SoylentNews

takyon writes:

NVIDIA is releasing the GeForce GTX 1080 Ti, a $699 GPU with performance and specifications similar to that of the NVIDIA Titan X:

Unveiled last week at GDC and launching [March 10th] is the GeForce GTX 1080 Ti. Based on NVIDIA's GP102 GPU – aka Bigger Pascal – the job of GTX 1080 Ti is to serve as a mid-cycle refresh of the GeForce 10 series. Like the GTX 980 Ti and GTX 780 Ti before it, that means taking advantage of improved manufacturing yields and reduced costs to push out a bigger, more powerful GPU to drive this year's flagship video card. And, for NVIDIA and their well-executed dominance of the high-end video card market, it's a chance to run up the score even more. With the GTX 1080 Ti, NVIDIA is aiming for what they're calling their greatest performance jump yet for a modern Ti product – around 35% on average. This would translate into a sizable upgrade for GeForce GTX 980 Ti owners and others for whom GTX 1080 wasn't the card they were looking for.

[...] Going by the numbers then, the GTX 1080 Ti offers just over 11.3 TFLOPS of FP32 performance. This puts the expected shader/texture performance of the card 28% ahead of the current GTX 1080, while the ROP throughput advantage stands 26%, and memory bandwidth at a much greater 51.2%. Real-world performance will of course be influenced by a blend of these factors, with memory bandwidth being the real wildcard. Otherwise, relative to the NVIDIA Titan X, the two cards should end up quite close, trading blows now and then.

Speaking of the Titan, on an interesting side note, NVIDIA isn't going to be doing anything to hurt the compute performance of the GTX 1080 Ti to differentiate the card from the Titan, which has proven popular with GPU compute customers. Crucially, this means that the GTX 1080 Ti gets the same 4:1 INT8 performance ratio of the Titan, which is critical to the cards' high neural networking inference performance. As a result the GTX 1080 Ti actually has slightly greater compute performance (on paper) than the Titan. And NVIDIA has been surprisingly candid in admitting that unless compute customers need the last 1GB of VRAM offered by the Titan, they're likely going to buy the GTX 1080 Ti instead.

The card includes 11 GB of Micron's second-generation GDDR5X memory operating at 11 Gbps compared to 12 GB of GDDR5X at 10 Gbps for the Titan X.

Previously: GDDR5X Standard Finalized by JEDEC
Nvidia Announces Tesla P100, the First Pascal GPU
Nvidia Unveils GTX 1080 and 1070 "Pascal" GPUs

Original Submission

wirelessduck writes:

https://www.theguardian.com/technology/2017/mar/10/elon-musk-i-can-fix-south-australia-power-network-in-100-days-or-its-free

Elon Musk, the billionaire founder of electric car giant Tesla, has thrown down a challenge to the South Australian and federal governments, saying he can solve the state's energy woes within 100 days – or he'll deliver the 100MW battery storage system for free.

On Thursday, Lyndon Rive, Tesla's vice-president for energy products, told the AFR the company could install the 100-300 megawatt hours of battery storage that would be required to prevent the power shortages that have been causing price spikes and blackouts in the state.

Thanks to stepped-up production out of Tesla's new Gigafactory in Nevada, he said it could be achieved within 100 days.

Mike Cannon-Brookes, the Australian co-founder of Silicon Valley startup Atlassian, on Friday tweeted Elon Musk, asking if Tesla was serious about being able to install the capacity.

Musk replied that the company could do it in 100 days of the contract being signed, or else provide it free, adding: "That serious enough for you?"

Original Submission

MrPlow writes:

Submitted via IRC for Runaway1956

The old reCAPTCHA system was pretty easy—just a simple "I'm not a robot" checkbox would get people through your sign-up page. The new version is even simpler, and it doesn't use a challenge or checkbox. It works invisibly in the background, somehow, to identify bots from humans. Google doesn't go into much detail on how it works, only saying that the system uses "a combination of machine learning and advanced risk analysis that adapts to new and emerging threats." More detailed information on how the system works would probably also help bot-makers crack it, so don't expect details to pop up any time soon.

[...] When sites switch over to the invisible CAPTCHA system, most users won't see CAPTCHAs at all, not even the "I'm not a robot" checkbox. If you are flagged as "suspicious" by the system, then it will display the usual challenges.

Source: https://arstechnica.com/gadgets/2017/03/googles-recaptcha-announces-invisible-background-captchas/

Original Submission

takyon writes:

A potato authority is attempting to grow hardy varieties of tubers in Mars-like soil:

The International Potato Center (CIP) launched a series of experiments to discover if potatoes can grow under Mars atmospheric conditions and thereby prove they are also able to grow in extreme climates on Earth. This Phase Two effort of CIP's proof of concept experiment to grow potatoes in simulated Martian conditions began on February 14, 2016 when a tuber was planted in a specially constructed CubeSat contained environment built by engineers from University of Engineering and Technology (UTEC) in Lima based upon designs and advice provided by the National Aeronautics and Space Administration in Ames Research Center (NASA ARC), California. Preliminary results are positive.

