SoylentNews

canopic jug writes:

The project Protect Democracy is suing the state of South Carolina because its insecure, unreliable voting systems are effectively denying people the right to vote. The project has filed a 45-page lawsuit pointing out the inherent lack of security and inauditability of these systems and concludes that "by failing to provide S.C. voters with a system that can record their votes reliably," South Carolinians have been deprived of their constitutional right to vote. Late last year, Def Con 25's Voting Village reported on the ongoing, egregious, and fraudulent state of electronic voting in the US, a situation which has been getting steadily worse since at least 2000. The elephant in the room is that these machines are built from the ground up on Microsoft products, which is protected with a cult-like vigor standing in the way of rolling back to the only known secure method, hand counted paper ballots.

Bruce Schneier is an advisor to Protect Democracy

Earlier on SN:
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States (2018)
Want to Hack a Voting Machine? Hack the Voting Machine Vendor First (2018)
Georgia Election Server Wiped after Lawsuit Filed (2017)
It Took DEF CON Hackers Minutes to Pwn These US Voting Machines (2017)
Russian Hackers [sic] Penetrated US Electoral Systems and Tried to Delete Voter Registration Data (2017)
5 Ways to Improve Voting Security in the U.S. (2016)
FBI Says Foreign Hackers Penetrated State Election Systems (2016)
and so on ...

Original Submission

takyon writes:

Tree Shrews Love Hot Peppers Because They Don't Feel the Burn

One of the only traits left to distinguish us from other mammals is a tolerance—and in many cases deep, passionate love—for spicy foods. Richie Hertzberg at National Geographic reports that even that is under assault. A new study reveals that a species of Chinese tree shrew also seeks out hot peppers, and it's probably got a higher tolerance than you.

According to a press release, chili peppers do not grow naturally in the range of Chinese tree shrews, Tupaia belangeri chinensis, but they do feed heavily on Piper boehmeriaefolium, another species of plant that produces copious amounts of capsaicinoids, the compounds that give peppers their kick. Cara Giaimo at Atlas Obscura reports that researchers at the Kunming Institute of Zoology stumbled upon the shrew's tolerance while trying to figure out what the animals like to eat. The shrews, not true shrews at all but relatives of primates, are more genetically similar to humans than other lab animals like mice. So the institute houses about 2,000 of the 10-inch-long mammals for research. As they presented foods to the shrews, they were stunned to find the animals preferred hot peppers, something a self-respecting rabbit or macaque would never eat. (Some other animals, like birds, don't have capsaicinoid receptors, so they can munch peppers all they want.)

To understand the phenomenon, Chinese researchers collected five wild tree shrews and six wild mice to serve as controls. They fed the animals corn pellets spiked with capsaicin. Predictably, the shrews loved the spicy noms while the mice turned away. The researchers also collected bunches of Piper boehmeriaefolium from a local botanical garden. After synthesizing the capsaicin produced by the plant, they injected it into the animals. They then watched how often the animals licked the site, since licking is a response to pain, finding that mice licked the spot more often, a sign that they were irritated by the capsaicin. The shrews hardly licked the spots at all. After that they euthanized the animals to analyze their brains.

Unlike human pepper-heads, who enjoy the tingling on their lips, the slowly building heat and a rush of endorphins that comes from eating hot food, the shrews simply don't feel the burn much, if at all. That's because, the study in the journal PLoS Biology [open, DOI: 10.1371/journal.pbio.2004921] [DX] reveals, they have a mutation of the TRPV1 ion channel, also known as the capsaicin receptor. In other mammals, including the control mice, the receptor activates in the presence of capsaicin, causing pain and burning sensations.

Treeshrew.

Original Submission

takyon writes:

3D image reveals hidden neurons in fruit-fly brain

Scientists have produced a 3D image of a fruit fly's brain that's so detailed, researchers can trace connections between neurons across the entire organ.

Fruit flies (Drosophila melanogaster) display a suite of complex behaviours, including courtship dances and learning. But understanding the neural networks that drive these behaviours remains a challenge. The data from this image, published on 19 July in Cell, resolved the insect's brain down to individual cells — revealing some neurons that have never been seen before. This offers scientists a new tool with which to study fruit-fly behaviour and allows them to compare the insects' neural networks with that of other species.

Researchers cut a fly's brain — roughly the size of a poppy seed — into more than 7,000 slices and shot a beam of electrons through the sample. A high-speed camera captured high-resolution pictures of each slice — a process never used before — generating roughly 21 million images that the team stitched together using custom computer software.

