SoylentNews

DeathMonkey submitted about a CIA software trove obtained by WikiLeaks:

The anti-secrecy organization WikiLeaks said Tuesday that it has obtained a vast portion of the CIA's computer hacking arsenal, and began posting the files online in a breach that may expose some of the U.S. intelligence community's most closely guarded cyber weapons.

A statement from WikiLeaks indicated that it planned to post nearly 9,000 files describing code developed in secret by the CIA to steal data from targets overseas and turn ordinary devices including cellphones, computers and even television sets into surveillance tools.

DBCubix added coverage from The Daily Mirror:

The hacking organisation made the statement as it announced a huge release of confidential documents from the CIA as part of its mysterious Year Zero series, founder Julian Assange claimed. The group said that from October 2014 the CIA was "looking at infecting the vehicle control systems used by modern cars and trucks" to enable them to "engage in nearly undetectable assassinations."

takyon: WikiLeaks: Vault 7: CIA Hacking Tools Revealed and (selected document) Weeping Angel (Extending) Engineering Notes. Also at NYT, USA Today, BBC, and Reuters. The Hill reports that Democratic Congressman Ted Lieu has called for an investigation... into the leak of the documents and tools.

Original Submission #1   Original Submission #2

Phoenix666 writes:

Saw this discussion on Reddit, and thought it might be of interest here, too (as such things perennially are):

I've been a successful software engineer for 10 years at various startups and small businesses. I do a lot of contracting on the side too. I've recently had cause to start looking for work again.

What the hell is up with these interview questions? They don't really have much to do with the ins and outs of clean code, architecture or collaboration. I had hoped they'd stop with this bullshit already. There's a lot of companies that promise 'No whiteboard interviews' like Triplebyte, only for that to be a complete and total lie.

They're more like annoying riddles I'd find in an Sierra adventure game or D&D. I'm just not very good at these types of 'riddle questions'. I know they always wind up having to do with binary trees, graph algorithms or something like that, but the dress-up and time constraints are unrealistically stressful.

I honestly wasn't very good at these questions when I'd graduated and I'm still not good at them now. How screwed am I? Are companies willing to hire based on projects and seeing live code?

I'm always careful to speak with my employers and convince them to write a 'portfolio' clause in my contract that allows me to keep code for the purpose of seeking further employment.

I really don't want to spend 3 months of my life learning how to solve riddles just to get another job.

I also suck at these kinds of questions, despite having designed and written a lot of software and systems. What say you, Soylentils, are these kinds of interview questions necessary to find good software engineers?

Original Submission

North Korea Launches Missiles, Land in Japanese Waters

An Anonymous Coward writes:

North Korea has launched four ballistic missiles towards the Sea of Japan.

Three of them fell into Japan's exclusive economic zone (EEZ) after flying some 1,000km (620 miles), in what PM Shinzo Abe called a "new stage of threat".

They were fired from the Tongchang-ri region, near the North's border with China, the South Korean military said.

The type of missile is unclear but the North is banned from any missile or nuclear tests by the UN.

The United States' Secret Cyberwar Against North Korean Missiles

takyon writes:

The U.S. has been operating a "Stuxnet"-like program against North Korea to hinder its ability to produce intercontinental ballistic missiles armed with nuclear warheads:

Three years ago, President Barack Obama ordered Pentagon officials to step up their cyber and electronic strikes against North Korea's missile program in hopes of sabotaging test launches in their opening seconds.

Soon a large number of the North's military rockets began to explode, veer off course, disintegrate in midair and plunge into the sea. Advocates of such efforts say they believe that targeted attacks have given American antimissile defenses a new edge and delayed by several years the day when North Korea will be able to threaten American cities with nuclear weapons launched atop intercontinental ballistic missiles.

But other experts have grown increasingly skeptical of the new approach, arguing that manufacturing errors, disgruntled insiders and sheer incompetence can also send missiles awry. Over the past eight months, they note, the North has managed to successfully launch three medium-range rockets. And Kim Jong-un, the North Korean leader, now claims his country is in "the final stage in preparations" for the inaugural test of his intercontinental missiles — perhaps a bluff, perhaps not.

