SoylentNews

"exec" writes:

Microsoft revealed on Wednesday that it is fighting in court for the right to tell one of its large enterprise customers about a federal request for data hosted on Microsoft's cloud services. The data request came with an order prohibiting Microsoft from notifying its customer about the request, and Microsoft views the gag order as inappropriate.

"On Sept. 5, 2018, Microsoft challenged a secrecy order issued by a federal magistrate judge in Brooklyn, New York in connection with a federal national security investigation," wrote Microsoft general counsel Dev Stahlkopf. "Based on the limited information available to us in this case, we feel the secrecy order was too broadly drawn and is inconsistent with the U.S. government's policy that secrecy orders be narrowly tailored."

The Microsoft customer in question has thousands of employees. Microsoft argues that the feds should be able to identify someone at the company who can be notified without jeopardizing the investigation. However, a judge rejected Microsoft's request and left the secrecy requirement in place.

"We have challenged that order in the lower court, and we will pursue an appeal in the appellate court if necessary."

-- submitted from IRC

Original Submission

Arthur T Knackerbracket has found the following story:

Researchers at Stanford University and the Department of Energy's SLAC National Accelerator Laboratory say they have found the first, long-sought proof that a decades-old scientific model of material behavior can be used to simulate and understand high-temperature superconductivity - an important step toward producing and controlling this puzzling phenomenon at will.

The simulations they ran, published in Science today, suggest that researchers might be able to toggle superconductivity on and off in copper-based materials called cuprates by tweaking their chemistry so electrons hop from atom to atom in a particular pattern -- as if hopping to the atom diagonally across the street rather than to the one next door.

"The big thing you want to know is how to make superconductors operate at higher temperatures and how to make superconductivity more robust," said study co-author Thomas Devereaux, director of the Stanford Institute for Materials and Energy Sciences (SIMES) at SLAC. "It's about finding the knobs you can turn to tip the balance in your favor."

The biggest obstacle to doing that, he said, has been the lack of a model -- a mathematical representation of how a system behaves -- that describes this type of superconductivity, whose discovery in 1986 raised hopes that electricity might someday be transmitted with no loss for perfectly efficient power lines and maglev trains.

While scientists thought the Hubbard model, used for decades to represent electron behavior in numerous materials, might apply to cuprate high-temperature superconductors, until now they had no proof, said Hong-Chen Jiang, a SIMES staff scientist and co-author of the report.

"This has been a major unsolved problem in the field -- does the Hubbard model describe high-temperature superconductivity in the cuprates, or is it missing some key ingredient?" he said. "Because there are a number of competing states in these materials, we have to rely on unbiased simulations to answer these questions, but the computational problems are very difficult, and so progress has been slow."

Original Submission

An Anonymous Coward writes:

https://elpais.com/elpais/2019/09/25/inenglish/1569384196_652151.html

Undercover Global S. L., the Spanish defense and private security company that was charged with protecting the Ecuadorian embassy in London during the long stay there of WikiLeaks founder Julian Assange, spied on the cyberactivist for the US intelligence service. That's according to statements and documents to which EL PAÍS have had access. David Morales, the owner of the company, supposedly handed over audio and video to the CIA of the meetings Assange held with his lawyers and collaborators. Morales is being investigated for this activity by Spain's High Court, the Audiencia Nacional.

The judicial investigation into the director of UC Global S. L. and the activities of his company were ordered by a judge named José de la Mata, and they began weeks after EL PAÍS published videos, audios and reports that show how the company spied on the meetings that the cyberactivist held in the embassy.

The secret probe is the consequence of a criminal complaint filed by Assange himself, in which he accuses Morales and the company of the alleged offenses involving violations of his privacy and the secrecy of his client-attorney privileges, as well as misappropriation, bribery and money laundering. The director of UC Global S. L. has not responded to calls from this newspaper in order to confirm his version of events.

Morales, a former member of the military who is on leave of absence, stated both verbally and in writing to a number of his employees that, despite having been hired by the government of then-Ecuadorian President Rafael Correa, he also worked “for the Americans,” to whom he allegedly sent documents, videos and audios of the meetings that the Australian activist held in the embassy. “We are playing in another league. This is the first division,” he told his closest colleagues after attending a security fair in the US city of Las Vegas in 2015 where he supposedly made his first American contacts.

Despite the fact that the Spanish firm – which is headquartered in the southern city of Jerez de la Frontera – was hired by Senain, the Ecuadorian intelligence services, Morales called on his employees several times to keep his relationship with the US intelligence services a secret.

