SoylentNews

butthurt writes:

Malware authors have a new UAC bypass technique at their disposal that they can use to install malicious apps on devices running Windows 10.

Responsible for discovering this new UAC bypass method is a German student that goes online by the name of Christian B., currently working on his master's thesis, centered on UAC bypass techniques.

The technique he came up with is a variation on another Windows 10 UAC bypass method discovered by security researcher Matt Nelson in August 2016.

While Nelson's method used the built-in Event Viewer utility (eventvwr.exe), Christian's UAC bypass uses the fodhelper.exe file, located at:

C:\Windows\System32\fodhelper.exe

If this file name isn't familiar to you, this is the window that appears when you press the "Manage optional features" option in the "Apps & features" Windows Settings screen.

Both techniques work in the same way and take advantage of what's called "auto-elevation," which is a state that Microsoft assigns to trusted binaries (files signed with Microsoft certificate, and located in trusted locations such as "C:\Windows\System32").

Just like eventvwr.exe, fodhelper.exe is also a trusted binary, meaning Windows 10 won't show a UAC window when launched into execution, or when other processes spawn from the fodhelper.exe parent process.

The technique employs changing the value of a registry key to contain the command to be executed. Since fodhelper.exe is trusted, the command is executed without the UAC prompt. The article continues with how to avoid the exploit. First off, do NOT run as an Administrator by default. Second, set the UAC level to "Always notify."

—Bleeping Computer

Original Submission

stormwyrm writes:

One of the most spectacular and famous bridge collapses of all was that of the the Tacoma Narrows Bridge on November 7, 1940. On that day, high, sustained winds sent the bridge into a twisting, rocking motion that led to its eventual collapse. It has been used as a classic example of the phenomenon of mechanical resonance, however, this is incorrect. Ethan Siegel has an article (behind an ad-blocker blocker) explaining how a much more intricate phenomenon known as aeroelastic flutter was responsible.

The collapse of the Tacoma Narrows Bridge on the morning of November 7, 1940, is the most iconic example of a spectacular bridge failure in modern times. As the third largest suspension bridge in the world, behind only the George Washington and Golden Gate bridges, it connected Tacoma to the entire Kitsap Peninsula in Puget Sound, and opened to the public on July 1st, 1940. Just four months later, under the right wind conditions, the bridge was driven at its resonant frequency, causing it to oscillate and twist uncontrollably. After undulating for over an hour, the middle section collapsed, and the bridge was destroyed. It was a testimony to the power of resonance, and has been used as a classic example in physics and engineering classes across the country ever since. Unfortunately, the story is a complete myth.

[...] But as the wind passed over the bridge on November 7th, a stronger, more sustained wind than it had ever experienced before, causing vortices to form as the steady wind passed over the bridge. In small doses, this wouldn't pose much of a problem, [...] Over time, they cause a aerodynamic phenomenon known as "flutter," where the extremities in the direction of the wind get an extra rocking motion to them. This causes the outer portions to move perpendicular to the wind direction, but out-of-phase from the overall up-and-down motion of the bridge. This phenomenon of flutter has been known to be disastrous for aircraft, but it was never seen in a bridge before. At least, not to this extent.

When the flutter effect began, one of the steel suspension cables supporting the bridge snapped, removing the last major obstacle to this fluttering motion. That was when the additional undulations, where the two sides of the bridge rocked back-and-forth in harmony with one another, began in earnest. With the sustained, strong winds, the continued vortices, and no ability to dissipate those forces, the bridge's rocking continued unabated, and even intensified. The last humans on the bridge, the photographers, fled the scene.

But it wasn't resonance that brought the bridge down, but rather the self-induced rocking! Without an ability to dissipate its energy, it just kept twisting back-and-forth, and as the twisting continued, it continued to take damage, just as twisting a solid object back-and-forth will weaken it, eventually leading to it breaking. It didn't take any fancy resonance to bring the bridge down, just a lack of foresight of all the effects that would be at play, cheap construction techniques, and a failure to calculate all the relevant forces.

