SoylentNews

MrPlow writes:

Submitted via IRC for SoyCow1944

Cybercriminals are increasingly using shimmers instead of skimmers in attacks targeting automated teller machines, Flashpoint reports.

Skimmers are small devices nearly indistinguishable from legitimate card readers, which have been designed to steal the data from the card’s magnetic stripe, thus allowing hackers to clone cards. These devices can fit over an existing card reader and are typically difficult to notice.

The widespread implementation of the Europay Mastercard Visa (EMV) payment method via chip cards, prevents the use of skimmers by storing data on integrated circuits. Attackers are now focusing on capturing data from the chip, and this is where shimmers enter stage.

First detailed in 2016, these thin devices are much smaller than skimmers and are usually positioned between the chip and the chip reader inside an ATM or point-of-sale system. They include flash storage and a microchip and store copied payment card data, which is then dumped onto the magnetic stripe of a fraudulent card.

[...] Chip cards in theory cannot be cloned due to an integrated circuit card verification value (iCVV), which differs from the more familiar CVV number stored on magnetic stripes. iCVVs prevent the copying of magnetic-stripe data from the chip, and the creation of counterfeit magnetic stripe cards using the data.

[...] Attackers take advantage of improperly implemented EMV chip card standard to target less secure configurations, such as Static Data Authentication (SDA) EMV cards, which are slowly being replaced with Dynamic Data Authentication (DDA), and Combined Data Authentication (CDA).

Source: https://www.securityweek.com/hackers-favoring-shimmers-over-skimmers-atm-attacks

Original Submission

takyon writes:

Toshiba & WD NAND Production Hit By Power Outage: 6 Exabytes Lost

Toshiba Memory and Western Digital on Friday disclosed that an unexpected power outage in the Yokkaichi province in Japan on June 15 affected the manufacturing facilities that are jointly operated. Right now, production facilities are partially halted and they are expected to resume operations only by mid-July.

Western Digital says that the 13-minute power outage impacted wafers that were processed, the facilities, and production equipment. The company indicates that the incident will reduce its NAND flash wafer supply in Q3 by approximately 6 EB (exabytes), which is believed to be about a half of the company's quarterly supply of NAND. Toshiba does not disclose the impact the outage will have on its NAND wafer supply in the coming months, but confirms that the fabs are partially suspended at the moment. Keeping in mind that Toshiba generally uses more capacity of the fabs than WD, the impact on its supply could be significantly higher than 6 EB with some estimating that it could be as high as ~9 EB.

Both companies are assessing the damage at the moment, so the financial harm of the incident is unclear. Not even counting potential damage to production tools and other equipment used at the fabs, 6 EB of NAND cost a lot of money. Furthermore, analysts from TrendForce believe that a consequence of the outage will be some loss of confidence from clients of both companies, which will have a financial impact as well.

1 exabyte = 1 million terabytes.

Related: TSMC Fab 14 B hit by Massive Wafer Defection due to Chemical Contamination, 16/12nm Production Line
TSMC Contamination Issue Expected to Result in $550 Million in Lost Revenue

Original Submission

upstart writes for Bytram:

Climate impact of clouds made from airplane contrails may triple by 2050

In the right conditions, airplane contrails can linger in the sky as contrail cirrus—ice clouds that can trap heat inside the Earth's atmosphere. Their climate impact has been largely neglected in global schemes to offset aviation emissions, even though contrail cirrus have contributed more to warming the atmosphere than all CO2 emitted by aircraft since the start of aviation. A new study published in the European Geosciences Union (EGU) journal Atmospheric Chemistry and Physics has found that, due to air traffic activity, the climate impact of contrail cirrus will be even more significant in the future, tripling by 2050.

Contrail cirrus change global cloudiness, which creates an imbalance in the Earth's radiation budget—called 'radiative forcing' - that results in warming of the planet. The larger this radiative forcing, the more significant the climate impact. In 2005, air traffic made up about 5% of all anthropogenic radiative forcing, with contrail cirrus being the largest contributor to aviation's climate impact.

"It is important to recognise the significant impact of non-CO2 emissions, such as contrail cirrus, on climate and to take those effects into consideration when setting up emission trading systems or schemes like the Corsia agreement," says Lisa Bock, a researcher at DLR, the German Aerospace Center, and lead-author of the new study. Corsia, the UN's scheme to offset air traffic carbon emissions from 2020, ignores the non-CO2 climate impacts of aviation.

