SoylentNews

An Anonymous Coward writes:

Threatpost reports:

[A] new Spectre-class exploit, dubbed SpectreRSB, was detailed by researchers from the University of California at Riverside in a research paper [PDF] on Friday. While the flaw still targets the process of speculative execution, unlike other variants, it manipulates a new part of the process called the return stack buffer.

[...] RSB is a common "predictor structure" in CPUs used to predict return addresses during the speculative execution process. It does so by pushing the return address from a call instruction on an internal hardware stack [...]

Since the disclosure of Spectre in January, various variants have consequently been disclosed by researchers – however, these have all targeted the branch predictor unit or cache within the CPU.

[...] Researchers said they have reported SpectreRSB to Intel, AMD and ARM [...]

The Register (CloudFlare-protected) also has an article about SpectreRSB.

"The microarchitecture of Intel, AMD and VIA CPUs" (PDF) by Agner Fog (cited by Wikipedia) has further explanation of what a return stack buffer is:

A Last-In-First-Out buffer, called the return stack buffer, remembers the return address every time a call instruction is executed, and it uses this for predicting where the corresponding return will go. This mechanism makes sure that return instructions are correctly predicted when the same subroutine is called from several different locations. The P1 has no return stack buffer, but uses the same method for returns as for indirect jumps. Later processors have a return stack buffer. [...]

Original Submission

An Anonymous Coward writes:

The Portland Mercury reports:

For many years, local libraries have allowed patrons to check out physical media—from vinyl LPs to eight tracks to cassettes to CDs—free of charge. Last month, Multnomah County Library launched the Library Music Project, an online platform that's continuing this legacy of accessibility by curating an online collection of albums from local artists [...]

Anyone can stream albums from more than 120 local artists on the Library Music Project's user-friendly website, but to make playlists or download songs, you must log in with a Multnomah County Library card. [...]

It's not totally uncharted territory—libraries in Madison, Wisconsin; Edmonton, Alberta; Nashville, Tennessee; and Seattle, Washington, all have similar programs in place.

Original Submission

Arthur T Knackerbracket has found the following story:

Hundreds of Idaho prison inmates have hacked jail software to "artificially" boost the amount of money in their own accounts, officials say.

The Idaho Department of Corrections said 364 inmates were "intentionally exploiting a vulnerability" to take nearly $225,000 (£171,000).

Fifty prisoners credited their accounts with more than $1,000 each while another inmate transferred $9,990.

A prisons spokesman said the "improper conduct involved no taxpayer dollars".

In a statement to BBC News, Idaho Department of Correction spokesman Jeff Ray said the inmates had hacked the JPay system.

JPay is a private firm that allows US prisoners access to portable devices which can transfer money, download music and games, and exchange communications with family members.

[...] JPay has so far recovered more than $65,000 worth of credits from the prisoners.

They have been suspended from downloading music and games until they pay the company for its losses, but they are still able to send and receive emails.

The Idaho Department of Corrections has also issued disciplinary reports to the inmates that were involved, meaning that they would lose certain privileges and be reclassified to a higher security risk level.

MrPlow writes:

Submitted via IRC for SoyCow1984

Federal air marshals have begun following ordinary US citizens not suspected of a crime or on any terrorist watch list and collecting extensive information about their movements and behavior under a new domestic surveillance program that is drawing criticism from within the agency.

The previously undisclosed program, called "Quiet Skies," specifically targets travelers who "are not under investigation by any agency and are not in the Terrorist Screening Data Base," according to a Transportation Security Administration bulletin in March.

The internal bulletin describes the program's goal as thwarting threats to commercial aircraft "posed by unknown or partially known terrorists," and gives the agency broad discretion over which air travelers to focus on and how closely they are tracked.

