.

Rights Manager is designed to allow publishers to protect their content by helping them identify videos posted on Facebook without permission. Publishers who complete an approval process can rely on the tool to specify permitted use rules, report content, and whitelist pages and profiles.

The tool was released earlier this year in response to an increase in freebooting, the act of downloading copyrighted videos from one platform (e.g. YouTube) and uploading them to a different platform (e.g. Facebook) without the copyright holder's permission.

India-based bug bounty hunter Laxman Muthiyah discovered a serious flaw in Rights Manager that could have been exploited to access and change settings in any copyright holder's account.

The expert noticed that Rights Manager uses the Graph API, which provides the primary method for apps to read and write data on Facebook. The tool's user interface relies on a Facebook-developed app whose source code contained an access token.

Muthiyah determined that this access token could have been leveraged via the Graph API to perform various actions, including access and delete videos, and modify and delete copyright rules.

Original Submission

takyon writes:

USA Today reports that Drug Enforcement Administration agents regularly mine Americans' travel information in order to seize hundreds of millions of dollars of cash:

Federal drug agents regularly mine Americans' travel information to profile people who might be ferrying money for narcotics traffickers — though they almost never use what they learn to make arrests or build criminal cases.

[...] It is a lucrative endeavor, and one that remains largely unknown outside the drug agency. DEA units assigned to patrol 15 of the nation's busiest airports seized more than $209 million in cash from at least 5,200 people over the past decade after concluding the money was linked to drug trafficking, according to Justice Department records. Most of the money was passed on to local police departments that lend officers to assist the drug agency.

"They count on this as part of the budget," said Louis Weiss, a former supervisor of the DEA group assigned to Hartsfield-Jackson Atlanta International Airport. "Basically, you've got to feed the monster." In most cases, records show the agents gave the suspected couriers a receipt for the cash — sometimes totaling $50,000 or more, stuffed into suitcases or socks — and sent them on their way without ever charging them with a crime.

[...] USA Today identified 87 cases in recent years in which the Justice Department went to federal court to seize cash from travelers after agents said they had been tipped off to a suspicious itinerary. Those cases likely represent only a small fraction of the instances in which agents have stopped travelers or seized cash based on their travel patterns, because few such encounters ever make it to court. Those cases nonetheless offer evidence of the program's sweep. Filings show agents were able to profile passengers on Amtrak and nearly every major U.S. airline, often without the companies' consent. "We won't release that information without a subpoena," American Airlines spokesman Ross Feinstein said.

[...] Agents seized $25,000 from Christelle Tillerson's suitcase in 2014 as she was waiting to board a flight from Detroit to Chicago. [...] Tillerson told the agents that her boyfriend had withdrawn the money from his U.S. Postal Service retirement account so that she could buy a truck, according to court records. Agents were suspicious; Tillerson was an ex-convict, who had spent time in prison for driving a load of marijuana into the United States from Mexico. She seemed to have little money of her own. And a police dog smelled drugs on the cash.

Agents seized the money, and let Tillerson go. Her lawyer, Cyril Hall, said she was never arrested, or even questioned about whether she could give agents information about traffickers. A year and a half later — after she produced paperwork showing that much of the money had indeed come from her boyfriend's retirement fund — the Justice Department agreed to return the money, minus $4,000. A spokeswoman for the U.S. Attorney's office in Detroit, Gina Balaya, said prosecutors concluded that "a small percentage of the funds should be forfeited."

Original Submission