An examination of the Pentagon's disruption effort, based on interviews with officials of the Obama and Trump administrations as well as a review of extensive but obscure public records, found that the United States still does not have the ability to effectively counter the North Korean nuclear and missile programs. Those threats are far more resilient than many experts thought, The New York Times's reporting found, and pose such a danger that Mr. Obama, as he left office, warned President Trump they were likely to be the most urgent problem he would confront.

Additional articles about the NYT investigation and "left-of-launch" strikes.

Original Submission #1  Original Submission #2 

takyon writes:

Researchers have used the recoil of bubbles to mix coolant around microelectronics:

The bubbles that form on a heated surface create a tiny recoil when they leave it, like the kick from a gun firing blanks. Now researchers at the University of Illinois at Chicago, under funding from NASA, have shown how this miniscule force can be harnessed to mix liquid coolant around high-power microelectronics — in space or on Earth. [...] "In flights to Mars or the moon, equipment like computers generate a lot of heat," Yarin said. As the computers and chips become smaller and are packed tighter, the production of heat becomes a restriction on computing power.

Engineers have looked to "pool-boiling," which is liquid-cooling at a temperature near the boiling point of the fluid. In boiling, all heat is absorbed in converting the liquid to vapor, with no further rise in temperature until the phase change is complete. But the lack of gravity in space poses a special problem for pool-boiling: The bubbles have no buoyancy.

[...] Yarin and his coworkers sandwiched two heat-generating circuit chips back-to-back. By alternating the voltage to the two chips, they were able to cause the apparatus to swing back and forth through the coolant at about 1 centimeter per second. "When one chip operates, it produces bubbles and a recoil force. Then the other, and it pushes back — enough to swing the chips in the cooling fluid and shed the bubbles," Yarin said. "It works with or without gravity – in space, exactly as on Earth."

Animated GIF.

Swing-like pool boiling on nano-textured surfaces for microgravity applications related to cooling of high-power microelectronics (open, DOI: 10.1038/s41526-017-0014-z) (DX)

Original Submission

takyon writes:

NASA will create Bose-Einstein condensates in the microgravity environment aboard the International Space Station, where they can last for longer periods of time:

This summer, an ice chest-sized box will fly to the International Space Station, where it will create the coolest spot in the universe. [...] Its instruments are designed to freeze gas atoms to a mere billionth of a degree above absolute zero. That's more than 100 million times colder than the depths of space.

[...] NASA has never before created or observed Bose-Einstein condensates in space. On Earth, the pull of gravity causes atoms to continually settle towards the ground, meaning they're typically only observable for fractions of a second.

But on the International Space Station, ultra-cold atoms can hold their wave-like forms longer while in freefall. That offers scientists a longer window to understand physics at its most basic level. Thompson estimated that CAL (Cold Atom Laboratory) will allow Bose-Einstein condensates to be observable for up to five to 10 seconds; future development of the technologies used on CAL could allow them to last for hundreds of seconds.

Original Submission

Phoenix666 writes:

The company that arose from RadioShack's 2015 bankruptcy saga could soon itself be filing for bankruptcy.

General Wireless is reportedly on the brink of seeking protection from creditors and entering the liquidation process. The biz could not be reached for comment. The formal paperwork for the bankruptcy could be posted within a matter of days, it is claimed.

A liquidation of General Wireless will effectively mark the end of RadioShack, which opened its first store in 1921 and became a mainstay of electronics hobbyists through the rise of the home computing era.

The retailer was nearly liquidated outright in 2015 after years of struggling to keep up with competition from online stores and a financial plummet that saw the value of its stock fall so sharply it was removed from the New York Stock Exchange.

Micro Center remains, but in the era of Adafruit, Seeed Studio, Sparkfun, and others are big-box retailers still relevant?

Original Submission

c0lo writes:

I have decided to submit a story from the hypothetical future, published by New York Magazine 9 months ago, one that I picked while browsing whatever I missed since my last visit on Schneier on security.

If you put your video-game aside, read this article, and pay attention to the left-side notes, you'll discover thingies in the near future history which you may missed when they actually happened — the election campaign was on at that time. Most of the "fictionals" depicted there actually happened; some that I was aware of, some others I wasn't (e.g. water utility hacked).