[...] The CubeSat houses a container holding soil and the tuber. Inside this hermetically sealed environment the CubeSat delivers nutrient rich water, controls the temperature for Mars day and night conditions and mimics Mars air pressure, oxygen and carbon dioxide levels. Sensors constantly monitor these conditions and live streaming cameras record the soil in anticipation of the potato sprouting. Live streams of the experiment can be viewed at potatoes.space/mars or by going to the CIP website at www.CIPotato.org.

[...] From the initial experiment, CIP scientists concluded that future Mars missions that hope to grow potatoes will have to prepare soil with a loose structure and nutrients to allow the tubers to obtain enough air and water to allow it to tuberize. "It was a pleasant surprise to see that potatoes we've bred to tolerate abiotic stress were able to produce tubers in this soil," Amoros said. He added that one of the best performing varieties was very salt-tolerant from the CIP breeding program for adaptation to subtropical lowlands with tolerance to abiotic stress that was also recently released as a variety in Bangladesh for cultivation in coastal areas with high soil salinity. Amoros noted that whatever their implications for Mars missions, the experiments have already provided good news about potato's potential for helping people survive in extreme environments on Earth.

CubeSat on the ground? Or a plastic terrarium?

Original Submission

Fnord666 writes:

A cybercrime group tracked by FireEye as FIN7 has been observed targeting nearly a dozen organizations in the United States, focusing on personnel that handles filings to the Securities and Exchange Commission (SEC).

The attack starts with a spear phishing email coming from a spoofed sec.gov email address, which carries a document apparently containing "important" information. Once the document is opened, a VBS script installs a new PowerShell backdoor dubbed POWERSOURCE.

POWERSOURCE has also been used to download a second-stage PowerShell backdoor named TEXTMATE, which provides a reverse shell to the attacker. POWERSOURCE is an obfuscated and modified version of the publicly available DNS_TXT_Pwnage tool, while TEXTMATE is a fileless malware. Both rely on DNS TXT requests for command and control (C&C) communications.

POWERSOURCE has also been spotted delivering Cobalt Strike's Beacon post-exploitation tool, which had been used in previous FIN7 operations as well. FireEye noted that the domain serving the Beacon payload had also hosted a Carbanak backdoor sample compiled in February 2017. FIN7 has been known to rely heavily on Carbanak malware.

Source: http://www.securityweek.com/cybercriminals-target-employees-involved-sec-filings

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Windows Update came roaring back today [Mar 7] after more than a month in a semi-comatose state, and the chute filled up quickly this morning. Windows Update seems to be working well -- even more reason to check your Win7 and 8.1 systems and make sure it's turned off

[...] More disconcerting are the re-re-releases of KB 2952664 (Win7) and KB 2976978 (Win8.1). As I explained last month, those two patches have, in the past, triggered a new Windows task called DoScheduledTelemetryRun.

Even proponents of installing all Win7 and 8.1 patches balk at those patches, which were born in the crucible of the Get Windows 10 (GWX) marched upgrade madness. The series was renumbered, with no explanation: KB 2852664 was renumbered from revision 25 on Oct. 4, 2016, to revision 12 today. Microsoft states:

This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.

Yet it appears as if the scheduled task runs whether CEIP is enabled or not. If there's a reason for installing the patches, other than increased telemetry, I haven't heard about it.

Source: http://www.infoworld.com/article/3177812/microsoft-windows/windows-snooping-patches-kb-2952664-kb-2976978-are-back-again.html

Original Submission

An Anonymous Coward writes:

The U.S. Fish and Wildlife Service (FWS) is considering repealing a rule that exempts captive members of 11 threatened primate species from protection under the federal Endangered Species Act (ESA). If the agency approves a repeal, the captive animals would be designated as threatened, like their wild counterparts, and researchers would need to apply for permits for experiments. To be approved, studies would have to be aimed at species survival and recovery.

[...] Writing to PETA on 1 March, FWS promised to "consider your petition request promptly," and assess whether ESA protection is warranted for each species. There is precedent indicating that the agency might agree with PETA. In 2015, it designated captive chimpanzees as endangered, like their wild counterparts. In doing so, it wrote that its reading of the ESA indicated that "Congress did not intend for captive specimens of wildlife to be subject to separate legal status on the basis of their captive state."

takyon writes:

A defense lawyer's pants caught on fire while he was delivering a closing argument at an arson trial:

Stephen Gutierrez, who was arguing that his client's car spontaneously combusted and was not intentionally set on fire, had been fiddling in his pocket as he was about to address jurors when smoke began billowing out his right pocket, witnesses told the Miami Herald.