Also at Science Magazine, Science News, Discovery Magazine, and National Geographic.

A Complete Electron Microscopy Volume of the Brain of Adult Drosophila melanogaster (open, DOI: 10.1016/j.cell.2018.06.019) (DX)

Original Submission

DannyB writes:

Malware Author Builds 18,000-Strong Botnet in a Day

A malware author has built a huge botnet comprised of over 18,000 routers in the span of only one day.

This new botnet has been spotted yesterday by security researchers from NewSky Security, and their findings have been confirmed today by Qihoo 360 Netlab, Rapid7, and Greynoise.

[...] The botnet has been built by exploiting a vulnerability in Huawei HG532 routers, tracked as CVE-2017-17215.

Scans for this vulnerability, which can be exploited via port 37215, started yesterday morning, July 18, according to data collected by Netlab's NetScan system.

[...] Wicked/Anarchy is a well-known malware author who, in the past, has created variations of the Mirai IoT malware. These variations and their respective botnets were known as Wicked, Omni, and Owari (Sora), and had been previously used for DDoS attacks.

[...] But Anarchy is not done yet. The botnet author told Anubhav that he also plans to target CVE-2014-8361, a vulnerability in Realtek routers exploitable via port 52869.

One day in the bright future, everything connected to the internet will be magically supported forever by updates from the manufacturer. No more malware. The intarweb tubes will be one giant safe space with rainbows and unicorns for all.

Original Submission

takyon writes:

Soon, your soy milk may not be called 'milk'

Soy and almond drinks that bill themselves as "milk" may need to consider alternative language after a top regulator suggested the agency may start cracking down on use of the term.

The Food and Drug Administration signaled plans to start enforcing a federal standard that defines "milk" as coming from the "milking of one or more healthy cows." That would be a change for the agency, which has not aggressively gone after the proliferation of plant-based drinks labeled as "milk."

FDA Commissioner Scott Gottlieb talked about the plans this week, noting there are hundreds of federal "standards of identity" spelling out how foods with various names need to be manufactured.

"The question becomes, have we been enforcing our own standard of identity," Gottlieb said about "milk" at the Politico event Tuesday. "The answer is probably not."

Original Submission

MrPlow writes:

Submitted via IRC for AndyTheAbsurd

The majority of robots are white. Do a Google image search for "robot" and see for yourself: The whiteness is overwhelming. There are some understandable reasons for this; for example, when we asked several different companies why their social home robots were white, the answer was simply because white most conveniently fits in with other home decor.

But a new study suggests that the color white can also be a social cue that results in a perception of race, especially if it's presented in an anthropomorphic context, such as being the color of the outer shell of a humanoid robot. In addition, the same issue applies to robots that are black in color, according to the study. The findings suggest that people perceive robots with anthropomorphic features to have race, and as a result, the same race-related prejudices that humans experience extend to robots.

Source: Humans Show Racial Bias Towards Robots of Different Colors: Study

Original Submission

MrPlow writes:

Submitted via IRC for AndyTheAbsurd

All over the western world banks are shutting down cash machines and branches. They are trying to push you into using their digital payments and digital banking infrastructure. Just like Google wants everyone to access and navigate the broader internet via its privately controlled search portal, so financial institutions want everyone to access and navigate the broader economy through their systems.

Another aim is to cut costs in order to boost profits. Branches require staff. Replacing them with standardised self-service apps allows the senior managers of financial institutions to directly control and monitor interactions with customers.

Banks, of course, tell us a different story about why they do this. I recently got a letter from my bank telling me that they are shutting down local branches because "customers are turning to digital", and they are thus "responding to changing customer preferences". I am one of the customers they are referring to, but I never asked them to shut down the branches.

Source: The cashless society is a con – and big finance is behind it

Original Submission

Arthur T Knackerbracket has found the following story:

Thousands of miles of buried fiber optic cable in densely populated coastal regions of the United States may soon be inundated by rising seas, according to a new study by researchers at the University of Wisconsin-Madison and the University of Oregon.

The study, presented July 16, 2018 at a meeting of internet network researchers, portrays critical communications infrastructure that could be submerged by rising seas in as soon as 15 years, according to the study's senior author, Paul Barford, a UW-Madison professor of computer science.

"Most of the damage that's going to be done in the next 100 years will be done sooner than later," says Barford, an authority on the "physical internet" -- the buried fiber optic cables, data centers, traffic exchanges and termination points that are the nerve centers, arteries and hubs of the vast global information network. "That surprised us. The expectation was that we'd have 50 years to plan for it. We don't have 50 years."

