SoylentNews

upstart writes:

Submitted via IRC for AnonymousLuser

Hollywood lie: Bank hacks take months, not seconds

A report published today by cyber-security firm Bitdefender gives one of the best views we ever got into the inner-workings of a modern bank heist, and more particularly, a bank heist carried out by Carbanak, a group of hackers responsible for stealing more than one billion euros from banks all over the world.

Methodical, slow, and paying close attention to not getting discovered, a Carbanak hack is like a slow burning fire that makes its way across a forest.

Unlike Hollywood movies where bank cyber-heists happen within seconds, in the real world, hackers spend weeks inside banks' IT systems, gathering intel, and preparing for the day when they're ready to spring into action and steal funds.

Everything about a modern-day bank cyber-heist is... boring, even the hacking, which involves good ol' techniques like spear-phishing, vulnerability scanning, domain controller compromise, lateral movement, and the use of off-the-shelf, legitimate tools like Cobalt Strike.

Original Submission

MrPlow writes:

Submitted via IRC for Runaway1956

In the deep sea, dragonfish lure smaller fish near their gaping jaws with beardlike attachments capped with a light. But the teeth of the pencil-sized predators don't gleam in that glow.

Instead, dragonfish teeth are transparent and hard to see, thanks to nanoscale structures that reduce the amount of light scattered by the teeth, researchers report June 5 in Matter.

The clear daggers vanish into the animals' dark mouths, probably to help dragonfish surprise their prey, says study coauthor Marc Meyers, a materials scientist at the University of California, San Diego. "They are mini-monsters of the ocean."

The teeth of dragonfish are similar to those of most animals: They contain a dense outer layer of enamel-like material that coats a hard tissue called dentin. But nanostructures in both layers set these tiny chompers apart from others' pearly whites.

Source: https://www.sciencenews.org/article/dragonfish-teeth-transparent-prey

Original Submission

martyb writes:

Stanford Engineers Make Editing Video as Easy as Editing Text:

In television and film, actors often flub small bits of otherwise flawless performances. Other times they leave out a critical word. For editors, the only solution so far is to accept the flaws or fix them with expensive reshoots.

Imagine, however, if that editor could modify video using a text transcript. Much like word processing, the editor could easily add new words, delete unwanted ones or completely rearrange the pieces by dragging and dropping them as needed to assemble a finished video that looks almost flawless to the untrained eye.

A team of researchers from Stanford University, Max Planck Institute for Informatics, Princeton University and Adobe Research created such an algorithm for editing talking-head videos – videos showing speakers from the shoulders up.

The work could be a boon for video editors and producers but does raise concerns as people increasingly question the validity of images and videos online, the authors said. However, they propose some guidelines for using these tools that would alert viewers and performers that the video has been manipulated.

"Unfortunately, technologies like this will always attract bad actors," said Ohad Fried, a postdoctoral scholar at Stanford. "But the struggle is worth it given the many creative video editing and content creation applications this enables."

There is a video on YouTube explaining the technique and containing numerous examples.

So, given enough sample data, you can type a transcript of what you want said, and a "talking head" version of the samplee can be created showing them saying exactly that.

Previously: House Intelligence Committee to Hold Hearing on "Deepfakes"

Original Submission

martyb writes:

Somebody's Watching You: The Surveillance of Self-Driving Cars:

Picture the future, where driving is a thing of the past. You can hop in your car or one from a ride-share, buckle up and tell the car where you want to go. During your ride, you can check your email and look up a few things online through your dashboard. Meanwhile, your whereabouts and other details are being tracked remotely by companies. As self-driving cars develop further, autonomous vehicles will play a much larger role in the digital economy as car companies and others harness personalized customer information through geospatial and navigation technologies, combining it with existing financial consumer profiles, according to a study in Surveillance and Society.

"Self-driving cars will represent a new mode for surveillance. Through a self-driving car's global positioning, system, navigational tools, and other data collection mechanisms, companies will be able to gain access to highly contextual data about passengers' habits, routines, movements, and preferences," explained Luis F. Alvarez León, an assistant professor of geography at Dartmouth. "This trove of personal, locational, and financial data can be leveraged and monetized by companies, by providing a data-stream for companies to target customers through personalized advertising and marketing," he added.

[...] As self-driving car technologies develop, privacy and security concerns loom as to how companies will use personal data, an area for which the limits and specific governance mechanisms have yet to be defined by federal regulations.

Journal Reference:
Luis F Alvarez Leon. Eyes on the Road: Surveillance Logics in the Autonomous Vehicle Economy. Surveillance & Society, 2019; 17 (1/2): 198 DOI: 10.24908/ss.v17i1/2.12932

Original Submission

MrPlow writes:

Submitted via IRC for Runaway1956

Where humans have the money, we sometimes build storm defenses like seawalls to protect our coastal cities. But coastal development can often destroy natural defenses like coastal marshes or mangrove swamps. These ecosystems dampen waves and reduce storm surge flooding, and mangroves can even reduce wind speeds.