He rushed out of the Miami courtroom, leaving spectators stunned. After jurors were ushered out, Gutierrez returned unharmed, with a singed pocket, and insisted it wasn't a staged defense demonstration gone wrong, observers said. Instead, Gutierrez blamed a faulty battery in an e-cigarette, witnesses told the Miami Herald. "It was surreal," one observer told the Miami Herald.

Jurors convicted his client of second-degree arson anyway.

Original Submission

Arthur T Knackerbracket has found the following story:

Back in 2014 over 3 million Internet users told the U.S. government loudly and clearly: we value our online security, we value our online privacy, and we value net neutrality. Our voices helped convince the FCC to enact smart net neutrality regulations—including long-needed privacy rules.

But it appears some members of Congress didn't get the message, because they're trying to roll back the FCC's privacy rules right now without having anything concrete ready to replace them. We're talking here about basic requirements, like getting your explicit consent before using your private information to do anything other than provide you with Internet access (such as targeted advertising).  Given how much private information your ISP has about you, strict limits on what they do with it are essential.

[...] Late last year, the FCC passed rules that would require ISPs to protect your private information. It covered the things you would usually associate with having an account with a major company (your name and address, financial information, etc.) but also things like any records they keep on your browsing history, geolocation information (think cell phones), and the content of your communications. Overall, the rules were pretty darn good.

But now, Senator Flake (R-AZ) and Representative Blackburn (R-TN) want to use a tool known as a Congressional Review Act [CRA] resolution to totally repeal those protections. The CRA allows Congress to veto any regulation written by a federal agency (like the FCC). Worse yet, it forbids the agency from passing any "substantially similar" regulations in the future, so the FCC would be forbidden from ever trying to regulate ISP privacy practices. At the same time, some courts have limited the Federal Trade Commission's ability protect your privacy, too.

With the hands of two federal agencies tied, ISPs themselves would be largely in change of protecting their customer's privacy. In other words, the fox will be guarding the henhouse.

[...] So please, take action and call your senator and representative today, and tell them not to use the CRA to repeal the FCC's privacy rules.

A story on Ars Technica notes:

butthurt writes:

The Guardian reports on a study conducted in Guildford, Surrey, England. Researchers

Their work is published in Environmental Pollution (DOI: 10.1016/j.envpol.2017.02.021).

The Guardian links to a Telegraph article which says that

Original Submission

Fnord666 writes:

Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to sources. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted.

San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations.

On Jan. 23, 2017, Verifone sent an “urgent” email to all company staff and contractors, warning they had 24 hours to change all company passwords.

“We are currently investigating an IT control matter in the Verifone environment,” reads an email memo penned by Steve Horan, Verifone Inc.’s senior vice president and chief information officer. “As a precaution, we are taking immediate steps to improve our controls.”

[...] Asked about the breach reports, a Verifone spokesman said the company saw evidence in January 2017 of an intrusion in a "limited portion" of its internal network, but that the breach never impacted its payment services network.

"In January 2017, Verifone's information security team saw evidence of a limited cyber intrusion into our corporate network," Verifone spokesman Andy Payment said. "Our payment services network was not impacted. We immediately began work to determine the type of information targeted and executed appropriate measures in response. We believe today that due to our immediate response, the potential for misuse of information is limited."

[...] Update, 1:17 p.m. ET: Verifone circled back post-publication with the following update to their statement: “According to the forensic information to-date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time frame. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”

Sources told KrebsOnSecurity that Verifone commissioned an investigation of the breach from Foregenix Ltd., a digital forensics firm based in the United Kingdom that lists Verifone as a “strategic partner.” Foregenix declined to comment for this story.

Source:

https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/

Original Submission

fliptop writes:

Federal Election Commissioner (FEC) Lee Goodman, who worked to keep online political speech free of federal control, is planning to step down this year, saying that he believes the Internet "is a little bit freer and a little bit safer" than when he assumed his position:

"I know that I am looking to depart the agency sometime this year," [Goodman] said in an interview with The Hill. "I would expect a new cast of at least four commissioners, probably this year."

Goodman, a Republican who joined the agency in 2013, developed a reputation for speaking up when his Democratic colleagues voted to crack down on the Internet and the press. Those included efforts to regulate websites like Twitter, Facebook, and the Drudge Report, and one attempt to punish Fox News over the criteria it used for including candidates in a Republican presidential debate.

Goodman said he believes the threat has subsided. This was due in part to President Trump's election as well as the fact that one of his Democratic colleagues, Commissioner Ann Ravel, stepped down at the end of February.

