SoylentNews

Fnord666 writes:

VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems

The point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased and ongoing threat of being targeted by an attack coordinated by cybercrime groups according to a security alert published by VISA.

Three attacks that targeted organizations in this type of attack with the end goal of scraping payment card data were observed during the summer of 2019, according to the Visa Payment Fraud Disruption (PFD).

[...] PFD says that in the first incident it identified, unknown attackers were able to compromise their target using a phishing email that allowed them to infect one of the systems on the network with a Remote Access Trojan (RAT).

This provided them with direct network access, making it possible to obtain credentials with enough permissions to move laterally throughout the network and compromise the company's POS system as "there was also a lack of network segmentation between the Cardholder Data Environment (CDE) and corporate network."

The last stage of the attack saw the actors deploying a RAM scraper that helped them collect and exfiltrate customer payment card data.

During the second and third incidents, PFD states that the threat actors used malicious tools and TTPs (Tactics, Techniques and Procedures) attributable to the financially-motivated FIN8 cybercrime group.

upstart writes:

Submitted via IRC for Bytram

US finally giving boot to official foot measurement

Change is afoot for the official measuring stick used to size up big places in America.

The reason? There are actually two different definitions of the 12-inch measurement known as a foot.

Some land surveyors use what's known as the U.S. survey foot. Others use the definition that's more accepted by the broader world: the international foot.

The difference between them is so tiny that you can't see it with the naked eye on a 12-inch ruler. But over big distances, it matters. So, to reduce the chance for errors and confusion, the federal government has announced it's finally giving the boot to the survey foot.

The international foot is the smaller one—adding about an eighth of an inch of difference when measuring a mile. That means the United States is 28.3 feet wider when measured using the international foot instead of the survey foot.

The change started in 1959, when the federal government mandated that everyone use the international foot but allowed surveyors to keep to the old U.S. survey foot for a while. That temporary reprieve has lasted 60 years, but it will finally end in 2022, the National Oceanic and Atmospheric Administration and the National Institute of Standards and Technology announced in October.

Original Submission

Fnord666 writes:

Senate Judiciary Committee Interrogates Apple, Facebook About Crypto

In a hearing of the Senate Judiciary Committee yesterday, while their counterparts in the House were busy with articles of impeachment, senators questioned New York District Attorney Cyrus Vance, University of Texas Professor Matt Tait, and experts from Apple and Facebook over the issue of gaining legal access to data in encrypted devices and messages. And committee chairman Sen. Lindsey Graham (R-S.C.) warned the representatives of the tech companies, "You're gonna find a way to do this or we're going to do it for you."

The hearing, entitled "Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy," was very heavy on the public safety with a few passing words about privacy. Graham said that he appreciated "the fact that people cannot hack into my phone, listen to my phone calls, follow the messages, the texts that I receive. I think all of us want devices that protect our privacy." However, he said, "no American should want a device that is a safe haven for criminality," citing "encrypted apps that child molesters use" as an example.

"When they get a warrant or court order, I want the government to be able to look and find all relevant information," Graham declared. "In American law there is no place that's immune from inquiry if criminality is involved... I'm not about to create a safe haven for criminals where they can plan their misdeeds and store information in a place that law enforcement can never access it."

Original Submission

Fnord666 writes:

Google Achieves Its Goal of Erasing the WWW Subdomain From Chrome

With the release of Chrome 79, Google completes its goal of erasing www from the browser by no longer allowing Chrome users to automatically show the www trivial subdomain in the address bar.

When Chrome 76 was released, Google decided to no longer show the www "trivial subdomain" in the address bar when visiting a web site. This means, that if you are visiting www.bleepingcomputer.com, Chrome would only show bleepingcomputer.com in the address bar...

[...] According to a Google engineer, www is considered a trivial subdomain because "this isn't information that most users need to concern themselves with in most cases".

Many users, though, felt that this was a security issue, could be confusing for users, and is technically incorrect because www.domain.com is not always the same host as domain.com.

So is this a distinction without a difference or a real issue?

Original Submission

Fnord666 writes:

A sobering message about the future at AI's biggest party

Blaise Aguera y Arcas praised the revolutionary technique known as deep learning that has seen teams like his get phones to recognize faces and voices. He also lamented the limitations of that technology, which involves designing software called artificial neural networks that can get better at a specific task by experience or seeing labeled examples of correct answers.

