2020-01-01 00:00:00 ..
2020-01-18 15:09:06 UTC
2020-01-19 13:41:22 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
A major UK high street retailer has been fined the maximum amount under the pre-GDPR data protection regime for deficiencies which led to a breach affecting 14 million customers.
Privacy regulator the Information Commissioner’s Office (ICO) fined DSG Retail £500,000 under the 1998 Data Protection Act after POS malware was installed on 5390 tills.
The incident affected Currys PC World and Dixons Travel stores between July 2017 and April 2018, allowing hackers to harvest data including customer names, postcodes, email addresses and failed credit checks from internal servers, over a nine-month period.
The “poor security arrangements” highlighted by the ICO included ineffective software patching, the absence of a local firewall, and lack of network segregation and routine security testing.
“Our investigation found systemic failures in the way DSG Retail Limited safeguarded personal data. It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen,” said ICO director of investigations, Steve Eckersley.
[...] Another business in the group, Carphone Warehouse, was fined £400,000 by the ICO in 2018 for similar security issues.
The putative black hole was detected indirectly from the motion of a bright companion star, orbiting an invisible compact object over a period of about 80 days. From new observations, a Belgian team showed that the original measurements were misinterpreted and that the mass of the black hole is, in fact, very uncertain. The most important question, namely how the observed binary system was created, remains unanswered. A crucial aspect is the mass of the visible companion, the hot star LS V+22 25. The more massive this star is, the more massive the black hole has to be to induce the observed motion of the bright star. The latter was considered to be a normal star, eight times more massive than the Sun.
A team of astronomers from Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) and the University of Potsdam had a closer look at the archival spectrum of LS V+22 25, taken by the Keck telescope at Mauna Kea, Hawaii. In particular, they were interested in studying the abundances of the chemical elements on the stellar surface. Interestingly, they detected deviations in the abundances of helium, carbon, nitrogen, and oxygen compared to the standard composition of a young massive star. The observed pattern on the surface showed ashes resulting from the nuclear fusion of hydrogen, a process that only happens deep in the core of young stars and would not be expected to be detected at its surface.
[...] The authors concluded that LS V+22 25 must have interacted with its compact companion in the past. During this episode of mass-transfer, the outer layers of the star were removed and now the stripped helium core is visible, enriched with the ashes from the burning of hydrogen.
A. Irrgang, S. Geier, S. Kreuzer, I. Pelisoli, U. Heber. A stripped helium star in the potential black hole binary LB-1. Astronomy & Astrophysics, 2020; 633: L5 DOI: 10.1051/0004-6361/201937343
A lot of media coverage of self-driving technology has focused on a handful of big companies with well-known brands: Google, Uber, Tesla, and GM. But there's another company working on self-driving technology that might ultimately prove even more important. That company is Mobileye, an Israeli startup that was acquired by Intel in 2017.
Mobileye doesn't have Elon Musk's star power or Google's billions. But it has something that's arguably even more important: a dominant position in today's market for advanced driver-assistance systems (ADAS). Mobileye had a very public split with Tesla back in 2016, but it continues to do business with a lot of other carmakers. Mobileye says it shipped 17.4 million systems last year, which means 17.4 million customers bought cars with Mobileye's cameras, chips, and software.
In a Tuesday speech at the Consumer Electronics show, Mobileye CEO Amnon Shashua made clear just how big of a strategic advantage this is. He laid out Mobileye's vision for the evolution of self-driving technology over the next five years. And he made it clear that he envisions Mobileye staying at the center of the industry.
For the last two years, we've touted Cadillac's Super Cruise as the gold standard for ADAS systems. Two features make Super Cruise stand out. First, it uses a driver-facing camera to verify that the driver's eyes are on the road. If not, the system forces the driver to take over. This feature addresses one of the biggest concerns with ADAS systems: that they could make drivers so complacent that they don't intervene when the technology malfunctions.
Second, Cadillac has pre-mapped more than 130,000 miles of freeways in the US and Canada. The system will only engage on those roads, which makes it much less likely that the system will get confused and make a dangerous mistake.
In his Tuesday speech, Mobileye's Shashua calls ADAS systems with high-definition maps, like Super Cruise, "Level 2+"—a small step above regular ADAS systems that are called "level 2" in the five-level SAE framework. A number of carmakers have developed similar systems. Shashua says Mobileye is supplying the technology for 70 percent of them, including systems from Nissan, Volkswagen, and BMW.
