SoylentNews

"exec" writes:

https://www.ft.com/content/23ab2f68-d957-11e9-8f9b-77216ebe1f17

The smart TVs in our homes are leaking sensitive user data to companies including Netflix, Google and Facebook even when some devices are idle, according to two large-scale analyses. The data were being sent whether or not the user had a Netflix account. The researchers also found that other smart devices including speakers and cameras were sending user data to dozens of third parties including Spotify and Microsoft.

The findings are likely to heighten concerns about the privacy of user data on the internet just as smart devices, including televisions, are flooding homes.

In a separate study of smart TVs by Princeton University, researchers found that some apps supported by Roku and FireTV were sending data such as specific user identifiers to third parties including Google.

Roughly 68 per cent of US households had a connected TV device, including external hardware such as Roku and Apple TV, at the end of 2018, according to a Nielsen report from March. Tens of millions of these devices use content recognition technology that tracks everything you watch, to be able to target you better with TV advertising, which now accounts for about half of all digital ads.

The Northeastern University study, conducted on 81 different devices, both in the UK and the US, is the largest published experiment of its kind, and found “notable cases of information exposure”. Amazon, Google, Akamai and Microsoft were the most frequently contacted companies, partly because these companies provide cloud and networking services for smart devices to operate on, the researchers said.

[...] By analysing network traffic, the Northeastern team concluded that third parties receive, at the very least, information about the device people are using, their locations, and possibly even when they are interacting with it. “So they might know when you’re home and when you’re not,” said Professor Choffnes. 

Because much of the data being sent out by device manufacturers was encrypted, the academics were not aware of exactly what additional data were being transmitted. “They can definitely see some [viewing] is taking place, but what they can exactly see depends on what the manufacturer is sending, which we have not made an attempt to re-engineer,” said Hamed Haddadi, computer scientist at Imperial College and another paper author.

-- submitted from IRC

Original Submission

upstart writes:

Submitted via IRC for Fnord666

Billions of license plate scans are part of a private surveillance database

The US government might have reconsidered its plans for license plate recognition, but companies haven't -- and they've raised serious privacy concerns in the process. Motherboard has posted an exposé detailing the Digital Recognition Network, a privately run database that collects legions of plate recognition scans (roughly 9 billion to date) from repo drivers with camera-equipped cars. The system automatically captures both the plates and locations of every car they drive by, making it possible to track the movement of car owners across the US over months or even years. Anyone with access could find out where you live, work and socialize.

[...] As you might have already suspected, this automatic data gathering creates many issues. For one, most of the vehicles in the database are of completely innocent people who have no way of knowing if they're even included in the data set. And while a spokesperson for DRN said the company "takes data security seriously" and doesn't allow access without its approval, there have been instances where unauthorized people have obtained that access. It's feasible that users (approved and otherwise) could exploit this for stalking or gaining the upper hand in court without revealing sources.

Law enforcement can also use the system, and DRN's sibling brand Vigilant Solutions sells the tech to government agencies. That raises the potential of rogue officers using the plate tracking to intimidate protesters or witnesses of police abuses.

Original Submission

upstart writes:

Submitted via IRC for SoyCow2718

Clever New DDoS Attack Gets a Lot of Bang for a Hacker's Buck

One of the trickiest things about stopping DDoS attacks is that hackers constantly develop new variations on familiar themes. Take a recent strike against an unnamed gaming company, which used an amplification technique to turn a relatively tiny jab into a digital haymaker.

On Wednesday, researchers from Akamai's DDoS mitigation service Prolexic detailed a 35 gigabit per second attack against one of its clients at the end of August. Compared to the most powerful DDoS attacks ever recorded, which have topped 1 terabit per second, that might not sound like a lot. But the attackers used a relatively new technique—one that can potentially yield a more than 15,000 percent rate of return on the junk data it spews at a victim.

The new type of attack feeds on vulnerabilities in the implementation of the Web Services Dynamic Discovery protocol. WS-Discovery lets devices on the same network communicate, and can direct them all to ping one location or address with details about themselves. It's meant to be used internally on local access networks, not the rollicking chaos monster that is the public internet. But Akamai estimates that as many as 800,000 devices exposed on the internet can receive WS-Discovery commands. Which means that by sending "probes," a kind of roll-call request, you can generate and direct a firehose of data at targets.

upstart writes:

Submitted via IRC for SoyCow2718

Amazon tests a one-tap review system for product feedback – TechCrunch

Amazon is testing an easier way for people to leave product feedback with the launch of one-tap ratings. The change is meant to encourage those who don’t have the time, energy or interest in writing reviews to still share their opinion about the product, which benefits the larger Amazon community of shoppers who are reliant on ratings and reviews to make better purchasing decisions.