-- submitted from IRC

Original Submission

Arthur T Knackerbracket has found the following story:

Childhood adversity permanently alters the peripheral and central immune systems, increasing the sensitivity of the body's immune response to cocaine, reports a study by researchers at the IRCCS Santa Lucia Foundation and University of Rome "La Sapienza," Italy.

The study, published in Biological Psychiatry, showed that exposure to psychosocial stress early in life altered the structure of immune cells and inflammatory signals in mice and led to increased drug-seeking behavior. Exposure to early psychosocial stress in mice, or a difficult childhood in humans, increased the immune response to cocaine in adulthood, revealing a shared mechanism in the role of immune response in the effects of early life stress on cocaine sensitivity in mice and humans.

The findings help explain why as many as 50 percent of people who experience childhood maltreatment develop addiction problems. The results in mice and humans suggest that exposure to adversity during childhood triggers activation of the immune system, leading to permanent changes that sensitize the immune system and increase susceptibility to the effects of cocaine in adulthood.

-- submitted from IRC

Original Submission

Apparition writes:

Bloomberg reports that Google's Project Fuchsia may eventually succeed Android.

Here's what's already known about Fuchsia: Alphabet Inc.'s Google started quietly posting code online in 2016, and the company has let outside app developers tinker with bits of the open-source code. Google has also begun to experiment with applications for the system, such as interactive screen displays and voice commands for YouTube.

But members of the Fuchsia team have discussed a grander plan that is being reported here for the first time: Creating a single operating system capable of running all the company's in-house gadgets, like Pixel phones and smart speakers, as well as third-party devices that now rely on Android and another system called Chrome OS, according to people familiar with the conversations.

According to one of the people, engineers have said they want to embed Fuchsia on connected home devices, such as voice-controlled speakers, within three years, then move on to larger machines such as laptops. Ultimately the team aspires to swap in their system for Android, the software that powers more than three quarters of the world's smartphones, said the people, who asked not to be identified discussing internal matters. The aim is for this to happen in the next half decade, one person said.

[...] The company must also settle some internal feuds. Some of the principles that Fuchsia creators are pursuing have already run up against Google's business model. Google's ads business relies on an ability to target users based on their location and activity, and Fuchsia's nascent privacy features would, if implemented, hamstring this important business. There's already been at least one clash between advertising and engineering over security and privacy features of the fledgling operating system, according to a person familiar with the matter. The ad team prevailed, this person said.

Original Submission

Phoenix666 writes:

Rolling Stone:

When a U.S. citizen heard he was on his own country’s drone target list, he wasn’t sure he believed it. After five near-misses, he does – and is suing the United States to contest his own execution
...
With Reprieve’s help, Kareem did what the system asks a law-abiding American citizen with a grievance to do. He sued, filing a complaint in district court in Washington, D.C., on March 30th, 2017, asking the U.S. government to take him off the Kill List, at least until he had a chance to challenge the evidence against him.

The case, still unresolved more than a year later, has awesome implications not just for Kareem but for all Americans – all people everywhere, for that matter.

It’s not a stretch to say that it’s one of the most important lawsuits to ever cross the desk of a federal judge. The core of the Bill of Rights is in play, and a wrong result could formalize a slide into authoritarianism that began long ago, but accelerated after 9/11.

He needs to take the matter to Information Retrieval, but heaven help him if he doesn't get his receipt stamped first.

[Ed note: It's a long read, but provides extensive background on the US government's kill list development, implementation, and complications in trying to do anything about it.]

Original Submission

An Anonymous Coward writes:

The Australian government online medical health record system is failing due to the number of people trying to opt out. The MyHealthRecord was introduced to store patients health records online so multiple doctors can access them. Many privacy and IT security advocates have warned that this type of system can be compromised. For most people it does not provide a great benefit. A key criticism is that users can't delete data only a provider can mark data as being hidden, and data is never actually deleted. With the Australian government throwing millions at this system to try to make it relevant this opt out may put a nail in its coffin. The government plans to sell data from this system to third parties, a fact which has not endeared it to the public with the recent government data breaches and census fiasco. People in Australia are voting with their feet to not be a part of it before it evens starts which says a lot about how people in Australia value their privacy.

