SoylentNews

upstart writes:

Submitted via IRC for Bytram

How the 2019 eclipse will differ from 2017's

Two years ago, scientists towed telescopes and other equipment into fields and up mountains across the United States for a celestial spectacle: the 2017 Great American Eclipse.

Now, they're at it again. On July 2, the next total solar eclipse will be visible shortly before sunset from the Pacific Ocean and parts of Chile and Argentina.

Eclipse watchers hope to study some of the same solar mysteries as last time, including the nature of our star's magnetic field and how heat moves through the sun's wispy outer atmosphere, known as the corona (SN Online: 8/11/17). But every eclipse is different, and this year's event offers its own unique opportunities and challenges.

"There are all sorts of outside things you have to be lucky about" in watching an eclipse, says astronomer Jay Pasachoff of Williams College in Williamstown, Mass., who will be viewing his 35th total solar eclipse from the Cerro Tololo Inter-American Observatory in northern Chile. Here are some of the challenges, and potential rewards, facing astronomers.

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow1944

A researcher has conducted a detailed analysis of the two pieces of Mac malware delivered recently by threat actors to cryptocurrency exchanges via two Firefox vulnerabilities.

Updates released by Mozilla last Tuesday and Thursday for Firefox addressed two actively exploited vulnerabilities. The flaws, CVE-2019-11708 and CVE-2019-11707, allow an attacker to remotely escape the sandbox and execute arbitrary code.

The macOS malware delivered to Coinbase and other organizations involved with cryptocurrencies has been analyzed in detail by Patrick Wardle, a researcher who specializes in the security of Apple products.

Wardle has obtained samples of the malware and performed an analysis of their installation routines, persistence mechanism and capabilities.

[...] Despite the fact that both malware samples have been used in high-profile attacks, they still have fairly low detection rates on VirusTotal at the time of writing (Netwire, Mokes). On the other hand, that does not necessarily mean that advanced cybersecurity products would not detect them once they landed on a machine. Furthermore, Apple's XProtect system can detect the Netwire sample based on a Yara signature added by the company in 2016 for an older version of the malware.

Security researcher Vitali Kremez has found some links to previous campaigns, along with some evidence suggesting that Windows malware may have also been delivered in the recent Firefox attacks.

Source: https://www.securityweek.com/mac-malware-delivered-firefox-exploits-analyzed

Original Submission

upstart writes:

Submitted via IRC for Bytram

Aibo may be a good boi, but Sony's robot dog is toying with our emotions

"I'm an IT guy, so I'm just a down-and-out geek. It's all about the AI for me," Chris Benham tells me, as we sit in his home in sleepy Burlington, Wisconsin, roughly 80 miles northwest of Chicago. He invited me to see his Aibo, named Bentley, and to learn exactly what it is that endears people to Sony's robot dog.

Aibo looks like a puppy, albeit a robo-approximation. It makes vaguely dog-like sounds, walks around, plays with toys, responds to commands, occasionally misbehaves and uses cameras and facial recognition technology to interact differently with each person it encounters.

If you take the "robot" part out of that equation, Aibo is a lot like a real dog. Love it or hate it, that's what makes Aibo so darn compelling. It's also why researchers are studying companion bots more and more, asking important questions about how the AI makes decisions, how it manipulates your emotions and what that could mean as these robots become more prevalent.

Benham goes on to explain that the advanced artificial intelligence powering Bentley is the reason he was among the first in the US to buy a $2,900 ERS-1000, the most recent iteration of the robo-pup, introduced in 2018.

It can't hurt that Aibo is kind of cute.

Original Submission

black6host writes:

I found this today and while I'm not sure if *I'm* ready for such a thing, perhaps it's inevitable...

http://www.washington.edu/news/2019/07/01/play-a-video-game-using-only-your-mind/

Telepathic communication might be one step closer to reality thanks to new research from the University of Washington. A team created a method that allows three people to work together to solve a problem using only their minds.

In BrainNet, three people play a Tetris-like game using a brain-to-brain interface. This is the first demonstration of two things: a brain-to-brain network of more than two people, and a person being able to both receive and send information to others using only their brain. The team published its results April 16 in the Nature journal Scientific Reports, though this research previously attracted media attention after the researchers posted it [in] September to the preprint site arXiv.

There are numerous other links in the article to check out. The tech is certainly experimental but so were light bulbs at one time...