[...] But some air marshals, in interviews and internal communications shared with the Globe, say the program has them tasked with shadowing travelers who appear to pose no real threat — a businesswoman who happened to have traveled through a Mideast hot spot, in one case; a Southwest Airlines flight attendant, in another; a fellow federal law enforcement officer, in a third.

canopic jug writes:

Independent journalist Marcy Wheeler has written a summary of the current state of the case against Marcus Hutchins. Marcus is also known online as MalwareTech and came into the spotlight last year for stopping another global outbreak of more Microsoft Windows malware.

In short, she covers the following five points about the case:

• Motion for a Bill of Particulars with respect to CFAA charges [...]
• Challenge to Seventh Count (CFAA) [...]
• Motion to dismiss the whole damn indictment [...]
• Motion to dismiss wiretapping because Congress never intended to charge foreigners with wiretapping and none of the rest of this happened in the United States [...]
• Motion to compel the identity of Randy [...]

Marcus was arrested last year after attending a security conference inside the US.

Earlier on SN:
Marcus Hutchins, WannaCry-Killer, Hit With Four New Charges by the FBI (2018)
Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con (2017)
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS (2017)

Original Submission

"exec" writes:

Arthur T Knackerbracket has found the following story:

As soon as you start up a new Android phone, you get prompted to sign in with your Google account—but what if you don't want to do that? Maybe you want to take advantage of Android but limit what Google knows about you, or maybe you just prefer the alternative apps; whatever the case, here's how to live a Google-free Android life.

Right from the start we'll be honest and say it's not easy using Android without Google—but it is possible. If you want a more convenient life, then you need to sign right in when prompted. The big miss if you don't is the Google Play Store, but here we'll show you how to get around that and various other obstacles along the way.

We're assuming you're starting with a brand new Android phone fresh from the factory. You can de-Google-ify an existing Android handset, but you'll need to reset it first through the Settings app, to get back to the original setup screen. That means all your existing apps and data get wiped, so you'll need backups of all your important stuff somewhere.

"exec" writes:

Arthur T Knackerbracket has found the following story:

Apple has been using Intel 4G chips for some models of the iPhone and Qualcomm chips for others.

Apple appears to be making some big changes to the chips in its upcoming iPhones -- and that could mean your next iPhone downloads data slower than rival Android devices. Qualcomm, a major supplier of 4G chips for smartphones, on Wednesday said it doesn't expect to supply modems for any upcoming iPhones.

"We believe Apple intends to solely use our competitor's modems rather than our modems in its next iPhone release," Qualcomm financial chief George Davis said during an earnings call with analysts.

Cristiano Amon, the head of Qualcomm's chip business, noted that it doesn't mean Qualcomm has lost Apple's business forever, but it's out for now.

"This is a very dynamic industry," he said during the earnings call. "If the opportunity presents itself, I think we will be a supplier of Apple."

Apple and Qualcomm have been fighting over patents since the beginning of 2017. Qualcomm previously supplied all modems for iPhones, but Apple now uses 4G chips from Intel in about half of its phones -- particularly those running on AT&T and T-Mobile networks. The move gave Apple more leverage in its battle with Qualcomm, but it has been criticized for hurting consumers by limiting their network speeds.

Qualcomm didn't say which company will supply modems for the next iPhone, but it's believed to be Intel.

Apple's apparent move to source its chips from one supplier could have big implications for your next iPhone. Going back to one chip provider could make it tougher for Apple to keep up with demand for its upcoming iPhones, which means you may have to wait even longer to get your hands on a new device. And speed tests have shown Qualcomm-powered smartphones are capable of faster network speeds than the devices running on Intel processors.

-- submitted from IRC

Previously: Apple Could Switch From Qualcomm to Intel and MediaTek for Modems

Original Submission

Arthur T Knackerbracket has found the following story:

The discovery is a major step toward understanding the mechanisms of myelin production and the potential for treating certain central nervous system diseases

The nervous system is a complex organ that relies on a variety of biological players to ensure daily function of the human body. Myelin--a membrane produced by specialized glial cells--plays a critical role in protecting the fibers that help carry messages throughout the body.

