SoylentNews

martyb writes:

SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day:

On the heels of releasing a Windows zero-day exploit on Wednesday, developer SandboxEscaper has dropped exploit code for four more flaws on Thursday morning.

On Wednesday, she dropped a Windows zero-day exploit that would allow local privilege-escalation (LPE), by importing legacy tasks from other systems into the Task Scheduler utility – and she promised four more unpatched bugs while she was at it.

SandboxEscaper held true to that promise, on Thursday releasing on GitHub the proof-of-concepts (PoCs) for another three Windows LPE flaws, and a sandbox-escape zero-day vulnerability impacting Internet Explorer 11. One of them however turns out to already be patched.

The exploits:

[...] a Windows Error Reporting (WER) bug (CVE-2019-0863), was actually patched earlier this month in Microsoft's May Patch Tuesday fixes

[...] zero-day impacting Internet Explorer 11, which could enable bad actors to inject a dynamic link library (DLL) into Internet Explorer."

[...] a bypass for a previously released patch addressing a Windows permissions-overwrite, privilege-escalation flaw (CVE-2019-0841)."

[...] A final flaw is an "installer bypass" issue in Windows update

Not just one's own personal machines need to be considered; it's all the other Windows-based systems that we interact with, too. Might be best to hold off on non-essential transactions for a while?

Original Submission

An Anonymous Coward writes:

Uber drivers working at Reagan National Airport have found a way to increase their revenue by taking advantage of the "surge" pricing algorithm used by the app. By logging off and making themselves scarce as a plane full of potential riders arrives on the runway, the sharp change in the supply vs. demand of drivers and passengers causes fare prices to rise automatically. The drivers can then sign back in and snap up these gigs while the higher prices remain in effect.
https://www.zerohedge.com/news/2019-05-20/uber-lyft-drivers-game-surge-pricing-reagan-national-airport-synchronized-scheme

Original Submission

An Anonymous Coward writes:

https://writtendescription.blogspot.com/2019/05/inevitable-disclosure-injunctions-under.html

The inevitable disclosure doctrine is a fancy name for what is basically a special type of employment injunction. As one California court put it, before purporting to reject the doctrine, "[t]he inevitable disclosure doctrine results in an injunction prohibiting employment, not just use of trade secrets." See Whyte v. Schlage Lock Co., 101 Cal. App. 4th 1443, 1458 (2002) (rejecting inevitable disclosure doctrine as creating an "after-the-fact" non-compete agreement).

The idea is that the employee just won't be able to help it, despite her best intentions, because she knows such specific and sensitive information; is about to switch jobs, and loyalties, to work for a direct competitor; is doing precisely the same work as she did before; and she's maybe not all that trustworthy to begin with. Factors that make the remedy possible are direct, intense competition; that the prospective employer is in a position to benefit; that the employee will have similar job duties at the new company; and that the employee has engaged in suspicious acts, leading his trustworthiness to be questioned.

(Emphasis in original.)

Original Submission

"RandomFactor" writes:

Physicists at the University of Basel have shown for the first time how a single electron looks in an artificial atom.

Controlling and switching [the spin of an electron] or coupling it with other spins is a challenge on which numerous research groups worldwide are working. The stability of a single spin and the entanglement of various spins depends, among other things, on the geometry of the electrons—which previously had been impossible to determine experimentally.

This is only possible in an artificial atom, so what, you may ask, is an 'artificial' atom?

A quantum dot is a potential trap which allows confining free electrons in an area which is about 1000 times larger than a natural atom. Because the trapped electrons behave similarly to electrons bound to an atom, quantum dots are also known as "artificial atoms."

This has potential application in quantum computing as electron spin is a candidate for use in storing quantum information.

More information: Leon C. Camenzind et al. Spectroscopy of Quantum Dot Orbitals with In-Plane Magnetic Fields, Physical Review Letters (2019). DOI: 10.1103/PhysRevLett.122.207701

Peter Stano et al. Orbital effects of a strong in-plane magnetic field on a gate-defined quantum dot, Physical Review B (2019). DOI: 10.1103/PhysRevB.99.085308.

