SoylentNews

takyon writes:

Judge allows temporary ban on 3D-printed gun files to continue

A federal judge in Seattle has ruled against Defense Distributed, imposing a preliminary injunction requiring the company to keep its 3D-printed gun files offline for now.

US District Judge Robert Lasnik found in his Monday ruling that the plaintiffs were likely to succeed based on their argument that the Department of State, in allowing for a modification of federal export law, had unwittingly run afoul of a different law, the Administrative Procedure Act. In essence, the judge found that because the Department of State did not formally notify Congress when it modified the United States Munitions List, the previous legal settlement that Defense Distributed struck with the Department of State—which allowed publication of the files—is invalid.

As Ars has reported, Defense Distributed is the Texas-based company involved in a years-long lawsuit with the Department of State over publication of those files and making them available to foreigners. The company runs DEFCAD, perhaps the best-known online repository of gun files.

[...] Judge Lasnik's ruling today only briefly addressed the fact that the files are already available on numerous sites, including Github, The Pirate Bay, and more. These files have circulated online since their original publication back in 2013. (Recently, new mirrors of the files have begun to pop up.) "It is not clear how available the nine files are: the possibility that a cybernaut with a BitTorrent protocol will be able to find a file in the dark or remote recesses of the Internet does not make the posting to Defense Distributed's site harmless," he wrote.

Will legalnauts with gavels smack down this injunction?

Previously: Landmark Legal Shift for 3D-Printed Guns
[Updated] Defense Distributed Releasing Gun Plans, President Trump "Looking Into" It

Related: The $1,200 Machine That Lets Anyone Make a Metal Gun at Home
FedEx Refuses to Ship Defense Distributed's Ghost Gunner CNC Mill

Original Submission

chromas (from IRC) writes:

earthobservatory.nasa.gov:

[...] If you have ever watched smoke billowing from a wildfire, ash erupting from a volcano, or dust blowing in the wind, you have seen aerosols. Satellites like Terra, Aqua, Aura, and Suomi NPP “see” them as well, though they offer a completely different perspective from hundreds of kilometers above Earth’s surface. A version of a NASA model called the Goddard Earth Observing System Forward Processing (GEOS FP) offers a similarly expansive view of the mishmash of particles that dance and swirl through the atmosphere.

The visualization above highlights GEOS FP model output for aerosols on August 23, 2018. On that day, huge plumes of smoke drifted over North America and Africa, three different tropical cyclones churned in the Pacific Ocean, and large clouds of dust blew over deserts in Africa and Asia. The storms are visible within giant swirls of sea salt aerosol (blue), which winds loft into the air as part of sea spray . Black carbon particles (red) are among the particles emitted by fires; vehicle and factory emissions are another common source. Particles the model classified as dust are shown in purple. The visualization includes a layer of night light data collected by the day-night band of the Visible Infrared Imaging Radiometer Suite (VIIRS) on Suomi NPP that shows the locations of towns and cities.

Original Submission

MrPlow writes:

Submitted via IRC for BoyceMagooglyMonkey

[...] Unknown to the common user is that modern smartphones include a basic modem component inside them, which allows the smartphone to connect to the Internet via its telephony function, and more.

While international telecommunications bodies have standardized basic AT commands, dictating a list that all smartphones must support, vendors have also added custom AT command sets to their own devices —commands which can control some pretty dangerous phone features such as the touchscreen interface, the device's camera, and more.

[...] Once an attacker is connected via the USB to a target's phone, he can use one of the phone's secret AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, or even inject touch events solely through the use of AT commands.

Source: https://www.bleepingcomputer.com/news/security/smartphones-from-11-oems-vulnerable-to-attacks-via-hidden-at-commands/

Original Submission

MrPlow writes in with a story submitted (via IRC) for SoyCow4408:

An idle Android smartphone sends user data back to Google servers nearly ten times more frequently as an Apple device sends data back to Apple servers.

