SoylentNews

upstart writes:

Submitted via IRC for SoyCow1337

LA warns of 'juice-jacking' malware, but admits it has no cases – TechCrunch

Los Angeles’ district attorney is warning travelers to avoid public USB charging points because “they may contain dangerous malware.”

Reading the advisory, you might be forgiven for thinking that every USB outlet you see is just waiting for you to plug in your phone so it can steal your data. This so-called “juice-jacking” attack involves criminals loading malware “on charging stations or cables they leave plugged in at the stations so they may infect the phones and other electronic devices of unsuspecting users,” it reads. “The malware may lock the device or export data and passwords directly to the scammer.”

But the county’s chief prosecutor’s office told TechCrunch that it has “no cases” of juice-jacking on its books, though it said there are known cases on the east coast. When asked where those cases were, the spokesperson did not know. And when asked what prompted the alert to begin with, the spokesperson said it was part of “an ongoing fraud education campaign.”

Which begs the question — why?

[...] Security researcher Kevin Beaumont tweeted that he hasn’t seen “any evidence of malware being used in the wild on these things.” In fact, ask around and you’ll find very little out there. Several security researchers have dropped me messages saying they’ve seen proof-of-concepts, but nothing actively malicious.

upstart writes:

Submitted via IRC for SoyCow1337

Apple 'surprised' by Germany's new law to open up mobile payments

Germany has introduced new legislation to deal with money-laundering, and it's causing problems for Apple. On Thursday, the German Parliament passed a raft of new measures to bring the country in line with EU directives on money laundering. These include stricter regulations for real estate agents, notaries, auction houses, and operators of electronic money infrastructure. The legislation didn't specifically name Apple nor Apple Pay, but it basically means Apple and Apple Pay.

The new rule -- which is set to come into effect early next year if passed by the upper house of Parliament, the Bundesrat -- stipulates that the tech giant must open up its Apple Play platform to rival providers in Germany. At the moment, traditional bank payment apps can't access the Near Field Communication (NFC) chip in the iPhone or Apple Watch, and have to resort to clunky data transfer methods such as QR codes. Giving competitors' access to this platform (for a fee) would help to even the playing field.

Meanwhile, Reuters reports the following:

"We are surprised at how suddenly this legislation was introduced," Apple said on Friday. "We fear that the draft law could be harmful to user friendliness, data protection and the security of financial information."

A person close to the government coalition said Chancellor Angela Merkel's office had pushed for the committee to withdraw the amendment

That charge was denied by a senior official in the office who said there had been complete consensus within the government over the move. The only question mark had been over whether the Finance Ministry had checked the legislation was legally watertight. With that confirmed, the office had no further reservations, the official said.

Original Submission

upstart writes for SoyCow1337:

New AI System Predicts Seizures With Near-Perfect Accuracy [Javascript required]:

For the roughly 50 million people worldwide with epilepsy, the exchange of electrical signals between cells in their brain can sometimes go haywire and cause a seizure—often with little to no warning. Two researchers at the University of Louisiana at Lafayette have developed a new AI-powered model that can predict the occurrence of seizures up to one hour before onset with 99.6 percent accuracy.

"Due to unexpected seizure times, epilepsy has a strong psychological and social effect on patients," explains Hisham Daoud, a researcher who co-developed the new model.

Detecting seizures ahead of time could greatly improve the quality of life for patients with epilepsy and provide them with enough time to take action, he says. Notably, seizures are controllable with medication in up to 70 percent of these patients.

Efficient Epileptic Seizure Prediction Based on Deep Learning^$, IEEE Transactions on Biomedical Circuits and Systems (DOI: 10.1109/TBCAS.2019.2929053)

Also at Engadget

Original Submission

RandomFactor writes:

New research from the University of Rochester describes an innovative superhydrophobic (SH) metal array that is effectively unsinkable. The

metal array [...] won't sink, even after it's pierced.

"Regardless how much it's damaged or punctured, it will still be able to stay afloat," Chunlei Guo, the study's chief researcher, told Business Insider.