Original Submission

martyb writes:

SpaceX Starship now has Three Monster Raptor Engines Installed:

Elon Musk's Mars rocket is really coming together. Construction of the interplanetary spaceship is taking place at SpaceX's Boca Chica facility in Texas and, after giving us a glimpse of the prototype's fins on Monday, the SpaceX CEO has pulled back the curtain on the Starship Mk.1 fitted with three Raptor engines.

The Raptor engines are monstrous liquid-liquid rocket engines which use methane and oxygen to power SpaceX's upcoming launch vehicles. They will be used in SpaceX's next-generation rocket, which contains two stages: The Super Heavy first stage, which lifts it into orbit, and the Starship second stage, which takes it through the void of space.

[...] The SpaceX CEO has discussed the Raptor engine requirements in the past, explaining how the proposed interplanetary Starship requires an engine that can put out at least 170 tons of force. Previous testing showed a single engine reaching 172 tons of force, but it's now pushing 200. The Starship will be attached to the top of the Super Heavy rocket, which will likely have up to 31 Raptor engines strapped to its bottom. Crazy to think about.

Relatedly, SpaceX has filed with the FCC (Federal Communications Commission) an application for Special Temporary Authority (STA):

*SPOILER* (click to show) *SPOILER* (click to hide)

This STA is necessary to authorize Starship suborbital test vehicle communications for SpaceX Mission 1569 from the Boca Chica launch pad, and the experimental recovery following the suborbital launch. Recovery is limited to 2 functions: (1) prelaunch checkout test of the TC uplink from the ground station at Boca Chica (less than five minutes in duration) and (2) experimental uplink testing from the ground station at Boca Chica during descent. Trajectory data will be provided directly to NTIA, USAF, and NASA. All downrange Earth stations are receive-only. Launch licensing authority is FAA Office of Commercial Space Transportation.

Of note is that the Suborbital Test Vehicle Maximum Altitude is specified as 22.5km. (That's just under 14 miles or ~74,000 feet. Long-haul commercial airliners typically cruise at about 36,000 feet; private jets at ~41,000.)

By the way, this prototype is being constructed in the open air without benefit of any kind of hangerhangar or outbuilding to protect it during assembly.

Original Submission

Arthur T Knackerbracket has found the following story:

Male mice that spent more than a month in space were able to successfully reproduce back on Earth, a study has found, the first evidence of how space travel affects reproduction in mammals.

There have been some signs that spending time in radiation damage seen in freeze-dried mouse sperm that spent nine months in outer space, and decreased sperm counts in rats that spent 13 days in orbit.

The research examined 12 male mice who spent 35 days aboard the International Space Station in specially designed cages.

Some of the mice experienced the weightlessness of microgravity, while others were in cages designed to offer artificial gravity.

Upon their return to Earth, the researchers used sperm from the mice to fertilise eggs from female mice who had not experienced space travel, and found the astronaut rodents produced healthy offspring.

The team, led by Masahito Ikawa, a professor at Osaka University, also examined the reproductive organs of the space-travelling mice, and checked their offspring for any signs that their parentage had negative effects.

"We conclude that short-term stays in outer space do not cause overt defects in the physiological function of male reproductive organs, sperm function, and offspring viability," says the study published Tuesday in the journal Scientific Reports.

Original Submission

upstart writes:

Submitted via IRC for Bytram

Vimeo collected detailed facial scans without consent, lawsuit alleges

Vimeo is collecting and storing thousands of people's facial biometrics without their permission or knowledge, a recently filed lawsuit alleges.

The "highly detailed geometric" facial maps, according to a complaint, are being collected and stored in violation of the Illinois Biometric Information Privacy ACT, or BIPA, according to a complaint filed last week in Illinois state court. The law bars companies from obtaining or possessing an individuals' biometric identifiers or information unless the company (1) informs the person in writing of its plans to do so, (2) states in writing the purpose and length of term for the collection and storage, (3) receives written permission from the user, and (4) publishes retention schedules and guidelines for destroying the biometric identifiers and information.

The complaint alleges Vimeo is violating the law by collecting, storing, and using the facial biometrics of thousands of unwitting individuals throughout the United States whose faces appear in photos or videos uploaded to the Magisto video-editor application. Vimeo acquired Magisto in April and claimed the editor had more than 100 million users.

"Vimeo has created, collected, and stored, in conjunction with its cloud-based Magisto service, thousands of 'face templates' (or 'face prints')—highly detailed geometric maps of the face—from thousands of Magisto users," the complaint alleged.

