SoylentNews

takyon writes:

https://www.nytimes.com/2017/09/18/business/dealbook/northrop-grumman-orbital-atk.html

The military contractor Northrop Grumman said on Monday that it would buy Orbital ATK, a maker of components for missiles and satellites, for about $7.8 billion in cash, amid a rise in consolidation in the aerospace industry.

For aerospace companies, the prospects of combining — and the possible cost savings from doing so — appear to be increasingly attractive. This month, United Technologies said it planned to buy Rockwell Collins for $23 billion, bringing together stables of products that include nearly every part of planes.

[...] Buying Orbital ATK would expand Northrop's presence in the market for missiles and rockets as many countries are increasing their military budgets. The Trump administration has proposed giving the Defense Department tens of billions of dollars in additional funding in the next fiscal year, much of which is expected to survive the budget-making process in Congress.

Also at Reuters, CNBC, SpaceNews, and TheStreet.

Original Submission

bradley13 writes:

The popular CCleaner program was hacked for almost a month, with the compromised version including malware that could download and install other programs.

Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago.

Floxif is a malware downloader that gathers information about infected systems and sends it back to its C&C server. The malware also had the ability to download and run other binaries, but at the time of writing, there is no evidence that Floxif downloaded additional second-stage payloads on infected hosts.

The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems. The malware also quit execution if the user was not using an administrator account.

Clean versions have now be released; if you installed a new version in August or September, you should probably download and install a newer version.

Also submitted via IRC for SoyCow1937

Source: http://www.securityweek.com/millions-download-maliciously-modified-pc-utility [securityweek.com]

Original Submission

Phoenix666 writes:

The maker of the world's first commercial artificial retina, which provides partial sight to people with a certain form of blindness, is launching a clinical trial for a brain implant designed to restore vision to more patients.

The company, Second Sight, is testing whether an array of electrodes placed on the surface of the brain can return limited vision to people who have gone partially or completely blind. For decades, scientists have been trying to develop brain implants to give sight back to the blind but have had limited success. If the Second Sight device works, it could help millions of blind patients worldwide, including those who have lost one or both eyes.

The device, called the Orion, is a modified version of the company's current Argus II bionic eye, which involves a pair of glasses outfitted with a camera and an external processor. The U.S. Food and Drug Administration has granted the company a conditional approval for a small study involving five patients at two sites, Baylor College of Medicine and the University of California, Los Angeles. Second Sight still needs to conduct further testing of the device and answer certain questions before starting the trial but hopes to begin enrolling patients in October and do its first implant by the end of the year.

Original Submission

canopic jug writes:

As far as recognized champions in the sport, the Hall of Fame holds a three-day national throw every year to establish the best in various categories. Then again, the Hall isn't the only group of throwers; other champions exist, too. Someday perhaps, there will be a grand merger.

As for the typical knife-thrower, he or she is hard to describe, since anyone can throw.

"There's really no aging out," said Rick Lemberg, an organizer of the online Aim Games, in which people compete by posting their scores. Because there is no physical contact, injuries are rare, he added. Commitment trumps physique.

Source: Knife-Throwing as a Sport: Who Would Have Thunk It?

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow5743

Google has quietly stopped challenging most search warrants from US judges in which the data requested is stored on overseas servers, according to the Justice Department.

The revelation, contained in a new court filing to the Supreme Court, comes as the administration of President Donald Trump is pressing the justices to declare that US search warrants served on the US tech sector extend to data stored on foreign servers.

Google and other services began challenging US warrants for overseas data after a federal appeals court sided with Microsoft last year in a first-of-its-kind challenge. Microsoft convinced the New York-based 2nd US Circuit Court of Appeals—which has jurisdiction over Connecticut, New York, and Vermont—that US search-and-seizure law does not require compliance with a warrant to turn over e-mail stored on its servers in Ireland. Federal prosecutors were demanding the data as part of a US drug investigation.

In the aftermath, courts outside the 2nd Circuit, which are not bound by the ruling, began rejecting the circuit's decision and dismissing fresh challenges by the ISPs, including those brought by Google, Yahoo, and Microsoft. In one instance, Google was even found in contempt of court (PDF) for refusing to comply with a District of Columbia federal judge's order to hand over data stored overseas.

The Supreme Court has not decided whether to hear the government's challenge to the Microsoft decision, which has huge privacy ramifications for consumers and for the tech sector. The sector is being asked by the US government to comply with court orders that sometimes conflict with the laws of where the data is stored.

Source: https://arstechnica.com/tech-policy/2017/09/feds-google-stops-challenging-most-us-warrants-for-data-on-overseas-servers/

Original Submission

janrinok writes:

Arthur T Knackerbracket has found the following story:

Sometimes a book series is so important that you want people to put everything aside and just read it. I'm not the only one who feels this way about N.K. Jemisin's Broken Earth trilogy. The first and second novels in Jemisin's trilogy, The Fifth Season and The Obelisk Gate won the prestigious Hugo Award for the past two years in a row—the first time this has happened since Ender's Game and its sequel Speaker for the Dead won sequential Hugos in 1986 and 87. Now the final Broken Earth book, The Stone Sky, is out. You can gobble up the whole series without interruption.