Original Submission

An Anonymous Coward writes:

Back in 2016 the Australian Department of Health decided to combine the state and federal Bowel Cancer Screening registers into one register and tendered the contract for the project to Telstra. Telstra is Australia's oldest telecommunications company and lacked experience with managing public health systems. After signing the $220 million contract to build a new cancer register, Telstra promptly purchased companies with experience building health systems. After being chided by the AONO (Australian National Audit Office) for not having a plan for data security, Telstra tried and failed to bring services online, delaying the rollout until late 2019.

Now Telstra has set a date for delivery of the expensive cancer register of November 2019, with caveats for some functionality not to be delivered until 2020. So far, Telstra has received only $18 million of the $220 million promised in the contract as the Health department withholds payments as milestones are missed.

How much would you charge to build a bowel cancer registry for approximately 25 million people?

Original Submission

saturnalia0 writes:

Swiss voters on Sunday approved a measure to tighten the Alpine nation's gun laws, bringing the country in line with many of its European partners despite the objections of local gun owners, Swiss media reported, citing official results.

Switzerland's public broadcaster said more than 63% of voters nationwide agreed to align with European Union firearms rules adopted two years ago after deadly attacks in France, Belgium, Germany and Britain.

The vote Sunday was part of Switzerland's regular referendums that give citizens a direct say in policymaking. It had stoked passions in a country with long, proud traditions of gun ownership and sport and target shooting. Switzerland, unlike many other European nations, allows veterans of its obligatory military service for men to take home their service weapons after tours of duty.

The Swiss proposal, among other things, requires regular training on the use of firearms, special waivers to own some semi-automatic weapons and serial number tracking system for key parts of some guns. Gun owners would have to register any weapons not already registered within three years, and keep a registry of their gun collections.

https://www.usatoday.com/story/news/world/2019/05/19/tighter-gun-laws-appear-pass-switzerland-despite-opposition/3731629002/

Original Submission

James Orme suggests the following story:

The researchers, from the University of Cambridge, programmed a small fleet of miniature robotic cars to drive on a multi-lane track and observed how the traffic flow changed when one of the cars stopped.

When the cars were not driving cooperatively, any cars behind the stopped car had to stop or slow down and wait for a gap in the traffic, as would typically happen on a real road. A queue quickly formed behind the stopped car and overall traffic flow was slowed.

However, when the cars were communicating with each other and driving cooperatively, as soon as one car stopped in the inner lane, it sent a signal to all the other cars. Cars in the outer lane that were in immediate proximity of the stopped car slowed down slightly so that cars in the inner lane were able to quickly pass the stopped car without having to stop or slow down significantly.

Additionally, when a human-controlled driver was put on the 'road' with the autonomous cars and moved around the track in an aggressive manner, the other cars were able to give way to avoid the aggressive driver, improving safety.

The results, to be presented today at the International Conference on Robotics and Automation (ICRA) in Montréal, will be useful for studying how autonomous cars can communicate with each other, and with cars controlled by human drivers, on real roads in the future.

Sources:

• https://www.cam.ac.uk/research/news/driverless-cars-working-together-can-speed-up-traffic-by-35-percent
• https://www.bbc.com/news/uk-england-cambridgeshire-48326428
• https://www.autofutures.tv/2019/05/20/miniature-cars/
• https://techerati.com/news-hub/driverless-car-fleet-can-reduce-traffic-by-at-least-35-percent-research-suggests/

[Editors Comment: The submitter is linked professionally to the last of the listed sources. Additional source material, including the original paper from Cambridge University as primary source, is also listed.]

Original Submission

upstart writes:

Submitted via IRC for AnonymousLuser

Credit Union Sues Fintech Giant Fiserv Over Security Claims

In late April 2019, Fiserv was sued by Bessemer System Federal Credit Union, a comparatively tiny financial institution with just $38 million in assets. Bessemer said it was moved by that story to launch its own investigation into Fiserv’s systems, and it found a startlingly simple flaw: Firsev’s platform would let anyone reset the online banking password for a customer just by knowing their account number and the last four digits of their Social Security number.