"We're kind of like the dog who caught the car," Aguera y Arcas said. Deep learning has rapidly knocked down some longstanding challenges in AI—but doesn't immediately seem well suited to many that remain. Problems that involve reasoning or social intelligence, such as weighing up a potential hire in the way a human would, are still out of reach, he said. "All of the models that we have learned how to train are about passing a test or winning a game with a score [but] so many things that intelligences do aren't covered by that rubric at all," he said.

Original Submission

Fnord666 writes:

Nebula VPN routes between hosts privately, flexibly, and efficiently

Last month, the engineering department at Slack—an instant messaging platform commonly used for community and small business organization—released a new distributed VPN mesh tool called Nebula. Nebula is free and open source software, available under the MIT license.

It's difficult to coherently explain Nebula in a nutshell. According to the people on Slack's engineering team, they asked themselves "what is the easiest way to securely connect tens of thousands of computers, hosted at multiple cloud service providers in dozens of locations around the globe?" And (developing) Nebula was the best answer they had. It's a portable, scalable overlay networking tool that runs on most major platforms, including Linux, MacOS, and Windows, with some mobile device support planned for the near future.

Nebula-transmitted data is fully encrypted using the Noise protocol framework, which is also used in modern, highly security-focused projects such as Signal and WireGuard. Unlike more traditional VPN technologies—including WireGuard—Nebula automatically and dynamically discovers available routes between nodes and sends traffic down the most efficient path between any two nodes rather than forcing everything through a central distribution point.

Original Submission

upstart writes:

Submitted via IRC for chromas

The US, like China, has about one surveillance camera for every four people, says report

One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit and first reportedby The Wall Street Journal. China's installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. When taking populations into account, however, China will continue to have nearly the same ratio of cameras to citizens as the US.

In 2018, China had 350 million cameras installed for an estimated one camera for every 4.1 people. That compared to one for every 4.6 people in the US where 70 million cameras were installed. Taiwan was third in terms of penetration with one camera for every 5.5 citizens in 2018, followed by the UK and Ireland (1:6.5) and Singapore (1:7.1).

China's installed base of cameras has recently risen 70 percent, while the US increased by nearly 50 percent.

upstart writes:

Submitted via IRC for chromas

Your Internet Provider Likely Juiced Its Official Speed Scores

Companies wield tremendous influence over the [FCC's internet speeds] study and often employ tactics to boost their scores, according to interviews with more than two dozen industry executives, engineers and government officials. As a result, the FCC's report likely gives consumers an unreliable measure of internet providers' performances by overstating speeds.

[...] The FCC informs companies which customers are part of the speed tests, allowing some to prioritize giving those households better service, engineers who worked at some of the companies said. The FCC relies on companies to provide information about the speed plans for the customers being tested.

Major providers have persuaded the FCC to remove unfavorable data, including individual houses with poor scores, blaming faulty equipment. They have successfully argued to exclude test days when heavy traffic slowed scores, such as during NFL games or when pushed a new software update. Reasons for the deletions aren't always included in the FCC reports.

Many internet providers gain additional information about the users being tested by paying SamKnows, the U.K.-based company that administers and provides equipment for the tests, for real-time access to testers' scores year-round, and other analytics.

Representatives of major broadband providers denied tampering with the FCC study, pointing to a code of conduct they sign that forbids them from influencing the results unless it is "consistent with normal business practices." They said any network upgrades improved service for swaths of their subscribers, not just households in the FCC's tests.

AT&T said that in its case, the company asked the FCC to remove DSL data from the report because it no longer markets that older technology, which relies on copper phone lines, used by a small percentage of its customer base. The company said the commission's own policies should have excluded the "obsolete" internet plans. AT&T also said that it did validate the DSL accounts for the FCC.

An FCC spokesman said the program has a transparent process and that the agency will continue to enable it "to improve, evolve, and provide meaningful results as we move forward."

Original Submission

aristarchus writes:

Bloomberg reports that Peter Thiel, is at it again.

The U.S. Army will spend $111 million next year in a new contract with Palantir Technologies Inc., deepening ties between Peter Thiel's data analytics company and the Pentagon.

The new Defense Department deal will represent about 10% of Palantir's revenue next year, according to people familiar with the company's finances. It's the first step in what could be a four-year, $440 million deal with the Army.