As it sells its technology to carmakers, Mobileye has bargained for access to sensor data from customer vehicles. Shashua says that Mobileye is already collecting data from Volkswagen, BMW, and Nissan vehicles. He says three other unnamed carmakers have also agreed to participate.
The scale of this program is massive. Mobileye says it is already collecting 6 million kilometers (3.7 million miles) of sensor data every day from vehicles on public roads. Mobileye expects to have more than 1 million vehicles in its European fleet by the end of 2020, and 1 million American vehicles the following year.
Today, the U.S. Department of Energy (DOE) announced the selection of Brookhaven National Laboratory in Upton, NY, as the site for a planned major new nuclear physics research facility.
The Electron Ion Collider (EIC), to be designed and constructed over ten years at an estimated cost between $1.6 and $2.6 billion, will smash electrons into protons and heavier atomic nuclei in an effort to penetrate the mysteries of the “strong force” that binds the atomic nucleus together.
“The EIC promises to keep America in the forefront of nuclear physics research and particle accelerator technology, critical components of overall U.S. leadership in science,” said U.S. Secretary of Energy Dan Brouillette. “This facility will deepen our understanding of nature and is expected to be the source of insights ultimately leading to new technology and innovation.”
“America is in the golden age of innovation, and we are eager to take this next step with EIC. The EIC will not only ensure U.S. leadership in nuclear physics, but the technology developed for EIC will also support potential tremendous breakthroughs impacting human health, national competiveness, and national security,” said Under Secretary for Science Paul Dabbar. “We look forward to our continued world-leading scientific discoveries in conjunction with our international partners.”
The EIC’s high luminosity and highly polarized beams will push the frontiers of particle accelerator science and technology and provide unprecedented insights into the building blocks and forces that hold atomic nuclei together.
A team of four Danish security researchers has disclosed this week a security flaw that impacts cable modems that use Broadcom chips.
The vulnerability, codenamed Cable Haunt, is believed to impact an estimated 200 million cable modems in Europe alone, the research team said today.
The vulnerability impacts a standard component of Broadcom chips called a spectrum analyzer. This is a hardware and software component that protects the cable modem from signal surges and disturbances coming via the coax cable. The component is often used by internet service providers (ISPs) in debugging connection quality.
On most cable modems, access to this component is limited for connections from the internal network.
The research team says the Broadcom chip spectrum analyzer lacks protection against DNS rebinding attacks, uses default credentials, and also contains a programming error in its firmware.
Researchers say that by tricking users into accessing a malicious page via their browser, they can use the browser to relay an exploit to the vulnerable component and execute commands on the device.
Hackers may be able to remotely take complete control of cable modems from various manufacturers due to a critical vulnerability affecting a middleware component shipped with some Broadcom chips.
The vulnerability, dubbed Cable Haunt and tracked as CVE-2019-19494, was identified by researchers from Lyrebirds and an independent expert. They've reproduced the attack on ten cable modems from Sagemcom, Netgear, Technicolor and COMPAL, but other manufacturers also likely use the Broadcom chip containing the vulnerability.
The researchers estimate that 200 million modems were initially affected by this vulnerability in Europe alone. However, over the past year they have been notifying affected ISPs — cable modems are typically provided to internet users by ISPs — and four companies in Denmark and Norway have reported patching their devices after being notified.
The flaw is related to a tool called spectrum analyzer, which uses a websocket to communicate with the device's graphical interface in the browser. The vulnerable tool is only exposed to the local network, but Cable Haunt attacks can also be launched from the internet by getting the targeted user to visit a malicious website or a site that serves malicious ads.
A hacker can set up a website that launches a DNS rebinding attack to gain access to the local network and execute the Cable Haunt exploit. DNS rebinding allows a remote hacker to abuse a targeted user's web browser to directly communicate with devices on the local network — in this case with the cable modem.
The researchers who discovered Cable Haunt explained that cross-origin resource sharing (CORS) in the browser should prevent such attacks, but they discovered that all of the tested modems were vulnerable to DNS rebinding.
In the wake of the US assassination of Iranian general Qasem Soleimani and the retaliatory missile strike that followed, Iran-watchers have warned that the country could deploy cyberattacks as well, perhaps even targeting US critical infrastructure like the electric grid. A new report lends some fresh details to the nature of that threat: By all appearances, Iranian hackers don't currently have the capability to start causing blackouts in the US. But they've been working to gain access to American electric utilities, long before tensions between the two countries came to a head.