Original Submission

canopic jug writes:

"Front-end" developer, Pete Lambert, writes about why front-end "web" developers should start to learn HTML. More and more developers are using only pre-made frameworks and quite unfamiliar with the fundmentals of the technology they are using, such as semantic markup. He notes that the continued failure to pay attention to the basics of semantics is slowly breaking what's left of the World Wide Web and suggests reasons to correct that and has some pointers to learning resources.

I’m a ‘frontend of the frontend’ kind of guy. My expertise is in HTML and CSS, so it’s easy for me to wax lyrical about why everybody should learn what I already know (for the record, I don’t know it all - we still have heated debates in the office about what the best way to mark up a certain component might be). This isn’t about ‘my job’s more important than yours. If you’re writing code that renders things in a browser, this is your job.

It’s about usability and accessibility. If you don’t think the semantic structure of your Web page or app is important then you’re essentially saying “Well, it works for me in my browser, ship it”. I don’t think you’d do that with your Javascript and you certainly shouldn’t be doing it with your CSS. Search engines need to read your content, not enjoy your swoopy animations or fancy gradients. Screen reader software needs to read your content. Keyboard users need to read your content. Who knows what technology will come next and how it will consume your app but I’ll bet my bottom Bitcoin it’ll work better if it can easily read, parse and traverse your content. The way these things read your content is that they know it’s actually content and not just strings of text wrapped in meaningless tags. They know what’s a table and how to present it, they know what’s a list and how to present it, they know what’s a button and what’s a checkbox. Make everything from divs and they’re going to have to work bloody hard to figure that out.

Earlier on SN:
How to Build and Host an Energy Efficient Web Site (2018)
Conservative Web Development (2018)
Dodgy Survey Shows 1 in 10 Believe HTML is an STD? (2014)

Original Submission

canopic jug writes:

Last week, FreeDOS turned 25 years old. FreeDOS is a complete, Free Software Disk Operating System (DOS) and a drop-in replacement for MS-DOS which has disappeared long ago. It is still used in certain niche cases such as playing legacy games, running legacy software, or certain embedded systems. Back in the day, it was also quite useful for updating BIOS.

Of those that will be, are, or have been using it, what tasks has it been good for?

Also, at:
The Linux Journal : FreeDOS's Linux Roots
OpenSource.com : FreeDOS turns 25 years old: An origin story
OS News : FreeDOS’s Linux roots
Lilliputing : FreeDOS turns 25 (open source, DOS-compatible operating system)

Earlier on SN:
Jim Hall on FreeDOS and the Upcoming 1.2 Release (2016)
Retro-Malware: DOS TSRs, Interrupt Handlers, and Far Calls, Part 2 (2016)
Retro-Malware: Writing A Keylogger for DOS, Part 1 (2016)

Original Submission

RandomFactor writes:

BleepingComputer reports that Chinese smart home vendor Orvibo has an unsecured database online that exposes over 2 billion logs detailing usernames, email address, passwords and more.

The disclosing research firm's report is available here.

vpnMentor's research team reached out to the vendor on June 16th, but did not receive a response and as of publication the database is apparently still online and the amount of data exposed is still increasing.

Exposed data includes:

• Email addresses
• Passwords
• Account reset codes
• Precise user geolocation
• IP addresses
• Username & UserID
• Family name & Family ID
• Device name & Device that accessed account
• Recorded conversations through Smart Camera
• Scheduling information

Passwords are hashed but without adding a salt, making them relatively easy to crack.

Possibilities for hackers are myriad, including completely locking users out of their own accounts and taking complete control of smart homes, accessing video feeds, unlocking doors and more.

Original Submission

upstart writes:

Submitted via IRC for Bytram

With a single wiretap, police collected 9.2 million text messages – TechCrunch

For four months in 2018, authorities in Texas collected more than 9.2 million messages under a single court-authorized wiretap order, newly released figures show.

The wiretap, granted by a federal judge in the Southern District of Texas, was granted as part of a narcotics investigation and became the federal wiretap with the most intercepts in 2018, according to the government’s annual wiretap report.

Little is known about the case, except that 149 individuals involved in the case were targeted by the wiretap.  The wiretap expired last year, allowing the judiciary to disclose the case.

To date, no arrests have been made

Trailing behind it was another narcotics investigation in the Eastern District of Pennsylvania saw police obtain a three-month wiretap that collected 9.1 million text message from 45 individuals. No arrests were made either.

The two cases represent the largest wiretap cases seen in years.

[...] But the overall number of wiretaps authorized and subsequent convictions “fell sharply” in 2018, the U.S. Courts said in its annual transparency report.

