SoylentNews

infodragon writes:

Researchers have determined that some light bulbs are suitable for covert data exfiltration from personal devices, and can leak multimedia preferences by recording their luminance patterns from afar. The adversary does not need to attack the internal network of the victim to extract the information. They only need a direct connection between the target device and the lights, and line-of-sight with bulbs during the exfiltration process>

[...] Anindya Maiti and Murtuza Jadliwala from the University of Texas at San Antonio studied how LIFX and Philips Hue bulbs receive their commands for playing visualizations into a room and developed a model to interpret brightness and color modulations occurring when listening to music or watching a video.

During audio-visualization, the brightness level reflects the source sound, while in the case of video visualizations, the modifications reflect the dominant color and brightness level in the current video frame. The associated mobile app controls the oscillations by sending specially formatted packets to the light bulbs. The model created by the two researchers requires the adversary to create a database of light patterns, like a dictionary for songs and videos, they can use as a reference for the profile captured from the target. Extracting information from a personal device is possible under certain conditions. The simple observation of the light pattern is not sufficient in this case.

Light bulbs need to support infrared lighting and should not require authorization for controlling them over the local network. Moreover, the adversary needs to plant malware that encodes private data from the target device and sends it to the smart light bulbs.

janrinok writes:

A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum.

The breach was reported today by Chinese media after several cyber-security firms spotted the forum ad [1, 2, 3, 4].

The seller said he obtained the data from Huazhu Hotels Group Ltd (Huazhu from hereafter), one of China's largest hotel chains, which operates 13 hotel brands across 5,162 hotels in 1,119 Chinese cities.

According to a description the hacker posted online, the stolen data is 141.5GB in size, contains 240 million records, with information on roughly 130 million hotel guests that stayed at one of Huazhu hotels.

The following user data is believed to be sold online: official website registration information (ID card number, mobile phone number, email address, login password); check-in registration information (customer name, ID card number, home address, birthday), and booking information (name, card number, mobile phone number, check-in time, departure time, hotel ID number, room number).

The data appears to be from customers who stayed at any of Huazhu's hotel brands —Hanting Hotel, Grand Mercure, Joye, Manxin, Novotel, Mercure, CitiGo, Orange, All Season, Starway, Ibis, Elan, Haiyou.

[...] They said the cause of the breach appears to be a mistake on the part of the Huazhu's development team, who seem to have uploaded copies of their database on a GitHub account.

Source: https://www.bleepingcomputer.com/news/security/data-of-130-million-chinese-hotel-chain-guests-sold-on-dark-web-forum/

Original Submission

An Anonymous Coward writes:

Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance that they have dubbed "Synesthesia"[1]: a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens."

The research, supported by the Check Point Institute for Information Security at Tel Aviv University[2] (of which Schuster and Tromer are members) and funded in part by the Defense Advanced Research Projects Agency, examined what amounts to an acoustic form of Van Eck phreaking. While Van Eck phreaking uses radio signal emissions that leak from display connectors, the Synesthesia research leverages "coil whine," the audio emissions from transformers and other electronic components powering a device's LCD display.

source: https://arstechnica.com/information-technology/2018/08/researchers-find-way-to-spy-on-remote-screens-through-the-webcam-mic/
archived: https://archive.fo/ZmO62

[1] https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf & https://www.cs.tau.ac.il/~tromer/synesthesia/
[2] http://cpiis.cs.tau.ac.il/

Original Submission

takyon writes:

Puerto Rico increases Hurricane Maria death toll to 2,975

Officials in Puerto Rico now say 2,975 people died following Hurricane Maria - a devastating storm that struck the US island territory in September 2017. The revised death toll is nearly 50 times the previous estimate of 64.

Governor Ricardo Rossello "accepted" the findings in a long-awaited independent investigation. The mayor of the capital, San Juan, accused the US government of deliberately downplaying the impact of the storm.

Puerto Rico has struggled to repair its infrastructure and power grid since the storm, and is asking US Congress for $139bn (£108bn) in recovery funds.

[...] The government's initial number was for those killed directly by the hurricane, crushed by collapsing buildings, drowned or hit by flying debris.

But the new report also counted those who died in the six months following the storm as a result of poor healthcare provision and a lack of electricity and clean water. Repeated power cuts also led to an increased number of deaths from diabetes and sepsis.