But the new Atmospheric Chemistry and Physics study shows these non-CO2 climate impacts cannot be neglected. Bock and her colleague Ulrike Burkhardt estimate that contrail cirrus radiative forcing will be 3 times larger in 2050 than in 2006. This increase is predicted to be faster than the rise in CO2 radiative forcing since expected fuel efficiency measures will reduce CO2 emissions.

Contrail cirrus radiative forcing for future air traffic (DOI: 10.5194/acp-19-8163-2019)

Original Submission

upstart writes for Bytram:

Space station mold survives high doses of ionizing radiation

The International Space Station, like all human habitats in space, has a nagging mold problem. Astronauts on the ISS spend hours every week cleaning the inside of the station's walls to prevent mold from becoming a health problem.

New research being presented here finds mold spores may also survive on the outside walls of spacecraft.

Spores of the two most common types of mold on the ISS, Aspergillus and Pennicillium, survive X-ray exposure at 200 times the dose that would kill a human, according to Marta Cortesão, a microbiologist at the German Aerospace Center (DLR) in Cologne, who will present the new research Friday at the 2019 Astrobiology Science Conference (AbSciCon 2019).

Pennicillium and Aspergillus species are not usually harmful, but inhaling their spores in large amounts can sicken people with weakened immune systems. Mold spores can withstand extreme temperatures, ultraviolet light, chemicals and dry conditions. This resiliency makes them hard to kill.

"We now know that [fungal spores] resist radiation much more than we thought they would, to the point where we need to take them into consideration when we are cleaning spacecraft, inside and outside," Cortesao said. "If we're planning a long duration mission, we can plan on having these mold spores with us because probably they will survive the space travel."

Original Submission

An Anonymous Coward writes:

Given that most sane people now have blocked google analytics, Fast Company reports that the new recaptcha wants to embed itself everywhere and declare those who don't use chrome or aren't signed in at their google account as bots, and thus not worthy of accessing the internet.

“It’s a better experience for users. Everyone has failed a Captcha,” says Cy Khormaee, the reCaptcha product lead at Google. Instead, Google analyzes the way users navigate through a website and assigns them a risk score based on how malicious their behavior is. Khormaee won’t share what signals Google uses to determine these scores because he says that would make it easier for scammers to imitate benign users, but he believes that this new version of reCaptcha makes it incredibly difficult for bots or Captcha farmers—humans who are paid tiny amounts to break Captchas online—to fool Google’s system.

[...]“You have to understand what behavior on the site should be and mimic that well enough to fool us,” he says. “That’s a really hard problem versus the general problem of, ‘Pretend like I’m a human.'” Website administrators then get access to their visitors’ risk scores and can decide how to handle them: For instance, if a user with a high risk score attempts to log in, the website can set rules to ask them to enter additional verification information through two-factor authentication. As Khormaee put it, the “worst case is we have a little inconvenience for legitimate users, but if there is an adversary, we prevent your account from being stolen.”

[...]To make this risk-score system work accurately, website administrators are supposed to embed reCaptcha v3 code on all of the pages of their website, not just on forms or log-in pages. Then, reCaptcha learns over time how their website’s users typically act, helping the machine learning algorithm underlying it to generate more accurate risk scores. Because reCaptcha v3 is likely to be on every page of a website if you’re signed into your Google account there’s a chance Google is getting data about every single webpage you go to that is embedded with reCaptcha v3—and there many be no visual indication on the site that it’s happening, beyond a small reCaptcha logo hidden in the corner.

And that information is just one request, subpoena, or National Security Letter away from being in the hands of the government, too.

Original Submission

c0lo writes:

https://www.dw.com/en/wwii-bomb-self-detonates-in-german-field-leaves-crater/a-49331435
Impressive picture too.

A loud explosion in a field startled residents in the town of Limburg in western Germany on Sunday. The blast occurred in the middle of the night and was large enough to register a minor tremor of 1.7 on the Richter scale, according to local media.

[...]Prior to the news release, residents were puzzled and confused by the crater, with some online speculating that it had been caused by a meteorite.

But Rüdiger Jehn, of the European Space Agency, told German newspaper Frankfurter Neue Presse that this was false. "A great deal of heat is released during an asteroid impact," the ESA expert said, adding that no evidence of heat or melting could be seen from the crater footage.

[...]The real culprit was an aerial bomb, which was buried at a depth of at least 4 meters, weighed 250 kilograms (550 pounds) and had a chemical detonator, investigators said. Authorities confirmed that the bomb had exploded by itself, without any external trigger.