Video here

There are many applications, such as unsinkable ships and floating cities (a viable alternative to a hollowed out volcano), that are promised by superhydrophobic materials, but in practice these materials start losing their effectiveness over time once submerged or abraided.

we circumvent these two most-challenging obstacles and demonstrate a highly floating multi-faced SH metallic assembly inspired by the diving bell spiders and fire ant assemblies. We study and optimize, both theoretically and experimentally, the floating properties of the design. The assembly shows an unprecedented floating ability; it can float back to surface even after being forced submerging under water for months. More strikingly, the assembly maintains its floating ability even after severe damage and piercing in stark contrast to conventional watercrafts and aquatic devices. The potential use of the SH floating metallic assembly ranges from floating devices and electronic equipment protection, to highly floatable ships and vessels.

The research has been accepted for publication in Applied Materials and Interfaces.

Ed Note - This is a duplicate of https://soylentnews.org/article.pl?sid=19/11/07/0836248. My apologies for not catching that and thanks to FatPhil for bringing it to our attention. - Fnord666]

Original Submission

Arthur T Knackerbracket has found the following story:

The good geeks of iFixit have ripped open Huawei's first Google-free handset, the Mate 30 Pro, to find a serious battery powering the big screen and sophisticated camera setup.

The mobe has a 6.53" curved OLED display, a Huawei Kirin 990 processor with 8-core CPU, 16-core Mali-G76 GPU and a neural processing unit. It also has an underscreen fingerprint sensor, facial recognition hardware and gesture recognition.

[...] The gang was also keen on the fact that the USB port and its interconnect, the daughter board and SIM card slot, the loudspeaker and the optical fingerprint scanner are all modular and replaceable.

The phone's speaker uses the screen's structure to amplify sound instead of the normal earpiece speaker.

The screwdriver-botherers were pretty impressed overall with the phone's modular design. It also uses standard Philips screws. But they did note that a glued-down front and back does mean a slow start to any repair or replacement process, which resulted in a middle-of-the-road five out of 10 repairability score. Could be better, could be worse.

Original Submission

Arthur T Knackerbracket has found the following story:

The European Union's investment arm said Thursday it will stop funding fossil fuel projects from 2022 as part of a new strategy aimed at fighting climate change, in a decision environmental campaigners hailed as a "significant victory".

The European Investment Bank, the world's largest multilateral lender, had been criticised by climate groups for funding gas projects that potentially threatened the EU's commitment to the Paris climate goals.

But despite gas proving a potential sticking point, the EIB's board of directors—composed of state representatives and the European Commission—approved the new energy policy on Thursday.

"We will stop financing fossil fuels, and we will launch the most ambitious climate investment strategy of any public financial institution anywhere," EIB President Werner Hoyer said in a statement.

The EIB said the new energy plan would also "unlock" one trillion euros ($1.1 trillion) of climate action and environmentally sustainable investment over the next decade.

[...] Nineteen EU member states including France and Germany voted for the new policy, according to Greenpeace and the World Wildlife Fund (WWF).

But three countries—Poland, Romania and Hungary—voted against, wanting more flexibility for gas funding, as did Estonia, Lithuania, Cyprus and Malta, which abstained.

Austria and Luxembourg also abstained, objecting to nuclear power being eligible for funding under the new policy, Greenpeace and the WWF said.

The European Commission said it supported the new policy, and it voted in favour.

Original Submission

upstart writes:

Submitted via IRC for Runaway1956__

The House and Senate finally agree on something: Robocalls – TechCrunch

In these times of political strife, it’s nice that despite our differences we can still band together as a nation in the face of a catastrophe that affects us all equally. I speak, of course, of robocalls, and it seems that the House and Senate have put their differences aside for the present in order to collaborate on a law combating this scourge.

[...] As often happens in Congress, two competing versions of the bill emerged to address this issue, and both passed in their respective chambers earlier this year. Now the leaders of the committees involved have announced an “agreement in principle” that will hopefully allow them to pass a unified version of the bill.

The “Pallone-Thune TRACED Act” owes its name to its primary sponsors — Rep. Pallone (D-NJ) and Sen. John Thune (R-SD) — and the earlier and superior acronym from the House act, Telephone Robocall Abuse Criminal Enforcement and Deterrence.

