SoylentNews

MrPlow writes:

Submitted via IRC for SoyCow3941

The apps are deemed malicious by doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls. These allow apps to access a range of information from Facebook profiles, like name, location and email address.

Trustlook discovered the malicious apps using a formula, which created a risk score for apps based on more than 80 pieces of information for each app, including permissions, libraries, risky API calls and network activity.

"The Cambridge Analytica data-harvesting scandal was mainly a result of developers abusing the permissions associated with the Facebook Login feature," Trustlook researchers said, in a post. "When people use Facebook Login, they grant the app's developer a range of information from their Facebook profile. Back in 2015, Facebook also allowed developers to collect some information from the friend networks of people who used Facebook Login. That means that while a single user may have agreed to hand over their data, developers could also access some data about their friends. Needless to say, this realization among Facebook users has caused a huge backlash."

Source: https://threatpost.com/tens-of-thousands-of-malicious-apps-using-facebook-apis/131566/

Original Submission

takyon writes:

The DNC's Lawsuit Against WikiLeaks Is an Attack on the Freedom of the Press

It's a large world, filled with felonies big and misdemeanors small. And so I prefer to write long columns. But sometimes a short, sharp word is necessary. The Democratic Party is suing WikiLeaks and they shouldn't. As Glenn Greenwald wrote last week in The Intercept:

The Democratic National Committee filed a lawsuit this afternoon in a Manhattan federal court against the Russian government, the Trump campaign, and various individuals it alleges participated in the plot to hack its email servers and disseminate the contents as part of the 2016 election. The DNC also sued WikiLeaks for its role in publishing the hacked materials, though it does not allege that WikiLeaks participated in the hacking or even knew in advance about it; its sole role, according to the DNC's lawsuit, was publishing the hacked emails.

As Greenwald points out, the Dems' claim that "WikiLeaks is liable for damages it caused when it 'willfully and intentionally disclosed' the DNC's communications ... would mean that any media outlet that publishes misappropriated documents or emails (exactly what media outlets quite often do) could be sued by the entity or person about which they are reporting."

After the Manning releases in 2010, the Obama Justice Department wanted to sue WikiLeaks. However, they couldn't prove that anyone from WikiLeaks had actually stolen documents. They knew that suing WikiLeaks would have infringed on press freedom. Sue WikiLeaks, and you have to sue the Washington Post as well.

The DNC has no such qualms now.

Also at Al Jazeera.

See also: Why the DNC Is Fighting WikiLeaks and Not Wall Street

Original Submission

MrPlow writes:

Submitted via IRC for Fnord666

The team behind secure messaging app Signal says Amazon has threatened to drop the app if it doesn't stop using an anti-censorship practice known as domain-fronting. Google recently banned the practice, which lets developers disguise web traffic to look like it's coming from a different source, allowing apps like Signal to evade country-level bans. As a result, Signal moved from Google to the Amazon-owned Souq content delivery network. But Amazon implemented its own ban on Friday. In an email that Moxie Marlinspike — founder of Signal developer Open Whisper Systems — posted today, Amazon orders the organization to immediately stop using domain-fronting or find another web services provider.

Amazon has said that it's banning domain-fronting so malware purveyors can't disguise themselves as innocent web traffic. But Signal used the system to provide service in Egypt, Oman, and the United Arab Emirates (UAE), where it's officially banned. It got around filters by making traffic appear to come from a huge platform, since countries weren't willing to ban the entirety of a site like Google to shut down Signal.

Source: https://www.theverge.com/2018/5/1/17308508/amazon-web-services-signal-domain-fronting-ban-response

Also at TechCrunch and TechRepublic.

See also: A Google update just created a big problem for anti-censorship tools
APT29 Domain Fronting With TOR

Previously: Encrypted Messaging App Signal Uses Google to Bypass Censorship

Related: Open Whisper Systems Releases Standalone "Signal" Desktop App

Original Submission #1   Original Submission #2

MrPlow writes:

Submitted via IRC for SoyCow4408

Opera has dropped its mobile VPN app now that the development team has left.

The browser maker has discontinued both its Android and iOS VPN clients after SurfEasy, the developer Opera had acquired in 2015, parted ways with the company.

[...] If you're an Opera Gold user, you'll have the option of a free one-year subscription to SurfEasy's Ultra VPN service. Everyone else, meanwhile, can use the Opera VPN app to subscribe to SurfEasy Total for 99 cents per month instead of the usual $5.

Source: https://www.engadget.com/2018/04/30/opera-discontinues-mobile-vpn-app/

Original Submission

Fnord666 writes:

In a ruling with potentially sweeping consequences for the so-called gig economy, the California Supreme Court on Monday made it much more difficult for companies to classify workers as independent contractors rather than employees.

The decision could eventually require companies like Uber, many of which are based in California, to follow minimum-wage and overtime laws and to pay workers' compensation and unemployment insurance and payroll taxes, potentially upending their business models.