On December 4, 2017, at a little before nine in the morning, an executive at Goldman Sachs was swiping through the day's market report in the backseat of a hired SUV heading south on the West Side Highway when his car suddenly swerved to the left, throwing him against the window and pinning a sedan and its driver against the concrete median. [...] When the Goldman exec came to, his driver swore that the crash hadn't been his fault: The car had done it.

[...] A third-year resident in the emergency room at Columbia University Medical Center in Washington Heights walked through the hospital as a television was airing images from the accident on the George Washington Bridge; that meant several crash victims would soon be heading her way. When she got to her computer, she tried logging into the network to check on the patients who were already there, but she was greeted with an error message that read WE'RE NOT LOOKING FOR BITCOIN THIS TIME.

[...] One Police Plaza had just reported that it, too, was locked out of the programs it used to dispatch officers and emergency personnel, which made responding to the traffic accidents around the city that much harder.

[...] After a few phone calls to friends in the private sector, the cybersecurity chief got more nervous. At the beginning of 2017, one friend told him, she had been called to investigate a mysterious occurrence at a water-treatment plant: The valves that controlled the amount of chlorine released into the water had been opening and closing with unexplained irregularity.

[...] In the summer of 2016, the hackers received an anonymous offer of $100 million to perform a cyberattack that would debilitate a major American city. The group's members weren't much interested in death and destruction per se, so they declined their funder's request for a "Cyber 9/11." But to self-identified anarchists with a reflexively nihilistic will to power, the proposition had some appeal. Causing disruption was something that had been on their minds recently, as their conversations veered toward the problems with global capitalism, the rise of technocentrism, bitcoin, and the hubris required to nominate a man like Donald Trump.

Happy reading.

[Ed. Note: Just as a clarification: this is not fact, but a projection of something that could easily come to pass. All the pieces of this hypothetical attack are possible. Scary stuff.]

Original Submission

wirelessduck writes:

Researchers demonstrate new type of laser:

Lasers are everywhere nowadays: doctors use them to correct eyesight, cashiers to scan your groceries, and quantum [scientists] to control qubits in the future quantum computer. For most applications, the current bulky, energy inefficient lasers are fine, but quantum scientist work at extremely low temperatures and on very small scales. For over 40 years, they have been searching for efficient and precise microwave lasers that will not disturb the very cold environment in which quantum technology works. A team of researchers led by Leo Kouwenhoven at TU Delft has demonstrated an on-chip microwave laser based on a fundamental property of superconductivity, the ac Josephson effect. They embedded a small section of an interrupted superconductor, a Josephson junction, in a carefully engineered on-chip cavity. Such a device opens the door to many applications in which microwave radiation with minimal dissipation is key, for example in controlling qubits in a scalable quantum computer. The scientists have published their work in Science on the 3rd of March.

Josephson effect.

Demonstration of an ac Josephson junction laser (DOI: 10.1126/science.aah6640) (DX)

Original Submission

Phoenix666 writes:

Norway, which already boasts the world's highest number of electric cars per capita, said Monday that electric or hybrid cars represented half of new registrations in the country so far this year.

"This is a milestone on Norway's road to an electric car fleet," Climate and Environment Minister Vidar Helgesen told AFP.

"And it serves to showcase that green transport policies work," he said in an email.

Sales of electric cars accounted for 17.6 percent of new vehicle registrations in January and hybrid cars accounted for 33.8 percent, for a combined 51.4 percent, according to figures from the Road Traffic Information Council (OVF).

In February, those proportions fell slightly but remained high at 15.8 percent and 32 percent, respectively.

Joke's on them. Electric cars can't work in places that are cold or have mountains.

Original Submission

mrpg writes:

A definitive cause for autism spectrum disorders (ASD) has remained elusive, although the best picture so far seems to be one of a mix of genetic and environmental factors. This suggests that any genes involved with the condition by necessity are being passed on from generation to generation. A new study now suggests that these genes are being positively selected for.

The study, published in PLOS Genetics[open,DOI:10.1371/journal.pgen.1006618][DX], looked at the prevalence of alleles, or gene variants, commonly associated with an increased risk of ASD. The researchers discovered that these variants were found in much larger numbers than would be expected by chance, and they suggest that this may be because they are also linked to other genes implicated in cognitive ability.