George Washington University (GWU) report: Ascertainment of the Estimated Excess Mortality from Hurricane Maria in Puerto Rico

Previously: Puerto Rican Death Toll From Hurricane Maria May be Many Times Higher Than Official Estimate

Original Submission

takyon writes:

The Chinese government appears to be withholding samples of the bird flu virus H7N9, requested by U.S. researchers:

The samples are critical for studying the virus and developing life-saving treatments and vaccines in preparation for potential outbreaks or pandemics. Usually, countries share viral samples "in a timely manner" without any fanfare under an agreement established by the World Health Organization to address such potential flu threats. That usually means a matter of months.

But according to The New York Times, China has failed to share the samples for more than a year, despite persistent requests from government officials and researchers, including those at the Centers for Disease Control and Prevention. Moreover, scientists and experts worry that, as the US and China continue to butt heads on trade agreements, the issue of sharing biological samples and other medical-related materials could worsen.

We can make our own flu, and send them live samples.

Also at The New York Times.

Original Submission

canopic jug writes:

Musicians don't usually get a lot of money. The go-to scapegoat remains copyright infringement or piracy as the industry tries to call it. However, that is contradicted by the reality that music industry revenues have been rising for years. The percentage reaching musicians being always small turns out to be due to mostly unnecessary middlemen. TechDirt has done analyses before and now that the data is in for 2017 it shows that only 12% of music revenue collected currently reaches the actual musicians.

Now we have even more data on this. Citibank recently released a massive and incredibly thorough report on the entire music industry showing how and where the money is made. There's lots of interesting and useful information in the report, but the headline grabbing fact is that musicians end up with just about 12% of global music revenue. As I said, the report is incredibly thorough (and a really useful read if you want to get a sense of just how convoluted and complex the music business really is), but the key is that there was ~$43 billion spent on music in 2017. Approximately $25 billion of that went to everyone (outside of the labels) who helped make the music available: digital streaming services, retail stores, concert venues[.]

[...] That leaves $18.2 billion in money distributed out to the labels. But of that amount, only about $5 billion actually goes to artists, which means right around 12% goes to artists[.]

Original Submission

The Mighty Buzzard writes:

Gift subscriptions from ACs (Anonymous Cowards) are working again. If you're curious what was broken, have a look.

If you attempted to make a gift subscription as an AC since early to mid May, and received an error, please try again at: https://soylentnews.org/subscribe.pl (Or click the link in the "Navigation" Slashbox).

As is standing SN policy, martyb is to blame for anything warranting blame. =) You can go about your business. Move along.

MrPlow writes:

Submitted via IRC for takyon

New Zealand divers were searching for a spot to dive when they happened upon an impressive, and kind of creepy-looking, giant squid:

"After we went for a dive we went back to [the squid] and got a tape measure out, and it measured 4.2 meters [13 feet] long," one of the divers, Daniel Aplin, told the New Zealand Herald.

A representative from the New Zealand Department of Conservation told the Herald that the divers most likely found a giant squid (Architeuthis dux) and not a colossal squid (Mesonychoteuthis hamiltoni). [Photos of the Stunning Deep-Sea Squid Feeding]

Both species of squid are formidable sea creatures, with giant squid typically reaching 16 feet (5 m) long, according to the Smithsonian, and the colossal squid reaching over 30 feet (10 m) long, according to the International Union for Conservation of Nature.

Source: https://www.livescience.com/63444-mysterious-dead-giant-squid.html

Original Submission

martyb writes:

Jupiter had Growth Disorders:

With an equator diameter of around 143,000 kilometers, Jupiter is the largest planet in the solar system and has 300 times the mass of the Earth. The formation mechanism of giant planets like Jupiter has been a hotly debated topic for several decades. Now, astrophysicists of the Swiss National Centre of Competence in Research (NCCR) PlanetS of the Universities of Bern and Zürich and ETH Zürich have joined forces to explain previous puzzles about how Jupiter was formed and new measurements. The research results were published in the magazine Nature Astronomy.

"We could show that Jupiter grew in different, distinct phases," explains Julia Venturini, postdoc at the University of Zürich. "Especially interesting is that it is not the same kind of bodies that bring mass and energy," adds Yann Alibert, Science Officer of PlanetS and first author of the paper. First, the planetary embryo rapidly accreted small, centimeter-sized pebbles and quickly built a core during the initial one million years. The following two million years were dominated by slower accretion of larger, kilometer-sized rocks called planetesimals. They hit the growing planet with great energy, releasing heat. "During the first stage the pebbles brought the mass," Yann Alibert explains: "In the second phase, the planetesimals also added a bit of mass, but what is more important, they brought energy." After three million years, Jupiter had grown to a body of 50 Earth masses. Then, the third formation phase started dominated by gas runaway accretion leading to today's gas giant with more than 300 Earth masses.