The study by Scaglione et al, identifies PRMT5 as a molecule that promotes new myelin formation , by acting on histones (proteins bound to DNA) and placing marks (CH3), which preclude the formation of obstacles to the differentiation of progenitor cells (by preventing KATs from depositing Ac marks)

In the central nervous system (CNS), glial cells known as oligodendrocytes are responsible for producing myelin. Now, a paper published today in Nature Communications explains how researchers at the Advanced Science Research Center (ASRC) at The Graduate Center of The City University of New York have uncovered the role of a protein known as "PRMT5" in the production of myelin and, ultimately, proper development and function of the CNS.

"exec" writes:

Arthur T Knackerbracket has found the following story:

The New York State Public Service Commission (PSC) today voted to revoke its approval of Charter Communications' 2016 purchase of Time Warner Cable (TWC). The PSC said it is ordering Charter to sell the former TWC system that it purchased in New York, and it's "bring[ing] an enforcement action in State Supreme Court to seek additional penalties for Charter's past failures and ongoing noncompliance."

Charter has repeatedly failed to meet deadlines for broadband expansions that were required in exchange for merger approval, state officials said. The PSC has steadily increased the pressure on Charter with fines and threats, but Charter never agreed to changes demanded by state officials.

As a result of today's vote, "Charter is ordered to file within 60 days a plan with the Commission to ensure an orderly transition to a successor provider(s)," the PSC's announcement said. "During the transition process, Charter must continue to comply with all local franchises it holds in New York State and all obligations under the Public Service Law and the Commission regulations. Charter must ensure no interruption in service is experienced by customers, and, in the event that Charter does not do so, the Commission will take further steps, including seeking injunctive relief in Supreme Court in order to protect New York consumers."

[...] Charter has denied failing to meet obligations to expand broadband service. But as we've previously written, state officials say that Charter is trying to count locations that it was already required to serve as part of franchise agreements toward its merger commitments.

[...] Charter's statement did not say whether it will appeal the PSC decision, or whether it will comply with the PSC's order to sell the former Time Warner Cable system in New York. We asked Charter those questions today and will update this story if we get a response.

-- submitted from IRC

Original Submission

"exec" writes:

Arthur T Knackerbracket has found the following story:

You might not be able to attend Hogwarts in real life, but you can still leave your muggleness behind when you build Lego's new Hogwarts Castle, a mind-bending 6,020-piece model of the iconic wizarding school from the Harry Potter series.

The massive castle set covers everything from the Great Hall (complete with stained glass windows) to the Defense Against the Dark Arts classroom, Dumbledore's office and the Chamber of Secrets. You could easily spend days exploring all the nooks and crannies of the completed build.

[...] Start polishing your wand now. It's going to take some time to put all 6,020 pieces together and you might need an assist from a magic spell like "Reparo," the mending charm.

-- submitted from IRC

Original Submission

takyon writes:

NSA has yet to fix security holes that helped Snowden leaks

Edward Snowden's success in leaking NSA data was chalked up in part to the agency's own security lapses, so you'd think that the agency would have tightened up its procedures in the past five years... right? Apparently not. The NSA Inspector General's office has published an audit indicating that many of the Snowden-era digital security policies still haven't been addressed, at least as of the end of March 2018. It hasn't correctly implemented two-person access controls for data centers and similar rooms, doesn't properly check job duties and has computer security plans that are either unfinished or inaccurate.

The audit also showed that the NSA hasn't implemented the latest federal security guidance, doesn't have a complete inventory of its IT framework and isn't gathering all the documentation it needs before it gives a computer system the go-ahead. And while Snowden didn't rely on malware, the NSA isn't thoroughly scanning for viruses on USB thumb drives and other removable media.

Original Submission

MrPlow writes:

Submitted via IRC for Bytram

Sixty years ago, on July 29, 1958, President Dwight D. Eisenhower signed the National Aeronautics and Space Act into law, paving the way for the official opening of NASA's doors just a few months later, on Oct. 1.