Original Submission

butthurt writes:

[...] he wrote an email to the customer service with title "I only make US$400 a month, you really wanna do this to me?" saying that he could not afford the ransom to decrypt his computer.

ThunderCrypt responded to his message and told the netizen that they have switched it to decryption mode [...]

—Taiwan News

Original Submission

stormwyrm writes:

Julia Belluz and Alvin Chang over at Vox.com have an article about a new paper in the Lancet by a team led Dr. Andrew Oxman showing how it is possible to teach children the critical thinking skills needed to detect dubious health claims.

[...] he [Andrew Oxman] began working with other researchers from around the world to develop curricula — a cartoon-filled textbook, lessons plans (sic) — on critical thinking skills aimed at school children.

In 2016, Oxman tested the materials in a big trial involving 10,000 children from 120 primary schools in Uganda's central region.

The results of the trial were just published in the Lancet, and they showed a remarkable rate of success: Kids who were taught basic concepts about how to think critically about health claims massively outperformed children in a control group.

This means Oxman now holds the best blueprint out there for how to get young people to think critically and arm them with the tools they need to spot "alternative facts" and misinformation. His work brings us closer to answering that important question that haunted him — the one that should haunt all of us who care about evidence and facts: How do you prevent fake news and bullshit from catching on in the first place?

The Oxman paper is here (DOI: 10.1016/S0140-6736(17)31226-6). Orac has his own take on it as well.

Original Submission

butthurt writes:

[...] U.S. Environmental Protection Agency (EPA) Administrator Scott Pruitt signed an order denying a petition that sought to ban chlorpyrifos, a pesticide crucial to U.S. agriculture.

[...] In October 2015, under the previous Administration, EPA proposed to revoke all food residue tolerances for chlorpyrifos, an active ingredient in insecticides. This proposal was issued in response to a petition from the Natural Resources Defense Council and Pesticide Action Network North America. The October 2015 proposal largely relied on certain epidemiological study outcomes, whose application is novel and uncertain, to reach its conclusions.

The public record lays out serious scientific concerns and substantive process gaps in the proposal.

—EPA press release

Last month, Trump's Environmental Protection Agency administrator, Scott Pruitt, freed up the country to continue using a pesticide called chlorpyrifos on everything from strawberries and almonds to Brussels sprouts and broccoli.

This despite a warning from the National Institutes of Health that chlorpyrifos can cause "adverse developmental, reproductive, neurological and immune effects" in human beings. This despite scientific studies indicating that chlorpyrifos can interfere with fetal brain development, leading to higher rates of autism and lower intelligence.

—St. Louis Post-Dispatch via Arizona Daily Sun (editorial)

takyon writes:

Europe's Mars lander failed due to hardware and software inadequacies, according to a new report:

The crashed European spacecraft Schiaparelli was ill-prepared for its attempt at landing on the surface of Mars. That's the conclusion of an inquiry into the failure on 16 October 2016.

The report outlines failings during the development process and makes several recommendations ahead of an attempt to land a rover on Mars in 2020. That mission will require more testing, improvements to software and more outside oversight of design choices.

[...] The report authors catalogue a series of necessary upgrades to onboard software, as well as suggesting improvements to the modelling of parachute dynamics. They also recommended a more stringent approach - including better quality control - during the procurement of equipment from suppliers.

One of the recommendations is that NASA's JPL should double-check ESA's work.

Original Submission

takyon writes:

NASA's mission to the asteroid 16 Psyche has been moved forward by one year:

"We challenged the mission design team to explore if an earlier launch date could provide a more efficient trajectory to the asteroid Psyche, and they came through in a big way," said Jim Green, director of the Planetary Science Division at NASA Headquarters in Washington. "This will enable us to fulfill our science objectives sooner and at a reduced cost."

The Discovery program announcement of opportunity had directed teams to propose missions for launch in either 2021 or 2023. The Lucy mission was selected for the first launch opportunity in 2021, and Psyche was to follow in 2023. Shortly after selection in January, NASA gave the direction to the Psyche team to research earlier opportunities.