On Thursday morning, industrial control system security firm Dragos detailed newly revealed hacking activity that it has tracked and attributed to a group of state-sponsored hackers it calls Magnallium. The same group is also known as APT33, Refined Kitten, or Elfin, and has previously been linked to Iran. Dragos says it has observed Magnallium carrying out a broad campaign of so-called password-spraying attacks, which guess a set of common passwords for hundreds or even thousands of different accounts, targeting US electric utilities as well as oil and gas firms.
A related group that Dragos calls Parisite has worked in apparent cooperation with Magnallium, the security firm says, attempting to gain access to US electric utilities and oil and gas firms by exploiting vulnerabilities in virtual private networking software. The two groups' combined intrusion campaign ran through all of 2019 and continues today.
Dragos declined to comment on whether any of those activities resulted in actual breaches. The report makes clear, though, that despite the IT system probes they saw no sign that the Iranian hackers could access the far more specialized software that controls physical equipment in electric grid operators or oil and gas facilities. In electric utilities in particular, digitally inducing a blackout would require far more sophistication than the techniques Dragos describes in its report.
But given the the threat of Iranian counterattacks, infrastructure owners should nonetheless be aware of the campaign, argues Dragos founder and former NSA critical infrastructure threat intelligence analyst Rob Lee. And they should consider not just new attempts to breach their networks but also the possibility that those systems have already been compromised. "My concern with the Iran situation is not that we're going to see some new big operation spin up," Lee says. "My concern is with access that groups might already have."
Toyota researches and tests robotics, material science, automated driving and alternative fuel technology in labs all around the world. Now the automaker is trying a new and far more ambitious project: build a prototype city on a 175-acre site at the foot of Mount Fugi in Japan, where people will live and work amongst all of Toyota’s projects, including its autonomous e-Palette shuttles and robots.
This won’t be another test site, Toyota Motor Corp President Akio Toyoda said Monday during a press conference ahead of CES 2020. Construction on the first phase of the city — which will be designed by acclaimed Danish architect Bjarke Ingels — will begin in 2021. His firm, Ingels Group (BIG) has designed high-profile projects such as 2 World Trade Center in New York, the Lego House in Denmark and Google’s Mountain View and London headquarters.
This is a passion project of Toyoda’s, several executives said after the press conference. And it was evident on stage.
“It’s my personal fields of dreams,” Toyoda said. “If they build it, they will come.”
Arthur T Knackerbracket has found the following story:
After completing more than two years of basic training, the six women and seven men were chosen from a record-breaking 18,000 applicants representing a wide variety of backgrounds and specialties, from experienced pilots to scientists, engineers and doctors.
The group includes two candidates from the Canadian Space Agency (CSA), which has participated in a joint training program with the US since 1983. "They are the best of the best: they are highly qualified and very diverse, and they represent all of America," said NASA Administrator Jim Bridenstine. They include five people of color, including the first Iranian-American astronaut Jasmin Moghbeli who flew combat missions in Afghanistan and holds an engineering degree from MIT.
The group, known as the "Turtles", wore blue flight jumpsuits and took turns approaching the podium to receive their astronaut pins, as one of their classmates paid tribute to their character and shared playful and heartfelt anecdotes.
After being selected in 2017, the class completed training in spacewalking at NASA's underwater Neutral Buoyancy Lab, robotics, the systems of the International Space Station, piloting the T-38 training jet and Russian language lessons.
They are the first to graduate since NASA announced the Artemis program to return to the Moon by 2024, this time on its south pole, as the US plans to place the next man and first woman on lunar soil and set up an orbital space station.
-- submitted from IRC
The small red planet is losing water more quickly than what theory as well as past observations would suggest.
The gradual disappearance of water (H2O) occurs in the upper atmosphere of Mars: sunlight and chemistry disassociate water molecules into hydrogen and oxygen atoms that the weak gravity of Mars cannot prevent from escaping into space. An international research teamthey led partly by CNRS researcher Franck Montmessin, has just revealed that water vapour is accumulating in large quantities and unexpected proportions at an altitude of over 80 km in the Martian atmosphere.
Measurements showed that large atmospheric pockets are even in a state of supersaturation, with the atmosphere containing 10 to 100 times more water vapour than its temperature should theoretically allow. With the observed supersaturation rates, the capacity of water to escape would greatly increase during certain seasons.
