SoylentNews

"upstart" writes:

Submitted via IRC for SoyCow7671

New Allegations: Capital One Suspect Stole From 30+ Organizations

The woman allegedly responsible for the massive breach of customer data at Capital One stole data from 30 other organizations, according to new information from prosecutors.

In a new court filing, they alleged that Paige Thompson stole terabytes of information from enterprises, educational institutions and other organizations, although she claims not to have sold or distributed any of it to others.

The information is being revealed as part of efforts by prosecutors to persuade the judge to deny bail.

It alleges that Thompson has a history of threatening behavior, including threats to kill others and herself. She is also said to have harassed a couple for seven years, forcing them to obtain a protection order.

Investigators found the new information on data breaches on servers in Thompson’s bedroom.

“That data varies significantly in both type and amount. For example, much of the data appears not to be data containing personal identifying information,” the court filing explained.

“At this point, however, the government is continuing to work to identify specific entities from which data was stolen, as well as the type of data stolen from each entity. The government expects to add an additional charge against Thompson based upon each such theft of data, as the victims are identified and notified.”

Also at ArsTechnica

Original Submission

An Anonymous Coward writes:

Khara and Anime/CG production company "Project Studio Q, Inc." are preparing to switch their primary 3D CG tools to Blender. Blender will be used for some parts of "EVANGELION:3.0+1.0" they are currently working on.

Khara has been using Autodesk "3ds Max" as their primary tool so far. "EVANGELION:3.0+1.0" production is mainly done with 3ds Max. They are now starting to switch from 3ds Max to Blender. Usually the reason being "due to differences such as quality and functionalities", but Khara's reason is different.

Hiroyasu Kobayashi, General Manager of Digital Dpt. and Director of the Board of Khara and President of Studio Q, and Daisuke Onitsuka, CGI Director of Digital Dpt. of Khara and General Manager of Production Dpt. of Studio Q, told about their situation.

[Onitsuka] "We need cooperative work with friend companies for our production. However, many of those companies are small or middle-sized, so if we stick to 3ds Max it will cause higher management costs. ... While we still have the challenge whether a new partner company can use Blender or not, but at least, cost-wise is much simpler, so we are proposing them to use Blender as we use it."

[...] [Takumi] Shigyo: "We are getting more artists that started by using Blender in Studio Q. We are also seeing more high quality works by Blender users from high school students in Award:Q. I expect these new generations to be the majority working at studios in the future."

https://www.blender.org/user-stories/japanese-anime-studio-khara-moving-to-blender/

Original Submission

Arthur T Knackerbracket has found the following story:

Scientists have taken the temperature of a huge expanse of seafloor in the Arctic Ocean in new research by the U.S. Geological Survey and the Geological Survey of Canada. The study, published in the Journal of Geophysical Research, is accompanied by the release of a large marine heat flow dataset collected by the USGS from an ice island drifting in the Arctic Ocean between 1963 and 1973. These never-before-published data greatly expand the number of marine heat flow measurements in the high Arctic Ocean.

Marine heat flow data use temperatures in near-seafloor sediments as an indication of how hot Earth's outer layer is. These data can be used to test plate tectonic theories, provide information on oil and gas reservoirs, determine the structure of rock layers and infer fluid circulation patterns through fractures in those rock layers.

Starting in 1963, now-retired USGS scientist Arthur Lachenbruch and his team of researchers conducted 356 marine heat flow measurements and acquired more than 500 seafloor sediment samples while working from a hut installed on Fletcher's Ice Island, a 30-square-mile ice floe also known as T-3. These Arctic Ocean heat flow measurements taken by the USGS over the course of 10 years represent far more than the number available for the U.S. Atlantic margin.

[...] In the Journal of Geophysical Research paper describing these measurements, USGS geophysicist Carolyn Ruppel and co-authors combine the legacy T-3 heat flow data with modern seismic images. These Arctic Ocean seismic data are acquired by icebreakers taking images hundreds to thousands of meters (up to many miles) below the seafloor to reveal sediment and rock structures, faults, and other features.