If you have access to the new experiment, you’ll be able to just tap once to leave your star rating on any item, without having to fill out additional fields like a review title and written review, as previously required.

[...] Only those one-tap ratings from Verified Purchases will contribute to the product’s overall star rating. You’re also able to expand on your feedback later on, if you choose, by adding a review, photos, or video.

The new feature could go a long way towards being able to collect feedback from a larger number of online consumers, as many don’t bother with writing reviews. It could also help balance out the ratings with feedback from real shoppers, as opposed to those who may have been incentivized or paid to leave reviews.

[...] Amazon confirmed the new feature is an experiment, not a public launch.

“We are testing a feature that allows customers to leave feedback easily while also helping shoppers get authentic customer ratings on products from a broader set of shoppers,” an Amazon spokesperson said.

Original Submission

Arthur T Knackerbracket writes:

Arthur T Knackerbracket has found the following story:

The ASIC-AFP joint 'multi-layered cybercrime' investigation has resulted in the arrest of a 21 year-old woman from Melbourne.

The Australian Securities and Investments Commission (ASIC) has announced dismantling a major fraud and identity theft syndicate that allegedly profited from the thefts of superannuation and share trading accounts, to the tune of millions of dollars.

ASIC, alongside the Australian Federal Police (AFP), had been investigating the "multi-layered cybercrime activity" for more than a year, resulting in the arrest of a 21 year-old woman from Melbourne.

It is alleged the woman worked as part of a syndicate which used fraudulently-obtained identities to commit large-scale online fraud.

ASIC said in court on Tuesday the syndicate allegedly used stolen identity information purchased from "dark net marketplaces", together with single use SIM cards and fake email accounts, to undertake an "identity takeover".

These fraudulently created identities, ASIC said, were created to mimic real individuals who unknowingly had their identities compromised. ASIC said they were then used to open bank accounts at various Australian banking institutions.

[...] Investigations into the syndicate are continuing, and ASIC said further arrests and charges have not been ruled out.

Original Submission

upstart writes:

Submitted via IRC for Bytram

LastPass Fixes Bug That Leaks Credentials

The company has patched a vulnerability that could allow malicious sites unauthorized access to usernames and passwords.

LastPass has patched a bug that could potentially allow malicious websites to access a web user’s credentials from a previously visited site.

Tavis Ormandy, a vulnerability researcher from Google Project Zero, discovered the flaw in the LastPass password manager and published it on the project’s website on Aug. 29, rating it as “high.” He followed that up with a Twitter post warning web users about the bug on Sunday.

“LastPass could leak the last used credentials due to a cache not being updated,” Ormandy Tweeted. “This was because you can bypass the tab credential cache being populated by including the login form in an unexpected way!”

In other words, if a web user running LastPass entered credentials to one site and then surfed to another, the second site could have unauthorized access the username and password from the first site. If the second site is malicious, it could put the user at risk of cybercriminals.

Between the bug’s discovery and Ormandy’s Twitter announcement of the vulnerability, LastPass said it fixed the bug in a blog post dated Sept. 13. The company also diminished its severity.

[...] The bug isn’t the first that Ormandy discovered in the password management software. The Google researcher has been keeping LastPass’s security team on its toes in recent years.

In 2017, LastPass was prompted to patch three bugs that could allow for password theft thanks to Ormandy’s detective work. The year before that, Ormandy discovered a vulnerability in the password manager’s Firefox add-on that allows attackers remotely compromise it, which LastPass also subsequently fixed.

Also at: BleepingComputer

Original Submission

Arthur T Knackerbracket has found the following story:

With Microsoft embracing Linux ever more tightly, might it do the heretofore unthinkable and dump the NT kernel in favor of the Linux kernel? No, I’m not ready for the funny farm. As it prepares Windows 11, Microsoft has been laying the groundwork for such a radical release.

I’ve long toyed with the idea that Microsoft could release a desktop Linux. Now I’ve started taking that idea more seriously — with a twist. Microsoft could replace Windows’ innards, the NT kernel, with a Linux kernel.

It would still look like Windows. For most users, it would still work like Windows. But the engine running it all would be Linux.

Why would Microsoft do this? Well, have you been paying attention to Windows lately? It has been one foul-up after another. Just in the last few months there was the registry backup fail and numerous and regular machine-hobbling Windows updates. In fact, updates have grown so sloppy you have to seriously wonder whether it’s safer to stay open to attacks or “upgrade” your system with a dodgy patch.