This is just one of the many findings of a 55-page research paper [pdf] published this week by research agency Digital Content Next. The research looked at what type of data is sent back to Google servers from idle Android devices.

The overall conclusion of the research is that Google tracks its users more often and collects more information about their movements and behavior when compared to Apple or to Google's ability to track users on Apple devices.

[...] For starters, researchers said that while a user interacts with a phone, 46% of all communications sent to Google servers were to Google's publisher and advertiser products, such as Google Analytics, DoubleClick, AdWords, and AdSense.

"Magnitude wise, Google's servers communicated 11.6 MB of data per day (or 0.35 GB/month) with the Android device," researchers said. "This experiment suggests that even if a user does not interact with any key Google applications, Google is still able to collect considerable information through its advertiser and publisher products."

[...] Moreover, even if most of the data Google collects about users is anonymized, researchers said that there are various details that Google accumulates from the same device that can deanonymize users.

For example, researchers said that advertising identifiers such as DoubleClick cookie IDs allow Google to track a user across web pages and apps, and associate "anonymous users" with known Google accounts.

Source: https://www.bleepingcomputer.com/news/google/idle-android-phones-send-data-to-google-ten-times-more-often-than-ios-devices-to-apple/

Original Submission

MrPlow writes in with a submission (via IRC) for SoyCow1984:

Earlier this month, MoviePass announced that its customers, previously allowed to see one movie per day, would be limited to just three per month. At the time, the company said that the change wouldn't affect annual subscribers until their plan renewed. But it looks like MoviePass has changed its mind yet again, and probably to nobody's surprise. The company began circulating an email today notifying annual plan subscribers that they too will be limited to just three film showings per month.

"As of today, aligned with Section 2.4 of our Terms of Use, your annual subscription plan will now allow you to see three movies a month instead of the previous unlimited offering, and you'll receive up to a $5 discount on any additional movie tickets purchased," the email said. "This is the current standard plan now in effect for all current and new subscribers." And because the move is retroactive for the current monthly period, which varies by customer, some users will find that they've already seen their three movies once they receive the notification email. The company claims it "intends" to expand its offering of blockbuster and independent films in light of the plan adjustments.

Source: https://www.engadget.com/2018/08/24/moviepass-annual-subscribers-three-movie-plan/

Original Submission

MrPlow writes in with a submission via IRC for SoyCow1984:

When they're not potentially infectious, they have extraordinary health claims.

The maker of wide-ranging "water-based homeopathic medicines" has recalled 32 products marketed to children and infants due to microbial contamination, according to an announcement posted on the Food and Drug Administration's website this week.

The announcement does not provide any specifics about the contamination or potential risks. However, the North Carolina-based manufacturer behind the recall, King Bio, issued a similar announcement back in July. At that time, the company recalled three other products after an FDA inspection found batches contaminated with the bacteria Pseudomonas brenneri, Pseudomonas fluorescens, and Burkholderia multivorans.

Pseudomonas brenneri is a bacterium recently found in natural mineral waters, and its clinical significance is murky. However, Pseudomonas fluorescens is known to be an opportunistic pathogen, causing blood infections, and Burkholderia multivorans can cause infections in people with compromised immune systems and cystic fibrosis. It was also recently found to be a rare but emerging cause of meningitis.

[...] UPDATE 8/24/2018: King Bio updated its website to include a note about the recall. The company wrote that: "Within the past two weeks, microbial contamination was discovered in two children's products, but as an added measure of caution, we chose to recall all the children's products manufactured from August 2015 to August 2018." It added that no injuries or illnesses have been reported to date.

Source: https://arstechnica.com/science/2018/08/massive-recall-of-homeopathic-kids-products-spotlights-dubious-health-claims/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow1984

Japan is making a push to develop flying cars, enlisting companies including Uber Technologies Inc. and Boeing Co. in a government-led group to bring airborne vehicles to the country in the next decade.