"The biggest advantage is the excellent trajectory, which gets us there about twice as fast and is more cost effective," said Principal Investigator Lindy Elkins-Tanton of Arizona State University in Tempe. "We are all extremely excited that NASA was able to accommodate this earlier launch date. The world will see this amazing metal world so much sooner."

The revised trajectory is more efficient, as it eliminates the need for an Earth gravity assist, which ultimately shortens the cruise time. In addition, the new trajectory stays farther from the sun, reducing the amount of heat protection needed for the spacecraft. The trajectory will still include a Mars gravity assist in 2023.

Now I'm psyched.

Previously: NASA Selects Two Missions to Visit Asteroids

Original Submission

Phoenix666 writes:

The rate at which new technologies get accepted into the mainstream never fails to confuse people. For the longest time, cell phones appeared to be the exclusive domain of yuppies, bankers and drug dealers. And then, suddenly, my mum had one. (No, she doesn't sell drugs.)

Could we see a similar rapid adoption for electric vehicles?

The LA Times reports that Q1 electric car (EV) sales are up 91% in California. Sales of Plug-In Hybrids (PHEV) are up 54% too. This is, of course, only one quarter, from one state, so let's not get too excited. And the actual number of units sold—13,804 EVs and 10,466 PHEVs—is still tiny compared to the 506,745 cars and light trucks sold in the state during the same period. But anyone who knows anything about math can tell you that it doesn't take long for a 91% growth rate to start making serious inroads into a particular market. (Electric car sales in Norway have already reached as high as 37% of new passenger vehicles.)

It's possible the muscle memory developed for cellphones could help with EV adoption, too: plug in the phone at night, plug in the car at night.

Original Submission

An Anonymous Coward writes:

A man who was found not guilty of armed robbery will still serve up to seven years behind bars after a judge ruled he had breached the rules of his probation sentence for another crime.

Ramad Chatman handed himself in to police when he found out he was a suspect for an armed robbery at a convenience store in his hometown of Georgia in July 2014.

The 24-year-old was already was serving a five year probation term (a court order served outside prison through fines and community service) for his first ever offence, breaking and entering an apartment to steal a television worth $120 in 2012.

The following February, a judge decided it was likely he did commit the robbery and as a result Chatman was re-sentenced for the original crime of stealing a TV and ordered to serve 10-years behind bars, back dated to the day of the crime.

Court documents nonetheless showed he did everything asked of him during his probation, including checking in, paying restitution and finishing his community service. He was also holding down a job.

But when the armed robbery trial came to court in August, he was found not guilty.

It later emerged that ahead of the trial Chapman[sic] tried to enter an Alford plea on the charge of aggravated assault in exchange for the armed robbery charges being dropped.

An Alford plea means the defendant enters a guilty plea, but maintains his innocence. It is often used when a defendant feels like despite his innocence, he will lose at trial.

The judge refused to accept the deal, so the case was heard before a jury - who ruled he was innocent of the crime.

Presiding Judge John Niedrach, disagreed with their verdict however.

So despite the fact police never recovered the weapon, stolen money, or any other evidence connecting him to the robbery, he declined to release Mr Chatman, who remains in prison for violating the terms of his first probation order.

https://www.independent.co.uk/news/world/americas/black-man-prison-serve-five-years-ramad-chatman-georgia-prison-not-guilty-probation-broke-terms-jail-a7744326.html

Original Submission[Edit: [sic]'ed the Independent's typo - FP]

MrPlow writes:

Submitted via IRC for Runaway1956

Over the last year, we've noted the surge in so-called "right to repair" laws, which would make it easier for consumers to repair their electronics and find replacement parts and tools. It's a direct response to the rising attempts by companies like John Deere, Apple, Microsoft and Sony to monopolize repair, hamstringing consumer rights over products consumers think they own, while driving up the cost of said product ownership. John Deere's draconian lockdown on its tractor firmware is a large part of the reason these efforts have gained steam over the last few months in states like Nebraska.