The drive to create an American civilian space agency began with the shocking revelation on Oct. 4, 1957, that the Soviet Union had beaten the US to the punch and launched the first artificial satellite, Sputnik, aboard an intercontinental ballistic missile. The USSR was quick to tout its success in launching Earth's "second moon."

"Sputnik 1 was a phenomenon: You could go see it in your backyard," recalled physicist and engineer Guy Stever, who was on the faculty of MIT at the time, in a 1992 oral history workshop on the origins of the law.

Source: https://www.cnet.com/news/how-nasa-got-its-start-60-years-ago-sputnik-eisenhower/

Original Submission

Arthur T Knackerbracket has found the following story:

It's often been said that the eyes are the window to the soul, revealing what we think and how we feel. Now, new research reveals that your eyes may also be an indicator of your personality type, simply by the way they move.

Developed by the University of South Australia in partnership with the University of Stuttgart, Flinders University and the Max Planck Institute for Informatics in Germany, the research uses state-of-the-art machine-learning algorithms to demonstrate a link between personality and eye movements.

Findings show that people's eye movements reveal whether they are sociable, conscientious or curious, with the algorithm software reliably recognising four of the Big Five personality traits: neuroticism, extroversion, agreeableness, and conscientiousness.

Researchers tracked the eye movements of 42 participants as they undertook everyday tasks around a university campus, and subsequently assessed their personality traits using well-established questionnaires.

UniSA's Dr Tobias Loetscher says the study provides new links between previously under-investigated eye movements and personality traits and delivers important insights for emerging fields of social signal processing and social robotics.

-- submitted from IRC

Original Submission

An Anonymous Coward writes:

Deadline reports:

FCC Chairman Ajit Pai [...] defended his decision to refer Sinclair Broadcast Group's proposed $3.9 billion acquisition of Tribune Media to an administrative law judge for review.

[...] Central to the review is how Sinclair presented its plans to divest stations in Chicago, Dallas and Houston in order [to] gain regulatory approval. Those so-called "sidecar" deals could enable Sinclair to effectively continue operating the stations, Pai [link removed] said, in violation of federal rules.

MrPlow writes:

Submitted via IRC for TheRealLuciusSulla

Emperor's 2019 exit will be first era change of information age, and switchover could be as big as Y2K say industry figures

[...] On 30 April 2019, Emperor Akihito of Japan is expected to abdicate the chrysanthemum throne. The decision was announced in December 2017 so as to ensure an orderly transition to Akihito's son, Naruhito, but the coronation could cause concerns in an unlikely place: the technology sector.

The Japanese calendar counts up from the coronation of a new emperor, using not the name of the emperor, but the name of the era they herald. Akihito's coronation in January 1989 marked the beginning of the Heisei era, and the end of the Shōwa era that preceded him; and Naruhito's coronation will itself mark another new era.

But that brings problems. For one, Akihito has been on the throne for almost the entirety of the information age, meaning that many systems have never had to deal with a switchover in era. For another, the official name of Naruhito's era has yet to be announced, causing concern for diary publishers, calendar printers and international standards bodies.

It's why some are calling it "Japan's Y2K problem".

"The magnitude of this event on computing systems using the Japanese Calendar may be similar to the Y2K event with the Gregorian Calendar," said Microsoft's Shawn Steele. "For the Y2K event, there was world-wide recognition of the upcoming change, resulting in governments and software vendors beginning to work on solutions for that problem several years before 1 Jan 2000. Even with that preparation many organisations encountered problems due to the millennial transition.

[...] A much harder problem faces Unicode, the international standards organisation which most famously controls the introduction of new emojis to the world. Since Japanese computers use one character to represent the entire era name (compressing Heisei into ㍻ rather than 平成, for instance), Unicode needs to set the standard for that new character. But it can't do that until it knows what it's called, and it won't know that until late February at best. Unfortunately, version 12 of Unicode is due to come out in early March, which means it needs to be finished before then, and can't be delayed.

Source: https://www.theguardian.com/technology/2018/jul/25/big-tech-warns-japan-millennium-bug-y2k-emperor-akihito-abdication

Original Submission