SoylentNews

takyon writes:

Amazon boss Jeff Bezos's phone 'hacked by Saudi crown prince'

Exclusive: investigation suggests Washington Post owner was targeted five months before murder of Jamal Khashoggi

The Amazon billionaire Jeff Bezos had his mobile phone "hacked" in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian.

The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world's richest man, according to the results of a digital forensic analysis.

This analysis found it "highly probable" that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.

The two men had been having a seemingly friendly WhatsApp exchange when, on 1 May of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity.

Large amounts of data were exfiltrated from Bezos's phone within hours, according to a person familiar with the matter. The Guardian has no knowledge of what was taken from the phone or how it was used.

The extraordinary revelation that the future king of Saudi Arabia may have had a personal involvement in the targeting of the American founder of Amazon will send shockwaves from Wall Street to Silicon Valley.

Previously: Saudi Arabia's Government Allegedly Hacked Into Jeff Bezos's Phone

Original Submission

Freeman writes:

HMD's Nokia 2.3 has been announced for sale in the US. This low-end phone is just $129 but still manages to look like a respectable device.

[...] it runs stock Android with no crapware.

[...] There are some nice extras here, too, like a micro SD slot, a headphone jack, FM Radio support, and a dedicated Google Assistant button on the side.

[...] There are some downsides that come with the low price. First, there's no fingerprint reader. The only biometrics are a selfie-cam-powered face unlock feature, which can't be that secure since it only does a 2D face scan. Second, you're getting the old micro USB port for charging, instead of the newer, reversible USB-C, which is a shame. This also means there's no quick charging, and instead you get a pokey 5V/1A charger. Third, there's no NFC, so you won't be able to tap-and-pay at the register. Fourth, it only comes with Android 9 Pie, although an upgrade to Android 10 is planned at some point.

https://arstechnica.com/gadgets/2020/01/dirt-cheap-nokia-2-3-comes-to-the-us-for-just-129/

Only downside [for me] is the fact that it actually has a selfie-cam-powered face unlock feature. How about you?

Original Submission

Arthur T Knackerbracket has found the following story:

The fastest spinning object on Earth – a pair of nanoparticles – can complete over five billion revolutions per second in the laboratory, according to a paper published in Nature Nanotechnology on Monday.

Here's how the team at Purdue University in the US pulled it off: they formed a dumbbell-shaped object roughly 300nm across in a vacuum chamber from two silica particles. Next, the eggheads zapped the dumbbell with a laser to trap it in place, a process dubbed optical levitation.

A second, slightly less powerful laser beam is focused on the particle to make it spin. The laser light used to trap the nano-dumbbell is passed through a lens and projected onto a series of photodetectors. As the teeny object spins, it alters the polarization of the beam, and that change is used to determine the nanoparticle's record-breaking rotation rate. Thus, the dumbbell also acts as torque detector, we're told.

The goal isn’t to keep breaking records for the sake of it, however. [Tongcang Li, an assistant professor of physics and astronomy, and of electrical and computer engineering at Purdue, who led the study] hopes these strange nanoparticles will help scientists understand so-called “vacuum friction,” a quantum effect in which a particle is slowed down by frictional forces in empty space. Physicists reckon virtual photons pop in and out of existence in a vacuum, such as space, to exert a tiny amount of drag on real particles.

The nanoparticles could be used to measure that drag because, as the university was keen to remind us, the dumbbell forms "the world's most sensitive torque detector, which researchers hope will be used to measure the friction created by quantum effects."

Journal Reference:
Ahn, J., Xu, Z., Bang, J. et al. Ultrasensitive torque detection with an optically levitated nanorotor, Nature Nanotechnology (DOI: doi:10.1038/s41565-019-0605-9)

Abstract:

*SPOILER* (click to show) *SPOILER* (click to hide)

Torque sensors such as the torsion balance enabled the first determination of the gravitational constant by Henri Cavendish and the discovery of Coulomb's law. Torque sensors are also widely used in studying small-scale magnetism, the Casimir effect and other applications. Great effort has been made to improve the torque detection sensitivity by nanofabrication and cryogenic cooling. Until now, the most sensitive torque sensor has achieved a remarkable sensitivity of 2.9 × 10⁻²⁴ N m Hz^−1/2 at millikelvin temperatures in a dilution refrigerator. Here, we show a torque sensor reaching sensitivity of (4.2 ± 1.2) × 10⁻²⁷N m Hz^−1/2 at room temperature. It is created by an optically levitated nanoparticle in vacuum. Our system does not require complex nanofabrication. Moreover, we drive a nanoparticle to rotate at a record high speed beyond 5 GHz (300 billion r.p.m.). Our calculations show that this system will be able to detect the long sought after vacuum friction near a surface under realistic conditions. The optically levitated nanorotor will also have applications in studying nanoscale magnetism, and the quantum geometric phase.

