2020-01-01 00:00:00 ..
2020-02-26 12:22:20 UTC
2020-02-26 23:29:09 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
The point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased and ongoing threat of being targeted by an attack coordinated by cybercrime groups according to a security alert published by VISA.
Three attacks that targeted organizations in this type of attack with the end goal of scraping payment card data were observed during the summer of 2019, according to the Visa Payment Fraud Disruption (PFD).
[...] PFD says that in the first incident it identified, unknown attackers were able to compromise their target using a phishing email that allowed them to infect one of the systems on the network with a Remote Access Trojan (RAT).
This provided them with direct network access, making it possible to obtain credentials with enough permissions to move laterally throughout the network and compromise the company's POS system as "there was also a lack of network segmentation between the Cardholder Data Environment (CDE) and corporate network."
The last stage of the attack saw the actors deploying a RAM scraper that helped them collect and exfiltrate customer payment card data.
During the second and third incidents, PFD states that the threat actors used malicious tools and TTPs (Tactics, Techniques and Procedures) attributable to the financially-motivated FIN8 cybercrime group.
[...] "It is important to note that this attack vector differs significantly from skimming at fuel pumps, as the targeting of POS systems requires the threat actors to access the merchant's internal network, and takes more technical prowess than skimming attacks," VISA PFD says.
"Fuel dispenser merchants should take note of this activity and deploy devices that support chip wherever possible, as this will significantly lower the likelihood of these attacks."
So unfortunately this is really something that you can't do much about.
Submitted via IRC for Bytram
Change is afoot for the official measuring stick used to size up big places in America.
The reason? There are actually two different definitions of the 12-inch measurement known as a foot.
Some land surveyors use what's known as the U.S. survey foot. Others use the definition that's more accepted by the broader world: the international foot.
The difference between them is so tiny that you can't see it with the naked eye on a 12-inch ruler. But over big distances, it matters. So, to reduce the chance for errors and confusion, the federal government has announced it's finally giving the boot to the survey foot.
The international foot is the smaller one—adding about an eighth of an inch of difference when measuring a mile. That means the United States is 28.3 feet wider when measured using the international foot instead of the survey foot.
The change started in 1959, when the federal government mandated that everyone use the international foot but allowed surveyors to keep to the old U.S. survey foot for a while. That temporary reprieve has lasted 60 years, but it will finally end in 2022, the National Oceanic and Atmospheric Administration and the National Institute of Standards and Technology announced in October.
In a hearing of the Senate Judiciary Committee yesterday, while their counterparts in the House were busy with articles of impeachment, senators questioned New York District Attorney Cyrus Vance, University of Texas Professor Matt Tait, and experts from Apple and Facebook over the issue of gaining legal access to data in encrypted devices and messages. And committee chairman Sen. Lindsey Graham (R-S.C.) warned the representatives of the tech companies, "You're gonna find a way to do this or we're going to do it for you."
The hearing, entitled "Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy," was very heavy on the public safety with a few passing words about privacy. Graham said that he appreciated "the fact that people cannot hack into my phone, listen to my phone calls, follow the messages, the texts that I receive. I think all of us want devices that protect our privacy." However, he said, "no American should want a device that is a safe haven for criminality," citing "encrypted apps that child molesters use" as an example.
"When they get a warrant or court order, I want the government to be able to look and find all relevant information," Graham declared. "In American law there is no place that's immune from inquiry if criminality is involved... I'm not about to create a safe haven for criminals where they can plan their misdeeds and store information in a place that law enforcement can never access it."
With the release of Chrome 79, Google completes its goal of erasing www from the browser by no longer allowing Chrome users to automatically show the www trivial subdomain in the address bar.
When Chrome 76 was released, Google decided to no longer show the www "trivial subdomain" in the address bar when visiting a web site. This means, that if you are visiting www.bleepingcomputer.com, Chrome would only show bleepingcomputer.com in the address bar...
[...] According to a Google engineer, www is considered a trivial subdomain because "this isn't information that most users need to concern themselves with in most cases".
Many users, though, felt that this was a security issue, could be confusing for users, and is technically incorrect because www.domain.com is not always the same host as domain.com.
So is this a distinction without a difference or a real issue?