The group will initially comprise 21 businesses and organizations, including Airbus SE, NEC Corp., a Toyota Motor Corp.-backed startup called Cartivator, ANA Holdings Inc., Japan Airlines Co., and Yamato Holdings Co., according to a statement Friday from the trade ministry in Tokyo. Delegates will gather Aug. 29 to help chart a road map this year, it said.

"The Japanese government will provide appropriate support to help realize the concept of flying cars, such as creation of acceptable rules," the ministry said.

Source: https://www.bloomberg.com/news/articles/2018-08-24/uber-airbus-are-said-to-be-enlisted-in-japan-s-flying-car-planhttps://www.engadget.com/2018/08/24/japan-teams-up-uber-airbus-19-others-flying-taxi-plan/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow4408

Netflix is joining the likes of Epic Games Inc. and Spotify Technology SA in its latest move: testing a way for users to register and pay for the streaming service while bypassing Apple Inc.'s app store and hefty commission fees.

The streaming giant is the latest company to look into bypassing Apple's app store and Alphabet Inc.'s Google Play. Both Apple and Google take a 30% commission on all apps and in-app purchases, and the commission drops to 15% after the first year.

[...] Companies have long complained about the heavy cut Apple and Google take in return for visibility on their platforms. Spotify does not allow new subscribers to sign up via Apple's app store, though the app itself can still be downloaded there. The company has been especially vocal about the fees over the years, publicly speaking out and approaching U.S. and European regulators about the issue.

Source: https://www.marketwatch.com/story/netflix-is-the-latest-company-to-try-bypassing-apples-app-store-2018-08-23

MrPlow writes:

Submitted via IRC for SoyCow1984

Epic's first Fortnite Installer allowed hackers to download and install anything on your Android phone silently

Google has just publicly disclosed that it discovered an extremely serious vulnerability in Epic's first Fortnite installer for Android that allowed any app on your phone to download and install anything in the background.

Also at TechCrunch and Forbes.

See also: Google is irresponsible claims Fortnite's chief in bug row

Previously: Fortnite's Android Version Bypasses Google Play to Avoid 30% "Store Tax"

Original Submission #1   Original Submission #2

MrPlow writes:

Submitted via IRC for SoyCow4408

Buried on page 25 of the 2019 budget proposal for the National Institute of Standards and Technology (NIST), under the heading "Fundamental Measurement, Quantum Science, and Measurement Dissemination", there's a short entry that has caused plenty of debate and even a fair deal of anger among those in the amateur radio scene:

NIST will discontinue the dissemination of the U.S. time and frequency via the NIST radio stations in Hawaii and Ft. Collins, CO. These radio stations transmit signals that are used to synchronize consumer electronic products like wall clocks, clock radios, and wristwatches, and may be used in other applications like appliances, cameras, and irrigation controllers.

The NIST stations in Hawaii and Colorado are the home of WWV, WWVH, and WWVB. The oldest of these stations, WWV, has been broadcasting in some form or another since 1920; making it the longest continually operating radio station in the United States. Yet in order to save approximately $6.3 million, these time and frequency standard stations are potentially on the chopping block.

Source: https://hackaday.com/2018/08/20/what-will-you-do-if-wwvb-goes-silent/

Original Submission

An Anonymous Coward writes:

For many people, the world wide web is synonymous with the Internet. While the HTTP protocol dominates the modern Internet, many protocols obsolete, obscure and well known make up the Internet.

One of the more stubborn protocols is Gopher. Introduced in 1991 (the same year as HTTP), Gopher, like the web, is document-centric.

By about 1990, information on the Internet was expanding rapidly enough that it needed more organization and a better search capability. In 1991 researchers at the University of Minnesota developed the Gopher protocol in an attempt to provide some of that organization. Gopher provides a hierarchical text-based menu system to organize the contents of a data repository (which eventually came to be called "gopherholes").

https://prgmr.com/blog/gopher/2018/08/23/gopher.html

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow4408

At a Kiev nightclub in the spring of 2012, 24-year-old Ivan Turchynov made a fateful drunken boast to some fellow hackers. For years, Turchynov said, he'd been hacking unpublished press releases from business newswires and selling them, via Moscow-based middlemen, to stock traders for a cut of the sizable profits.