The protections provided by coastal ecosystem services are typically estimated by carefully looking at a single area or event. A new study led by East Carolina University's Jacob Hochard took another tack, comparing the economic impacts of tropical cyclones around the world with satellite data.

[...] Measuring economic activity requires a little more ingenuity, as you can't just look at reported statistics for many of these countries. Fortunately, the intensity of nighttime lighting in any location is easily determined from space and has been shown to be a reliable indicator of economic activity. Basically, if an area is doing well economically, there will be more lights on at night there.

To find out how well mangrove swamps protect nearby communities, the researchers measured the change in lighting for the years after a tropical cyclone made landfall. They compared communities with the average mangrove extent and above-average communities at the 68th percentile (one standard deviation above the mean). Instead of about 6 meters of mangrove buffer, these communities had about 25 meters of mangrove.

[...] The researchers made sure that they weren't mistaking causation for mere correlation—like the economic recovery after a storm involving more clearing of mangroves if the economic damage was greater. But an interesting possibility they couldn't evaluate is that the presence of more extensive mangroves might make recovery seem like a safer investment. It could be that given the choice between a community that seems unprotected from future storms and one that has a good mangrove buffer, more post-disaster money might flow into the latter—a case of "perception is reality" on top of the physical reality of storm waves coming through the trees.

Source: https://arstechnica.com/science/2019/06/more-mangroves-economies-recover-faster-after-tropical-cyclones/

Original Submission

AnonTechie writes:

Manuel Ricardo Torres Soriano, professor from the Politic Sciences, Public Law and Administration Department at Universidad Pablo de Olavide, who specializes in jihadist terrorism analysis, insurgent forces and radical movements, has published an article titled "Five terrorist dystopias," together with the University of Barcelona's professor Mario Toboso Buezo. The report aims to determine what will be the leading motivation for terrorism by the year 2040? Investigators single out technophobia as a leading cause for terrorism in the future.

The study has been published in the International Journal of Intelligence, Security and Public Affairs, and sets out a methodology based on the analysis of scenarios through the narrative description of five possibilities that consider the interaction of five trends: the technological advances of biomedicine, the emergence of new ideologies, climate change, structural unemployment caused by complete automation, and the constant growth of the cities.

What will be the motivation for terrorism by 2040?

[Source]: Pablo de Olavide University

[Abstract]: Five Terrorist Dystopias

How much should we believe their premise that technophobia will be the major cause of terrorism after 20 years?

Original Submission

Freeman writes:

On Wednesday, a vague tweet from a Blizzard game developer hinted at a canceled game project that fans would "never see," then announced his departure from the company. As questions started flying over what that game was, Kotaku super-reporter Jason Schreier showed up one day later with the scoop: the canceled game, which had been in development for two years, was a first-person shooter set in the StarCraft universe.

In addition to citing "three people familiar with goings-on," Schreier received a lengthy official response from Blizzard on Thursday that did not deny the game's existence and cancellation. It reads, in part: "As has been the case at Blizzard numerous times in the past, there is always the possibility that we'll make the decision to not move forward on a given project."

https://arstechnica.com/gaming/2019/06/report-blizzard-began-making-then-canceled-a-starcraft-first-person-shooter/

They canceled a StarCraft FPS, before it saw the light of day. Yet, they touted a Diablo mobile game out in front of everyone. This isn't the Blizzard it used to be.

Original Submission

martyb writes:

Large European Routing Leak Sends Traffic Through China Telecom

Beginning at 09:43 UTC today (6 June 2019), Swiss data center colocation company Safe Host (AS21217) leaked over 70,000 routes to China Telecom (AS4134) in Frankfurt, Germany. China Telecom then announced these routes on to the global internet redirecting large amounts of internet traffic destined for some of the largest European mobile networks through China Telecom's network. Some of the most impacted European networks included Swisscom (AS3303) of Switzerland, KPN (AS1130) of Holland, and Bouygues Telecom (AS5410) and Numericable-SFR (AS21502) of France.

Often routing incidents like this only last for a few minutes, but in this case many of the leaked routes in this incident were in circulation for over two hours. In addition, numerous leaked routes were more-specifics of routed prefixes, suggesting the use of route optimizers or similar technology.

At 09:57 UTC, over 1,300 Dutch prefixes were announced in this leak. For 470 routes of KPN (AS1136), the leak took the form:

... 4134 21217 21217 21217 21217 21217 21217 13237 1136

If someone thought the prepending of AS21217 would keep these routes from leaking out, they were mistaken.