In New York, one of the first attempts at such a law (the "Fair Repair Act") has finally been making progress. But according to New York State's Joint Commission on Public Ethics, Apple, Verizon, Toyota, Lexmark, Caterpillar, Asurion, and Medtronic have all been busy lobbying to kill the law for various, but ultimately similar, reasons. And they're out-spending the consumer advocates and repair shops pushing for this legislation by a rather wide margin:

"The records show that companies and organizations lobbying against right to repair legislation spent $366,634 to retain lobbyists in the state between January and April of this year. Thus far, the Digital Right to Repair Coalition—which is generally made up of independent repair shops with several employees—is the only organization publicly lobbying for the legislation. It has spent $5,042 on the effort, according to the records."

Source: techdirt.com

Original Submission

-- OriginalOwner_ writes:

The Washington Post reports Supreme Court rules race improperly dominated N.C. redistricting efforts

The Supreme Court ruled [May 22] that North Carolina's Republican-controlled legislature relied on racial gerrymandering when drawing the state's congressional districts, a decision that could make it easier to challenge other state redistricting plans.

The decision continued a trend at the court, where justices have found that racial considerations improperly tainted redistricting decisions by GOP-led legislatures in Virginia, Alabama, and North Carolina. Some cases involved congressional districts, others legislative districts.

[...] [The justices] were unanimous in rejecting one of the districts and split 5 to 3 on the other.

AlterNet reports

Republican legislators used surgical precision to pack black voters into just two districts, the tentacular 1st and the snake-like 12th. The lower court found that these districts targeted voters on the basis of race in violation of the constitution, a move that effectively prevented black voters from electing their preferred candidates in neighboring seats. map

[...] This now-invalidated congressional map was one of, if not the very most, aggressive partisan gerrymanders in modern history. North Carolina is a relatively evenly divided swing state--Donald Trump won it by just 3 points last year--yet these lines offered Republicans 10 safe districts while creating three lopsidedly Democratic seats. Amazingly, all 10 Republican districts hit a perfect sweet spot with GOP support between 55 and 60 percent, a level that is high enough to be secure yet spreads around Republican voters just carefully enough to ensure the maximum number of GOP seats possible.

Original Submission

Arthur T Knackerbracket has found the following story:

There's been a good deal of ongoing discussion about Google AMP – Accelerated Mobile Pages.

Quite a few high-profile web developers have this year weighted in with criticism and some, following a Google conference dedicated to AMP, have cautioned users about diving in with both feet.

These, in my view, don't go far enough in stating the problem and I feel this needs to be said very clearly: Google's AMP is bad – bad in a potentially web-destroying way. Google AMP is bad news for how the web is built, it's bad news for publishers of credible online content, and it's bad news for consumers of that content. Google AMP is only good for one party: Google. Google, and possibly, purveyors of fake news.

[...] What it is, is a way for Google to obfuscate your website, usurp your content and remove any lingering notions of personal credibility from the web.

If that appeals to you, here's what you need to do. First, get rid of all your HTML and render your content in a subset of HTML that Google has approved along with a few tags it invented. Because what do those pesky standards boards know? Trust Google, it knows what it's doing. And if you don't, consider yourself not part of the future of search results.

Why a subset of HTML you ask? Well, mostly because web developers suck at their jobs and have loaded the web with a ton of JavaScript no one wants. Can't fault Google for wanting to change that. That part I can support. The less JavaScript the better.

So far AMP actually sounds appealing. Except that, hilariously, to create an AMP page you have to load a, wait for it, yes a JavaScript file from Google. Pinboard founder Maciej Cegłowski already recreated the Google AMP demo page without the Google AMP JavaScript and, unsurprisingly, it's faster than Google's version.

-- submitted from IRC

Original Submission

mrpg writes:

In a large, tin-roofed warehouse near Colorado's Rocky Mountains, members of a team of modern space warriors spend their days hatching plots to defeat the US military in extraterrestrial combat.

They're called Space Aggressors.