[...]Two unexploded bombs were discovered on Monday in the central German town of Giessen, prompting the temporary evacuation of some 2,500 people. Earlier this month, an unexploded device was defused in a busy area of central Berlin.

[...]Between 1940 and 1945, some 2.7 million tons of bombs were dropped on Europe by US and British forces and half of them landed in Germany. Half of those that were dropped on Germany landed in North Rhine-Westphalia, the country's most populous state today.

Of the roughly quarter million bombs that did not explode, thousands are still hidden underground all over Germany.

Original Submission

NotSanguine writes:

Katyanna Quach over at El Reg is reporting on the removal of the DeepNude Web and desktop apps from the developers' website. DeepNude is an application that takes photos of clothed women (apparently, the app does not function properly with photos of males -- there's a shocker!), digitally removes clothing and adds realistic looking naughty bits.

From the article:

A machine-learning-powered perv super-tool that automagically removed clothes from women in photos to make them appear naked has been torn offline by its makers.

The shamefaced creators of the $50 Windows and Linux desktop app DeepNude claimed they were overwhelmed by demand from internet creeps: the developers' servers apparently buckled under a stampede of downloads, their buggy software generated more crash reports than they could deal with, and this all came amid a firestorm of social media outrage.

[...] Basement dwellers and trolls could feed it snaps of celebrities, colleagues, ex-girlfriends, and anyone else who takes their fancy, and have the software guess, somewhat badly, what they look like underneath their clothes, keeping their faces intact. These bogus nudes are perfect for distributing around the 'net to humiliate victims.

NotSanguine writes:

Deutsche Welle News is reporting on the discovery of a 3,400 year-old palace of the Mittani Empire in the reservoir created by the Mosul Dam.

According to the article:

A team of German and Kurdish archaeologists have discovered a 3,400-year-old palace that belonged to the mysterious Mittani Empire, the University of Tübingen announced on Thursday.

The discovery was only made possible by a drought that significantly reduced water levels in the Mosul Dam reservoir.

[...]Last year, the team of archaeologists launched an emergency rescue evacuation of the ruins when receding waters revealed them on the ancient banks of the Tigris. The ruins are part of only a handful discovered from the Mittani Empire.

"The Mittani Empire is one of the least researched empires of the Ancient Near East," said archaeologist Ivana Puljiz of the University of Tübingen. "Even the capital of the Mittani Empire has not been identified."

[...]"We also found remains of wall paints in bright shades of red and blue," Puljiz said. "In the second millennium BCE, murals were probably a typical feature of palaces in the Ancient Near East, but we rarely find them preserved. Discovering wall paintings in Kemune is an archaeological sensation."

A team of researchers in Germany will now try to interpret the cuneiform tablets. They hope that the clay tablets will reveal more about the Mittani Empire, which once dominated life in parts of Syria and northern Mesopotamia.

Original Submission

takyon writes:

Scott Gottlieb walks through the revolving door to the Pfizer board

The revolving door turns again. After a two-year stint running the Food and Drug Administration, Scott Gottlieb has joined the board of directors at Pfizer, giving the world's largest drug maker crucial insights into the inner workings of the Trump administration as it attempts to contain national angst over the rising cost of medicines.

And in doing so, Gottlieb is also picking up where he left before joining the agency, since he had been on the board of several smaller pharmaceutical companies and was also a partner at a venture capital firm that invests in life sciences companies.

"This is classic and it's not surprising," said Sidney Wolfe, a founder of Public Citizen Health Research Group and a long-time FDA watchdog, who had expressed concern about Gottlieb's ties to industry before joining the agency. "Philosophically, he's returning to the ecosystem where he's most comfortable. And he'll get paid very well for it, too."

Also at Financial Times.

Related: What a Gottlieb-Led FDA Might Mean for the Pharmaceutical Industry
FDA Nominee is a Proponent of "Adaptive Trials"
Drug Approvals Sped Up in 2017
Koch-Backed Groups Urge Congress to Pass "Right to Try" Legislation
FDA Labels Kratom an Opioid
FDA Has Named Names of Pharma Companies Blocking Cheaper Generics [Updated] (including Pfizer)
U.S. to Make More Drugs Easily Available, Cutting Role Docs Play

Original Submission

upstart writes for Bytram:

Columbia Researchers Provide New Evidence on the Reliability of Climate Modeling

The Hadley circulation, or Hadley cell -- a worldwide tropical atmospheric circulation pattern that occurs due to uneven solar heating at different latitudes surrounding the equator -- causes air around the equator to rise to about 10-15 kilometers, flow poleward (toward the North Pole above the equator, the South Pole below the equator), descend in the subtropics, and then flow back to the equator along the Earth's surface. This circulation is widely studied by climate scientists because it controls precipitation in the subtropics and also creates a region called the intertropical convergence zone, producing a band of major, highly-precipitative storms.