[...] Today's incident shows that the internet has not yet eradicated the problem of BGP[*] route leaks. It also reveals that China Telecom, a major international carrier, has still implemented neither the basic routing safeguards necessary both to prevent propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur. Two hours is a long time for a routing leak of this magnitude to stay in circulation, degrading global communications.

A great place for any telecom to start improving their routing hygiene is to join the Internet Society's Mutually Agreed Norms for Routing Security (MANRS) project.

[*] Border Gateway Protocol: "Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. "

Given how many existing devices are on the internet that would need to be updated, many of them totally unawares to the groups that employ them, is there any possible way to fix BGP so that these kinds of problems can be totally eradicated?

Original Submission

An Anonymous Coward writes:

The games children play in schoolyards are famously horrible, if you stop and think about them.

Tag, for example, singles out one poor participant, often the slowest child, as the dehumanized "It," who runs vainly in pursuit of the quicker ones. Capture the Flag is nakedly militaristic. British Bulldog has obvious jingoistic colonial themes. Red Ass, known in America as Butts Up, involves deliberate imposition of corporal punishment on losers.

But none rouse the passions of reform-minded educational progressives quite like dodgeball, the team sport in which players throw balls at each other, trying to hit their competitors and banish them to the sidelines of shame.

When the Canadian Society for the Study of Education meets in Vancouver at the Congress of the Humanities and Social Sciences, a trio of education theorists will argue that dodgeball is not only problematic, in the modern sense of displaying hierarchies of privilege based on athletic skill, but that it is outright "miseducative."

https://nationalpost.com/news/dodgeball-isnt-just-problematic-its-an-unethical-tool-of-oppression-researchers

Just in case: tag capture the flag butts up British Bulldog dodgeball

Original Submission

takyon writes:

Report: Google argues the Huawei ban would hurt its Android monopoly

The Trump administration would probably describe its Huawei export ban as a move that improves national security by keeping China's pet telecom company out of the US market. According to a report from The Financial Times, Google's recent discussions with the US government actually argue that the Huawei ban is bad for national security. Google is reportedly asking for an exemption from the export ban.

The argument, reportedly, is that Huawei is currently dependent on Google for its Android smartphone software, and that dependence is a good thing for the US. The Financial Times quotes "one person with knowledge of the conversations" as saying, "Google has been arguing that by stopping it from dealing with Huawei, the US risks creating two kinds of Android operating system: the genuine version and a hybrid one. The hybrid one is likely to have more bugs in it than the Google one, and so could put Huawei phones more at risk of being hacked, not least by China."

[...] Google's control over the Android ecosystem—even when devices don't use the Google apps—means there is still some level of security and updateability going into these devices. Google's first argument in that Financial Times report is that more secure devices are better for national security.

The second argument in the above quote is that a ban would "create two kinds of Android" and hurt Google's monopoly over Android. If you're a smartphone manufacturer looking for a smartphone OS, Android is the only game in town. The latest worldwide OS market share numbers from the IDC show an 86.6/13.3 percent share between Android and iOS, respectively, with "Other" clocking in at 0.0 percent market share. Taken as a whole, the US has a smartphone OS monopoly.

More secure devices (used by foreign targets for NSA hacking) are better for national security? Nice try, Google.

Previously: Huawei Working on its Own OS to Prepare for "Worst-Case Scenario" of Being Deprived of Android
Huawei Hysteria is a False Alarm, Culture Secretary Tells MPs
Google Pulls Huawei's Android License
The Huawei Disaster Reveals Google's Iron Grip On Android
Huawei Calls on U.S. to Adjust its Approach to Tackle Cybersecurity Effectively

Original Submission

NotSanguine writes:

Patricia Cohen at The New York Times is reporting on the issue of age bias in hiring in the United States.

In today's (7 June 2019) article, Ms. Cohen writes:

MADISON, Ala. — Across the United States, mammoth corporations and family businesses share a complaint: a shortage of workers. As the unemployment rate has tunneled its way to a half-century low, employers insist they must scramble to lure applicants.

The shadow of age bias in hiring, though, is long. Tens of thousands of workers say that even with the right qualifications for a job, they are repeatedly turned away because they are over 50, or even 40, and considered too old.

The problem is getting more scrutiny after revelations that hundreds of employers shut out middle-aged and older Americans in their recruiting on Facebook, LinkedIn and other platforms. Those disclosures are supercharging a wave of litigation.

But as cases make their way to court, the legal road for proving age discrimination, always difficult, has only roughened. Recent decisions by federal appeals courts in Chicago and Atlanta have limited the reach of anti-discrimination protections and made it even harder for job applicants to win.

It certainly seems like many of us here (myself included) are on the older side, what sort of experiences do Soylentils have with the current job market? Have you experienced age bias? If so, what (if anything) did you do about it? Are you more or less able to find work that meets your skill level and/or financial needs?

Is it appropriate to prefer younger workers? If so, why?

