Stories
Slash Boxes
Comments

SoylentNews is people

Log In

Log In

Create Account  |  Retrieve Password


Site News

Join our Folding@Home team:
Main F@H site
Our team page


Funding Goal
For 6-month period:
2022-07-01 to 2022-12-31
(All amounts are estimated)
Base Goal:
$3500.00

Currently:
$438.92

12.5%

Covers transactions:
2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
(SPIDs: [1838..1866])
Last Update:
2022-10-05 14:04:11 UTC --fnord666

Support us: Subscribe Here
and buy SoylentNews Swag


We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

What was highest label on your first car speedometer?

  • 80 mph
  • 88 mph
  • 100 mph
  • 120 mph
  • 150 mph
  • it was in kph like civilized countries use you insensitive clod
  • Other (please specify in comments)

[ Results | Polls ]
Comments:48 | Votes:108

posted by Fnord666 on Wednesday September 11 2019, @11:25PM   Printer-friendly
from the whoops dept.

Arthur T Knackerbracket has found the following story:

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

In mid-August, a member of a popular Russian-language cybercrime forum offered to sell access to the internal network of a U.S. government IT contractor that does business with more than 20 federal agencies, including several branches of the military. The seller bragged that he had access to email correspondence and credentials needed to view databases of the client agencies, and set the opening price at six bitcoins (~USD $60,000).

A review of the screenshots posted to the cybercrime forum as evidence of the unauthorized access revealed several Internet addresses tied to systems at the U.S. Department of Transportation, the National Institutes of Health (NIH), and U.S. Citizenship and Immigration Services (USCIS), a component of the U.S. Department of Homeland Security that manages the nation’s naturalization and immigration system.

Other domains and Internet addresses included in those screenshots pointed to Miracle Systems LLC, an Arlington, Va. based IT contractor that states on its site that it serves 20+ federal agencies as a prime contractor, including the aforementioned agencies.

In an interview with KrebsOnSecurity, Miracle Systems CEO Sandesh Sharda confirmed that the auction concerned credentials and databases were managed by his company, and that an investigating agent from the Secret Service was in his firm’s offices at that very moment looking into the matter.

But he maintained that the purloined data shown in the screenshots was years-old and mapped only to internal test systems that were never connected to its government agency clients.

“The Secret Service came to us and said they’re looking into the issue,” Sharda said. “But it was all old stuff [that was] in our own internal test environment, and it is no longer valid.”

Still, Sharda did acknowledge information shared by Wisconsin-based security firm Hold Security, which alerted KrebsOnSecurity to this incident, indicating that at least eight of its internal systems had been compromised on three separate occasions between November 2018 and July 2019 by Emotet, a malware strain usually distributed via malware-laced email attachments that typically is used to deploy other malicious software.

The Department of Homeland Security did not respond to requests for comment, nor did the Department of Transportation. A spokesperson for the NIH said the agency had investigated the activity and found it was not compromised by the incident.


Original Submission

posted by janrinok on Wednesday September 11 2019, @09:53PM   Printer-friendly
from the do-not-open-suspicious-emails dept.

Arthur T Knackerbracket has found the following story:

A large U.S. manufacturing company is the latest organization to be targeted with the LokiBot trojan – although this most recent campaign harbored some bizarre red flags.

The well-known LokiBot malware has popped up in several malicious spam campaigns over the past year, covertly siphoning information from victims’ compromised endpoints. Researchers this week are warning of the most recent sighting of the malware, which was recently spotted in spam messages targeting a large U.S. manufacturing company.

Researchers first discovered the campaign on Aug. 21 after an unnamed U.S. semiconductor distributor received a spam email sent to the sales department from a potentially compromised “trusted” sender. The email, purporting to be distributing an attached request for quotation, was actually harboring prolific trojan LokiBot. “The attack is pretty straightforward,” said Fortinet researchers in a Tuesday analysis of the attack. “The LokiBot sample has a file size of 286 KB and was recently compiled on Aug 21, which is coincidentally the same date as when the malicious spam was sent…. The spam email then encourages the user to open the attachment as the senders’ colleague is currently out of office, and at the same time offers the potential victim some assurance that he/she can provide further clarification of the contents within the document if needed.”

Despite the spam email (titled “Urgent Request for Quotation #RFQE67Y54”) coming from a trusted sender, there were several tell-tale signs that might give away the email as malicious.