[...] Historically, climate models have shown a progressive weakening of the Hadley cell in the Northern Hemisphere. Over the past four decades reanalyses, which combine models with observational and satellite data, have shown just the opposite -- a strengthening of the Hadley circulation in the Northern Hemisphere.

[...] The difference in trends between models and reanalyses poses a problem that goes far beyond whether the Hadley cell is going to weaken or strengthen; the inconsistency itself is a major concern for scientists. Reanalyses are used to validate the reliability of climate models -- if the two disagree, that means that either the models or reanalyses are flawed.

[...] To understand which data was correct -- the models or the reanalyses -- they had to compare the systems using a purely observational metric, untainted by any model or simulation. In this case, precipitation served as an observational proxy for latent heating since it is equal to the net latent heating in the atmospheric column. This observational data revealed that the artifact, or flaw, is in the reanalyses -- confirming that the model projections for the future climate are, in fact, correct.

The paper's findings support previous conclusions drawn from a variety of models -- the Hadley circulation is weakening.

Original Submission

RandomFactor writes:

In a hair raising advance, scientists from Sanford Burnham Prebys have grown hair using human induced pluripotent stem cells (iPSCs.)

The findings were presented at the annual meeting of the International Society for Stem Cell Research (ISSCR), and will potentially provide a new option to the

[m]ore than 80 million men, women and children in the United States [alone, who] experience hair loss. Genetics, aging, childbirth, cancer treatment, burn injuries and medical disorders such as alopecia can cause the condition. Hair loss is often associated with emotional distress that can reduce quality of life and lead to anxiety and depression.

"Our new protocol described today overcomes key technological challenges that kept our discovery from real-world use," says Alexey Terskikh, Ph.D., an associate professor in Sanford Burnham Prebys' Development, Aging and Regeneration Program and the co-founder and chief scientific officer of Stemson Therapeutics. "Now we have a robust, highly controlled method for generating natural-looking hair that grows through the skin using an unlimited source of human iPSC-derived dermal papilla cells. This is a critical breakthrough in the development of cell-based hair-loss therapies and the regenerative medicine field."

The iPSCs used are effectively unlimited in supply and obtainable via a routine blood draw. iPSCs are derived from an adult patient's own cells and are not subject to rejection or the ethical issues that surround embryonic stem cells. The method described in the presentation

features a 3D biodegradable scaffold made from the same material as dissolvable stitches. The scaffold controls the direction of hair growth and helps the stem cells integrate into the skin, a naturally tough barrier.

A new company, Stemson Therapeutics, has been formed to further develop and commercialize the technology.

Original Submission

takyon writes:

Thanks, Apple: Intel will auction off smartphone modem patents, exit industry

Back in April, Apple announced that it would cease all litigation against chip manufacturer Qualcomm and enter a new partnership with the company that will see Qualcomm modems installed in new crops of iPhones.

On that same day, Intel announced it was exiting the smartphone modem business entirely. Now, according to IAM, Intel is going one step further and auctioning off many of its smartphone modem assets.

This information appears to suggest that without Apple as a partner, Intel has no need for its patents surrounding smartphone modems at all.

According to IAM, the Intel auction will see some 8,500 patents up for sale to the highest bidder.

Also at Tom's Hardware and Wccftech.

Previously: Apple Could Switch From Qualcomm to Intel and MediaTek for Modems
Intel Speeds Up Rollout of 5G Modems
A Billion-Dollar Question: What Was Really Behind Qualcomm's Surprise Ten-Digit Gift to Apple?
Apple's Internal Hardware Team is Working on Modems Now
Intel and Qualcomm Announce 5G Modem Modules for M.2 Slots
Intel Quits 5G Modem Business Hours after Apple Settles with Qualcomm
Qualcomm Will Pocket Almost $5 Billion from Apple Settlement this Quarter
How Qualcomm Shook Down the Cell Phone Industry for Almost 20 Years

Original Submission

NotSanguine writes:

Thomas Claburn over at El Reg is reporting on a firmware update released by AMD which addresses flaw(s) in their Secure Encrypted Virtualization (SEV) technology, which is designed to isolate memory used by virtual machines from hypervisors and each other.