The Silicon Valley company will provide software to connect human resources, supply chains and other Army operations systems into a single dashboard. The Army considered earlier proposals for related work from Accenture Plc, Deloitte, Ernst & Young and Microsoft Corp.

"We started Palantir in 2004 to help the war fighter and solve difficult problems," Doug Philippone, head of Palantir's global defense business, said in an emailed statement. "In helping the Army make better use of its own data, we accomplish both goals."

The Defense deal solidifies a relationship between the U.S. government and the Palo Alto, California-based company, which was co-founded and partly bankrolled by Thiel. The billionaire venture capitalist and adviser to President Donald Trump has chastised other technology companies, in particular Alphabet Inc.'s Google, for their reluctance to work with the Defense Department. After Google abandoned a Pentagon effort known as Project Maven, Palantir stepped in to help develop video recognition software as part of the project, a move reported earlier by Business Insider.

Original Submission

upstart writes:

Submitted via IRC for Bytram

And now for this evening's space weather report. We've got a hotspot of satellite-wrecking 'killer electrons' in the outer Van Allen belt...

Scientists have discovered a dangerous hotspot in Earth's Van Allen radiation belts that spews so-called "killer electrons" that can knacker satellites and spacecraft.

Our home world is surrounded by two donut-shaped Van Allen radiation belts teeming with electrically charged particles. The inner belt stretches from 400 to 6,000 miles above our planet's surface, and the outer one ranges from 8,400 to 36,000 miles out.

The electrons and protons in the belts are tiny in size, though they pack a sizable punch as they zoom around close to the speed of light. Any satellites that fly through the belts are pelted by the particles, which can damage any on-board electrical equipment, such as sensors and cameras.

Killer electrons [in] these belts pose an even greater risk: their energies run up to millions of electron volts, which can completely frazzle or kill passing spacecraft.

Now, physicists led by boffins at Nagoya University, Japan, have homed in on one region in particular of the belts that produces these killer electrons.

"An important topic in space weather science is understanding the dynamics of killer electrons in the Van Allen radiation belt," Yoshizumi Miyoshi, a professor at the Institute for Space-Earth Environmental Research at Nagoya University, said this week. "The results of this study will improve the modelling and lead to more accurate forecasting of killer electrons in Van Allen radiation belts."

The [scientists] found this killer-electron hotspot by analyzing readings from the Japan Aerospace Exploration Agency's Arase satellite and NASA's Van Allen Probes. This hotspot pumps out accelerated electron fluxes with energies from 500,000 to 2 million electron volts, according to a paper published in Geophysical Research Letters.

Remote Detection of Drift Resonance Between Energetic Electrons and Ultralow Frequency Waves: Multisatellite Coordinated Observation by Arase and Van Allen Probes, Geophysical Research Letters (DOI: 10.1029/2019GL084379)

Original Submission

An Anonymous Coward writes:

https://www.theverge.com/2019/12/13/21020836/billboard-albums-chart-youtube-vevo-apple-spotify-video-streams

Billboard has announced that YouTube streams will be factored into the Billboard 200 albums chart starting early next year. Video streams from other platforms will also count, including Apple, Spotify, Tidal, and Vevo, and Billboard says the change will also impact genre album consumption charts, like country, Latin, and others. Billboard's charts have historically been seen as a barometer of success within the music industry.

Original Submission

upstart writes:

Submitted via IRC for chromas

Online Forum Members Exploited Weak Credentials To Turn Ring Cameras Against Their Owners

To add to all the bad news that is Ring camera's lifecycle to this point comes the report that a group of malcontents has been exploiting default/weak credentials to gain access to cameras. Joseph Cox has the this-would-be-funny-if-it-weren't-so-scary details at Motherboard.

Hackers have created dedicated software for breaking into Ring security cameras, according to posts on hacking forums reviewed by Motherboard. The camera company is owned by Amazon, which has hundreds of partnerships with police departments around the country.

[...] There's not much actual hacking going on. What appears to be happening is purchasers aren't choosing unique passwords when they set up their cameras. They also aren't using the two-factor authentication Ring recommends.

There are enough cameras out there (and more being installed every day), there's an entire forum set up just for the hijacking of Ring cameras/doorbells. Forum members are selling exploit tools to each other which allow these jackasses to brute force Ring devices using credentials (usernames/email addresses and passwords) found elsewhere on the web.