[...] The new paper analyzes the variability in the T-3 heat flow dataset and shows that the temperatures of the seafloor and upper levels of the crust are not dependent on bathymetry or sediment thickness. The analysis also shows that high heat flow variability on Alpha Ridge, which was formed when a mantle hotspot triggered the creation of the High Arctic Large Igneous Province, is consistent with thin sediment cover over fractured basement rock permeated by circulating fluids.

The new study also confirms results obtained in the 1960s by Lachenbruch and USGS colleague B. Vaughn Marshall. They had postulated that differences between the make-up of the rock layers between Canada Basin and Alpha Ridge could account for a heat flow anomaly at the boundary between these provinces.

C. D. Ruppel, A. H. Lachenbruch, D. R. Hutchinson, R. J. Munroe, D. C. Mosher. Heat Flow in the Western Arctic Ocean (Amerasian Basin). Journal of Geophysical Research: Solid Earth, 2019; DOI: 10.1029/2019JB017587

Original Submission

[Updated 20190818_014119 UTC. (1) Added expansion of KNOB acronym and link to their site. (2) Note: the linked story has been updated since this story went live and the first 3 paragraphs you see here are no longer present on Bleeping Computer. --martyb]

Arthur T Knackerbracket has found the following story:

A new Bluetooth vulnerability named "KNOB"[*] has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.

In a coordinated disclosure between Center for IT-Security, Privacy and Accountability (CISPA), ICASI, and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon, a new vulnerability called "KNOB" has been disclosed that affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 - 5.1.

This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key used for establishing a connection. In some cases, an attacker could reduce the length of an encryption key to a single octet.

"The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used," stated an advisory on Bluetooth.com. "In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet."

This reduction in key length would make it much easier for an attacker to brute force the encryption key used by the paired devices to communicate with each other.

Once the key was known to the attackers, they could monitor and manipulate the data being sent between the devices. This includes potentially injecting commands, monitoring key strokes, and other types of behavior.

[...] Below is the full list provided by ICASI of members and partners and whether they are affected:

[*] KNOB: Key Negotiation Of Bluetooth attack.

Original Submission

Arthur T Knackerbracket has found the following story:

A group of researchers led by Professor Myakzyum Salakhov has been working on the problem of optical states in plasmonic-photonic crystals (PPCs).

First Category Engineer Artyom Koryukin says that the research was dedicated to modeling bandgap—the range of light wavelength where propagation through a crystal is difficult. PPCs, on the other hand, allow the passage of light of a certain wavelength through this photonic bandgap. The problem of three-dimensional opal-like PPCs (OLPPCs), however, is that they don't admit light of certain wavelengths.

[...] OLPPCs with the hybrid mode of the optical states can be used in high-polarization-sensitive sensors. "We assume that the hybrid mode can be useful for improving the control of light in PPCs. New types of resonators based on OLPPCs can be used for the strong interaction of light and matter," adds Mr. Koryukin.

The group is planning to create a theoretical description of the model of such processes. Additionally, they want to find effective applications for OLPPCs, such as strong light-matter interactions with a single photon source.

Original Submission

upstart writes:

Submitted via IRC for SoyCow7671

Phishing Campaign Uses Google Drive to Bypass Email Gateways

A highly targeted phishing campaign was recently observed while bypassing a Microsoft email gateway using documents shared via the Google Drive service to target the staff of a company from the energy industry.

Google Drive is a file storage and synchronization service created by Google that enables its users to store files in the cloud and effortlessly synchronize them between devices and platforms. The documents used to link to the phishing landing page were delivered using Google Docs, Google's online word processor.

The phishing messages spotted by Cofense security researchers impersonated the CEO of the company and tried tricking the employees to open an "important message" shared via Google Docs, Google's online word processor.

"The email is legitimately sent by Google Drive to employees and appears to be shared on behalf of the CEO by an email address that does not fit the email naming convention of the targeted company," found Cofense.