Industry executives have estimated that classifying drivers and other gig workers as employees tends to cost 20 to 30 percent more than classifying them as contractors. It also brings benefits that can offset these costs, though, like the ability to control schedules and the manner of work.

"It's a massive thing — definitely a game-changer that will force everyone to take a fresh look at the whole issue," said Richard Meneghello, a co-chairman of the gig-economy practice group at the management-side law firm Fisher Phillips.

Source: https://www.nytimes.com/2018/04/30/business/economy/gig-economy-ruling.html

Original Submission

takyon writes:

Dielectric Metamaterial is Dynamically Tuned by Light

Researchers at Duke University have built the first metal-free, dynamically tunable metamaterial for controlling electromagnetic waves. The approach could form the basis for technologies ranging from improved security scanners to new types of visual displays.

The results appear on April 9 in the journal Advanced Materials.

[...] For this study, the [silicon] cylinders were sized to interact with terahertz waves—a band of the electromagnetic spectrum that sits between microwaves and infrared light. Controlling this wavelength of light could improve broadband communications between satellites or lead to security technology that can easily scan through clothing. The approach could also be adapted to other bands of the electromagnetic spectrum—like infrared or visible light—simply by scaling the size of the cylinders.

Phototunable Dielectric Huygens' Metasurfaces (DOI: 10.1002/adma.201800278) (DX)

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Depending on which hemisphere of the Earth you're currently reading this from, summer is finally starting to fight its way to the surface. For the more "green" of our readers, that can mean it's time to start making plans for summer gardening. But as anyone who's ever planted something edible can tell you, garden pests such as squirrels are fantastically effective at turning all your hard work into a wasteland. Finding ways to keep them away from your crops can be a full-time job, but luckily it's a job nobody will mind if automation steals from humans.

[Peter Quinn] writes in to tell us about the elaborate lengths he is going to keep bushy-tailed marauders away from his tomatoes this year. Long term he plans on setting up a non-lethal sentry gun to scare them away, but before he can get to that point he needs to perfect the science of automatically targeting his prey. At the same time, he wants to train the system well enough that it won't fire on humans or other animals such as cats and birds which might visit his garden.

Source: https://hackaday.com/2018/04/30/training-the-squirrel-terminator/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow4408

A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking. Daan Keuper and Thijs Alkemade, security researchers with Computest, said they successfully tested their findings and exploit chains on Volkswagen Golf GTE and Audi A3 Sportback e-tron models (Audi is a brand part of the Volkswagen Group).

The two researchers said used a car's WiFi connection to exploit an exposed port and gain access to the car's IVI, manufactured by electronics vendor Harman. Researchers also gained access to the IVI system's root account, which they say allowed them access to other car data.

"Under certain conditions attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and the conversation history," Computest researchers said. "Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time," researchers added.

Source: https://www.bleepingcomputer.com/news/security/volkswagen-and-audi-cars-vulnerable-to-remote-hacking/

Original Paper: The Connected Car Ways to get unauthorized access and potential implications

Original Submission

canopic jug writes:

'Forget the Facebook leak': China is mining data directly from workers' brains on an industrial scale

But there's one big difference – the workers wear caps to monitor their brainwaves, data that management then uses to adjust the pace of production and redesign workflows, according to the company.

The company said it could increase the overall efficiency of the workers by manipulating the frequency and length of break times to reduce mental stress.

Original Submission

takyon writes:

Police submitted a DNA sample under a fake name to GEDmatch, an online DNA-matching/genealogy service, in order to capture a man they suspect to be the "Golden State Killer". Science Magazine interviewed Yaniv Erlich, who warned back in 2014 that GEDmatch could be used for law enforcement purposes:

A chat with the geneticist who predicted how the police may have tracked down the Golden State Killer

takyon writes:

Hasbro Picks Up Power Rangers, Other Saban Entertainment Assets, for $522 Million

Toymaker Hasbro, Inc. announced on Tuesday said it would acquire Saban's Power Rangers and other entertainment assets in a cash-and-stock deal valued at $522 million.

The transaction also includes other properties including "My Pet Monster," "Popples," "Julius Jr.," "Luna Petunia" and "Treehouse Detectives." Hasbro and Saban brands previously announced a $22 million master toy licensing agreement set to begin next year.

Hasbro will pay nearly $230 million in cash and issue $270 [million] in Hasbro common stock for the assets. The sale is expected to [close] during the second quarter of 2018.

The Power Rangers franchise, first started in 1993 by Haim Saban, is one of the longest-running live-action kids series. It has now spawned a number of movies including last year's Lionsgate picture, which grossed $142 million globally.

Hasbro's financials were recently hurt by the demise of Toys "R" Us.

Haim Saban.

Also at Deadline, CNBC, and The Hollywood Reporter.