Here's a 2018 report from the Equal Employment Opportunity Commission about age bias and the Age Discrimination In Employment Act, signed into law in 1967.

Original Submission

An Anonymous Coward writes:

In its fifth year of life, some promising development of a Playstation 4 emulator has emerged thanks to its mostly standard PC architecture and abundant FOSS projects to draw from. From wololo.net:

Orbital is the combination of three separate projects which together allow us to boot into PS4 kernels. Those being:
orbital-bios, orbital-grub and the most important part: orbital-qemu. A summary of these would be that orbital-bios is a SeaBIOS fork to add support to the PS4 quirks (no VGA, no ISA bus, etc.). This is needed because the PS4 is not really a PC. orbital-grub simply forks GRUB and adds a modified freebsd bootloader to add support for Orbis kernels, since they include custom sections written by Sony and orbital-qemu is a QEMU fork that adds support for PS4 hardware: Aeolia (USB, Ethernet, etc. etc.) and Liverpool (GPU and Audio).

It seems they were able to translate the graphics stack to run on top of Vulcan fairly well, but this system currently requires a physical DualShock 4 connected to the host with USB passthrough. Further, it can only work with decrypted firmwares made available via previously known exploits on physical consoles.

The repository is hosted, somewhat amusingly, at GitHub: https://github.com/AlexAltea/orbital

Original Submission

MrPlow writes:

Submitted via IRC for Runaway1956

How about a bit of good news? It looks like the controversial provision in the Taxpayer First Act that would have prevented the Internal Revenue Service from directly competing with filing services offered through the Free File Program will no longer be part of the bill.

The provision in question aimed to make permanent the government's deal with tax filing services like H&R Block and TurboTax through the Free File Program, which should, though it evidently doesn't, make filing through major tax services free and accessible to American taxpayers who make less than $66,000. But Politico reported Wednesday that a revised version of the Taxpayer First Act sans the provision would be introduced this week and passed as soon as next week. ProPublica reported Thursday that it confirmed the news with an unidentified House Republican staffer.

Source: https://gizmodo.com/congress-is-killing-that-sketchy-provision-that-banned-1835317146

Original Submission

RandomFactor writes:

As Previously Covered the NASA's Mars 2020 Rover mission will include a helicopter drone designed to work in the thin Martian atmosphere. Testing of the copter has now entered its final phase.

While the Mars Copter is just a technology demonstrator and will carry no science instruments, it will have an onboard high resolution camera and will be controlled from Earth with communications relayed through the Rover at a rate of 250kb/s at distances up to 1000 meters.

"We expect to complete our final tests and refinements and deliver the helicopter to the High Bay 1 clean room for integration with the rover sometime this summer," said Aung, "but we will never really be done with testing the helicopter until we fly at Mars."

The Mars Helicopter will launch with the Mars 2020 rover on a United Launch Alliance Atlas V rocket in July 2020 from Space Launch Complex 41 at Cape Canaveral Air Force Station, Florida. When it lands in Jezero Crater on Feb. 18, 2021, the rover will also be the first spacecraft in the history of planetary exploration with the ability to accurately retarget its point of touchdown during the landing sequence.

The 4 lb (1.8 kg) Linux based drone has a body about the size of a softball. It will be run on lithium-ion batteries charged via solar panels and is constructed of lightweight materials - carbon fiber, aircraft aluminum, silicon, copper, foil, and aerogel.

The helicopter's twin blades will whirl at about 10 times the rate of a helicopter's blades on Earth — at 3,000 rpm — to stay aloft in Mars' thin atmosphere.

The demonstrator is expected to make as many as five flights before being retired.

Original Submission

martyb writes:

Grab Some Binoculars and go Look at Jupiter Tonight:

Jupiter will reach opposition on Monday, June 10 in an annual event that marks the time when Earth is directly between the gas giant and the sun. This means Jupiter is fairly close to Earth and you can spot it lurking in the sky all night long. This entire month offers up great viewing opportunities.

"The solar system's largest planet is a brilliant jewel to the naked eye, but looks fantastic through binoculars or a small telescope, which will allow you to spot the four largest moons, and maybe even glimpse a hint of the banded clouds that encircle the planet," NASA suggests in a skywatching update for June.

According to Wikipedia:

When viewed from Earth, Jupiter can reach an apparent magnitude of −2.94, bright enough for its reflected light to cast shadows, and making it on average the third-brightest natural object in the night sky after the Moon and Venus.

[...]Jupiter has 79 known moons, including the four large Galilean moons discovered by Galileo Galilei in 1610. Ganymede, the largest of these, has a diameter greater than that of the planet Mercury.

[...]Jupiter's diameter is one order of magnitude smaller (×0.10045) than that of the Sun, and one order of magnitude larger (×10.9733) than that of Earth. The Great Red Spot is roughly the same size as Earth.