While the email is “simple in appearance,” it contained language that appears to be written by a non-native English speaker and contained spelling errors. For instance, the email states, “Please see ‘attache'”, when referring to an “RFQ” (or a “request for quotation”). Another giveaway is that a closer look at the attached file’s information shows it to be curiously named “Dora Explorer Games,” which is in reference to the children’s’ TV heroine from the show “Dora The Explorer” – a strange name for a file that purports to be related to manufacturing.

[...] Once opened, the file actually harbors LokiBot malware, which is known for stealing a variety of credentials, including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials.

[...] The IP address of this attack is registered to a webhosting provider in Phoenix, Ariz. (called LeaseWeb USA), which was previously used twice before in malicious spam attacks that occurred in June.


Original Submission

posted by janrinok on Wednesday September 11 2019, @06:27PM   Printer-friendly
from the do-they-get-a-lyft-home? dept.

Submitted via IRC for Bytram

Uber lays off hundreds more, this time from its engineering and product teams

Uber announced even more layoffs on Tuesday, following an earlier round in July. The ride-hailing company confirmed it's letting go of hundreds of employees in its engineering and product departments to "reset and improve how we work day to day." The total number of staff it laid off this time was 435 people, or about 8% of each department.

"We need to shift how we design our organizations: lean, exceptionally high-performing teams, with clear mandates and the ability to execute faster than our competitors," an Uber spokesman said in a statement. "Today, we're making some changes to get us back on track, which include reducing the size of some teams to ensure we are staffed appropriately against our top priorities."

The layoffs, first reported by TechCrunch, come during a rough period for Uber as it attempts to gain footing as a public company. After debuting on Wall Street in May, the company has seen plummeting stock prices, quarterly revenue loss and an exodus of high-level executives. Three of Uber's board members have stepped down since then, along with its chief operating officer and chief marketing officer.

[...] With this latest round of layoffs, the Uber spokesman said Khosrowshahi asked his management team if they were satisfied with the design of their organizations.

"After careful consideration, our engineering and product leaders concluded the answer to this question in many respects was no," the spokesman said. "Previously, to meet the demands of a hyper-growth startup, we hired rapidly and in a decentralized way." That worked in the past, the spokesman said, but it doesn't anymore.


Original Submission

posted by janrinok on Wednesday September 11 2019, @04:52PM   Printer-friendly
from the we-like-near-misses dept.

Arthur T Knackerbracket has found the following story:

New findings from University of Kansas experimental nuclear physicists Daniel Tapia Takaki and Aleksandr (Sasha) Bylinkin were just published in the European Physical Journal C. The paper centers on work at the Compact Muon Solenoid, an experiment at the Large Hadron Collider, to better understand the behavior of gluons.

Gluons are elementary particles that are responsible for "gluing" together quarks and anti-quarks to form protons and neutrons—so, gluons play a role in about 98% of all the visible matter in the universe. Previous experiments at the now-decommissioned HERA electron-proton collider found when protons are accelerated close to light-speed, the density of gluons inside them increases very rapidly.

"In these cases, gluons split into pairs of gluons with lower energies, and such gluons split themselves subsequently, and so forth," said Tapia Takaki, KU associate professor of physics & astronomy. "At some point, the splitting of gluons inside the proton reaches a limit at which the multiplication of gluons ceases to increase. Such a state is known as the 'color glass condensate,' a hypothesized phase of matter that is thought to exist in very high-energy protons and as well as in heavy nuclei."

The KU researcher said his team's more recent experimental results at the Relativistic Heavy Ion Collider and LHC seemed to confirm the existence of such a gluon-dominated state. The exact conditions and the precise energy needed to observe "gluon saturation" in the proton or in heavy nuclei are not yet known, he said.

"The CMS experimental results are very exciting, giving new information about the gluon dynamics in the proton," said Victor Goncalves, professor of physics at Federal University of Pelotas in Brazil, who was working at KU under a Brazil-U.S. Professorship given jointly by the Sociedade Brasileira de Física and the American Physical Society. "The data tell us what the energy and dipole sizes are needed to get deeper into the gluonic-dominated regime where nonlinear QCD effects become dominant."

Although experiments at the LHC don't directly study interaction of the proton with elementary particles such as those of the late HERA collider, it's possible to use an alternative method to study gluon saturation. When accelerated protons (or ions) miss each other, photon interactions occur with the proton (or the ion). These near misses are called ultra-peripheral collisions (UPCs) as the photon interactions mostly occur when the colliding particles are significantly separated from each other.

[...] The researchers said the work is significant because it's the first establishment of four measured points in terms of the energy of the photon-proton interaction and as a function of the momentum transfer.