Remember when letting your Windows system get automatic patches every month was nothing to worry about? I do. Good times.

Why is this happening? The root cause of all these problems is that, for Microsoft, Windows desktop software is now a back-burner product. It wants your company to move you to Windows Virtual Desktop and replace your existing PC-based software, like Office 2019, with software-as-a-service (SaaS) programs like Office 365. It’s obvious, right? Nobody in Redmond cares anymore, so quality assurance for Windows the desktop is being flushed down the toilet.

Many of the problems afflicting Windows do not reside in the operating system’s upper levels. Instead, their roots are deep down in the NT kernel. What, then, if we could replace that rotten kernel with a fresh, healthy kernel? Maybe one that is being kept up to date by a worldwide group of passionate developers. Yes, my bias is showing, but that’s Linux, and it’s a solution that makes a lot of sense.

Original Submission

An Anonymous Coward writes:

https://www.cnbc.com/2019/09/17/facebook-enlists-ray-ban-maker-luxottica-to-make-orion-ar-glasses.html

Facebook has been working to develop augmented reality glasses out of its Facebook Reality Labs in Redmond, Washington, for the past couple of years, but struggles with the development of the project have led the company to seek help. Now, Facebook is hoping a partnership with Ray-Ban parent company Luxottica will get them completed and ready for consumers between 2023 and 2025, according to people familiar.

The glasses are internally codenamed Orion, and they are designed to replace smartphones, the people said. The glasses would allow users to take calls, show information to users in a small display and live-stream their vantage point to their social media friends and followers.

Facebook is also developing an artificial intelligence voice assistant that would serve as a user input for the glasses, CNBC previously reported. In addition, the company has experimented with a ring device that would allow users to input information via motion sensor. That device is code-named Agios.

Original Submission

upstart writes in with a submission, via IRC, for SoyCow2718

Unexpected periodic flares may shed light on black hole accretion

ESA's X-ray space telescope XMM-Newton has detected never-before-seen periodic flares of X-ray radiation coming from a distant galaxy that could help explain some enigmatic behaviours of active black holes.

XMM-Newton, the most powerful X-ray observatory, discovered some mysterious flashes from the active black hole at the core of the galaxy GSN 069, about 250 million light years away. On 24 December 2018, the source was seen to suddenly increase its brightness by up to a factor 100, then dimmed back to its normal levels within one hour and lit up again nine hours later.

"It was completely unexpected," says Giovanni Miniutti, of the Centro de Astrobiología in Madrid, Spain, lead author of a new paper published in the journal Nature today.

"Giant black holes regularly flicker like a candle but the rapid, repeating changes seen in GSN 069 from December onwards are something completely new."

Further observations, performed with XMM-Newton as well as NASA's Chandra X-ray observatory in the following couple of months, confirmed that the distant black hole was still keeping the tempo, emitting nearly periodic bursts of X-rays every nine hours. The researchers are calling the new phenomenon 'quasi-periodic eruptions," or QPEs.

"The X-ray emission comes from material that is being accreted into the black hole and heats up in the process," explains Giovanni.

. Miniutti et al. Nine-hour X-ray quasi-periodic eruptions from a low-mass black hole galactic nucleus, Nature (2019). DOI: 10.1038/s41586-019-1556-xJournal information:Nature

Original Submission

An Anonymous Coward writes:

https://www.theverge.com/2019/9/17/20870140/big-bang-theory-hbo-max-streaming-exclusive-worth-billion-seinfeld-netflix-friends-the-office

Just one day after Netflix secured the streaming rights to Seinfeld in a deal reportedly worth more than $500 million, WarnerMedia’s HBO Max has gone one step further, acquiring the rights to The Big Bang Theory in a deal reportedly worth more than $1 billion.

The deal gives WarnerMedia’s HBO Max the exclusive domestic streaming rights for five years, according to The Hollywood Reporter. That means another streaming service could carry the show in global markets. The deal also extends the syndication deal between Warner Bros. Television and TBS through 2028.

Original Submission

aristarchus writes:

Changes in technology often produce ethical quandaries that did not previously exist. The successful transplantation of human hearts lead some to re-define death as "brain-death", so as to allow removal of organs for transplants. Now we may be faced with similar need for new definitions and limitations, as tech moves into neural interfaces. The article is to be found at Vox.

“Nothing was your own except the few cubic centimeters inside your skull.” That’s from George Orwell’s dystopian novel 1984, published in 1949. The comment is meant to highlight what a repressive surveillance state the characters live in, but looked at another way, it shows how lucky they are: At least their brains are still private.