Anna A. Fedorova, Franck Montmessin, Oleg Korablev, Mikhail Luginin, Alexander Trokhimovskiy, Denis A. Belyaev, Nikolay I. Ignatiev, Franck Lefèvre, Juan Alday, Patrick G. J. Irwin, Kevin S. Olsen, Jean-Loup Bertaux, Ehouarn Millour, Anni Määttänen, Alexey Shakun, Alexey V. Grigoriev, Andrey Patrakeev, Svyatoslav Korsa, Nikita Kokonkov, Lucio Baggio, Francois Forget, Colin F. Wilson. Stormy water on Mars: The distribution and saturation of atmospheric water during the dusty season. Science, 2020; eaay9522 DOI: 10.1126/science.aay9522
Arthur T Knackerbracket has found the following story:
In a recent study, environmental engineering master's student Bappi Chowdhury and his colleagues found that adding conductive materials to the waste products could potentially turn them into a reliable feedstock, allowing for a production rate of up to 70 percent more biomethane—a renewable energy source—from a mixture of fat, oil and grease and ordinary food waste in an anaerobic digester.
Energy-rich, fat-filled wastes are extremely slow to break down, forming barriers that stymie microbial digestion or floating to the surface at waste treatment facilities, which collect biomethane in the process. Despite their high energy potential—fats are composed of longer carbon chains that naturally degrade into natural gas—these substances often wind up in landfills, where they slowly degrade and are released into the atmosphere, a particular problem because methane is roughly 30 times more potent than carbon dioxide as a heat-trapping gas.
The findings could have implications for municipalities struggling with clogged sewer lines, industrial agricultural facilities dealing with animal waste or governments hoping to reduce climate impacts.
"It could solve a lot of problems," said Chowdhury, who was the lead author of the study. "It's sustainable, renewable energy, because as long as there are people, there will be food waste."
Conductive materials have long been used in waste and wastewater treatment, but only in the past decade have they been used to stimulate biomethane production.
A substance like granular activated carbon—the conductive material most effective in the new study—is better known for removing compounds that affect the smell and taste of treated water. But according to Bipro Dhar, a U of A assistant professor of environmental engineering, activated carbon can also function as a hub for microbes looking to dump or pick up electrons as part of biochemical processes.
"It can change how microbes interact," said Dhar, who supervised Chowdhury's research. "It can significantly enhance how fast we can degrade those organics and produce biomethane."
The study also involved adding food waste to the mix to improve yields. Chowdhury found an optimal recipe of 70 percent food waste—sourced from waste from the HUB Mall on the U of A's campus—and 30 percent fat, oil and grease from GHD Canada, an Ontario-based industry partner. He tested two conductive materials, granular activated carbon and magnetite, to see which worked better. The first conductive material reduced the time of decomposition from 20 to 25 days to just seven.
There's a second reason that granular activated carbon works so well. Microbes that naturally break down lipids and fats grow right on the conductive materials. A wider range of microbes remain in the mix in the digester, ensuring decomposition is more efficient than it would be on its own.
-- submitted from IRC
Plastic pollution is getting under our skin. Literally. As plastics have become ubiquitous in modern society, so too has plastic pollution, including that of tiny plastic particles. These microplastics have been detected in the air, water and even in some foods, making their presence in our bodies essentially inevitable.
"We definitely know we're exposed, there's no doubt," says Chelsea Rochman, an ecologist at the University of Toronto in Canada, who studies human-made pollutants in fresh and saltwater environments. "We drink it, we breathe it, we eat it.
How pervasive is that plastic exposure, and is it bad for your health? Scientists don't yet know, but they have some working theories. Here's what we know so far about these tiny, pervasive plastic particles.
Once it enters the environment, the plastic we throw away breaks down in the sun, waves and wind into much smaller pieces. We also producetiny plastic fibers and particles when we wash clothes, drive our cars, wear down carpets and upholstered furniture and more. Microplastics are any smaller than a quarter inch, often defined as a millimeter or smaller; nanoplastics are even more miniscule, measuring less than 0.1 micrometers (a micrometer is 1,000 times smaller than a millimeter).
The biggest sources of human exposure to microplastics likely come fromairborne dust,drinking water (including treated tap water and bottled water) andseafood (shellfish in particular, because we eat the entire animal), Rochman says. Scientists have also detected microplastics in products as varied as sugar, honey, German beer and sea salt. Emerging research suggests humans are consuming more than 100,000 microplastic particles a year, according to Kieran Cox, a Ph.D candidate and Hakai Scholar at the University of Victoria, Canada.