Previously: FCC Commissioner: Feds May Regulate Websites Based on Political Content

Original Submission

An Anonymous Coward writes:

http://www.sciencemag.org/news/2017/03/ebola-vaccine-great-apes-shows-promise-ethical-hurdles-may-block-further-research
http://www.nature.com/articles/srep43339

Original Submission

An Anonymous Coward writes:

http://www.sciencemag.org/news/2017/03/data-check-us-government-share-basic-research-funding-falls-below-50

Original Submission

Fnord666 writes:

Western Digital My Cloud NAS devices have again been found wanting in the security department, as two set[s] of researchers have revealed a number of serious flaws in the devices' firmware.

WD My Cloud is meant to be a private cloud environment hosted at home or at a small organization's office, and can be accessed either from a desktop located on the same network or remotely, with a smartphone, from wherever else in the world. Users can interact with it either via the administrative user interface or an application (that uses a RESTful API).

Zenofex, a member of the Exploitee.rs team, revealed the existence of a login bypass issue, several command injection flaws, and a number of other bugs on Saturday.

Then, on Tuesday, researchers with the SEC Consult Vulnerability Lab published a security advisory warning about:

• The existence of an unauthenticated OS command injection vulnerability
• The existence of an unauthenticated arbitrary file upload flaw (that could allow an attacker to upload a malicious file or script with OS commands into the devices' webserver), and
• The fact that the devices' firmware has no anti-CSRF mechanisms.

"Due to [no anti-CSRF mechanisms], an attacker can force a user to execute any action through any script. As the [OS command injection and unauthenticated arbitrary file upload vulnerabilities] do not need authentication, those can be exploited via CSRF over the Internet as well!", the researchers noted.

Source:

https://www.helpnetsecurity.com/2017/03/08/western-digital-mycloud-nas-vulnerable/

Original Submission

takyon writes:

Update: BBC and Reuters report that South Korean President Park Geun-hye has been removed from office. The Constitutional Court upheld the impeachment in an 8-0 decision.

Samsung Group's vice chairman and "de facto leader" Jay Y. Lee and four other executives have denied the charges against them in what is being called South Korea's "trial of the century":

Five executives at Samsung, including the conglomerate's de facto leader, Lee Jae-yong, formally denied bribery charges against them on Thursday, in a preliminary hearing for a trial with the potential to shake South Korea.

Mr. Lee, who also goes by the name Jay Y. Lee, and the other executives face charges that strike at the heart of the deep ties between the South Korean government and powerful family-controlled businesses, a source of growing public resentment. Parliament voted in December to impeach President Park Geun-hye over accusations of corruption and other abuses of power, and she could be formally removed from office soon.

But the related arrest of Mr. Lee, scion of the country's biggest and most profitable conglomerate, or chaebol, is a momentous turn in itself. Chaebol bosses, including Mr. Lee's father, have been convicted in previous corruption cases, but punishments have usually been light or commuted. Many see Mr. Lee's trial as a test of whether South Korea can change by abandoning longstanding deference to the business clans that have dominated the country's glittering economic rise. The chief prosecutor has said it could be the "trial of the century."

Also at CNN and The Verge.

Previously: Samsung Vice Chairman a Suspect in South Korean Presidential Bribery Probe
Warrant Sought for the Arrest of Samsung's Vice Chairman

Original Submission

We had two stories submitted pertaining the recent announcement that Wikileaks claimed it had received a cache of CIA hacking tools.

Security Firms Assess Impact of CIA Leak

Fnord666 writes:

Security firms have started assessing the impact of the CIA hacking tools exposed on Tuesday by WikiLeaks as part of the leak dubbed "Vault 7."

Files allegedly obtained from a high-security CIA network appear to show that the intelligence agency has tools for hacking everything, including mobile devices, desktop computers, routers, smart TVs and cars.

The published files also appear to show that the CIA has targeted the products of many security solutions providers, including anti-malware and secure messaging applications. The list of affected vendors includes Symantec, Kaspersky, Avira, F-Secure, Microsoft, Bitdefender, Panda Security, Trend Micro, ESET, Avast, AVG, McAfee, Comodo and G Data.

While WikiLeaks has not released any of the exploits it has obtained, an initial investigation conducted by security firms indicates that the CIA's capabilities may not be as advanced as some have suggested.

[...] WikiLeaks reported that the CIA had found a way to bypass the encryption of Signal, Telegram, WhatsApp and other secure messaging applications.

While many jumped to conclude that the agency had actually broken the encryption of these apps, WikiLeaks actually meant that gaining access to a mobile device using iOS and Android exploits could have given the CIA access to conversations, without having to break their encryption.

Source: http://www.securityweek.com/security-firms-assess-impact-cia-leak