MrPlow writes:

Submitted via IRC for SoyCow5743

The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language.

NBU experts say attackers used a technique known as typo-squatting to upload Python libraries with names similar to legitimate packages — e.g.: "urlib" instead of "urllib."

The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online.

Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts.

"These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code," NBU explained.

[...] Indicators of compromise are available in the NBU security alert.

[...] On a side note, and unrelated to the attack vector, NBU also advises Python developers to avoid using "pip" — a Python package installer — when downloading Python libraries, as pip does not support cryptographic signatures.

Source: https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow5743

Microsoft's Pix sets itself apart from other camera apps by using the power of artificial intelligence to correct your photos, learning new tricks over time. It can do things like add artistic flair to your images, turn photos shot in a row into "Live Images," or just making sure the people in your photos look great. This week, the app got a new update out that adds yet another AI trick to the pile: The ability to capture whiteboards and turn them into useful images.

So, for example, if you're at an important meeting, you can use Pix to take a photo of a diagram on the whiteboard to remember it later. The Pix app will then sharpen the focus, ramp up the color and tone, crop out the background and realign the image appropriately so that the diagram is shown straight-on.

According to Microsoft:

The updated app automatically detects whiteboards, documents and business cards in real time and intelligently adjusts camera settings for these types of photos. Once the shutter clicks, the app uses AI to improve the image, such as cropping edges, boosting color and tone, sharpening focus and tweaking the angle to render the image in a straight-on perspective.

Source: https://www.engadget.com/2017/09/15/microsoft-pix-uses-ai-to-make-whiteboard-photos-useable-images/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow5743

Amazon's podcast-turned-series Lore is launching on Friday, October 13th, just in time for pre-Halloween fun. But the online shopping has more up its sleeve to get folks in the right spooky holiday spirit. Amazon is opening an immersive haunted house experience in Los Angeles next month that's themed to the show's thesis: "The scariest stories are often true."

That means rooms set up to tell creepy stories about real events that often settled into local legend -- fodder the podcast has covered since creator Aaron Mahnke launched it in 2015. Amazon bought the rights to adapt the audio show into a six-episode series back in April 2016, but creating a local and immersive "experience" to hype viewers up for the show is a newer fad.

Source: https://www.engadget.com/2017/09/15/amazon-is-building-a-haunted-house-to-hype-its-spooky-lore-ser/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow5743

On Friday, Equifax announced that two top executives would be retiring in the aftermath of the company's massive security breach that affected 143 million Americans.

According to a press release, the company said that its Chief Information Officer, David Webb, and Chief Security Officer, Susan Mauldin, would be leaving the company immediately and were being replaced by internal staff. Mark Rohrwasser, who has lead Equifax's international IT operations, is the company's new interim CIO. Russ Ayres, who had been a vice president for IT at Equifax, has been named as the company's new interim CSO.

The notorious breach was accomplished by exploiting a Web application vulnerability that had been patched in early March 2017.

However, the company's Friday statement also noted for the first time that Equifax did not actually apply the patch to address the Apache Struts vulnerability (CVE-2017-5638) until after the breach was discovered on July 29, 2017.

Source: https://arstechnica.com/tech-policy/2017/09/equifax-cio-cso-retire-in-wake-of-huge-security-breach/

Also at https://www.bleepingcomputer.com/news/security/equifax-releases-new-information-about-security-breach-as-top-execs-step-down/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow5743

Portland, Oregon, was one of the cities we mentioned where Uber employed the so-called "Greyball" tool. The city has now released a scathing report detailing that Uber evaded picking up 16 local officials for a ride before April 2015, when the service finally won approval by Portland regulators.

The Greyball software employs a dozen data points on a new user in a given market, including whether a rider's Uber app is opened repeatedly in or around municipal offices, which credit card is linked to the account, and any publicly available information about the new user on social media. If the data suggests the new user is a regulator in a market where Uber is not permitted, the company would present that user with false information about where Uber rides are. This includes showing ghost cars or no cars in the area.

The city concluded that, when Uber started operating in the city in December 2014 without Portland's authorization, the Greyball tool blocked 17 rider accounts. Sixteen of those were government employees. In all, Greyball denied 29 ride requests by city transportation enforcement officers.

Source: https://arstechnica.com/tech-policy/2017/09/heres-a-real-life-slimy-example-of-ubers-regulator-evading-software/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow5743

Ford might not be the first name that comes to mind when you think of autonomous vehicles (unless you really like Domino's pizza), but that doesn't mean the automaker is sitting by while everyone else is making leaps and bounds in the space. The company just announced that it's making a $5 million investment in the American Center for Mobility. "This is an investment in the safe, rapid testing and deployment of transformative technology that will help improve peoples' lives," Ford's CTO Ken Washington said in a press release (PDF).