Blaise Aguera y Arcas praised the revolutionary technique known as deep learning that has seen teams like his get phones to recognize faces and voices. He also lamented the limitations of that technology, which involves designing software called artificial neural networks that can get better at a specific task by experience or seeing labeled examples of correct answers.
"We're kind of like the dog who caught the car," Aguera y Arcas said. Deep learning has rapidly knocked down some longstanding challenges in AI—but doesn't immediately seem well suited to many that remain. Problems that involve reasoning or social intelligence, such as weighing up a potential hire in the way a human would, are still out of reach, he said. "All of the models that we have learned how to train are about passing a test or winning a game with a score [but] so many things that intelligences do aren't covered by that rubric at all," he said.
Last month, the engineering department at Slack—an instant messaging platform commonly used for community and small business organization—released a new distributed VPN mesh tool called Nebula. Nebula is free and open source software, available under the MIT license.
It's difficult to coherently explain Nebula in a nutshell. According to the people on Slack's engineering team, they asked themselves "what is the easiest way to securely connect tens of thousands of computers, hosted at multiple cloud service providers in dozens of locations around the globe?" And (developing) Nebula was the best answer they had. It's a portable, scalable overlay networking tool that runs on most major platforms, including Linux, MacOS, and Windows, with some mobile device support planned for the near future.
Nebula-transmitted data is fully encrypted using the Noise protocol framework, which is also used in modern, highly security-focused projects such as Signal and WireGuard. Unlike more traditional VPN technologies—including WireGuard—Nebula automatically and dynamically discovers available routes between nodes and sends traffic down the most efficient path between any two nodes rather than forcing everything through a central distribution point.
Submitted via IRC for chromas
One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit and first reportedby The Wall Street Journal. China's installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. When taking populations into account, however, China will continue to have nearly the same ratio of cameras to citizens as the US.
In 2018, China had 350 million cameras installed for an estimated one camera for every 4.1 people. That compared to one for every 4.6 people in the US where 70 million cameras were installed. Taiwan was third in terms of penetration with one camera for every 5.5 citizens in 2018, followed by the UK and Ireland (1:6.5) and Singapore (1:7.1).
China's installed base of cameras has recently risen 70 percent, while the US increased by nearly 50 percent.
"During the past few years, coverage of the surveillance market has focused heavily on China's massive deployments of cameras and artificial intelligence (AI) technology," said IHS Markit analyst Oliver Philippou. "What's received far less attention is the high level of penetration of surveillance cameras in the United States. With the US nearly on par with China in terms of camera penetration, future debate over mass surveillance is likely to concern America as much as China."
There is a difference in how the cameras are implemented, though. In China, most cameras are installed for the purposes of widespread video surveillance of cities, whereas cameras installed in the US are primarily for the purposes of retail and commercial usage. Notably, the Chinese government is reportedly using cameras with facial recognition to profile and track members of Muslim minority groups, a million or more of whom are being rounded up and detained in indoctrination camps.
US cities are split currently on how to deal with facial recognition. As reported by the WSJ, cities like Detroit; Washington, DC; and Orlando are testing it for policing and security, while others, like San Francisco, have officially banned it. IHS Markit says only 3 percent of security cameras installed in the US are for the purposes of city-wide surveillance.
Submitted via IRC for chromas
Companies wield tremendous influence over the [FCC's internet speeds] study and often employ tactics to boost their scores, according to interviews with more than two dozen industry executives, engineers and government officials. As a result, the FCC's report likely gives consumers an unreliable measure of internet providers' performances by overstating speeds.
[...] The FCC informs companies which customers are part of the speed tests, allowing some to prioritize giving those households better service, engineers who worked at some of the companies said. The FCC relies on companies to provide information about the speed plans for the customers being tested.
Major providers have persuaded the FCC to remove unfavorable data, including individual houses with poor scores, blaming faulty equipment. They have successfully argued to exclude test days when heavy traffic slowed scores, such as during NFL games or when pushed a new software update. Reasons for the deletions aren't always included in the FCC reports.
Many internet providers gain additional information about the users being tested by paying SamKnows, the U.K.-based company that administers and provides equipment for the tests, for real-time access to testers' scores year-round, and other analytics.
Representatives of major broadband providers denied tampering with the FCC study, pointing to a code of conduct they sign that forbids them from influencing the results unless it is "consistent with normal business practices." They said any network upgrades improved service for swaths of their subscribers, not just households in the FCC's tests.