Over the past few weeks, Facebook and Elon Musk’s Neuralink have announced that they’re building tech to read your mind — literally.

Mark Zuckerberg’s company is funding research on brain-computer interfaces (BCIs) that can pick up thoughts directly from your neurons and translate them into words. The researchers say they’ve already built an algorithm that can decode words from brain activity in real time.

And Musk’s company has created flexible “threads” that can be implanted into a brain and could one day allow you to control your smartphone or computer with just your thoughts. Musk wants to start testing in humans by the end of next year.

Of course, with medical technology, one could always make the argument that the issue was saving humans lives. Somehow we do not suspect that Zuckerberg or Musk are contaminated by such motives.

Your brain, the final privacy frontier, may not be private much longer.

Some neuroethicists argue that the potential for misuse of these technologies is so great that we need revamped human rights laws — a new “jurisprudence of the mind” — to protect us. The technologies have the potential to interfere with rights that are so basic that we may not even think of them as rights, like our ability to determine where our selves end and machines begin. Our current laws are not equipped to address this.

It's an in-depth article; a few highlights:

Arthur T Knackerbracket has found the following story:

What exactly happened to India's moon lander? During descent to the lunar surface on Sept. 6, the Vikram lander lost contact with Indian Space Research Organisation (ISRO) mission control and its ultimate fate remains something of a mystery. However, NASA's Lunar Reconnaissance Orbiter (LRO) will fly over Vikram's landing site near the moon's south pole Tuesday and could give us the first look at Vikram's lunar resting place.

[...]The camera on LRO has three different imagers, enabling it to ogle the moon's surface with exceptional clarity. One wide angle camera and two black-and-white cameras will beam back images to Earth after the pass. NASA releases LRO images publicly with huge multi-terabyte data sets dropping every month at the Planetary Data System.

"NASA will share any before and after flyover imagery of the area around the targeted Chandrayaan 2 Vikram lander landing site to support analysis by the Indian Space Research Organization," LRO project lead Noah Petro told Spaceflight Now on Thursday.

Original Submission

Arthur T Knackerbracket has found the following story:

As rural Nevada prepares for Alienstock -- a music festival born of a joke Facebook event to storm Area 51 -- the Federal Aviation Administration is closing down airspace above the classified area where some believe the government is hiding evidence of extraterrestrial life. 

In two NOTAMs (for "notice to airmen") Friday and Monday, the FAA issued "temporary flight restrictions for special security reasons," banning aircraft in the vicinity. The coordinates given are for areas south and west of Rachel, Nevada, including the the US Air Force's Nevada Test and Training Range. One ban runs Sept. 18-23, and [the] other runs Sept. 19-23.

Separately, Pulse reports:

Airspace around the fabled Area 51 facility in Nevada will be closed to all air traffic this week in advance of the upcoming "Storm Area 51" event.

The Federal Aviation Administration (FAA) posted two temporary flight restrictions (TFR) on Monday, closing airspace to news helicopters, drones, private pilots, and anyone else above [these] two areas near the facility from Wednesday, September 18 at 7 a.m. Pacific time, to Sunday, September 22 at 8 p.m. Pacific time.

The Notices to Airmen (NOTAMs) outlining the restrictions specify that only aircraft "working in support of the Department of Energy (DOE) Mission are allowed to enter the TFR." The DOE controls Area 51 along with the Department of Defense.

Notably, even emergency service aircraft are prohibited from flying within the TFR. From the NOTAM:

ALL EMERGENCY/LIFE SAVING FLIGHT (MEDICAL/LAW ENFORCEMENT/FIREFIGHTING) OPERATIONS MUST COORDINATE WITH DOE PRIOR TO THEIR ENTRY INTO THE TFR AT 702-295-0311 TO AVOID POTENTIAL DELAYS.

The first TFR covers the northwest edge of restricted airspace above the actual Area 51 facilities, creating an additional buffer surrounding some of the "most restricted airspace in the world". The second TFR is along the southern edge of the Nevada Test and Training Range, according to The Drive.

---

Original Submission

"exec" writes:

https://qz.com/1705386/the-dfab-house-exhibit-opens-in-new-york-city/

-- submitted from IRC

Erecting a new building ranks among the most inefficient, polluting activities humans undertake. The construction sector is responsible for nearly 40% of the world’s total energy consumption and CO2 emissions, according to a UN global survey (pdf).

A consortium of Swiss researchers has one answer to the problem: working with robots. The proof of concept comes in the form of the DFAB House, celebrated as the first habitable building designed and planned using a choreography of digital fabrication methods.