Original Submission

canopic jug submitted this article:

Steven Bellovin, Professor of Computer Science at Columbia University writes briefly with a concrete example of how the Y2038 threat works.

[...] just as with Y2K, the problems don't start when the magic date hits; rather, they start when a computer first encounters dates after the rollover point, and that can be a lot earlier. In fact, I just had such an experience.

A colleague sent me a file from his Windows machine; looking at the contents, I saw this.

$ unzip -l zipfile.zip
Archive: zipfile.zip
Length Date Time Name
——— ——— ———
2411339 01-01-2103 00:00 Anatomy...
——— ———

Look at that date: it's in the next century! (No, I don't know how that happened.) But when I looked at it after extracting on my [MacOS] computer, the date was well in the past:

$ ls -l Anatomy...
-rw-r-r-@ 1 smb staff 2411339 Nov 24 1966 Anatomy...

Huh?

After a quick bit of coding, I found that the on-disk modification time of the extracted file was 4,197,067,200 seconds since the Epoch. That's larger than the limit! But it's worse than that. I translated the number to hexadecimal (base 16), which computer programmers use as an easy way to display the binary values that computers use internally. It came to FA2A29C0. (Since base 16 needs six more digits than our customary base 10, we use the letters A–F to represent them.) The first "F", in binary, is 1111. And the first of those bits is the so-called sign bit, the bit that tells whether or not the number is negative. The value of FA2A29C0, if treated as a signed, 32-bit number, is -97,900,096, or about 3.1 years before the Epoch. Yup, that corresponds exactly to the November 24, 1966 date my system displayed. (Why should +4,197,067,200 come out to -97,900,096? As I indicated, that's moderately technical, but if you want to learn the gory details, the magic search phrase is "2's complement".)

While attention is paid to desktops and servers, they are easy to replace and have very short lifetimes. In contrast embedded systems should be receiving special action already since they are seldomly or never updated and have lifespans measured in decades.

Previously:
Reducing Year 2038 Problems in curl (2018)
The Time Is... 1500000000 (2017)

Original Submission

Phoenix666 writes:

MedicalXPress:

How similar do you think you are to your second cousin? Or your estranged great aunt?

Would you like to have people assess your behaviour from what your great aunt has done? How would you feel if courts used data gained from them to decide how you are likely to behave in the future?

Scientists are making connections between a person's DNA and their tendencies for certain kinds of behaviour. At the same time, commercial DNA databases are becoming more common and police are gaining access to them.

When these trends combine, genetic data inferred about offenders from their relatives might one day be used by courts to determine sentences. In the future, the data from your great aunt could be used by a court to determine how severely you are punished for a crime.

[...] A Florida judge recently approved a warrant to search a genetic genealogy database, GED Match. This American company has approximately 1.3 million users who have uploaded their personal genetic data, with the assumption of privacy, in the hope of discovering their family tree.

The court directly overruled these users' request for privacy and now the company is obliged to hand over the data.

[...] This might be used by the prosecution to make the case for a longer sentence. In some jurisdictions and circumstances, the prosecution may have a means of obtaining a sample of DNA directly from the offender. But where this is not legally possible without the offender's consent, the inference from relatives might fill a gap in the prosecution's case about how dangerous the offender is.

Your ability to be granted bail may hinge on your genes.

Original Submission

Fnord666 writes:

Source: Hacker Leaks More Than 500K Telnet Credentials for IoT Devices

A hacker has published a list of credentials for more than 515,000 servers, home routers and other Internet of Things (IoT) devices online on a popular hacking forum in what's being touted as the biggest leak of Telnet passwords to date, according to a published report.

The leak—revealed in a report on ZDNet—demonstrates once again the inherent insecurity of the Telnet protocol as well as highlights persistent security flaws that could affect business networks as more and more so-called "smart" devices connect to the internet from home networks.

The hacker compiled the list–which includes each device's IP address, as well as a username and password for Telnet–by scanning the entire internet for devices that were exposing their Telnet port, according to the report. The bad actor then used factory-set default usernames and passwords and/or easy-to-guess password combinations to gain credentials, according to ZDNet.

The list the hacker compiled is known as a "bot list," which IoT botnet operations rely on to connect to devices and install malware. The hacker, who himself is a maintainer of a DDoS-for-hire—also known as a DDoS booter service–according to the report, had a vested interest in compiling such an extensive list because of a change in the way he conducts his business, according to ZDnet.

The one spot of good news for those owning devices on the list is that all the credentials leaked by the hacker are dated October to November 2019, which means some of the devices might now use different login credentials or run on different IP addresses, according to the report.

Original Submission

Fnord666 writes:

Any fellow soylentils early adopters of Sonos sound systems?

In May, Sonos will stop providing software updates for its oldest products, and they'll no longer receive any new features. The decision impacts "legacy" devices that are currently part of the company's trade-up program, including all Sonos Zone Players, the Connect and Connect:Amp, the first-generation Play:5, the CR200 controller, and the Bridge. It's important to note that with the Connect and Connect:Amp, this only applies to devices manufactured between 2011 and 2015. Newer hardware revisions will continue receiving updates.

