2020-07-01 00:00:00 ..
2020-08-02 18:26:48 UTC
2020-08-03 12:59:18 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
Google is warning that the Bluetooth Low Energy version of the Titan security key it sells for two-factor authentication can be hijacked by nearby attackers, and the company is advising users to get a free replacement device that fixes the vulnerability.
A misconfiguration in the key's Bluetooth pairing protocols makes it possible for attackers within 30 feet to either communicate with the key or with the device it's paired with, Google Cloud Product Manager Christiaan Brand wrote in a post published on Wednesday.
[...] To tell if a Titan key is vulnerable, check the back of the device. If it has a "T1" or "T2," it's susceptible to the attack and is eligible for a free replacement. Brand said that security keys continued to represent one of the most meaningful ways to protect accounts and advised that people continue to use the keys while waiting for a new one. Titan security keys sell for $50 in the Google Store.
While people wait for a replacement, Brand recommended that users use keys in a private place that's not within 30 feet of a potential attacker. After signing in, users should immediately unpair the security key. An Android update scheduled for next month will automatically unpair Bluetooth security keys so users won't have to do it manually.
[Note: Though it cautions about attackers within 30 feet (approximately 10 meters), the distance could be potentially much greater than that depending on the design of the antenna used by the attacker; cf an analogous technique described in How To Make a Wi-Fi Antenna Out Of a Pringles Can. --Ed.]
The American Registry for Internet Numbers (ARIN) discovered a fraud scheme in late-2018 through which 757,760 IPv4 addresses worth between $9,850,880 and $14,397,440 were fraudulently obtained.
ARIN is a nonprofit corporation which distributes Internet number resources such as IPv4, IPv6, and Autonomous System numbers to organizations throughout the United States, Canada, and Caribbean and North Atlantic islands.
"On May 1, 2019, ARIN obtained a final and very favorable arbitration award which included revocation of all resources issued pursuant to fraud and $350,000 to ARIN for its legal fees," says a press release issued by ARIN on May 13.
ARIN was able to uncover and revoke the IPv4 addresses obtained through the fraud scheme following the arbitration [PDF] in the U.S. District Court for the Eastern District of Virginia, with the individual and the company behind the scheme being charged in federal court in a twenty-counts of wire fraud indictment.
As a Department of Justice (DoJ) press release issued today says, the two accused parties "created and utilized 'Channel Partners,' which purported to consist of several individual businesses, all of whom acquired the right to IP addresses from the American Registry of Internet Numbers (ARIN)."
France: It measures 324 meters in height, weighs 7,300 tons and attracts more than seven million visitors each year: the Eiffel Tower, strongly contested during its construction, has become the symbol of Paris, which is celebrating its 130th anniversary this year.
This property of the City of Paris celebrated all over the world has not always been liked: its construction was accompanied by a "huge controversy, complaints and petitions" of opponents, says the deputy in charge of culture at the city hall of Paris, Christophe Girard.
On the occasion of the Universal Exhibition of 1889, which marked the centenary of the French Revolution, a great competition was launched, won by the industrialist Gustave Eiffel, much to the chagrin of many artists of the time including the writer Guy de Maupassant.
Built in two years, two months and five days, the one based on more than 18,000 pieces of iron is the symbol of a "technical and architectural performance". In the nineteenth century, "it is the symbol of a France that catches up with its industrial power" and becomes "the highlight of the 1889 exhibition," said Bertrand Lemoine, architect and historian.
Cybercriminals are using a new method to evade detection to make sure that the traffic generated by their malicious campaigns is not being detected, a technique based on SSL/TLS signature randomization and dubbed cipher stunting.
The vast majority of malicious traffic on the Internet — including attacks against web apps, scraping, credential abuse, and more — is funneled via secure connections over SSL/TLS says Akamai's Threat Research Team in a report published today.
Akamai's report says that "From an attacker's perspective, tweaking SSL/TLS client behavior can be trivial for some aspects of fingerprinting evasion, but the difficulty can ramp up for others depending on the purpose of evasion or the bot in question. In such settings, many packages require deep levels of knowledge and understanding on the attacker's part in order to operate correctly."
This technique is used by attackers to evade detection and run their malicious campaigns undisturbed, with at least a few tens of thousands of TLS fingerprints being used for such purposes before the novel cipher stunting evasion method was observed by the researchers.
A mind-controlled hearing aid that allows the wearer to focus on particular voices has been created by scientists, who say it could transform the ability of those with hearing impairments to cope with noisy environments.
The device mimics the brain's natural ability to single out and amplify one voice against background conversation. Until now, even the most advanced hearing aids work by boosting all voices at once, which can be experienced as a cacophony of sound for the wearer, especially in crowded environments.
[...] The hearing aid first uses an algorithm to automatically separate the voices of multiple speakers. It then compares these audio tracks to the brain activity of the listener. Previous work by Mesgarani's lab found that it is possible to identify which person someone is paying attention to, as their brain activity tracks the sound waves of that voice most closely.