The complaint adds:

Vimeo creates these templates using sophisticated facial-recognition technology that extracts and analyzes data from the points and contours of faces that appear in photos and videos taken on mobile devices and uploaded to the Magisto app. Each face template that Vimeo extracts is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person.

Original Submission

Fnord666 writes:

A hack on food-delivery service DoorDash leaked the personal data of 4.9 million customers, delivery workers, and merchants, the company revealed on Thursday.

The breach took place on May 4, but DoorDash officials didn't learn of it until earlier this month when they noticed unusual activity involving an unnamed third-party service provider. That's what DoorDash says in post, which began: "We take the security of our community very seriously." Data obtained by the attacker could include names, email addresses, delivery addresses, order histories, phone numbers, and cryptographically hashed and salted passwords.

Also exposed were the last four digits of customers' payment cards and the last four digits of delivery workers' and merchants' bank accounts. Drivers license numbers for about 100,000 delivery workers were also accessed.

DoorDash has no evidence to indicate people who joined the service after April 5, 2018, had their data taken. The 4.9 million figure includes only a portion of users who joined on or before that date. The company said it's in the process of directly notifying those affected.

Source: https://arstechnica.com/information-technology/2019/09/doordash-hack-spills-loads-of-data-for-4-9-million-people/

Original Submission

Fnord666 writes:

The next time you're hunting for a parking spot, mathematics could help you identify the most efficient strategy, according to a recent paper in the Journal of Statistical Mechanics. It's basically an optimization problem: weighing different variables and crunching the numbers to find the optimal combination of those factors. In the case of where to put your car, the goal is to strike the optimal balance of parking close to the target—a building entrance, for example—without having to waste too much time circling the lot hunting for the closest space.

Paul Krapivsky of Boston University and Sidney Redner of the Santa Fe Institute decided to build their analysis around an idealized parking lot with a single row (a semi-infinite line), and they focused on three basic parking strategies. A driver who employs a "meek" strategy will take the first available spot, preferring to park as quickly as possible even if there might be open spots closer to the entrance. A driver employing an "optimistic" strategy will go right to the entrance and then backtrack to find the closest possible spot.

Finally, drivers implementing a "prudent" strategy will split the difference. They might not grab the first available spot, figuring there will be at least one more open spot a bit closer to the entrance. If there isn't, they will backtrack to the space a meek driver would have claimed immediately.

[...] Based on their model, the scientists concluded that the meek strategy is the least effective of the three, calling it "risibly inefficient" because "many good parking spots are unfilled and most cars are parked far from the target."

[...] "On average, the prudent strategy is less costly," the authors concluded. "Thus, even though the prudent strategy does not allow the driver to take advantage of the presence of many prime parking spots close to the target, the backtracking that must always occur in the optimistic strategy outweighs the benefit." Plenty of people might indeed decide that walking a bit farther is an acceptable tradeoff to avoid endlessly circling a crowded lot hunting for an elusive closer space. Or maybe they just want to rack up a few extra steps on their FitBit.

Source: https://arstechnica.com/science/2019/09/to-find-the-best-parking-spot-do-the-math/

Original Submission

Fnord666 writes:

Attackers are mass-exploiting an anonymously disclosed vulnerability that makes it possible to take control of servers running vBulletin, one of the Internet's most popular applications for website comments. Sites running the app should take comments offline until administrators install a patch that vBulletin developers released late Wednesday morning.

The vulnerability was disclosed through an 18-line exploit that was published on Monday by an unidentified person. The exploit allows unauthenticated attackers to remotely execute malicious code on just about any vBulletin server running versions 5.0.0 up to 5.5.4. The vulnerability is so severe and easy to exploit that some critics have described it as a back door.

"Essentially, any attack exploits a super simple command injection," Ryan Seguin, a research engineer at Tenable, told Ars. "An attacker sends the payload, vBulletin then runs the command, and it responds back to the attacker with whatever they asked for. If an attacker issues a shell command as part of the injection, vBulletin will run Linux commands on its host with whatever user permissions vBulletins' system-level user account has access to." Seguin has more in this technical analysis of the vulnerability.

Some people have too much time on their hands.

Source: ArsTechnica

Original Submission

Arthur T Knackerbracket has found the following story:

The US Congress has, near enough, approved a law bill to create a new set of dedicated cyber-security teams within the Department of Homeland Security.