This made it possible for the attackers to take advantage of Google's legitimate service to circumvent the phishing detection protection provided to the company by the Microsoft Exchange Online Protection cloud-based email filtering service.

In reality, the document linked to a Google Docs document which, in turn, redirected the potential victims to the attackers' phishing landing pages that would request them to enter their credentials to access the CEO's urgent message.

"The link within the email body is also hard to defend against because it links to an actual Google Drive share," also found the Cofense researchers.

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

A new Spambot Trojan targeting French people has been discovered that records a victim's screen when they are using sites related to sex, pornography, and known pornographic sites.

We have all heard about the fake "sextortion" email scams that tell recipients that they have installed software that records them while you are on adult web sites. After a year of these emails being sent out, many people have come to recognize them as a scam.

In a new report by released today by ESET, a new Spambot is about to make things confusing. That is because it has been discovered to record your screen while you are on porn sites or pages with keywords related to sex.

[...]This new Spambot is being named Varenyky by ESET researchers who said they discovered it when they saw an uptick of infections targeting French users in may. This same Trojan was also found by Any.run in June.

[...]Although the Varenyky Trojan had the ability to record these videos, ESET has seen no indication that they have been used in an actual sextortion campaign against the victim or others.

I'll leave the jokes to you lot this time.

Source: https://www.bleepingcomputer.com/news/security/new-trojan-records-your-screen-when-on-sex-related-sites/

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

[Fossa Systems], a non-profit youth association based out of Madrid, is developing an open-source satellite set to launch in October 2019. The FossaSat-1 is sized at 5x5x5 cm, weighs 250g, and will provide free IoT connectivity by communicating LoRa RTTY signals through low-power RF-based LoRa modules. The satellite is powered by 28% efficient gallium arsenide TrisolX triple junction solar cells.

The satellite's development and launch cost under EUR 30000, which is pretty remarkable for a cubesat — or a picosatellite, as the project is being dubbed. It has been working in the UHF Amateur Satellite band (435-438 MHz) and recently received an IARU frequency spectrum allocation for LoRa of 125kHz.

[...] The satellite is being built in a cleanroom at Rey Juan Carlos University and has undergone thermovacuum and vibration testing at the facility. The group has since developed an educational satellite development kit, which offers three main 40×40 mm boards that allow the addition of modifications. As their mission states, the group is looking to develop an open source project, so the code for the satellite is freely available on their GitHub.

Source: https://hackaday.com/2019/08/15/spains-first-open-source-satellite/

Original Submission

upstart writes:

Submitted via IRC for Bytram

Chemists make first-ever ring of pure carbon

Long after most chemists had given up trying, a team of researchers has synthesized the first ring-shaped molecule of pure carbon — a circle of 18 atoms.

The chemists started with a triangular molecule of carbon and oxygen, which they manipulated with electric currents to create the carbon-18 ring. Initial studies of the properties of the molecule, called a cyclocarbon, suggest that it acts as a semiconductor, which could make similar straight carbon chains useful as molecular-scale electronic components.

It is an "absolutely stunning work" that opens up a new field of investigation, says Yoshito Tobe, a chemist at Osaka University in Japan. "Many scientists, including myself, have tried to capture cyclocarbons and determine their molecular structures, but in vain," Tobe says. The results appear in Science1 on 15 August.

[...] For now, the researchers are going to study the basic properties of carbon-18, which they have been able to make one molecule at a time only. They are also going to keep trying alternative techniques that might yield greater quantities. "This is so far very fundamental research," Gawel says.

"The work is beautiful," says Hoffmann, although he adds that it remains to be seen whether carbon-18 is stable when lifted off the salt surface, and whether it can be synthesized more efficiently than one molecule at a time.

Also at Popular Mechanics

Original Submission

upstart writes:

Submitted via IRC for SoyCow2718

Google removes option to disable Nest cams' status light

No more stashing your Nest security cameras in the bushes to catch burglars unaware: Google informed users on Wednesday that it's removing the option to turn off the status light that indicates when your Nest camera is recording.