Journal Reference:
Yann Alibert, Julia Venturini, Ravit Helled, Sareh Ataiee, Remo Burn, Luc Senecal, Willy Benz, Lucio Mayer, Christoph Mordasini, Sascha P. Quanz, Maria Schönbächler. The formation of Jupiter by hybrid pebble–planetesimal accretion. Nature Astronomy, 2018; DOI: 10.1038/s41550-018-0557-2

Original Submission

martyb writes:

More Patients Survive Sudden Cardiac Arrest with New EMS Technique:

A new study showed that a change in the type of breathing tube paramedics use to resuscitate patients with sudden cardiac arrest can significantly improve the odds of survival and save thousands of lives. More than 90 percent of Americans who experience sudden cardiac arrest die before, or soon after, reaching a hospital.

"During resuscitation, opening the airway and having proper access to it is a key factor for the survival of someone who goes into cardiac arrest outside of a hospital," said George Sopko, M.D., M.P.H., program director in the NHLBI's Division of Cardiovascular Sciences and coauthor of the study. "But one of the burning questions in prehospital emergency care has been, 'Which is the best airway device?'"

[...] "While identical to techniques used by doctors in the hospital, intubation in these severe and stressful prehospital settings is very difficult and fraught with errors," said Henry E. Wang, M.D., professor and vice chair for research in the Department of Emergency Medicine at McGovern Medical School at The University of Texas Health Science Center at Houston. Wang was the study's lead author.

Today, however, new devices such as laryngeal tubes, offer simpler alternatives to opening and accessing an airway. These tubes are easier to use, and the trial showed that cardiac arrest patients treated with this alternative had a higher survival rate.

[...] Overall, patients in the laryngeal tube group had significantly better outcomes. For instance, 18.3 percent of patients survived three days in the hospital and 10.8 percent survived to reach hospital discharge. For the group with traditional endotracheal intubation, the survival numbers were 15.4 and 8.1 percent, respectively. Also, the proportion of patients surviving with good brain function was higher in the laryngeal tube group.

H.E. Wang et al. Effect of a Strategy of Initial Laryngeal Tube Insertion vs. Endotracheal Intubation on 72-Hour Survival in Adults with Out-of-Hospital Cardiac Arrest: A Randomized Clinical Trial. Journal of the American Medical Association. August 28, 2018. DOI: 10.1001/jama.2018.7044

Original Submission

A bot called Arthur has collected the following story from the RSS feeds:

The European Union reckons 5G R&D needs a boost – so it has slung a loan of €500m in the general direction of Finland.

Nokia, recipient of the loan from the European Investment Bank (EIB) and the European Fund for Strategic Investments (EFSI), hasn't identified specific goals for its development effort.

However, EIB president Alexander Stubb told Finnish newspaper Helsingin Sanomat that Europe needs to catch up with the countries it sees as the powerhouses of 5G – China and the USA.

[...] The loan comes in a climate increasingly hostile to Chinese giant Huawei, which is viewed with suspicion by the UK and US, and subject to an outright ban on competing for 5G projects in Australia.

Original Submission

MrPlow writes in with a story submitted (via IRC) for SoyCow4408:

You can’t automate the truth.

This week, two projects were unveiled that are intended to act as buffers between the world and fake news. The first, SurfSafe, was created by a pair of UC Berkley undergrads, Ash Bhat and Rohan Phadte. The second, Reality Defender, is the work of the AI Foundation, a startup founded in 2017 that has yet to release a commercial product. Both projects are browser plug-ins that will alert users to misinformation by scanning images and videos on the webpages they’re looking at and flagging any doctored content.

Lars Buttler, CEO of AI Foundation, tells The Verge that his team was motivated to create the plug-in because of escalating fears over misinformation, including AI-generated fakes. “We felt we were at the threshold of something that could be very powerful but also very dangerous,” says Buttler. “You can use these tools in a positive way, for entertainment and fun. But a free society depends on people having some sort of agreement on what objective reality is, so I do think we should be scared about this.”

[...] Of the two plug-ins, SurfSafe’s approach is simpler. Once installed, users can click on pictures, and the software will perform something like a reverse-image search. It will look for the same content that appears on trusted “source” sites and flag well-known doctored images. Reality Defender promises to do the same (the plug-in has yet to launch fully), but in a more technologically advanced manner, using machine learning to verify whether or not an image has been tinkered with. Both plug-ins also encourage users to help out with this process, identifying pictures that have been manipulated or so-called “propaganda.”