The money puts Ford in the same company as AT&T, Toyota Motor North America and Toyota Research Institute as a founder of the 500 acre Willow Run autonomous vehicle testing campus located outside of Detroit in Ypsilanti Township. Willow Run's first phase is scheduled to open this December. Michigan Governor Rick Snyder called the investment a show of faith from Ford to the world's automotive capital. "As the convergence between the technological and manufacturing sectors continues to grow, it is very encouraging to see great Michigan companies like Ford leading the way toward our future," he said in the same release.

Source: https://www.engadget.com/2017/09/15/ford-willow-run-investment/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow5743

Hacking group OurMine has breached Vevo, a video hosting service, and has leaked files from the company's internal network.

The hacker group, who has a reputation for defacing websites and social media accounts, said it leaked data from Vevo after one of its employees was disrespectful to an OurMine member on LinkedIn.

[...] In an email to Bleeping Computer, a Vevo spokesperson acknowledged the incident.

"We can confirm that Vevo experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure," the company said.

Vevo did not comment if the hacker group made any ransom demands. The mysterious disappearance of most of the leaked files might lead some people to believe Vevo might have caved in and paid, hence the reason why most of the files are gone.

OurMine did not respond to a request for comment.

The hacking crew, believed to be operating out of Saudi Arabia — according to a BuzzFeed investigation, rarely hacks and leaks files. OurMine has built quite the reputation in the past years by hacking social media accounts belonging to companies, celebrities, and CEOs.

Source: https://www.bleepingcomputer.com/news/security/ourmine-hacks-vevo-after-employee-was-disrespectful-to-hackers-on-linkedin/

Original Submission

MrPlow writes:

Submitted via IRC

As Joe McConaughy set up camp on his second to last day on the Appalachian Trail, he did some quick math. Just 46 hours remained before he would miss the record set by Karl "Speedgoat" Meltzer on his supported hike of the 2,184-mile trail, and 110 miles stood between him and the terminus at the summit of Mount Katahdin. He'd hoped for something more like an 80-mile final push, but after bleeding time through the rugged terrain of the White Mountains and a three-mile off-trail accidental detour that also added 1,500 feet of elevation the week prior, he was behind schedule.

McConaughy set out from Springer Mountain at 6:31 am on July 17 with plans to cover an average of 50 miles each day. If his plan held, he would reach the trail terminus in 43 days, shaving two days off the supported record set by Meltzer last year and more than 10 days off Heather Anderson's self-supported speed record on the AT of 54 days, 7 hours, and 54 minutes, set in 2013. But the trail had other plans for him. Some days, McConaughy missed his target by as much as 20 miles.

[...] Finally, after moving forward for 37 straight hours, at 6:38 pm on August 31, he reached the summit. Seventy mile-per-hour winds, hail, and mist met him as he stumbled out of the fog and into a long hug with his girlfriend. He'd completed the trail in 45 days, 12 hours and 15 minutes, setting a new fastest known time.

Source: https://www.backpacker.com/stories/joe-mcconaughy-appalachian-trail-record

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow5743

Apple's limits on tracking will "sabotage the economic model for the Internet."

Apple's latest operating systems for the Mac and iPhone will soon be rolling out, and with that comes new restrictions on ad-tracking in the Safari browser. Adding a 24-hour limit on ad targeting cookies is good for privacy under Apple's new "Intelligent Tracking Prevention" feature. But if you're an advertiser, the macOS High Sierra and iOS 11 Safari browsers spell gloom and doom for the Internet as we know it. The reason is because Safari is making it harder for advertisers to follow users as they surf the Internet—and that will dramatically reduce the normal bombardment of ads reflecting the sites Internet surfers have visited earlier. Six major advertising groups have just published an open letter blasting the new tracking restrictions Apple unveiled in June. They say they are "deeply concerned" about them:

The infrastructure of the modern Internet depends on consistent and generally applicable standards for cookies, so digital companies can innovate to build content, services, and advertising that are personalized for users and remember their visits. Apple's Safari move breaks those standards and replaces them with an amorphous set of shifting rules that will hurt the user experience and sabotage the economic model for the Internet.

Apple's unilateral and heavy-handed approach is bad for consumer choice and bad for the ad-supported online content and services consumers love. Blocking cookies in this manner will drive a wedge between brands and their customers, and it will make advertising more generic and less timely and useful.

The letter is signed by the American Association of Advertising Agencies, the American Advertising Federation, the Association of National Advertisers, the Data & Marketing Association, the Interactive Advertising Bureau, and the Network Advertising Initiative.

Source: https://arstechnica.com/tech-policy/2017/09/ad-industry-deeply-concerned-about-safaris-new-ad-tracking-restrictions/

Original Submission