A total of 2,937 wiretaps were authorized in 2018, down 22% on the year prior. The report also said that number of wiretaps using encryption went up, rendering the wiretap ineffective.

NSA says warrantless searches of Americans’ data rose in 2018

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow1944

A vulnerability recently addressed in Outlook for Android allows an attacker to steal information from the affected device.

The vulnerability, Microsoft reveals, resides in the manner in which Outlook for Android parses specifically crafted email messages. To exploit the flaw, an authenticated attacker needs to send a specially crafted email message to the victim.

"The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user," the software giant explains in an advisory.

Tracked as CVE-2019-1105, the vulnerability was addressed last week "by correcting how Outlook for Android parses specially crafted email messages."

F5 Networks security researcher Bryan Appleby, who reported the flaw to Microsoft, explains that the issue begins with the ability to embed an iframe into the email message.

JavaScript within the code would have no restrictions in Outlook on Android, being able to access cookies, tokens, and even some emails, which could also be sent back to a remote attacker.

"This kind of vulnerability could be exploited by an attacker sending an email with JavaScript in it. The server escapes that JavaScript and does not see it because it's within an iframe. When delivered, the mail client automatically undoes the escaping and the JavaScript runs on the client device," the researcher notes.

The stored XSS allows the attacker to perform whatever action they desire, including stealing information and exfiltrating data.

"An attacker can send you an email and just by you reading it, they could steal the contents of your inbox. Weaponized, this can turn into a very nasty piece of malware," the researcher notes.

The issue was initially discovered in December 2018, and Microsoft was immediately alerted on the matter. However, because the security team could not reproduce the bug, the vulnerability remained unpatched.

Source: https://www.securityweek.com/flaw-outlook-android-allows-data-theft

Original Submission

upstart writes:

Submitted via IRC for Bytram

Former Equifax employee sentenced for insider trading

Jun Ying, the former Chief Information Officer of Equifax U.S. Information Solutions, has been sentenced to federal prison for insider trading.

"Ying thought of his own financial gain before the millions of people exposed in this data breach even knew they were victims," said U.S. Attorney Byung J. "BJay" Pak.  "He abused the trust placed in him and the senior position he held to profit from inside information."

"If company insiders don't follow the rules that govern all investors, they will face the consequences for their actions. Otherwise the public's trust in the stock market will erode," said Chris Hacker, Special Agent in Charge of FBI Atlanta. "The FBI will do everything in its power to stop anyone who takes unfair advantage of their insider knowledge."

[...] On Friday, August 25, 2017, Ying texted a co-worker that the breach they were working on "sounds bad.  We may be the one breached."  The following Monday, Ying conducted web searches on the impact of Experian's 2015 data breach on its stock price.  Later that morning, Ying exercised all of his stock options, resulting in him receiving 6,815 shares of Equifax stock, which he then sold.  He received proceeds of over $950,000, and realized a gain of over $480,000, thereby avoiding a loss of over $117,000.  On September 7, 2017, Equifax publicly announced its data breach, which resulted in its stock price falling.

Jun Ying, 44, of Atlanta, Georgia, was sentenced to four months in prison to be followed by one year of supervised release, ordered to pay restitution in the amount of $117,117.61, and fined $55,000.  Ying was convicted on these charges on March 7, 2019, after he pleaded guilty.

Also at The Verge and DARKReading.

Original Submission

upstart writes:

Submitted via IRC for Bytram

Microsoft explains the lack of Registry backups in Windows 10 - gHacks Tech News

We noticed back in October 2018 that Microsoft's Windows 10 operating system was not creating Registry backups anymore.

The scheduled task to create the backups was still running and the run result indicated that the operation completed successfully, but Registry backups were not created anymore.

Previous versions of Windows 10 created these backups and placed them in the C:\Windows\System32\config\RegBack folder. The backups could be used to restore the Windows Registry to an earlier state.

Microsoft published a new support page recently that brings light into the darkness. The company notes that the change is by-design and thus not a bug. The change was implemented in Windows 10 version 1803 and all newer versions of Windows 10 are affected by it.

Microsoft made the change to reduce the size of Windows on the system.

Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder. If you browse to to the \Windows\System32\config\RegBack folder in Windows Explorer, you will still see each registry hive, but each file is 0kb in size.