[...] The current version of the hearing aid, which involved direct implants into the brain, would be unsuitable for mainstream use. But the team believe it will be possible to create a non-invasive version of the device within the next five years, which would monitor brain activity using electrodes placed inside the ear, or under the skin of the scalp.
Finally some tech to help the stalkers among us.
SanDisk is letting you put 1TB of data on a card the size of a fingernail.
The company's massive-but-minute Extreme microSD UHS-I Card is now available for $450, months after its reveal at Mobile World Congress.
The product page, reported earlier by Tom's Guide, notes read speeds up to 90MB/s and write speeds up to 60MB/s, which is a little slower than the world's fastest flash memory option that SanDisk promised at MWC.
Now you can lose even more data in the washing machine or in the detritus in the bottom of your attache.
After analyzing the top three breaches from the past three years, Bitglass found that in the aftermath of a data breach, a decrease in stock price was a notable repercussion identifiable for publicly traded companies.
The report, Kings of the Monster Breaches, identified the extensive damage done by improper security by looking specifically at the Marriott breach of 2018, the Equifax breach of 2017 and the Yahoo! breach of 2016. These top three breaches had a widespread impact on individuals, with a reported mean number of 257 million individuals directly affected by each breach.
Research also showed that these breaches have cost an average of $347 million in legal fees, penalties and remediation costs. "Marriott uncovered the breach while seeking GDPR compliance; the company is now being fined $912 million under the regulation," the report said.
[...] Publicly traded companies suffered an average drop of 7.5% in their stock values and a mean market cap loss of $5.4 billion per company, and it reportedly took 46 days, on average, for those stock prices to return to their pre-breach levels. To date, the stock price of Equifax has not yet recovered.
Natural gas production in the United States has increased 46 percent since 2006, but there has been no significant increase of total US methane emissions and only a modest increase from oil and gas activity, according to a new NOAA study.
The finding is important because it's based on highly accurate measurements of methane collected over 10 years at 20 long-term sampling sites around the country in NOAA's Global Greenhouse Gas Reference Network, said lead author Xin Lan, a CIRES scientist working at NOAA.
"We analyzed a decade's worth of data and while we do find some increase in methane downwind of oil and gas activity, we do not find a statistically significant trend in the US for total methane emissions," said Lan. The study was published in the AGU journal Geophysical Research Letters.
[...] Methane is a component of natural gas, but it can also be generated by biological sources, such as decaying wetland vegetation, as a byproduct of ruminant digestion, or even by termites. Ethane is a hydrocarbon emitted during oil and natural gas production and is sometimes used as a tracer for oil and gas activity. By measuring ethane, which is not generated by biologic processes, scientists had hoped to produce an accurate estimate of petroleum-derived methane emissions.
A bit of good news.
Tesla's advanced driver assist system, Autopilot, was active when a Model 3 driven by a 50-year-old Florida man crashed into the side of a tractor-trailer truck on March 1st, the National Transportation Safety Board (NTSB) states in a report released on Thursday. Investigators reviewed video and preliminary data from the vehicle and found that neither the driver nor Autopilot "executed evasive maneuvers" before striking the truck.
[...] The driver, Jeremy Beren Banner, was killed in the crash. It is at least the fourth fatal crash of a Tesla vehicle involving Autopilot.
This crash is eerily similar to another one involving a Tesla in 2016 near Gainesville, Florida. In that incident, Joshua Brown was killed when his Model S sedan collided with a semitrailer truck on a Florida highway in May 2016, making him the first known fatality in a semi-autonomous car.
The National Highway Traffic Safety Administration (NHTSA) determined that a "lack of safeguards" contributed to Brown's death. Meanwhile, today's report is just preliminary, and the NTSB declined to place blame on anyone.
Source: The Verge
Also at Ars Technica.
D-Wave today debuted a new processor for quantum computing. With lower noise (noise in quantum computing is also known as quantum decoherence or error rate), the D-Wave 2000Q processor boasts up to 25 times better performance than its predecessor. It takes advantage of D-Wave's new and improved quantum computing platform announced earlier this year and is available now.
In February, D-Wave announced a new quantum annealing platform with a new qubit topology, lower noise, a higher number of qubits (for future D-Wave quantum computers), as well as hybrid software and tools that the company said it would deliver by mid-2020.
[...] D-Wave said that its customers have developed more than 150 quantum applications for the D-Wave quantum computer in areas such as airline scheduling, election modeling, quantum chemistry simulation, automotive design, preventative healthcare and logistics. Some have also developed new tools to improve the application development process.
Previously: D-Wave Announces Availability of a ~2,000 Qubit Machine and a Customer for It
Google and NASA Still on Board With D-Wave, Upgrade to 2048 "Qubits"
NASA and Google Collaboration Turns on D-Wave 2000Q System
As new security technologies shield us from cybercrime, a slew of adversarial technologies match them, step for step. The latest such advance is the rise of digital doppelgängers—virtual entities that mimic real user behaviors authentic enough to fool advanced anti-fraud algorithms.