Original Submission

takyon writes:

RiseML Benchmarks Google TPUv2 against Nvidia V100 GPU

RiseML Blog last week reported benchmarks that suggest Google's custom TPUv2 chips and Nvidia V100 GPUs offer roughly comparable performance on select deep learning tasks but that the cost for access to TPUv2 technology on Google Cloud is less than the cost of accessing V100s on AWS. Google began providing public access to TPUv2 in February via its Cloud TPU offering which includes four TPUv2 chips.

[...] Elmar Haußmann, cofounder and CTO of RiseML, wrote in the company blog, "In terms of raw performance on ResNet-50, four TPUv2 chips (one Cloud TPU) and four V100 GPUs are equally fast (within 2% of each other) in our benchmarks. We will likely see further optimizations in software (e.g., TensorFlow or CUDA) that improve performance and change this.

Google later announced that it would offer access to Nvidia Tesla V100 GPUs on its Google Cloud Platform:

The cloud giant also announced general availability of Nvidia's previous-generation P100 parts, in public beta on Google's platform since September 2017.

[...] While Google was the first of the big three public cloud providers to embrace [Nvidia Tesla (Pascal)] P100s, it was the last to adopt V100s. Amazon Web Services has offered the Volta parts since October 2017. Microsoft Azure followed with a private preview in November 2017. And IBM brought PCIe variant V100s into its cloud in January of this year.

Original Submission

takyon writes:

NASA dusts off FORTRAN manual, revives 20-year-old data on Ganymede

NASA scientists have made some new discoveries about Jupiter's giant moon Ganymede, thanks to a dedicated team, an elderly VAX machine and 20-year-old data from the long-defunct Galileo probe.

Fifteen years after Galileo (no, not that one) ended its days with a plunge into the atmosphere of Jupiter, NASA scientists have resurrected the 20-year-old datasets and added more detail to the puzzle of Ganymede's magnetosphere.

The new data, published in Geophysical Research Letters [DOI: 10.1002/2017GL075487] [DX], paints a picture of a stormy environment, with particles blasted off the moon's icy surface by incoming plasma raining down from Jupiter.

Ganymede is the solar system's largest and most massive satellite, but has slightly lower surface gravity than the Moon (0.146g vs 0.165g). Like many other icy objects in the solar system, Ganymede may have liquid oceans capable of supporting life. ESA's Jupiter Icy Moons Explorer (JUICE) will fly by Ganymede, Callisto, and Europa before eventually orbiting Ganymede. It may also include a Russian-built Ganymede lander.

Also at NASA.

Original Submission

takyon writes:

Planetary Resources declares 'mission success' for Arkyd-6

The technology demonstration spacecraft Arkyd-6, built by Planetary Resources to test technologies for future asteroid prospecting, has completed all of its mission requirements, the company said April 24, 2018.

Launched on Jan. 12, 2018, atop an Indian Polar Satellite Launch Vehicle with 30 other satellites, the 22-pound (10-kilogram) Arkyd-6 was designed as a technology demonstrator for future missions to explore and categorize asteroids for eventual resource mining.

[...] The company said the spacecraft successfully deployed its solar panels, demonstrated using its attitude control, distributed computing systems, communications systems, and its Mid-Wavelength Infrared (MWIR) imager.

Planetary Resources said the MWIR is the first commercial imager of its kind in space. It is capable of detecting water and other resources on Earth, but the company hopes to use the technology to locate water and minerals on asteroids for potential mining.

The company plans to launch Arkyd-301 spacecraft to near-Earth asteroids starting in 2020. The article includes an animation of what an Algerian refinery looks like using the MWIR imager.

Previously: Planetary Resources' Arkyd-6 Ready for Launch

Original Submission

takyon writes:

Synthetics now killing more people than prescription opioids, report says

Synthetic opioids such as fentanyl have overtaken prescription opioids as the No. 1 killer in the opioid epidemic, according to a new report.

The report, published Tuesday in the journal JAMA [DOI: 10.1001/jama.2018.2844] [DX], calculated the number and percentage of synthetic opioid-related overdose deaths in the United States between 2010 and 2016 using death certificates from the National Vital Statistics System. The researchers found that about 46% of the 42,249 opioid-related overdose deaths in 2016 involved synthetic opioids such as fentanyl, while 40% involved prescription drugs.

That's more than a three-fold increase in the presence of synthetic opioids from 2010, when synthetic drugs were involved in approximately 14% of opioid-overdose deaths.

Related: Heroin, Fentanyl? Meh: Carfentanil is the Latest Killer Opioid
Study Finds Stark Increase in Opioid-Related Admissions, Deaths in Nation's ICUs
U.S. Life Expectancy Continues to Decline Due to Opioid Crisis
Purdue Pharma to Cut Sales Force, Stop Marketing Opioids to Doctors
The More Opioids Doctors Prescribe, the More Money They Make
Two More Studies Link Access to Cannabis to Lower Use of Opioids

Original Submission