According to the article:

Microchip slinger AMD has issued a firmware patch to fix the encryption in its Secure Encrypted Virtualization technology (SEV), used to defend the memory of Linux KVM virtual machines running on its Epyc processors.

"Through ongoing collaboration with industry researchers AMD became aware that, if using the user-selectable AMD secure encryption feature on a virtual machine running the Linux operating system, an encryption key could be compromised by manipulating the encryption technology's behavior," an AMD spokesperson told The Register last night.

"AMD released firmware-based cryptography updates to our ecosystem partners and on the AMD website to remediate this risk."

SEV isolates guest VMs from one another and the hypervisor using encryption keys, which are managed by the AMD Secure Processor. Each guest VM has its own cryptographic key, which is used directly with the underlying hardware and Secure Processor to transparently and automatically encrypt and decrypt sections of RAM on the fly as it is accessed.
[...]
What went wrong

When a VM is launched, it generates a key by multiplying points on a curve against the Platform Diffie-Hellman (PDH) key. Typically, the curve would be from America's National Institute of Standards and Technology's (NIST) list of curves. In an invalid curve attack, a different curve is used and the results of that computation can be used to defeat the encryption.
[...]
The flaw, disclosed to AMD in February, affects AMD Epyc servers running SEV firmware version 0.17 build 11 and below. AMD made the firmware update available to hardware partners on June 4 to distribute to customers and installations; it can be downloaded directly from here[.zip]. The fix involves restricting key generation to official NIST curves.

The vulnerability has been assigned CVE-2019-9836.

More coverage of the firmware release can be found at Phoronix and Anandtech.

Original Submission

takyon writes:

NASA has selected the Dragonfly mission to Titan as the agency's fourth New Frontiers mission:

NASA has announced that our next destination in the solar system is the unique, richly organic world Titan. Advancing our search for the building blocks of life, the Dragonfly mission will fly multiple sorties to sample and examine sites around Saturn's icy moon.

Dragonfly will launch in 2026 and arrive in 2034. The rotorcraft will fly to dozens of promising locations on Titan looking for prebiotic chemical processes common on both Titan and Earth. Dragonfly marks the first time NASA will fly a multi-rotor vehicle for science on another planet; it has eight rotors and flies like a large drone. It will take advantage of Titan's dense atmosphere – four times denser than Earth's – to become the first vehicle ever to fly its entire science payload to new places for repeatable and targeted access to surface materials.

Titan is an analog to the very early Earth, and can provide clues to how life may have arisen on our planet. During its 2.7-year baseline mission, Dragonfly will explore diverse environments from organic dunes to the floor of an impact crater where liquid water and complex organic materials key to life once existed together for possibly tens of thousands of years. Its instruments will study how far prebiotic chemistry may have progressed. They also will investigate the moon's atmospheric and surface properties and its subsurface ocean and liquid reservoirs. Additionally, instruments will search for chemical evidence of past or extant life.

Hopefully, some of us will live to see this epic mission reach Titan in 15 years.

Also at Spaceflight Now, New Scientist, NYT, and CNN.

Previously: Titan Ripe for Drone Invasion
NASA New Frontiers Finalists: Comet 67P Sample Return and a Titan Drone

Original Submission

takyon writes:

IBM Cleared By European Commision To Move Forward In Landmark Purchase Of Red Hat

IBM made a big splash with its announcement last fall that it would be moving forward with its largest-ever acquisition. The acquisition in question is for Red Hat, an American open-source software company for an eye-watering $34 billion dollars.

[...] Europe was the last major governing body that had not yet cleared the IBM-Red Hat deal. The U.S. gave it the green light this past May and so with today's announcement that the European Commission has unanimously voted "yes" to allow the deal to proceed, there isn't anything standing in the way. IBM expects the deal to close sometime in July.

Since IBM is a distant third or fourth in the cloud computing scene, regulators found no reason the merger would promote competition concerns in the rapidly expanding cloud computing market. IBM has never bought anything this expensive before, and as a matter of global history, this will go down as the most expensive software sale ever at $34 billion. Interestingly, it seems we are seeing continued consolidation in the cloud space with a few other notable recent mergers being announced.

Also at Reuters and CNBC.

See also: Red Hat millionaires: Watch for workers to cash out if IBM's $34B acquisition wins approval

Previously: IBM Acquires Red Hat
Three Acquisitions In 2018 To Impact 2019's Tech Landscape

Original Submission