[...] Bessemer further alleges Fiserv’s systems had no checks in place to prevent automated attacks that might let thieves rapidly guess the last four digits of the customer’s SSN — such as limiting the number of times a user can submit a login request, or imposing a waiting period after a certain number of failed login attempts.

[...] Bessemer says instead of fixing these security problems and providing the requested assurances that information was being adequately safeguarded, Fiserv issued it a “notice of claims,” alleging the credit union’s security review of its own online banking system gave rise to civil and criminal claims.

The credit union says Fiserv demanded it not disclose information relating to the security review to any third parties, “including Fiserv’s other clients (who presumably were affected with the same security problems at their financial institutions) as well as media sources.”

Original Submission

upstart writes:

Submitted via IRC for AnonymousLuser

Scientists create a four-winged robot insect that flies with grace

It's difficult to make an insect-like flying robot -- realistic four-winged bots are typically too heavy, while lighter two-winged models tend to fly erratically. USC researchers have edged one step closer to the dream machine, however. They've created Bee+, a four-winged bot [...] that flies with more of the agility and poise of real insects while weighing just over 0.003oz. The trick was to drop earlier bimorph actuators, cantilevers made of two layers of piezoelectric material with a passive layer in between, with unimorphs that only have one piezoelectric layer. The four actuators combined weigh half as much as bimorphs would at just under 0.002oz, reducing the wing loading and significantly improving control.

There's still much, much more work to be done before there are robotic insects in service. Bee+ flies tethered, since that saves the team from factoring a battery into the design. Size is also a concern. While the robot is only slightly larger than a penny, it's still much larger and heavier than most real insects.

Original Submission

martyb writes:

Instagram Website Leaked Phone Numbers and Emails for Months, Researcher Says:

Instagram's website leaked user contact information, including phone numbers and email addresses, over a period of at least four months, a researcher says.

The source code for some Instagram user profiles included the account holder's contact information whenever it loaded in a web browser, says David Stier, a data scientist and business consultant, who notified Instagram shortly after he discovered the problem earlier this year. The contact information wasn't displayed on the account holder's profiles on the desktop version of the Instagram website, although it was used by the photo-sharing site's app for communication. It isn't clear why the information was included in the website's source code.

The exposure appeared to include contact information for thousands of accounts, which belonged to private individuals -- some of whom were minors -- along with businesses and brands, Stier said. Including the information in the source code could let hackers scrape the data from the Instagram website, allowing them to assemble a virtual phone book that lists the contact details of thousands of Instagram users.

Pictures, or it didn't happen! Oh, wait./

Original Submission

Phoenix666 writes:

Forbes:

Netflix changed how we watch TV, but it didn't really change what we watch...

Netflix has achieved its incredible growth by taking distribution away from cable companies. Instead of watching The Office on cable, people now watch The Office on Netflix.

This edge isn't sustainable.
...
Disney's cable business has stagnated over the past seven years. But in about 175 days, Disney is set to launch its own streaming service called Disney+.

It's going to charge $6.99/month—around $6 cheaper than Netflix.

And it's pulling all its content off of Netflix.

This is a big deal.

No more Bunk'd on Netflix? Nooooooooooooooo...

Original Submission

RandomFactor writes:

The Mars 2020 rover will touch down on the red planet in February 2021 in the 45 Kilometer wide Jezero Crater. But if you want, it can take a little piece of you with it, your name.

NASA is inviting people around the world to submit their names to fly aboard the life-hunting Mars 2020 rover, which is scheduled to launch next summer and touch down on the Red Planet in February 2021.

Its quick, its easy, and its free.

Getting your name (way) out there is easy; just fill out the short form here by Sept. 30. You'll get a Mars "boarding pass" for your minimal trouble.

This isn't a new idea for NASA, they did the same thing on the Mars Insight Lander, which landed in November of last year with more than two million people's names onboard.

NASA Jet Propulsion Laboratory (JPL) mission team members in Pasadena, California will

use an electron beam to etch submitted names onto a microchip, in lines of text that are less than 0.1% as wide as a human hair. About 1 million names can be squeezed onto a single chip, NASA officials said.