“Our agreement will require telephone carriers to verify calls and allow robocalls to be blocked in a consistent and transparent way, all at no extra charge to consumers. The agreement also gives the FCC and law enforcement the ability to quickly go after scammers,” said Rep. Pallone in a statement accompanying the news.

The bill text is expected to be finalized in a matter of days, and it will hopefully make it onto the legislative calendar in a hurry.

Original Submission

upstart writes:

Submitted via IRC for Bytram

Holiday Shoppers Beware: Look-Alike Domains Are Targeting Your Wallet

The holiday shopping season is approaching, and many consumers will find their gifts online. After all, cyber Monday has practically turned into its own major holiday. Unfortunately, as online shopping continues to grow, so does the targeting of consumers through malicious look-alike domains.

Cyber attackers create fraudulent domains by substituting a few characters in the URLs. Because they point to malicious online shopping websites that closely mimic legitimate, well-known retail websites, it makes it increasingly difficult for customers to detect the fake domains. Additionally, given that many of these malicious pages use a trusted TLS certificate, they appear to be safe to online shoppers who unknowingly provide sensitive account information and payment data.

[Note - This article is directed at retailers and ecommerce sites rather than consumers. - Fnord666]

Some interesting details:

• Growth in the number of look-alike domains has more than doubled since 2018, outpacing legitimate domains by nearly four times.
• The total number of certificates used for look-alike domains is more than 400% greater than the number of authentic retail domains.
• Over half (60%) of the look-alike domains studied use free certificates from Let's Encrypt.

Original Submission

Arthur T Knackerbracket has found the following story:

US federal authorities on Wednesday announced the arrests of 11 people from a group of 14 indicted for tricking Apple into accepting about almost 10,000 fake iPhones and iPads and replacing them with genuine iDevices.

The US Attorney’s Office for the Southern District of California said it had served 11 search warrants covering two businesses and several homes and vehicles in the San Diego, California, area and come up with $250,000 in cash and 90 iPhones that will be tested for authenticity.

Three individuals said to be involved in the scheme remain at large including Xiamon Zhong, believed to be in China, Charley Hsu of San Diego and Hyo Weon Yang of San Francisco.

The raids stem from the indictments related to an alleged scheme to import fake iPhones and iPads from China, marked with IMEI and serial numbers copied from authentic devices, in order to return them to Apple for genuine replacements, which were then shipped back to China to be sold there.

The US Attorney’s Office says three brothers, naturalized US citizens born in China, ran the operation – Liao Zhiwei, Liao Zhimin and Liao Zhiting – which led to losses Apple puts at more than $6m. The other defendants are said to be mostly naturalized citizens from China, Russia, and Vietnam.

In a statement, US Attorney Robert Brewer said this prosecution is about more than just monetary losses. "The manufacture of counterfeit goods – and their use to defraud US companies – seeks to fundamentally undermine the marketplace and harms innocent people whose identities were stolen in furtherance of these activities," said Brewer.

Original Submission

Arthur T Knackerbracket has found the following story:

Amazon is headed for court to contest the surprise decision to hand Microsoft the $10bn US Department of Defense IT supply contract.

Jeff Bezos' retail-cum-cloud empire alleges that Microsoft won because of "political influence" and "unmistakable bias". The company has also accused the US defence department of failing to run a fair procurement contest for the 10-year single-supplier deal.

Amazon's cloud biz, AWS, was perceived for a long time as the frontrunner in the race to win the Joint Enterprise Defense Infrastructure (JEDI) contract, ahead of Microsoft and Oracle. However, US president Donald Trump's long list of supposed enemies includes the Amazon CEO, mainly because he objects to coverage of the presidency by the Bezos-owned Washington Post.

The cloud giant has not yet filed papers in court, but has informed the US government and Microsoft of its intention to do so.

[...] Microsoft declined to comment.

One question still to be answered is: what will last longer and prove the most expensive? The 10-year, $10bn JEDI contract or the associated court action?

Original Submission

Arthur T Knackerbracket has found the following story:

Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.

This according to a report from British security shop Sophos, whose breakdown (PDF) of 11 different malware infections, including WannaCry, Ryuk, and GandCrab, found that because ransomware attacks all have the same purpose, to encrypt user files until a payment is made, they have to generally perform many of the same tasks.