"Previous experiments at HERA only had one single point in energy," Tapia Takaki said. "For our recent result, the lowest point in energy is about 35 GeV and the highest one is about 180 GeV. This does not sound like a very high energy point, considering that for recent J/psi and Upsilon measurements from UPCs at the LHC we have studied processes up to the 1000s GeV. The key point here is that although the energy is much lower in our Rho0 studies, the dipole size is very large."


Original Submission

posted by janrinok on Wednesday September 11 2019, @03:26PM   Printer-friendly
from the life-saver dept.

Queen Mary University of London:

A new and simple blood test has been found to efficiently and accurately detect the presence of aggressive prostate cancer, according to research by Queen Mary University of London.

In combination with the current prostate specific antigen (PSA) test, the new test could help men avoid unnecessary and invasive biopsies, over-diagnosis and over-treatment.

Prostate cancer is the most common cancer in Western men, with 1.3 million new cases being diagnosed each year worldwide. It is currently detected using a blood test that measures PSA levels. Although it provides early diagnosis, the PSA blood test has a low specificity (high false positives) with about 75 per cent of all PSA positive results ending up with negative biopsies that do not find cancer.

When a high PSA level in the blood is detected, the patient undergoes a tissue biopsy of the prostate gland, which is invasive and carries a significant risk of bleeding and infection. On biopsy, the majority of patients with elevated PSA levels are found not to have cancer. Additionally, most diagnosed early-stage prostate cancers are not fatal if left untreated. The current practice of the combined PSA test and biopsy for prostate cancer therefore results in unnecessary biopsies and over-diagnosis and overtreatment of many men.

The new prostate cancer test [...] detects early cancer cells, or circulating tumor cells (CTCs), that have left the original tumour and entered the bloodstream prior to spreading around the body. By measuring intact living cancer cells in the patient's blood, rather than the PSA protein which may be present in the blood for reasons other than cancer, it potentially provides a more accurate test for prostate cancer.

The study, published in the Journal of Urology, looked at the use of the CTC test in 98 pre-biopsy patients and 155 newly diagnosed prostate cancer patients enrolled at St Bartholomew's Hospital in London.

The research team found that the presence of CTCs in pre-biopsy blood samples were indicative of the presence of aggressive prostate cancer, and efficiently and non-invasively predicted the later outcome of biopsy results. When the CTC tests were used in combination with the current PSA test, it was able to predict the presence of aggressive prostate cancer in subsequent biopsies with over 90 per cent accuracy, better than any previously reported biomarkers.

Non-invasive Detection of Clinically Significant Prostate Cancer Using Circulating Tumor Cells.[$] Journal of Urology, 2019; DOI: 10.1097/JU.0000000000000475

-- submitted from IRC


Original Submission

posted by janrinok on Wednesday September 11 2019, @01:52PM   Printer-friendly
from the with-great-power-comes-great-responsibility dept.

At The Hill,

Washington Monthly Executive Editor Gilad Edelman said the perception of Silicon Valley has shifted dramatically among Democrats and Republicans since the 2016 presidential election.

Edelman told Hill.TV that the industry was relatively insulated from criticism and viewed favorably by both parties until President Trump's surprise victory over Hillary Clinton, saying his win "really scrambled a lot these beliefs and intuitions."

"Silicon Valley seems to have gone from an industry with no enemies to an industry with no friends," Edelman said during an interview on "Rising."

"Democrats realized that whatever the CEOs of Google or Facebook might think, these platforms seems to have facilitated Donald Trump's election," he added. "On the right, the fact that Trump could get elected while breaking from some pretty serious orthodoxies — at least superficially on economic matters — meant that maybe there was more room to criticize corporate business practices than conservatives had previously thought."


Original Submission

posted by martyb on Wednesday September 11 2019, @12:24PM   Printer-friendly
from the Here-we-go-again dept.

Intel server-grade CPUs impacted by new NetCAT attack

Academics from the Vrije University in Amsterdam have detailed today a new attack on Intel CPUs.

Named NetCAT, this is a vulnerability in all Intel chips that support the Data-Direct I/O Technology (Intel DDIO) and Remote Direct Memory Access (RDMA) features.

When these two features are enabled, academics have shown that they can launch an attack on remote, networked computers, and infer certain types of data that is being processed inside the CPU's cache.