"Microplastics are now considered an emerging food safety concern, but we really don't have all the answers yet," says Dave Love, a microbiologist at Johns Hopkins who studies aquaculture, fisheries and related environmental, health and social issues.
Chemists have found a new use for the waste product of nuclear power - transforming an unused stockpile into a versatile compound which could be used to create valuable commodity chemicals as well as new energy sources.
Depleted uranium (DU) is a radioactive by-product from the process used to create nuclear energy. Many fear the health risks from DU, as it is either stored in expensive facilities or used to manufacture controversial armour-piercing missiles.
But, in a paper published in the Journal of the American Chemical Society, Professor Geoff Cloke, Professor Richard Layfield and Dr Nikolaos Tsoureas, all at the University of Sussex, have revealed that DU could, in fact, be more useful than we might think.
By using a catalyst which contains depleted uranium, the researchers have managed to convert ethylene (an alkene used to make plastic) into ethane (an alkane used to produce a number of other compounds including ethanol).
Their work is a breakthrough that could help reduce the heavy burden of large-scale storage of DU, and lead to the transformation of more complicated alkenes.
Prof Layfield said: "The ability to convert alkenes into alkanes is an important chemical reaction that means we may be able to take simple molecules and upgrade them into valuable commodity chemicals, like hydrogenated oils and petrochemicals which can be used as an energy source.
"The fact that we can use depleted uranium to do this provides proof that we don't need to be afraid of it as it might actually be very useful for us."
Nikolaos Tsoureas, Laurent Maron, Alexander F. R. Kilpatrick, Richard A. Layfield, F. Geoffrey N. Cloke. Ethene Activation and Catalytic Hydrogenation by a Low-Valent Uranium Pentalene Complex. Journal of the American Chemical Society, 2019; 142 (1): 89 DOI: 10.1021/jacs.9b11929
Alright, hacker guy or gal, this is your time to shine. If you're not familiar with the Zero Day Intiative (ZDI), it's calling all friendly hackers extraordinaire once again for a good cause. This time, if if[sic] anyone manages to hack a Tesla, they'll get nearly $1 million and a shiny-new Model 3.
ZDI confirmed on Thursday that Tesla will once again be the big-name sponsor for its automotive category. Increasingly, automakers turn to friendly hackers to exploit their systems to keep our machines safe. Thus, ZDI has issued a new challenge for this year's "Pwn2Own" contest.
If an individual is able to completely compromise a Tesla Model 3, they get the car as part of Tier 1 prizes. Not only will they go home with a new Model 3, but they'll immediately earn a cash prize of $500,000 from ZDI. Yet, the most skilled have a chance for even more cash. If a contestant ticks off a few hacks in extra categories, they'll earn up to $200,000 more on top of the car and $500,000. These areas are "infotainment root persistence," "autopilot root persistence" and "arbitrary control of the CAN Bus." Each area has its own prize amount, but all hack all three, and it totals up to $200,000.
Budget Android smartphones offered through a US government initiative for low-income Americans come with preinstalled, unremovable Chinese malware, researchers report.
These low-cost smartphones are sold by Assurance Wireless, a federal Lifeline Assistance program under Virgin Mobile. Lifeline, supported by the federal Universal Service Fund, is a government program launched in 1985 to provide discounted phone service to low-income households. The Unimax (UMX) U686CL ($35) is the most inexpensive smartphone it sells.
In October 2019, Malwarebytes began to receive complaints in its support system from users of the UMX U686CL who reported some pre-installed apps on their government-funded phones were malicious. Researchers purchased one of these smartphones to verify customers' claims.
Researchers from ETH[*] Zurich and the National University of Singapore have developed a new kind of bandage that helps blood to clot and doesn't stick to the wound. This marks the first time that scientists have combined both properties in one material.
"We did not actually plan this, but that is just how science works sometimes: you start researching one thing and end up somewhere else," says ETH Professor Dimos Poulikakos. Together with scientists from his group and from the National University of Singapore, they developed and tested various superhydrophobic materials—which are, like Teflon, extremely good at repelling liquids such as water and blood. The goal was to find coatings for devices that come into contact with blood, for example heart-lung machines or artificial heart devices.
One of the materials tested demonstrated some unexpected properties: not only did it repel blood, but it also aided the clotting process. Although this made the material unsuitable for use as a coating for blood pumps and related devices, the researchers quickly realized that it would work ideally as a bandage.
[*] ETH Zurich - Eidgenössische Technische Hochschule Zurich.