AT&T said that in its case, the company asked the FCC to remove DSL data from the report because it no longer markets that older technology, which relies on copper phone lines, used by a small percentage of its customer base. The company said the commission's own policies should have excluded the "obsolete" internet plans. AT&T also said that it did validate the DSL accounts for the FCC.
An FCC spokesman said the program has a transparent process and that the agency will continue to enable it "to improve, evolve, and provide meaningful results as we move forward."
Bloomberg reports that Peter Thiel, is at it again.
The U.S. Army will spend $111 million next year in a new contract with Palantir Technologies Inc., deepening ties between Peter Thiel's data analytics company and the Pentagon.
The new Defense Department deal will represent about 10% of Palantir's revenue next year, according to people familiar with the company's finances. It's the first step in what could be a four-year, $440 million deal with the Army.
The Silicon Valley company will provide software to connect human resources, supply chains and other Army operations systems into a single dashboard. The Army considered earlier proposals for related work from Accenture Plc, Deloitte, Ernst & Young and Microsoft Corp.
"We started Palantir in 2004 to help the war fighter and solve difficult problems," Doug Philippone, head of Palantir's global defense business, said in an emailed statement. "In helping the Army make better use of its own data, we accomplish both goals."
The Defense deal solidifies a relationship between the U.S. government and the Palo Alto, California-based company, which was co-founded and partly bankrolled by Thiel. The billionaire venture capitalist and adviser to President Donald Trump has chastised other technology companies, in particular Alphabet Inc.'s Google, for their reluctance to work with the Defense Department. After Google abandoned a Pentagon effort known as Project Maven, Palantir stepped in to help develop video recognition software as part of the project, a move reported earlier by Business Insider.
Submitted via IRC for Bytram
Scientists have discovered a dangerous hotspot in Earth's Van Allen radiation belts that spews so-called "killer electrons" that can knacker satellites and spacecraft.
Our home world is surrounded by two donut-shaped Van Allen radiation belts teeming with electrically charged particles. The inner belt stretches from 400 to 6,000 miles above our planet's surface, and the outer one ranges from 8,400 to 36,000 miles out.
The electrons and protons in the belts are tiny in size, though they pack a sizable punch as they zoom around close to the speed of light. Any satellites that fly through the belts are pelted by the particles, which can damage any on-board electrical equipment, such as sensors and cameras.
Killer electrons [in] these belts pose an even greater risk: their energies run up to millions of electron volts, which can completely frazzle or kill passing spacecraft.
Now, physicists led by boffins at Nagoya University, Japan, have homed in on one region in particular of the belts that produces these killer electrons.
"An important topic in space weather science is understanding the dynamics of killer electrons in the Van Allen radiation belt," Yoshizumi Miyoshi, a professor at the Institute for Space-Earth Environmental Research at Nagoya University, said this week. "The results of this study will improve the modelling and lead to more accurate forecasting of killer electrons in Van Allen radiation belts."
The [scientists] found this killer-electron hotspot by analyzing readings from the Japan Aerospace Exploration Agency's Arase satellite and NASA's Van Allen Probes. This hotspot pumps out accelerated electron fluxes with energies from 500,000 to 2 million electron volts, according to a paper published in Geophysical Research Letters.
Remote Detection of Drift Resonance Between Energetic Electrons and Ultralow Frequency Waves: Multisatellite Coordinated Observation by Arase and Van Allen Probes, Geophysical Research Letters (DOI: 10.1029/2019GL084379)
Billboard has announced that YouTube streams will be factored into the Billboard 200 albums chart starting early next year. Video streams from other platforms will also count, including Apple, Spotify, Tidal, and Vevo, and Billboard says the change will also impact genre album consumption charts, like country, Latin, and others. Billboard's charts have historically been seen as a barometer of success within the music industry.
Submitted via IRC for chromas
To add to all the bad news that is Ring camera's lifecycle to this point comes the report that a group of malcontents has been exploiting default/weak credentials to gain access to cameras. Joseph Cox has the this-would-be-funny-if-it-weren't-so-scary details at Motherboard.
Hackers have created dedicated software for breaking into Ring security cameras, according to posts on hacking forums reviewed by Motherboard. The camera company is owned by Amazon, which has hundreds of partnerships with police departments around the country.