Original Submission

Phoenix666 writes:

Bloomberg:

Best Buy, the last national electronics chain, is counting on these advisors to distinguish it from Amazon.com Inc., the company’s competitor, partner, and would-be vanquisher. With more than 1,000 big-box stores in North America and about 125,000 employees, Best Buy was supposed to have succumbed to the inevitable. “Everyone thought we were going to die,” says Hubert Joly, who was hired as chief executive officer in August 2012 after profits shrunk about 90 percent in one quarter and his predecessor resigned amid an investigation into his relationship with an employee.

Instead, Best Buy has become an improbable survivor led by an unlikely boss. Joly was raised and educated in France, trained at McKinsey & Co., and previously employed by hospitality company Carlson, based outside Minneapolis, and media conglomerate Vivendi SA, where he greenlighted a little game called World of Warcraft. He’s the first outside CEO in the chain’s 52-year history. He had no retail experience—Best Buy’s stock fell 10 percent the day he was named CEO—but Joly understands how to value, and capture, customers’ time. Comparable sales rose 5.6 percent last year and 9 percent during the Christmas season, the biggest holiday gain since 2003. The stock price has quadrupled. Even Amazon CEO Jeff Bezos is impressed. “The last five years, since Hubert came to Best Buy, have been remarkable,” he said at an appearance in April.

Geek Squad to the rescue?

Original Submission

canopic jug writes:

Distributed Denial of Service (DDoS) attacks have been getting more polished, in what, who, and how they target their victims. Threatpost has an article looking at some of the changes over the recent years regarding new techniques, new targets, and a new class of attackers.

Several new themes are emerging in the 2018 distributed denial of service (DDoS) threat landscape, including a shift in tactics to reach new heights in volumetric campaigns, attacks that rely on a sheer wall of large amounts of packet traffic to overwhelm the capacity of a website and take it town.

However, while these traditional, opportunistic brute-force DDoS attacks remain a menace has emerged. These DDoS threats are more sophisticated and micro-targeted attacks. They take aim at, say, a specific application rather than a whole website. These type DDoS attacks are a rapidly growing threat, as are “low and slow” stealthier offensives. At the same time, bot herders are working on expanding their largely IoT-based botnet creations, by any means possible, often to accommodate demand from the DDoS-as-a-service offerings that have created a flood of new participants in the DDoS scene. Those new entrants are all competing for attack resources, creating a demand that criminals are all too happy to fulfill.

[...] One of the most notable evolutions in the DDoS landscape is the growth in the peak size of volumetric attacks. Attackers continue to use reflection/amplification techniques to exploit vulnerabilities in DNS, NTP, SSDP, CLDAP, Chargen and other protocols to maximize the scale of their attacks. Notably however, in February the world saw a 1.3 Tbps DDoS attack against GitHub—setting a record for volume (it was twice the size of the previous largest attack on record) and demonstrating that new amplification techniques can give unprecedented power to cybercriminals. Just five days later, an even larger attack launched, reaching 1.7 Tbps. These showed that DDoS attackers are more than able to keep up with the growing size of bandwidth pipes being used by businesses.

Original Submission

Arthur T Knackerbracket has found the following story:

July’s critical patch update addresses 334 security vulnerabilities (including 61 rated critical) covering a vast swathe of the Oracle enterprise portfolio.

Oracle has released a massive Critical Patch Update (CPU) for July, addressing 334 security vulnerabilities covering a vast swathe of its enterprise portfolio.

Of the 334 vulnerabilities covered this month, 61 are rated critical, with a CVSS rating between nine and 10. Oracle said in its advisory Tuesday that it has observed several exploits operating in the wild, across the spectrum of security holes, so applying the update should be at the top of the to-do list for administrators.

The update marks an all-time high for CPU fixes for the vendor, overtaking its previous record of 308 in July 2017. Not that large numbers of fixes are uncommon: In its previous CPU in April, it fixed 251 flaws; and before that, in January, it addressed 233.

Oracle’s business-critical applications are heavily represented, with the majority of the patches in the CPU issued for the widely deployed PeopleSoft enterprise resource planning platform, the E-Business Suite, the MySQL database, Siebel CRM, the Fusion middleware, JD Edwards products and more. Taken together, these systems house the most sensitive information for any company, including financial information, HR data, vertical-specific information like student grades and loans or healthcare PHI, plus strategic operational data on business processes and intellectual property.

[...] In all, Oracle credited 43 independent researchers as well as analysts from Apple, GE, Google, Pulse Security, Trend Micro, Secunia and others.

[...] The Zero Day Initiative said that the number of bugs reported in 2018 is on track to trump its previous busiest year, 2017.

-- submitted from IRC

Original Submission