The popular exploitables have even spawned a podcast featuring unsuspecting device owners being trolled by jerks who have gained access to Ring and Nest cameras. This is what's in store for device owners who haven't properly secured their new purchases.

---

Original Submission

Arthur T Knackerbracket has found the following story:

The FTC [(US Federal Trade Commission)] is keen to have a piece of Google, in part because it has just set up a new technology task force specifically to monitor tech giants for anti-competitive behavior. But the agency also wants to rebuild its reputation following an embarrassing climbdown in 2012, when its staff found that Google was rigging the search market, but the agency’s commissioners cut a deal and tried to hide the staff report (it is still hiding part of it.)

But the DoJ [(Department of Justice)] reportedly called dibs on Fitbit because it has an ongoing investigation into Google. Who knows what else went on in the background but, while the DoJ is currently the president’s favorite lapdog and Rottweiler, the FTC remains the toothless watchdog.

[...] Not that any of that means that Google won’t get approval to buy Fitbit, even though several organizations have warned that the search giant most likely wants to company in order to hoover up millions of people’s health data and tie it into its vast advertiser-friendly database.

Original Submission

Freeman writes:

A federal judge on Tuesday roasted Arkansas' law banning makers of meatless meat products from using words such as "burger," "sausage," "roast," and "meat" in their labeling.
[...] Judge Kristine Baker, of the US District Court for the Eastern District of Arkansas, granted a preliminary injunction that prevents the state from enforcing the law while the legal case is ongoing. In her order, Judge Baker made clear that the law appears to violate the Free Speech Clause of the First Amendment—as Tofurky argued. She determined that the state will likely lose the case.
[...] "The State argues that Tofurky's labels for its plant-based products are inherently misleading because they use the names and descriptors of traditional meat items but do not actually include the product they invoke, including terms like 'chorizo,' 'hot dogs,' 'sausage,' and 'ham roast,'" Judge Baker noted. Such misleading or false labels would not be protected commercial speech under the First Amendment, the state claimed.

But Judge Baker essentially called that argument bologna.
[...] She went on to cite a ruling in a similar case that determined that "Under Plaintiffs' logic, a reasonable consumer might also believe that veggie bacon contains pork, that flourless chocolate cake contains flour, or that e-books are made out of paper."

"That assumption is unwarranted," she went on. "The labels in the record evidence include ample terminology to indicate the vegan or vegetarian nature of the products."
[...] Meat and dairy industry groups have been increasingly working to try to limit the use of terms like "milk" and "meat" in other states and contexts as meatless and diary-free products continue to grow in popularity. Missouri, Mississippi, Louisiana, and South Dakota have similar anti-veggie-meat labeling laws. In Wisconsin, lawmakers have considered banning non-dairy products from using the word "milk," such as beverages labeled almond milk.

The latter issue led former FDA commissioner Scott Gottlieb to quip last year that "You know, an almond doesn't lactate." He said that the Food and Drug Administration is working on a guidance for the use of the term.

https://arstechnica.com/science/2019/12/judge-serves-up-sizzling-rebuke-of-arkansas-anti-veggie-meat-labeling-law/
Previous Stories:
https://soylentnews.org/article.pl?sid=19/12/04/1425220
https://soylentnews.org/article.pl?sid=19/07/07/1443201
https://soylentnews.org/article.pl?sid=18/02/26/2315236

Original Submission

upstart writes in with a submission, via IRC, for chromas.

Ring's Neighbors app is revealing device locations, report says

Data found on Ring's Neighbors app can reveal the exact location of the company's devices -- and, by extent, users' homes, according to a Monday report. Neighbors, a free app from the smart doorbell company, allows users to post and comment on crime and security information in their communities. Ring pitches it as "the new neighborhood watch," and many posts include clips captured by Ring video doorbells and security cameras.

In its report, Gizmodo said it collected data over the last month linked to around 65,800 posts on the Neighbors app and found "hidden geographic coordinates that are connected to each post." That includes latitude and longitude with the precision of up to six decimal points, the report says.

The findings reflect the mounting privacy concerns surrounding the home surveillance company. Ring, which was purchased by Amazon last year for a reported $1 billion, has faced scrutiny for helping police build a surveillance network with its smart doorbells. Police departments that partnered with Ring had access for more than a year to a map outlining where the video doorbells were installed. That feature was removed in July.

Original Submission