[...] There's not much actual hacking going on. What appears to be happening is purchasers aren't choosing unique passwords when they set up their cameras. They also aren't using the two-factor authentication Ring recommends.
There are enough cameras out there (and more being installed every day), there's an entire forum set up just for the hijacking of Ring cameras/doorbells. Forum members are selling exploit tools to each other which allow these jackasses to brute force Ring devices using credentials (usernames/email addresses and passwords) found elsewhere on the web.
The popular exploitables have even spawned a podcast featuring unsuspecting device owners being trolled by jerks who have gained access to Ring and Nest cameras. This is what's in store for device owners who haven't properly secured their new purchases.
The FTC [(US Federal Trade Commission)] is keen to have a piece of Google, in part because it has just set up a new technology task force specifically to monitor tech giants for anti-competitive behavior. But the agency also wants to rebuild its reputation following an embarrassing climbdown in 2012, when its staff found that Google was rigging the search market, but the agency’s commissioners cut a deal and tried to hide the staff report (it is still hiding part of it.)
But the DoJ [(Department of Justice)] reportedly called dibs on Fitbit because it has an ongoing investigation into Google. Who knows what else went on in the background but, while the DoJ is currently the president’s favorite lapdog and Rottweiler, the FTC remains the toothless watchdog.
[...] Not that any of that means that Google won’t get approval to buy Fitbit, even though several organizations have warned that the search giant most likely wants to company in order to hoover up millions of people’s health data and tie it into its vast advertiser-friendly database.
A federal judge on Tuesday roasted Arkansas' law banning makers of meatless meat products from using words such as "burger," "sausage," "roast," and "meat" in their labeling.
[...] Judge Kristine Baker, of the US District Court for the Eastern District of Arkansas, granted a preliminary injunction that prevents the state from enforcing the law while the legal case is ongoing. In her order, Judge Baker made clear that the law appears to violate the Free Speech Clause of the First Amendment—as Tofurky argued. She determined that the state will likely lose the case.
[...] "The State argues that Tofurky's labels for its plant-based products are inherently misleading because they use the names and descriptors of traditional meat items but do not actually include the product they invoke, including terms like 'chorizo,' 'hot dogs,' 'sausage,' and 'ham roast,'" Judge Baker noted. Such misleading or false labels would not be protected commercial speech under the First Amendment, the state claimed.
But Judge Baker essentially called that argument bologna.
[...] She went on to cite a ruling in a similar case that determined that "Under Plaintiffs' logic, a reasonable consumer might also believe that veggie bacon contains pork, that flourless chocolate cake contains flour, or that e-books are made out of paper."
"That assumption is unwarranted," she went on. "The labels in the record evidence include ample terminology to indicate the vegan or vegetarian nature of the products."
[...] Meat and dairy industry groups have been increasingly working to try to limit the use of terms like "milk" and "meat" in other states and contexts as meatless and diary-free products continue to grow in popularity. Missouri, Mississippi, Louisiana, and South Dakota have similar anti-veggie-meat labeling laws. In Wisconsin, lawmakers have considered banning non-dairy products from using the word "milk," such as beverages labeled almond milk.
The latter issue led former FDA commissioner Scott Gottlieb to quip last year that "You know, an almond doesn't lactate." He said that the Food and Drug Administration is working on a guidance for the use of the term.
Data found on Ring's Neighbors app can reveal the exact location of the company's devices -- and, by extent, users' homes, according to a Monday report. Neighbors, a free app from the smart doorbell company, allows users to post and comment on crime and security information in their communities. Ring pitches it as "the new neighborhood watch," and many posts include clips captured by Ring video doorbells and security cameras.
In its report, Gizmodo said it collected data over the last month linked to around 65,800 posts on the Neighbors app and found "hidden geographic coordinates that are connected to each post." That includes latitude and longitude with the precision of up to six decimal points, the report says.
The findings reflect the mounting privacy concerns surrounding the home surveillance company. Ring, which was purchased by Amazon last year for a reported $1 billion, has faced scrutiny for helping police build a surveillance network with its smart doorbells. Police departments that partnered with Ring had access for more than a year to a map outlining where the video doorbells were installed. That feature was removed in July.