On Tuesday, the Senate passed S.315, also known as the DHS Cyber Hunt and Incident Response Teams Act of 2019, a bipartisan measure that funds the creation of both investigation and response teams at various agencies within the department.

According to co-sponsors Maggie Hassan (D-NH) and Rob Portman (R-OH), the legislation is aimed to not only create teams for investigations within Homeland Security, but also outside using the private sector. In addition to creating these teams, the bill will authorize spending to bring in private companies when needed.

[...] Having passed the Senate, the bill heads to the House for final approval before being sent to be signed into law by the President. As The Hill notes, a passage in the House is likely, as the Senate bill is a modified version of one the House voted in favor of back in June.

[...] "Our cyber response teams play an important role in protecting against cyber threats, reducing cybersecurity risks, and helping to get our cyber infrastructure back up and running after an attack occurs," Portman said of the bill.

"I am glad the Senate passed our bipartisan legislation and I hope we send it to the president’s desk soon so that we can strengthen our response efforts in the event of a cyberattack."

Original Submission

Fnord666 writes:

Facebook this week finally put into writing what users—especially politically powerful users—have known for years: its community "standards" do not, in fact, apply across the whole community. Speech from politicians is officially exempt from the platform's fact checking and decency standards, the company has clarified, with a few exceptions.

Facebook communications VP Nick Clegg, himself a former member of the UK Parliament, outlined the policy in a speech and company blog post Tuesday.

Facebook has had a "newsworthiness exemption" to its content guidelines since 2016. That policy was formalized in late October of that year amid a contentious and chaotic US political season and three weeks before the presidential election that would land Donald Trump the White House.

Facebook at the time was uncertain how to handle posts from the Trump campaign, The Wall Street Journal reported. Sources told the paper that Facebook employees were sharply divided over the candidate's rhetoric about Muslim immigrants and his stated desire for a Muslim travel ban, which several felt were in violation of the service's hate speech standards. Eventually, the sources said, CEO Mark Zuckerberg weighed in directly and said it would be inappropriate to intervene. Months later, Facebook finally issued its policy.

"We're going to begin allowing more items that people find newsworthy, significant, or important to the public interest—even if they might otherwise violate our standards," Facebook wrote at the time.

Source: ArsTechnica

Original Submission

An Anonymous Coward writes:

https://venturebeat.com/2019/09/24/google-releases-data-set-to-help-defeat-deepfake-videos/

Google today announced the release of a large corpus of visual deepfakes produced in collaboration with Jigsaw, the tech giant's internal technology incubator. It's been incorporated into the Technical University of Munich and the University Federico II of Naples' new FaceForensics benchmark — an effort that Google co-sponsors — where it's freely available to researchers for use in developing synthetic video detection techniques.

The release follows on the heels of a corpus of speech containing phrases spoken by the Mountain View company's text-to-speech models, as part of the AVspoof 2019 competition to develop systems that can distinguish between real and computer-generated speech. Google says it's been downloaded by more than 150 research and industry organizations to date.

Original Submission

upstart writes:

Submitted via IRC for Bytram

125 New Flaws Found in Routers and NAS Devices from Popular Brands

Believe me, there are over 100 ways a hacker can ruin your life just by compromising your wireless router—a device that controls the traffic between your local network and the Internet, threatening the security and privacy of a wide range of wireless devices, from computers and phones to IP Cameras, smart TVs and connected appliances.

In its latest study titled "SOHOpelessly Broken 2.0," Independent Security Evaluators (ISE) discovered a total of 125 different security vulnerabilities across 13 small office/home office (SOHO) routers and Network Attached Storage (NAS) devices, likely affecting millions.

"Today, we show that security controls put in place by device manufacturers are insufficient against attacks carried out by remote adversaries. This research project aimed to uncover and leverage new techniques to circumvent these new security controls in embedded devices," the researchers said.

[...]SOHO routers and NAS devices tested by the researchers are from the following manufacturers:

• Buffalo
• Synology
• TerraMaster
• Zyxel
• Drobo
• ASUS and its subsidiary Asustor
• Seagate
• QNAP
• Lenovo
• Netgear
• Xiaomi
• Zioncom (TOTOLINK)

According to the security researchers, all of these 13 widely-used devices they tested had at least one web application vulnerability that could allow a remote attacker to gain remote shell access or access to the administrative panel of the affected device.

Original Submission

Arthur T Knackerbracket has found the following story:

A host of Israeli companies have developed defense systems they say can detect or destroy incoming drones. But obstacles remain, particularly when operating in crowded urban airspaces.