In February, Kaspersky Lab's fraud-detection teams busted a darknet marketplace called Genesis that was selling digital identities starting from US $5 and going up to US $200. The price depended on the value of the purchased profile—for example, a digital mask that included a full user profile with bank login information would cost more than just a browser fingerprint.
The masks purchased at Genesis could be used through a browser and proxy connection to mimic a real user's activity. Coupled with stolen (legitimate) user accounts, the attacker was then free to make new, trusted transactions in the user's name—including with credit cards.
Well, so much for biometric security. Next?
Chinese technology giant Huawei, known for its smartphones and telecommunications equipment, is making further inroads into the enterprise IT market with a database product powered by machine learning.
The product will compete with popular database systems provided by IT's old-guard, including IBM, Oracle and Microsoft.
Huawei claims the system is the first to use machine learning to tune database performance, and that the self-tuning algorithm improves the process' performance by over 60 percent.
The database is named GaussDB and will be available as a service on local and private clouds. When running on Huawei's cloud platform, HUAWEI Cloud, GaussDB provides data warehouse services for a raft of customers, including financial, Internet, logistics, education, and automotive industries.
GaussDB is also compatible with both x86 and Arm processor architectures and leverages GPUs and neural processing units (NPUs).
The launch was first reported by The Information who cited sources saying GaussDB will be initially available in China, with worldwide coverage coming later.
The more regularly adults aged 50 and over played puzzles such as crosswords and Sudoku, the better their brain function, according to research in more than 19,000 participants, led by the University of Exeter and King's College London.
The findings emerge from two linked papers published today (May 16th) in the International Journal of Geriatric Psychiatry. The researchers have previously presented their findings on word puzzles at the Alzheimer's Association International Conference in 2018. The new research builds on these findings and also reports the same effect in people who regularly complete number puzzles.
[...] researchers calculate that people who engage in word puzzles have brain function equivalent to ten years younger than their age, on tests assessing grammatical reasoning and eight years younger than their age on tests measuring short term memory.
Dr Anne Corbett, of the University of Exeter Medical School, who led the research, said: "We've found that the more regularly people engage with puzzles such as crosswords and Sudoku, the sharper their performance is across a range of tasks assessing memory, attention and reasoning. The improvements are particularly clear in the speed and accuracy of their performance. In some areas the improvement was quite dramatic -- on measures of problem-solving, people who regularly do these puzzles performed equivalent to an average of eight years younger compared to those who don't. We can't say that playing these puzzles necessarily reduces the risk of dementia in later life but this research supports previous findings that indicate regular use of word and number puzzles helps keep our brains working better for longer."
Engineers and scientists solve puzzles every day for a living. How does their brain function compare in old age?
It's not the first time a Lilium Jet — the company's all-electric vertical take-off and landing (VTOL) device — has taken to the sky but it is the first time the new five seater has taken off and landed, following extensive ground testing. Lilium published a video of a two-seater version's inaugural flight just over two years ago.
The new five-seater is a full-scale, full-weight prototype that is powered by 36 all-electric jet engines to allow it to take-off and land vertically, while achieving "remarkably efficient horizontal or cruise flight," says Lilium
Will the back seat of the air taxi be cleaner than the normal kind?
[Updated 20190517_020607 UTC. According to SpaceX's twitter feed:
Standing down to update satellite software and triple-check everything again. Always want to do everything we can on the ground to maximize mission success, next launch opportunity in about a week.
Original story follows.
From the live stream on YouTube:
SpaceX is targeting Thursday, May 16 for the launch of 60 Starlink satellites from Space Launch Complex 40 (SLC-40) at Cape Canaveral Air Force Station, Florida. SpaceX’s Starlink is a next-generation satellite network capable of connecting the globe, especially reaching those who are not yet connected, with reliable and affordable broadband internet services.
The launch window opens at 10:30 p.m. EDT, or 2:30 UTC on May 17, and closes at 12:00 a.m. on May 17, or 4:00 UTC. Falcon 9’s first stage for this mission previously supported the Telstar 18 VANTAGE mission in September 2018 and the Iridium-8 mission in January 2019. Following stage separation, SpaceX will attempt to land Falcon 9’s first stage on the “Of Course I Still Love You” droneship, which will be stationed in the Atlantic Ocean. Approximately one hour and two minutes after liftoff, the Starlink satellites will begin deployment at an altitude of 440km. They will then use onboard propulsion to reach an operational altitude of 550km.
The live stream historically "goes live" approximately 15 minutes before launch which should be 1 hour from the time this story goes live.
After back-to-back years of strong growth, semiconductor revenues will decline this year, according to IDC's latest update to its semiconductor forecaster.
The IT market research specialist predicts worldwide semiconductor revenue to decline to $440 billion (£342 billion), a 7.2 percent drop from $474 billion (£369 billion) in 2018, due to oversupply that will continue into 2020.
IDC said the slump is temporary and expects revenues to recover in 2020 and register a compound annual growth rate of 2.0 percent from 2018-2023, reaching $524 billion (£408 billion) in 2023.