The three-level building near Zurich features 3D-printed ceilings, energy-efficient walls, timber beams assembled by robots on site, and an intelligent home system. Developed by a team of experts at ETH Zurich university and 30 industry partners over the course of four years, the DFAB House, measuring 2,370 square feet (220 square meters), needed 60% less cement and has passed the stringent Swiss building safety codes.

“This is a new way of seeing architecture,” says Matthias Kohler, a member of DFAB’s research team. The work of architects has long been presented in terms of designing inspiring building forms, while the technical specifics of construction has been relegated to the background. Kohler thinks this is quickly changing. “Suddenly how we use resources to build our habitats is at the center of architecture,” he argues. “How you build matters.”

DFAB isn’t the first building project to use digital fabrication techniques. In 2014, Chinese company WinSun demonstrated the architectural potential of 3D printing by manufacturing 10 single-story houses in one day. A year later, the Shanghai-based company also printed an apartment building and a neoclassical mansion, but these projects remain in the development phase.

Kohler explains that beating construction speed records wasn’t necessarily their goal. “Of course we’re interested in gaining breakthroughs in speed and economy, but we tried to hold to the idea of quality first,” he says. “You can do things very, very fast but that doesn’t mean that it’s actually sustainable.”

Original Submission

upstart writes:

Submitted via IRC for SoyCow2718

Analyzing poppies to make better drugs

In a paper published in the Journal of Biological Chemistry, the scientists explain how they revealed molecular details of an enzyme class that is central to the synthesis of many widely used pharmaceuticals, including the painkillers codeine and morphine. The team used the Canadian Light Source (CLS) at the University of Saskatchewan and the SLAC National Accelerator Laboratory to better understand how the enzyme behaves, which is crucial for unleashing its potential to make novel medicines.

"Until this study, we didn't know the key structural details of the enzyme. We learned from the structure of the enzyme bound to the product how the methylation reaction locks the product into a certain stereochemistry. It was completely unknown how the enzyme did that before we determined this structure," corresponding author Dr. Kenneth Ng explained.

Stereochemistry is an important concept when it comes to safety and efficacy in drug design. A molecule can have a few different arrangements—similar to how your left hand is a mirror image of your right hand. These arrangements can lead to very different effects.

"There are a lot of classical examples where it can have a big effect," lead author Dean Lang said. "Thalidomide is a famous historical example. When you have it in one stereochemical form it's a good treatment for nausea, but in the opposite stereochemical form it can lead to birth defects."

In this study, the stereoselectivity of the yellow horned poppy's enzyme controls what substrates can interact, the products you will get, and how much medicinal compound you can extract from the plant. Understanding how key enzymes behave can help bioengineers to optimize their drug production and allow researchers to explore new or rare compounds

[...] Dr. Facchini stressed the importance of the hard work done by researchers involved in this study and the strong collaboration between their respective labs. He is hopeful that their research could lead to new, effective drugs in the future.

More information: Dean E. Lang et al. Structure-function studies of tetrahydroprotoberberine N-methyltransferase reveal the molecular basis of stereoselective substrate recognition, Journal of Biological Chemistry (2019). DOI: 10.1074/jbc.RA119.009214

Original Submission

upstart writes:

Submitted via IRC for SoyCow2718

AI neural network detects heart failure from single heartbeat: New AI neural network approach detects heart failure from a single heartbeat with 100% accuracy

Congestive heart failure (CHF) is a chronic progressive condition that affects the pumping power of the heart muscles. Associated with high prevalence, significant mortality rates and sustained healthcare costs, clinical practitioners and health systems urgently require efficient detection processes.

Dr Sebastiano Massaro, Associate Professor of Organisational Neuroscience at the University of Surrey, has worked with colleagues Mihaela Porumb and Dr Leandro Pecchia at the University of Warwick and Ernesto Iadanza at the University of Florence, to tackle these important concerns by using Convolutional Neural Networks (CNN) -- hierarchical neural networks highly effective in recognising patterns and structures in data.

Published in Biomedical Signal Processing and Control Journal, their research drastically improves existing CHF detection methods typically focused on heart rate variability that, whilst effective, are time-consuming and prone to errors. Conversely, their new model uses a combination of advanced signal processing and machine learning tools on raw ECG signals, delivering 100% accuracy.

Journal Reference: Mihaela Porumb, Ernesto Iadanza, Sebastiano Massaro, Leandro Pecchia. A convolutional neural network approach to detect congestive heart failure. Biomedical Signal Processing and Control, 2020; 55: 101597 DOI: 10.1016/j.bspc.2019.101597

Original Submission