Their job is to act like the enemy during mock space battles to help US units prepare for a conflict that may one day extend into the cosmos.

[...] While attacks by the Space Aggressors are simulated, senior US military and intelligence officials warn the threat in space is very real.

[...] Some worry that disrupting America's vast network of satellites and ground-based systems could send US forces back to an antiquated era of targeting, communications, and navigation systems — deeply undercutting battlefield superiority.

This spring, rhetoric from US military officials about the need to bolster American defensive position, and even offensive capabilities, in space has ratcheted up amid concern that Russia and China are rapidly developing anti-satellite weapons.

"While we're not at war in space, I don't think we could say we're exactly at peace, either," Vice Admiral Charles Richard, Deputy Commander of U.S. Strategic Command, known as Stratcom, told a conference in Washington DC in March. "We must prepare for a conflict that extends into space."

In his remarks, Vice Admiral Richard pointed to press reports that "China is developing an arsenal of lasers, electro-magnetic rail guns, and high-powered microwave weapons to neutralize America's intelligence, communications, and navigations satellites."

Source: 'Space Aggressors' Train US Forces for Extraterrestrial Conflict

Original Submission

Phoenix666 writes:

In some businesses like supermarkets and restaurants, local restrictions on nighttime deliveries leave distributors no choice but to dispatch trucks during morning rush hours. But lifting these rules could reduce peak traffic volumes and increase transport efficiency, according to a recent study involving researchers from KTH Royal Institute of Technology in Stockholm.

Some communities prohibit heavy trucks from operating during the night. Stockholm is one of them, but the city wanted to test if lifting its ban might yield some benefits in transportation efficiency. Anna Pernestål Brenden, a researcher at KTH's Integrated Transport Research Laboratory, and acoustic, transport efficiency, and policy researchers from the KTH, joined with other partners in a pilot study with the City of Stockholm to see if lifting the 10 to 6 a.m. ban on truck deliveries made sense.

They worked with a national supermarket chain and its suburban Stockholm central warehouse, as well as with a company that supplied food to restaurants and hotels, Pernestål Brenden says.

Ordinarily the supermarket warehouse, which is some 30km north of Stockholm, would deploy several fully-loaded trucks to make deliveries during peak morning rush hours from 6 to 8, because there is no way for one truck to make them all in that short a time span.

But in the study, a single truck delivered goods to three stores in central Stockholm between the prohibited hours of 10 p.m. and 6 a.m. It would return to the warehouse three times in the night to be reloaded, and then make its subsequent delivery, she says. "That's one truck doing the work of three, or in other words – morning commuters are spared having to share the road with three heavy duty trucks."

Though it was a small scale study, Pernestål Brenden says there are strong indications that scaling up off-peak deliveries could increase business efficiency for suppliers and retailers, reduce fuel consumption and CO2 emissions and perhaps make a positive impact on traffic volume during peak morning hours.

Fewer drivers will clock fewer hours.

Original Submission

takyon writes:

NASA has published an image of the north polar region of Enceladus taken by the Cassini-Huygens spacecraft. The region is less active than the south polar region:

A recently released photo by NASA's Saturn-orbiting Cassini spacecraft shows the many craters, as well as snaking fissures and other geological features, pocking the northern reaches of 313-mile-wide (504 kilometers) Enceladus.

The presence of so many craters indicates that the region hasn't been resurfaced in a long time. However, it's a totally different story near Enceladus' south pole, which "shows signs of intense geologic activity, most prominently focused around the long fractures known as 'tiger stripes' that spray gas and tiny particles from the moon," NASA officials wrote in an image description on May 3.

This geological activity is driven primarily by Saturn's powerful gravitational pull, which churns and stretches Enceladus' interior, generating lots of friction and heat. This heat keeps the moon's subsurface ocean of liquid water from freezing, and also drives the geysers that blast from the tiger stripes, scientists have said.

Cassini has finished a fifth trip between Saturn and its rings, and will make another pass next week.

Also at The Space Reporter. See also: Expecting the Unexpected on Saturn's Moons.

Original Submission