Intel Apollo Lake CPUs May Die Sooner Than Expected

As detailed in a recent Product Change Notification (PCN) document, Intel is refreshing four of the company's Celeron and Pentium Apollo Lake processors due to degradation concerns. The problem stems from the same issue that initially cropped up with the C2000 Atom family, which had enough of an impact that Intel had to establish a reserve fund to cover the costs associated with replacing the processors.


Original Submission

posted by martyb on Wednesday September 11 2019, @10:47AM   Printer-friendly
from the bands-watching-out-for-the-people-who-watch-the-people-who-watch-a-concert dept.

Arthur T Knackerbracket has found the following story:

Former Rage Against the Machine member Tom Morello and band Speedy Ortiz have joined a campaign by digital rights group Fight for the Future.

[...] In a tweet, Tom Morello said: "I don't want Big Brother at my shows targeting fans for harassment, deportation or arrest."

Fight for the Future added: "Music fans should feel safe and respected at festivals and shows, not subjected to invasive biometric surveillance."

[...] Ticketmaster's parent company Live Nation announced in May 2018 that to stop fans having to use tickets, it was teaming up with Blink Identity, which uses technology to scan people's faces as they enter concert venues.


Original Submission

posted by martyb on Wednesday September 11 2019, @09:11AM   Printer-friendly
from the Biology dept.

woman in Japan with a corneal disease has become the first person in the world to receive a corneal transplant made from induced pluripotent stem cells, according to a team of researchers led by ophthalmologist Kohji Nishida at Osaka University.

The cornea, a clear layer that covers the eye, contains stem cells that repair damage and maintain vision. These stem cells can be lost through injury or disease, which can then cause blurry vision and lead to blindness. As part of a clinical trial, the team performed a cornea transplant on a woman in her 40s with a corneal disease that caused her to lose these stem cells. The induced pluripotent stem cells (IPSCs) used in the transplant were taken from an adult donor, reprogrammed into an undifferentiated state, and then induced to develop into corneal stem cells.

https://www.the-scientist.com/news-opinion/woman-receives-first-corneal-transplant-made-from-ips-cells--66385

DOI: 10.1038/d41586-019-02597-2 Abstract (article paywalled)


Original Submission

posted by martyb on Wednesday September 11 2019, @07:31AM   Printer-friendly
from the things-prior-to-2038 dept.

Gas Plants Will Get Crushed by Wind, Solar by 2035, Study Says

By 2035, it will be more expensive to run 90% of gas plants being proposed in the U.S. than it will be to build new wind and solar farms equipped with storage systems, according to the report Monday from the Rocky Mountain Institute. It will happen so quickly that gas plants now on the drawing boards will become uneconomical before their owners finish paying for them, the study said.

The authors of the study say they analyzed the costs of construction, fuel and anticipated operations for 68 gigawatts of gas plants proposed across the U.S. They compared those costs to building a combination of solar farms, wind plants and battery systems that, together with conservation efforts, could supply the same amount of electricity and keep the grid stable.

As gas plants lose their edge in power markets, the economics of pipelines will suffer, too, RMI said in a separate study Monday. Even lines now in the planning stages could soon be out of the money, the report found.

Hopefully our electrical distribution grid will still work.


Original Submission

posted by martyb on Wednesday September 11 2019, @05:54AM   Printer-friendly
from the renaming-it-to-be-NSHA:-the-Not-Secure-Hashing-Algorithm dept.

Arthur T Knackerbracket has found the following story:

The Wall Street fintech Treadwell Stanton DuPont broke silence today as it announced its Research & Development and Science Teams successfully broke the SHA-256[*] hashing algorithm silently in controlled laboratory conditions over a year ago. The announcement aims to secure financial and technological platform superiority to its clients and investors worldwide.

[...] While the best public cryptanalysis has tried to break the hashing function since its inception in 2001, work on searching, developing and testing practical collision and pre-image vulnerabilities on the SHA-256 hashing algorithm began back in 2016 in Treadwell Stanton DuPont's R&D facilities, culminating 2 years later with the successful discovery of a structural weakness and the initial development of the first practical solution space of real world value by its researchers.

"While we have successfully broken all 64 rounds of pre-image resistance," said Seiijiro Takamoto, Treadwell Stanton DuPont's director of newly formed Hardware Engineering Division, "it is not our intention to bring down Bitcoin, break SSL/TLS security or crack any financial sector security whatsoever."

[*] See the SHA-2 page on Wikipedia for background on SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.


Original Submission

posted by Fnord666 on Wednesday September 11 2019, @04:19AM   Printer-friendly
from the maybe-do-some-testing dept.