"There are behavioral traits that ransomware routinely exhibits that security software can use to decide whether the program is malicious," explained Sophos director of engineering Mark Loman.

"Some traits – such as the successive encryption of documents – are hard for attackers to change, but others may be more malleable. Mixing it up, behaviorally speaking, can help ransomware to confuse some anti-ransomware protection."

Some of that behavior, says Loman, includes things like signing code with stolen or purchased certificates, to allow the ransomware to slip past some security checks. In other cases, ransomware installers will use elevation of privilege exploits (which often get overlooked for patching due to their low risk scores) or optimize code for multi-threaded CPUs in order to encrypt as many files as possible before getting spotted.

Original Submission

Arthur T Knackerbracket has found the following story:

The unarguable benefits of digital photography has rendered the analog SLR obsolete for most purposes. This means that a wide selection of cameras and lenses are available on the second hand market for pennies on the dollar, making them ripe targets for hacking. [drtonis] decided to experiment with a quick and easy digital conversion to an old Canon A-1, and it’s got us excited about the possibilities.

It’s a simple hack, but a fun one. The SLR is opened up, and the spring plate for holding the film is removed. A Raspberry Pi camera then has its original lens removed, and is placed inside the film compartment. It’s held in with electrical tape, upon a 3mm shim to space it correctly to work with the original optics.

Original Submission

Arthur T Knackerbracket has found the following story:

Apple is removing all vaping apps from its online store.

It said it had taken the decision because of growing official concerns about the impact vaping can have on health.

In the US, 42 deaths and more than 2,100 cases of lung injury have been linked to a respiratory illness tied to vaping.

Apple's decision means a total of 181 apps will not be available on iPhones, reports tech news site Axios.

In a statement given to Axios, Apple said it agreed with official warnings about the negative health impacts of vaping and the potential problem presented by the appeal of e-cigarettes to the young.

It said it took "great care" to ensure that the app store was a place people could trust to get programs for their iPhone.

Original Submission

upstart writes:

Submitted via IRC for Runaway1956__

Rare genetic condition gives man Eye of Sauron look

Doctors in Texas came face to face with a dark, spine-tingling eye that looked rimmed by flames—or, as they calmly described it in a recent report^[$] in the New England Journal of Medicine: an eye with "circumferential spoke-like iris transillumination defects."

[...] He didn't have any specific complaints, according to the doctors. He reported a family history of glaucoma, which is a group of vision-jeopardizing conditions that lead to damage to the nerve that transmits light signals to the brain (the optic nerve).

A previous doctor had determined that the man had elevated pressure in his eyes, which is a leading culprit of glaucoma. The man had several prescribed medications to try to lower his intraocular pressure, which he was taking. When the Texas doctors checked his eye pressure, it was only slightly above the normal range.

But shining a light into both of his eyes, the doctors saw a fiery ring around his irises—the colorful muscular structure that controls the diameter of the pupil, thus controlling the amount of light that gets to the retina. The eerie glow indicated that pigment in his irises had sloughed off, allowing light to pass through.But shining a light into both of his eyes, the doctors saw a fiery ring around his irises—the colorful muscular structure that controls the diameter of the pupil, thus controlling the amount of light that gets to the retina. The eerie glow indicated that pigment in his irises had sloughed off, allowing light to pass through.

NEJM, 2019.  DOI: 10.1056/NEJMicm1903842.

Original Submission

upstart writes:

Submitted via IRC for Runaway1956__

FCC sued by dozens of cities after voting to kill local fees and rules

The Federal Communications Commission faces a legal battle against dozens of cities from across the United States, which sued the FCC to stop an order that preempts local fees and regulation of cable-broadband networks.

The cities filed lawsuits in response to the FCC's August 1 vote that limits the fees municipalities can charge cable companies and prohibits cities and towns from regulating broadband services offered over cable networks.

"At least 46 cities are asking federal appeals courts to undo an FCC order they argue will force them to raise taxes or cut spending on local media services, including channels that schools, governments, and the general public can use for programming," Bloomberg Law wrote Tuesday.