The authors write that this positive selection between the genes thought to contribute to autism and those that might promote intelligence may explain why autism is such a prevalent condition, especially when it seems like it would have been selected against during human evolution.

http://www.iflscience.com/health-and-medicine/gene-variants-linked-to-autism-may-have-been-positively-selected-for/

Original Submission

Arthur T Knackerbracket writes:

Arthur T Knackerbracket has found the following story:

A sportswear company in Oregon has alleged that a senior IT manager left a backdoor in its systems before departing to a business partner and illegally used that access almost 700 times for his new employer's benefit.

In its complaint to a federal court in Oregon [PDF], Columbia Sportswear demanded a jury trial for Michael Leeper, who it alleged had illegally accessed highly confidential information to the benefit of a business parter, tech consulting firm Denali Advanced Integration, which Leeper had left to work for.

The accusation of betrayal notes that Leeper had been an employee at Columbia since May 2000, when he joined as manager of its desktop services team. He was subsequently promoted to senior director of technology infrastructure, from which he was responsible for maintaining Columbia's global IT systems and dealing with technology vendors including Denali, for which he departed the sportswear business in 2014.

Just a day before leaving, however, Leeper allegedly created a network account under the name "Jeff Manning", called "jmanning", which provided him with remote access to Columbia's network, including its VPN. Using this account, Leeper plundered Columbia nearly 700 times over the next two years, stealing corporate plans as well as information on its technology budget, all for the benefit of Denali as it competed for his former employer's cash.

Original Submission

takyon writes:

Don't throw coins near turtles:

Veterinarians laboured for seven hours to remove 915 coins weighing five kilogrammes from a sea turtle suffering chronic stomach ache. [...] Last month, Om Sin, Thai for piggy bank, was sent to the faculty from the Sea Turtle Conservation Centre of the Royal Thai Navy in Sattahip district in Chonburi last month after it barely swam. A CT scan at the university shocked vets when they saw the mound of coins. [...] According to Thai belief, throwing coins into a turtle pond would stop bad luck.

Also at Washington Post, NPR, Smithsonian, and The Guardian (video).

Original Submission

takyon writes:

TSA agents will soon conduct a more invasive patdown at U.S. airports:

The U.S. Transportation Security Administration has declined to say exactly where—and how—employees will be touching air travelers as part of the more invasive physical pat-down procedure it recently ordered. But the agency does expect some passengers to consider the examination unusual. In fact, the TSA decided to inform local police in case anyone calls to report an "abnormal" federal frisking, according to a memo from an airport trade association obtained by Bloomberg News. The physical search, for those selected to have one, is what the agency described as a more "comprehensive" screening, replacing five separate kinds of pat-downs it previously used.

The decision to alert local and airport police raises a question of just how intimate the agency's employees may get. On its website, the TSA says employees "use the back of the hands for pat-downs over sensitive areas of the body. In limited cases, additional screening involving a sensitive area pat-down with the front of the hand may be needed to determine that a threat does not exist."

[...] The TSA's calls to police were an effort to provide local law enforcement "situational awareness" about the new pat-down method, Christopher Bidwell, ACI-NA's vice president of security, said in an interview Saturday. U.S. airports have not expressed any reservations or concerns about the pat-down change, the association said.

Also at Boing Boing, The Consumerist, NBC, and LA Times.

Original Submission

takyon writes:

https://arstechnica.com/tech-policy/2017/03/doj-drops-case-against-child-porn-suspect-rather-than-disclose-fbi-hack/

Rather than share the now-classified technological means that investigators used to locate a child porn suspect, federal prosecutors in Washington state have dropped all charges against a man accused of accessing Playpen, a notorious and now-shuttered website.

The case, United States v. Jay Michaud, is one of nearly 200 cases nationwide that have raised new questions about the appropriate limitations on the government's ability to hack criminal suspects. Michaud marks just the second time that prosecutors have asked that [the] case be dismissed.