Arthur T Knackerbracket has found the following story:

Hoity-toity hi-fi purveyor Bose has inadvertently silenced a bunch of its own soundbars with a recent firmware update.

The problems were first reported on the Bose support forum two weeks ago and affect the company's Soundbar 700.

Users connecting the overpriced telly speaker via HDMI are being advised to use optical connections instead as a temporary fix. Support staff have also suggested rebooting the speaker every time the TV is turned on or contacting the telly's manufacturer – ideas not broadly welcomed by Bose customers.

The Reg reader who tipped us off complained: "In typical Bose fashion thus far, they attempted to blame TV and other device firmwares and suggested asinine resolutions that seem as positive as jumping up and down on one foot to solve the issue. Lastly they suggest using optical cables rather than using what has been [the] working solution of HDMI ARC and CEC for many people since inception of the product."


Original Submission

posted by Fnord666 on Wednesday September 11 2019, @02:47AM   Printer-friendly
from the oversharing dept.

Arthur T Knackerbracket has found the following story:

Intimate data, including when people have had sex, is being shared with Facebook, a study from Privacy International has suggested.

It included details such as what contraception was used, when periods were due and the type of symptoms experienced.

Since the investigation, one app said it was changing its privacy policies.

Menstruation apps collect some of the most intimate data imaginable - from general health, to information about sex, moods, what the user eats, drinks and even what sanitary products she uses.

In exchange for this, the app will offer the user the dates of the month she is most fertile or when to expect her next period.

Sharing to Facebook happens via the social network's software development kit (SDK), tools that can be used by apps to help them make money by reaching advertisers who, in turn, provide users with personalised ads.

PI found the most popular apps in this category - Period Tracker, Period Track Flo and Clue Period Tracker did not share data with Facebook.

But others - such as Maya by Plackal Tech (which has 5 million downloads on Google Play), MIA by Mobapp Development Limited (1 million downloads) and My Period Tracker by Linchpin Health (more than 1 million downloads) - did.


Original Submission

posted by Fnord666 on Wednesday September 11 2019, @01:15AM   Printer-friendly
from the lost-colony dept.

Arthur T Knackerbracket has found the following story:

In 2004, archaeology professor Robert Muckle was alerted to a site within the forests of British Columbia’s North Shore mountains, where a few old cans and a sawblade had been discovered. He suspected the area was once home to a historic logging camp, but he did not anticipate that he would spend the next 14 years unearthing sign after sign of a forgotten Japanese settlement—one that appears to have been abruptly abandoned.

Brent Richter of the North Shore News reports that Muckle, an instructor at Capilano University in Vancouver, and his rotating teams of archaeology students have since excavated more than 1,000 items from the site. The artifacts include rice bowls, sake bottles, teapots, pocket watches, buttons and hundreds of fragments of Japanese ceramics. Muckle tells Smithsonian that the “locations of 14 small houses … a garden, a wood-lined water reservoir, and what may have been a shrine,” were also discovered, along with the remnants of a bathhouse—an important fixture of Japanese culture.

The settlement sits within an area now known as the Lower Seymour Conservation Reserve, located around 12 miles northeast of Vancouver. Muckle has in fact uncovered two other sites within the region that can be linked to Japanese inhabitants: one appears to have been part of a “multi-ethnic” logging camp, Muckle says, the second a distinctly Japanese logging camp that was occupied for several years around 1920. But it is the third site, which seems to have transitioned from a logging camp to a thriving village, that fascinates him the most.

“There was very likely a small community of Japanese who were living here on the margins of an urban area,” Muckle tells Richter. “I think they were living here kind of in secret.”


Original Submission

posted by Fnord666 on Tuesday September 10 2019, @11:43PM   Printer-friendly
from the leveling-the-playing-field dept.

The City of Bonavista has taken a new approach to dealing with airbnb hosts who represent unfair competition for hotels and bread-and-breakfast ins because they don't pay business taxes. They cut your sewer and water lines.

Bonavista cuts off services for Airbnb operators with unpaid business tax bills.

"We have gone to some pretty serious measures to collect. We have literally dug up driveways and turned off water (and) sewer service until the bill is paid, cutting them off completely from all municipal services.

-- Mayor John Norman

If people can't even drive their car onto your property, take a shower, use the toilet, you're pretty motivated to pony up.

The mayor said the taxation method has been successful, but he acknowledges not all Airbnb owners are pleased.

"I don't think some are happy about it, but it is what it is."

This is a pretty effective fix to unfair competition by airbnb hosts. The next question is, how can we apply the same thinking to uber and lyft?


Original Submission