"Fighting these systems is really hard ... not just because you need to detect them, but you also need to detect them everywhere and all the time," said Ulrike Franke, a policy fellow at the European Council of Foreign Relations.

[...]Israel has long been a dominant player in the military drone export business, developing small attack aircraft as well as long-range spy planes. Now, Israeli firms are at the forefront of a global industry developing means to protect against the drone threat.

"There is a lot of knowledge that was adapted from the area of unmanned aerial vehicles, which is something that the military had to deal with for a long, long time," said Ben Nassi, a researcher at Israel's Ben Gurion University specializing in drone threats.

[...]Over a dozen Israeli firms presented cutting-edge anti-drone technologies at London's DSEI exhibition this month, from defense heavyweights Elbit Systems, Raphael and Israel Aerospace Industries, to smaller start-ups like Vorpal. They are part of a booming global industry with competitors from the U.S., Europe, Singapore, and China.

Anti-drone defenses fall into several categories. Detection systems usually rely on either radio or optical technology to spot incoming drones.

Other systems can stop the aircraft with jammers that down aircraft by scrambling communications, kinetic systems that try to knock the craft out of the sky or systems that allow authorities to seize control of an aircraft.

But for now, none of these systems can provide full protection.

"It's a nasty target. It's a problem," said Turniansky. "It's going to be cat and mouse for a while."

Original Submission

Arthur T Knackerbracket has found the following story:

On Monday night, Variety reported that film editors around Los Angeles who had Avid Media Composer software installed were suddenly finding that their Macs were unable to reboot. The publication speculated that malware may have been the cause. On Wednesday, Google disclosed the real cause—a Chrome browser update.

Specifically, it was a new version of Chrome's Keystone updater that caused so many Macs to stop rebooting, according to this Chrome open bug post. When the update was installed on Macs that had disabled a security feature known as system integrity protection and met several other conditions, a crucial part of the Mac system file was damaged, a Google employee said in the forum.

"This appears to be an issue with a new version of Google Keystone," a different Google employee wrote earlier in the thread. "We have halted the rollout and are working on remediation right now."

[...] Google has instructions for restoring unbootable Macs here. The process involves booting into recovery mode and then opening a terminal window, which among other ways can be accessed from the utilities folder. From there, run the following commands:

chroot /Volumes/Macintosh\ HD # "Macintosh HD" is the default
rm -rf /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle
mv var var_back # var may not exist, but this is fine
ln -sh private/var var
chflags -h restricted /var
chflags -h hidden /var
xattr -sw com.apple.rootless "" /var

Then reboot.

If everything goes right, the Mac will restart with the buggy Chrome update no longer installed and with the damaged file system repaired. It wasn't immediately clear when a fixed version of the Chrome update will be available.

Original Submission

martyb writes:

FCC Sets Date for Major Midband Spectrum Auction for 5G:

The Federal Communications Commission is moving forward on its plans to auction off a key sliver of midband spectrum licenses for 5G service. The agency voted unanimously Thursday to seek comment on bidding rules for the auction, which is set to start on June 25, 2020.

The 3.5 GHz spectrum, known as the Citizens Broadband Radio Service, is coveted midband spectrum that big carriers like AT&T, Verizon and T-Mobile see as valuable for 5G. But it's also spectrum that small rural fixed wireless service providers say can help them increase speeds and reach more customers.

Midband spectrum is considered valuable for 5G, because its propagation properties offer wireless carriers a good balance between coverage and speed. Up to this point, the FCC has focused much of its effort in auctioning off high-frequency spectrum, which delivers very high speed services over short distances. The FCC's 3.5 GHz auction next year is the first time the auction will release a significant amount of midband spectrum for commercial use.

[...]For years, the 3.5 GHz spectrum band has been mainly allocated for use by the Department of Defense radar systems. But the agency realized in 2015 that the spectrum was well-suited for 5G. Since then it's worked to recraft usage rules to open up the spectrum for non-federal. This included establishing a novel spectrum management concept known as the Citizens Broadcast Radio Service (CBRS). This framework, includes various tiers of access for the spectrum in order to allow the airwaves to be shared among different users. Some of the spectrum is unlicensed, some is allocated to the government and other licenses will be auctioned off to wireless carriers.

A key aspect of this arrangement is the management of the spectrum by third-party Spectrum Access System (SAS) managers, which will automatically coordinate the use of the spectrum among its various types of users in real-time.

See, also, Wikipedia's entry on S Band which covers frequencies from 3-30 GHz.

Original Submission