This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point.

upstart writes:

Submitted via IRC for Bytram

An asteroid hit Earth right after being spotted by telescope this week

An asteroid the size of a refrigerator was spotted by telescopes in Hawaii on Saturday, just before it collided with Earth's atmosphere and burned as a fireball in the sky due south of Puerto Rico. The harmless space rock, officially named 2019 MO, never had a chance of making it to the ground or doing much damage, as it was only about a tenth the size of the bolide that exploded in the atmosphere over Russia in 2013.

According to fireball and bolide data from NASA, our atmosphere is struck by a meteor this size or larger roughly once a year.

What's most interesting about 2019 MO, though, is the fact that it was spotted by telescopes beforehand. That's only happened four times in history, according to Italian amateur astronomer Ernesto Guido.

The other three times all happened in the last 12 years, including asteroid 2018 LA that made it all the way to the ground in Africa.

Original Submission

takyon writes:

ICANN eliminates .org domain price caps despite lopsided opposition

Earlier this year, ICANN sought public comment on a new contract for the Public Interest Registry, the non-profit organization that administers the .org top-level domain. The results were stark. More than 3,200 individuals and organizations submitted comments to the Internet Corporation for Assigned Names and Numbers, and most of them focused on a proposal to remove a cap on the price customers could be charged for .org domains.

The existing contract, signed in 2013, banned the Public Interest Registry from charging more than $8.25 per domain. It allowed annual price increases of no more than 10 percent. Registrars can add their own fees on top of this base amount, but competition among registrars helps keep those added fees down.

According to one tally, 3,252 comments supported keeping the price cap. Another 57 comments didn't express an opinion on this issue one way or the other. Only six supported higher prices. Of those, one was filed by a former executive at Verisign, a for-profit company that administers the .com domain that might want to raise its own prices in the future. Another was from a lobbying organization that counts Verisign as a member. A third appeared to be voicing support only sarcastically.

To sum up, fewer than 0.07 percent of commenters thought it would be a good idea to remove the price cap on .org domains, while more than 98 percent opposed the change. But on Sunday, as the old contract was about to expire, ICANN approved a new contract without a price cap.

Original Submission

RandomFactor writes:

Researchers at the Ewha Womans University's Center for Quantum Nanoscience have successfully performed the world's smallest MRI visualizing the magnetic field of a single atom.

Through precise preparation of the sample, [iron and titanium] atoms were readily visible in the microscope. The researchers then used the microscope's tip like an MRI machine to map the three-dimensional magnetic field created by the atoms with unprecedented resolution. In order to do so, they attached another spin cluster to the sharp metal tip of their microscope. Similar to everyday magnets, the two spins would attract or repel each other depending on their relative positions. By sweeping the tip spin cluster over the atom on the surface, the researchers were able to map out the magnetic interaction.

The researchers now intend to use the single-atom grade MRI to investigate more molecules and magnetic materials on the nanoscale.

"We now plan to study a variety of systems using our microscopic MRI." The ability to analyze the magnetic structure on the nanoscale can help researchers to develop new materials and drugs.

The techniques additionally have potential application controlling quantum systems in quantum computing.

Original Submission

martyb writes:

Giant Beijing Airport set to Open on eve of Communist China's 70th Birthday:

Beijing is set to open an eye-catching multi-billion dollar airport resembling a massive shining starfish, to accommodate soaring air traffic in China and celebrate the Communist government's 70th anniversary in power.

Work on the Beijing Daxing International Airport officially ended on schedule Sunday, ready for a September 30 inauguration—on the eve of the anniversary of the foundation of the People's Republic on October 1, 1949 by Mao Zedong.

Celebrations of that event will see President Xi Jinping reviewing a huge military parade through the centre of Beijing, with the opening of the futuristic hub a fitting embodiment of the "Chinese dream" he has offered his fellow citizens.

Located 46 kilometres south of Tiananmen square, the new airport will operate at full capacity in 2025, with four runways and the potential to receive 72 million passengers per year.

[...] By 2040 the hub is expected to have expanded to eight runways including one for military use, and will be able to welcome 100 million passengers per year—which will make it the world's largest single terminal in terms of traveller capacity, according to its designers.

Atlanta airport, in the United States, can currently receive more than a hundred million passengers, but across two terminals.

The current Beijing Daxing International Airport—the world's second largest—is already overflowing, with just over 100 million passengers annually.

Air transport is booming in China as living standards increase along with peoples' desire to travel. Indeed, it will pass the US to become the world's biggest aviation market by the mid-2020s, according to the International Air Transport Association.

The country will see 1.6 billion plane journeys each year from 2037—a billion more than in 2017, the organisation estimates.

Original Submission