The two approaches are very different. SurfSafe’s leans heavily on the expertise of established media outlets. Its reverse-image search is basically sending readers to look at other sites’ coverage in the hope that they have spotted the fake. “We think there are groups doing a great job of [fact-checking content], but we want users to get that information at the click a mouse,” says SurfSafe’s Ash Bhat. Reality Defender, meanwhile, wants to use technology to automate this process.

So, just iterate your fakes until they "pass" both of them?

Source: https://www.theverge.com/2018/8/23/17383912/fake-news-browser-plug-ins-ai-information-apocalypse

Original Submission

martyb writes:

Why Don't People Express Gratitude More Often?

“Researchers have known for 15 years that gratitude improves well-being. There’s lots of work done on this already,” says Amit Kumar, assistant professor of marketing at the McCombs School of Business and lead author of a new paper that examines the consequences of showing appreciation. “What was interesting to me is that even though it’s something that’s well-known, people still don’t express gratitude all that often.”

To find out why, Kumar and his co-author Nicholas Epley, from the University of Chicago, conducted a series of studies recently published in Psychological Science looking at what happens when people send letters of gratitude.

Their findings offer insight into why people tend to withhold their gratitude, shattering some myths, and validating a simple message: Your appreciation means far more to people than you think.

The study had letter-writers estimate how much the recipient would be surprised by the thank-you note and how much they would appreciate it. Further, they asked how important it was that it used "just the right" words and how articulate they appeared. The letter-writers significantly underestimated how much their letters were appreciated, and how little importance the recipient placed on the wording compared to the sincerity of the message that was sent:

“What we saw is that it only takes a couple minutes to compose letters like these — thoughtful and sincere ones,” says Kumar. “It comes at little cost, but the benefits are larger than people expect.”

So pick up your pen, keyboard, or phone and write that thank-you note.

So, if you've been holding off on sending someone a thank-you note, do not despair. A short, genuine expression of thanks means a lot and can help you feel better, too!

Original Submission

martyb writes:

c|net reports Yahoo Mail Scans Your Inbox for Receipts, but its Competitors Don't:

Oath, the Verizon-owned company that runs Yahoo's web properties, is scanning your inbox for commercial emails, according to a report Tuesday from The Wall Street Journal. Verizon bought Yahoo last year.

The emails would appear to include order confirmations and other such messages from online retailers. Oath uses the information to put you into interest groups and then help advertisers show you ads based on those interests, the Journal reported.

The practice isn't new for Yahoo, and users noticed that Oath gave itself the right to read your emails in its updated privacy policy in April. What makes it remarkable now is that Oath is marketing this ability to advertisers at a time when competitors in email don't do the same thing.

In 2017, Google said it would no longer scan users' consumer email accounts for advertising purposes. Microsoft said it's never done so, and it even famously called out Google in 2013 for the practice in an ad warning email users not to get "Scroogled."

I've watched many e-mail providers rise to the top in popularity over the years. (Remember Hotmail, AOL, Prodigy, and Lycos?)

Who is your current e-mail provider? Why did you select them and/or stick with them?

Original Submission

An Anonymous Coward writes:

After being enjoined from distributing 3D CAD Files of firearms from his website, DEFCAD.com, Cody Wilson announces plans to sell the files for any chosen price.

In other words: If he can't be the "Napster" of crypto-guns, he'll be the "iTunes," Wilson told reporters at a press conference Tuesday in Austin.
...
Josh Blackman, Wilson's lawyer, said in an interview Tuesday that selling the blueprints directly to people within the United States is perfectly legal.

"It's not about distribution, it's about posting them," Blackman said. "There's no prohibition on distributing these files — the prohibition is on doing it in a way that foreign persons can access."

Also at The Register, BBC, and Ars Technica.

Previously: Federal Judge Imposes Preliminary Injunction Against Defense Distributed's DEFCAD

Original Submission

An Anonymous Coward writes:

https://www.npr.org/sections/ed/2018/08/27/640323347/the-school-shootings-that-werent

This spring the U.S. Education Department reported that in the 2015-2016 school year, "nearly 240 schools ... reported at least 1 incident involving a school-related shooting." The number is far higher than most other estimates.

But NPR reached out to every one of those schools repeatedly over the course of three months and found that more than two-thirds of these reported incidents never happened. Child Trends, a nonpartisan nonprofit research organization, assisted NPR in analyzing data from the government's Civil Rights Data Collection.

We were able to confirm just 11 reported incidents, either directly with schools or through media reports.

In 161 cases, schools or districts attested that no incident took place or couldn't confirm one. In at least four cases, we found, something did happen, but it didn't meet the government's parameters for a shooting. About a quarter of schools didn't respond to our inquiries.

More details in article.

Original Submission