"The government must now choose between disclosure of classified information and dismissal of its indictment," Annette Hayes, a federal prosecutor, wrote in a court filing on Friday. "Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery."

https://threatpost.com/doj-dismisses-playpen-case-to-keep-tor-hack-private/124102/

Intent on keeping details private about how it hacked the Tor browser, prosecutors with the U.S. Department of Justice on Friday asked to dismiss a case involving a suspect who visited the Playpen dark web child pornography site in 2015.

"The government must now choose between disclosure of classified information and dismissal of its indictment," Annette Hayes, a US attorney, wrote in a court filing (.PDF) on Friday. "Disclosure is not currently an option."

Hayes asked the court to drop charges around the case without prejudice, insisting the government has "simply acted to protect highly sensitive information from criminal discovery as was its obligation." There's a chance, if the exploit is unclassified later down the line, the government could reopen its case, she claims.

"Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery," Hayes wrote.

News the government is unwilling to disclose the exploit–something the FBI refers to as a "Network Investigative Technique" (NIT)–has seemingly been a long time coming; the DOJ has remained resolute to keeping the exploit under wraps. Last April the FBI refused to comply with the judge's request to describe how it compromised the Tor browser.

Previously: FBI Let Alleged Pedo Walk Free Rather Than Explain How They Snared Him

Original Submission

takyon writes:

IBM is making a bet on quantum computing:

IBM announced today an industry-first initiative to build commercially available universal quantum computing systems. "IBM Q" quantum systems and services will be delivered via the IBM Cloud platform. While technologies that currently run on classical computers, such as Watson, can help find patterns and insights buried in vast amounts of existing data, quantum computers will deliver solutions to important problems where patterns cannot be seen because the data doesn't exist and the possibilities that you need to explore to get to the answer are too enormous to ever be processed by classical computers.

IBM also announced today [...] The release of an upgraded simulator on the IBM Quantum Experience that can model circuits with up to 20 qubits. In the first half of 2017, IBM plans to release a full SDK (Software Development Kit) on the IBM Quantum Experience for users to build simple quantum applications and software programs.

[...] IBM intends to build IBM Q systems to expand the application domain of quantum computing. A key metric will be the power of a quantum computer expressed by the "Quantum Volume", which includes the number of qubits, quality of quantum operations, qubit connectivity and parallelism. As a first step to increase Quantum Volume, IBM aims at constructing commercial IBM Q systems with ~50 qubits in the next few years to demonstrate capabilities beyond today's classical systems, and plans to collaborate with key industry partners to develop applications that exploit the quantum speedup of the systems.

Also at BBC, USA Today, and Nature.

Original Submission

fliptop and Arthur T Knackerbracket write:

Google's increases are permanent, in recognition of what security program manager Josh Armour says is an environment in which "high severity vulnerabilities have become harder to identify over the years." Google's therefore going to pay more to reflect the time it takes to find nasty flaws. Google's priority remains remote code execution flaws, which can now earn white hats up to US$31,337. Google's ceiling for payments used to be $20,000.

Finding a bug that permits "unrestricted file system or database access" can now result in $13,337 heading your way, up from $10,000.

Microsoft's also increased its payouts, but only for two months (Mar 1 to May 1) and for a handful of services.

The good news is that Redmond's doubled payouts for vulnerabilities that meet its criteria, namely any of the following:

• Cross Site Scripting (XSS)
• Cross Site Request Forgery (CSRF)
• Unauthorized cross-tenant data tampering or access (for multi-tenant services)
• Insecure direct object references
• Injection Vulnerabilities
• Authentication Vulnerabilities
• Server-side Code Execution
• Privilege Escalation
• Significant Security Misconfiguration (when not caused by user)

The bonus bounties apply only on the following platforms.

• portal.office.com
• outlook.office365.com
• outlook.office.com
• *.outlook.com
• outlook.com

Microsoft's not said why it's made the special offer for those domains, but clearly it feels they need to be given a thorough going-over. The Register can offer a couple guesses as to why. A simple reason could be that they just haven't attracted many bounty hunters. Another could be that they are running new code worthy of extra probing. The timing of the bloated bounty is also interesting, because as by the start of May we'll be very close to the launch of the Windows 10 Creators Update. That release, we already know, will link with Office 365 Advanced Threat Protection. Coincidence? With $30k up for grabs, does it even matter?

Original Submission #1  Original Submission #2