You can still dim the light that shows when Google's Nest, Dropcam, and Nest Hello cameras are on and sending video and audio to Nest, Google said, but you can't make it go away on new cameras. If the camera is on, it's going to tell people that it's on – with its green status light in Nest and Nest Home and the blue status light in Dropcam – in furtherance of Google's newest commitment to privacy.

Google introduced its new privacy commitment at its I/O 2019 developers conference in May, in order to explain how its connected home devices and services work.

The setting that enabled users to turn off the status light is being removed on all new cameras. When the cameras' live video is streamed from the Nest app, the status light will blink. The update will be done over-the-air for all Nest cams: Google's update notice said that the company was rolling out the changes as of Wednesday, 14 August 2019.

The change is a plus for the privacy-aware: say, people who are wary of their Airbnb hosts secretly filming them in the shower or bedroom.

On the other end of the spectrum, it's an outrage to some users who say they've spent big bucks on cameras that can stay hidden. One comment on Google's update notice called it "an absurd update and an invasion of my rights as a consumer" – more of a "post-purchase middle finger" to customers than a privacy plus.

Original Submission

upstart writes:

Submitted via IRC for SoyCow2718

GE stock has worst day in 11 years after Madoff whistleblower calls it a bigger fraud than Enron

General Electric shares plunged more than 11% Thursday after Harry Markopolos, who is famous for blowing the whistle on Bernie Madoff's Ponzi scheme in 2008, accused GE of orchestrating a massive fraud.

GE CEO Larry Culp on Thursday bought 252,200 shares at $7.93 per share, a purchase worth almost $2 million, according to an SEC filing. The buy helped bump GE's share price around 2% in after-hours trading. Culp's ownership of GE stock nearly doubled this week after an earlier purchase Tuesday. GE Board Director Leslie Seidman called the fraud allegations "baseless" and "inflammatory" in an interview on CNBC's "Closing Bell" Thursday evening. She said Markopolos' claims do not "reflect the GE I know." Seidman chairs of the board's audit committee.

Markopolos said in a report released Thursday that GE was hiding nearly $40 billion of losses in its insurance business. He said this is the largest case of accounting fraud he and his team have investigated. "In fact, GE's $38 billion in accounting fraud amounts to over 40% of GE's market capitalization, making it far more serious than either the Enron or WorldCom accounting frauds," Markopolos wrote in the report, referring to the scandals that eventually helped bankrupt energy giant Enron in 2001 and long-distance telco WorldCom in 2002. GE strongly denied Markopolos' allegations.

Original Submission

DannyB writes:

Denmark Offers to Buy U.S.

COPENHAGEN (The Borowitz Report)—After rebuffing Donald J. Trump's hypothetical proposal to purchase Greenland, the government of Denmark has announced that it would be interested in buying the United States instead.

"As we have stated, Greenland is not for sale," a spokesperson for the Danish government said on Friday. "We have noted, however, that during the Trump regime, pretty much everything in the United States, including its government, has most definitely been for sale."

"Denmark would be interested in purchasing the United States in its entirety, with the exception of its government," the spokesperson added.

A key provision of the purchase offer, the spokesperson said, would be the relocation of Donald Trump to another country "to be determined," with Russia and North Korea cited as possible destinations.

If Denmark's bid for the United States is accepted, the Scandinavian nation has ambitious plans for its new acquisition. "We believe that by giving the U.S. an educational system and national health care, it could be transformed from a vast land mass into a great nation," the spokesperson said.

Attention Denmark: at least our politicians are for sale, regardless of party affiliation, to purchasers both foreign and domestic.