[...] Newswires like Business Wire are clearinghouses for corporate information, holding press releases, regulatory announcements, and other market-moving information under strict embargo before sending it out to the world. Over a period of at least five years, three US newswires were hacked using a variety of methods from SQL injections and phishing emails to data-stealing malware and illicitly acquired login credentials. Traders who were active on US stock exchanges drew up shopping lists of company press releases and told the hackers when to expect them to hit the newswires. The hackers would then upload the stolen press releases to foreign servers for the traders to access in exchange for 40 percent of their profits, paid to various offshore bank accounts. Through interviews with sources involved with both the scheme and the investigation, chat logs, and court documents, The Verge has traced the evolution of what law enforcement would later call one of the largest securities fraud cases in US history.

Source: https://www.theverge.com/2018/8/22/17716622/sec-business-wire-hack-stolen-press-release-fraud-ukraine

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow4408

The makers of Sitter, a popular app for connecting babysitters with parents, have involuntarily exposed the personal details of over 93,000 users.

The exposure took place last week and was caused by a MongoDB database left exposed on the Internet with no credentials.

Independent security researcher Bob Diachenko discovered the database. He told Bleeping Computer that he spotted the database on August 14, when he immediately reported the issue to the Sitter app makers. The Sitter team secured the database on the same day of the report, Diachenko said.

The database was previously indexed on Shodan, a search engine for Internet-connected devices, a day earlier, on August 13.

Source: https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow4408

They are the Ubers of the digital security world. Instead of matching independent drivers with passengers, companies like Bugcrowd and HackerOne connect people who like to spend time searching for flaws in software with companies willing to pay them for bugs they find.

This cybersecurity gig economy has expanded to hundreds of thousands of hackers, many of whom have had some experience in the IT security industry. Some still have jobs and hunt bugs in their spare time, while others make a living from freelancing. They are playing an essential role in helping to make code more secure at a time when attacks are rapidly increasing and the cost of maintaining dedicated internal security teams is skyrocketing .

The best freelance bug spotters can make significant sums of money. HackerOne, which has over 200,000 registered users, says about 12 percent of the people using its service pocket $20,000 or more a year, and around 3 percent make over $100,000. The hackers using these platforms hail mostly from the US and Europe, but also from poorer countries where the money they can earn leads some to work full time on bug hunting.

MrPlow writes:

Submitted via IRC for SoyCow4408

Software development is a complicated discipline, especially when you consider that it is performed by several people working together.

Comparing it to emergent systems is useful because it provides a perspective where we can think of software as something that evolves.

Being able to measure that evolution is then crucial if we want to be able to tell if the product we are building is holding up in terms of quality.

I also describe a tool named NDepend that serves exactly this purpose (and as far as I know has no competitors). It provides extensive metrics and allows for the creation of custom rules, all of this while supporting integration with a continuous integration workflow.

Source: https://www.blinkingcaret.com/2018/08/22/software-development-emergent-system-ndepend/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow4408

Kalashnikov Concern, a Russian manufacturer known for the AK-47 assault rifle, is thinking pretty big these days when it comes to new defense machines. The company unveiled a concept for a bipedal battle robot this week and all I can think about are the two-legged AT-STs from Star Wars.

The Kalashnikov creation seems to be solidly in the concept realm right now. It looks like its main job is to just stand there and look cool.

It has a couple of grabby arms and hands reminiscent of the Power Loader suit from Aliens and a large cabin at the top where presumably a human driver would sit to control the machine. It looks a bit top-heavy and not quite as lithe as an AT-ST.

Source: https://www.cnet.com/news/kalashnikov-battle-robot-concept-looks-like-a-star-wars-at-st/

Previous: Kalashnikov Unveils Electric Car Seeking to Dethrone Tesla.

Original Submission