And, on the subject of names, the rover will be getting a new one soon enough.

NASA plans to hold a student naming competition, as the agency has done with Red Planet rovers in the past. For example, then-sixth-grader Clara Ma submitted the moniker "Curiosity" for Mars 2020's predecessor, which has been exploring the Red Planet's Gale Crater since 2012.

If you are keeping track, 313,586,649 frequent flyer miles (504,668,791 km) award points will be awarded on the flight from Cape Canaveral to Jezero Crater.

Original Submission

takyon writes:

Now we know why SpaceX is suing the US government

SpaceX's rivals just blew the cover off the rocket company's secretive lawsuit against the US government. Blue Origin, Northrop Grumman (NOC) and United Launch Alliance all received Air Force contracts in October in response to the government's request for Launch Service Agreement proposals, or LSAs, which are worth hundreds of millions of dollars. SpaceX did not receive an LSA contract. Those awards are at the heart of SpaceX's new lawsuit, and they want to be involved in the proceedings to protect their interests, according to documents filed Tuesday and Wednesday.

[...] The Air Force developed the LSA to help awardees develop massive new rockets that could one day be capable of launching national security payloads for the military. ULA was promised up to $967 million for its forthcoming Vulcan Centaur rocket. Northrop Grumman, which is building a launch vehicle called OmegA, will receive up to $792 million. And Blue Origin will get $500 million for its New Glenn rocket. The awards, however, do not guarantee that the new rockets will one day win military launch contracts, which are extremely lucrative and coveted in the space industry.

[...] SpaceX, like the other companies, is also developing a new launch vehicle: It's called Starship and Super Heavy, a rocket and spaceship system that Musk has described as the technology that will allow humans to colonize Mars. Theoretically, the rocket could be used to help launch heavy military payloads into orbit as well.

The redacted SpaceX complaint posted Wednesday states that the company's proposal asked for money to support all three of [its] rockets — the Falcon 9 and Falcon Heavy, which are already operational, and Starship. But officials determined that including Starship would render "the entire SpaceX portfolio the 'highest risk'" of all the options. SpaceX called that claim "unreasonable," according to the complaint. "The Agency wrongly awarded LSAs to a portfolio of three unproven rockets based on unstated metrics, unequal treatment under the procurement criteria, and opaque industrial planning," SpaceX alleged.

Also at Space News, CNBC, and Reuters.

Previously: The Military Chooses Which Rockets It Wants Built for the Next Decade
Blue Origin Urges U.S. Air Force to Delay Launch Provider Decision

Original Submission

martyb writes:

We recently had reports of some 'wonkiness' on the site.

Reports started appearing in our #Soylent channel on IRC about 90 minutes ago. For example, the Main Page would load, but parts of the page (such as the slashboxes on the left-hand side) were missing.

I borked my first attempt, but on the second try successfully restarted apache and slashd on both of our front-end servers: hydrogen and fluorine.

All seems to be working correctly now. If this is not the case for you, you may need to clear the browser cache on your system and/or do a hard reload of the page (e.g. Ctrl+F5). If things are still not right, please reply in the comments and/or pop into channel #dev on IRC and let us know.

I'm not sure what precipitated the behavior; I'll leave that to TheMightyBuzzard or one of the sysadmin folk to investigate. I'm sure they'll fill us in on whatever root cause was found.

OTOH, one cannot entirely rule out a spurious gamma ray that flipped a key bit in memory that caused an avalanche of untrapped events.

You can now return to your usual, spirited discussions.

Original Submission

Phoenix666 writes:

Phys.org:

The US has hit China where it hurts by going after its telecom champion Huawei, but Beijing's control of the global supply of rare earths used in smartphones and electric cars gives it a powerful weapon in their escalating tech war.

A seemingly routine visit by President Xi Jinping to a Chinese rare earths company this week is being widely read as an obvious threat that Beijing is standing ready for action.
...
However, analysts say China appears apprehensive to target the minerals just yet, possibly fearful of shooting itself in the foot by hastening a global search for alternative supplies of the commodities.

Better buy your new devices now...

Original Submission