Original Submission

takyon writes:

Marvell at FMS 2019: NVMe Over Fabrics Controllers, AI On SSD

Taking things to the logical next step, Marvell also announced a native Ethernet/NVMeoF SSD controller. The 88SS5000 is effectively their 88SS1098 NVMe controller with the PCIe interface replaced by the dual 25GbE interface used by the NVMe to Ethernet converter. This new single-chip solution for Ethernet-attached SSDs helps cut costs and power consumption, making the whole idea more palatable to datacenter customers. Marvell showed samples of this controller paired with 8TB of Toshiba 96L 3D TLC NAND and 12GB of DDR4 DRAM.

Looking further into the future, Marvell shared their take on the idea of Computational Storage—SSDs that do more than just store data. Marvell is working to integrate a Machine Learning engine into future SSD controllers, allowing inferencing tasks to be offloaded from CPUs or GPUs onto the SSDs that already store the data being processed. The hardware setup is basically the same mess of cables connecting FPGAs to Flash that Marvell has shown in previous years, but on the software side their demo has matured greatly.

In addition to demonstrating realtime object recognition using a pre-trained model, Marvell now has a system to perform offline recognition on videos stored on the SSD. Their demo presented the results of this recognition as a graph showing which objects were recognized over the duration of a video. There was also a content-aware search engine that would return the segments of stored videos that depict the requested objects. For the demo, this functionality was exposed through a simple web interface. In production, the envisioned use case is to have an application server aggregating results from an array of content-aware SSDs that each perform some kind of analytics on their share of the overall dataset.

Original Submission

Arthur T Knackerbracket has found the following story:

Crystals, amber, amethyst, phallic amulets, glass beads, figurines, and a miniature human skull were among the many artifacts archaeologists uncovered from an excavation site at Pompeii recently. The objects were probably left behind by someone fleeing the famous volcanic eruption in 79 AD—possibly even a sorceress. The various objects will be displayed at the Palastra Grande in Pompeii later this year.

“They are objects of everyday life in the female world and are extraordinary because they tell micro-stories and biographies of the inhabitants of the city who tried to escape the eruption,” Massimo Osanna, general director of the Archaaological Park of Pompeii, said in a statement.

The catastrophic eruption of Mount Vesuvius in 79 AD wiped out several nearby towns and killed thousands of people. The eruption released 100,000 times the thermal energy of the atomic bombs dropped on Hiroshima and Nagasaki in 1945, ejecting many tons of molten rock, pumice, and hot ash over the course of two days. In the first phase, immediately after the eruption, a long column of ash and pumice blanketed the surrounding towns, most notably Pompeii and Herculaneum. By late night or early morning, pyroclastic flows (fast-moving hot ash, lava fragments, and gases) swept through and obliterated what remained, leaving the bodies of the victims frozen in seeming suspended action.

[...] The archaeologists were diligently excavating Casa del Giardino in the park when they found a decaying wooden box with brass hinges. Many of the artifacts are adorned with iconography associated with fertility, fortune, and protection against bad luck, according to Osanna, such as Egyptian scarab beetles (used to protect pregnant women and babies), phallus-shaped pendants, and bird bones used to ward off the "evil eye."

They also found ten victims in a separate room of Casa del Giardino—most likely the servants' quarters—all victims of the eruption. The wooden box may have belonged to one of them. Since none of the recovered items were made of gold (an indication of wealth and elite status), it's more likely the owner was a servant or slave.

"There are dozens of good luck charms next to other objects that were attributed with the power of crushing bad luck," said Osanna. "They could have been necklaces that were worn during rituals rather being used to look elegant."

Original Submission

MostCynical writes:

Forbes reports that a security researcher in California registered the vanity plate "NULL," partly for fun and partly in the hope that this spoofed the system into returning errors whenever his plate was seen.

Instead he received more than $12,000 in fines, as his plate became a dumping ground for erroneous data records.

Every single speeding ticket for which no valid license plate could be found was assigned to his car. The Los Angeles police department eventually scrapped the tickets but advised the man to change his plates, or the same problem would continue to occur. In response, the man has apparently said: "No, I didn't do anything wrong," insisting to his Def Con audience that, whatever happens, "I won't pay those tickets."

Also covered in the Guardian.
 

Original Submission