"Without new software updates, access to services and overall functionality of your sound system will eventually be disrupted, particularly as partners evolve their technology," Sonos warned in a blog post today. The company says customers can choose to either keep using these products after support ends — they should continue functioning in the near-term — or replace them with a modern Sonos product at a discount.

Read more at The Verge.

Original Submission

Fnord666 writes:

An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It's working on a patch. In the meantime, workarounds are available.

The bug (CVE-2020-0674) which is listed as critical in severity for IE 11, and moderate for IE 9 and IE 10, exists in the way that the jscript.dll scripting engine handles objects in memory in the browser, according to Microsoft's advisory, issued Friday.

The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user – meaning that an adversary could gain the same user rights as the current user.

"If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system," Microsoft explained. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

An attack could be carried out using a malicious website designed to exploit the vulnerability through IE, the advisory noted. Threat actors could lure victims to the site by sending an email, through watering-hole techniques, via malicious documents containing a web link and other social-engineering efforts.

There is a workaround available from Microsoft, as well as a micropatch from 0patch, released on Tuesday.

Story: https://threatpost.com/microsoft-zero-day-actively-exploited-patch/152018/

Original Submission

Phoenix666 writes:

Science X:

Our team of paleo-ecologists and archaeologists collected sediment cores from 23 ponds across southern New England. We analyzed ancient pollen grains, fragments of charcoal and clues about past water depth, all preserved in the mud, allowing us to create a record of vegetation, fire and climate over thousands of years.

[...] Of course, the indigenous people of New England utilized and relied on a wide variety of natural resources: they hunted, fished, foraged, and cultivated some edible plants. Pre-Colonial societies were complex, widespread and large, with populations in the tens of thousands. But the evidence suggests they didn't use fire to open large swaths of the landscape for agriculture. Rather, over more than 10,000 years, these highly adaptable people shifted activities seasonally across the landscape, taking advantage of a wide range of resources and exerting limited, and most likely very localized, ecological impacts overall.

[...] When we analyzed the mud in our study ponds, we found the obvious signature of forest clearance by 17th-century European colonists. Pollen from forest species declined, while pollen from agricultural and weedy species, like ragweed, increased abruptly. This evidence clearly shows New England's open land habitats owe their existence to Colonial European deforestation and agriculture, especially sheep and cattle grazing, hay production, and orchard and vegetable cultivation in the 18th and 19th centuries.

Journal Reference:
W. Wyatt Oswald et al. Conservation implications of limited Native American impacts in pre-contact New England^$, Nature Sustainability (2020). DOI: 10.1038/s41893-019-0466-0

Interesting to think pond sediment may also one day mark the stages of our civilization, such as the Age of Cigarette Butts and the Time of AOL CDs.

Original Submission

An Anonymous Coward writes:

DDoS Mitigation Firm Founder Admits to DDoS:

KrebsOnSecurity exposed the co-administrators of vDOS and obtained a copy of the entire vDOS database, including its registered users and a record of the attacks those users had paid vDOS to launch on their behalf.

Those records showed that several email addresses tied to a domain registered by then 19-year-old Preston had been used to create a vDOS account that was active in attacking a large number of targets, including multiple assaults on networks belonging to the Free Software Foundation (FSF).

The 2016 story on BackConnect featured an interview with a former system administrator at FSF who said the nonprofit briefly considered working with BackConnect, and that the attacks started almost immediately after FSF told the company's owners they would need to look elsewhere for DDoS protection.

Perhaps having fun at the expense of the FSF was something of a meme that the accused and his associates seized upon, but it's interesting to note that the name of the FSF's founder — Richard Stallman — was used as a nickname by the co-author of Mirai, a potent malware strain that was created for the purposes of enslaving Internet of Things (IoT) devices for large-scale DDoS attacks.

Related:
DDoS Against Brian Krebs Scores a Victory: KrebsOnSecurity is Offline
Brian Krebs DDoSed After Exposing vDos Operators; Israeli Authorities Hit Back With Arrests

Original Submission

Phoenix666 writes:

Phys.org:

Less than a month before the end of the Rosetta mission, the space probe was just 1.9 km above the surface of Chury as it flew through a dust cloud from the comet. This resulted in a direct impact of dust in the ion source of the mass spectrometer ROSINA-DFMS (Rosetta Orbiter Sensor for Ion and Neutral Analysis-Double Focusing Mass Spectrometer), led by the University of Bern. Kathrin Altwegg, lead researcher on ROSINA and co-author of the new study published today in the prestigious journal Nature Astronomy, says: "This dust almost destroyed our instrument and confused Rosetta's position control."

[...] Extensive laboratory work was needed in order to prove the presence of these salts in cometary ice. "The ROSINA team has found traces of five different ammonium salts: ammonium chloride, ammonium cyanide, ammonium cyanate, ammonium formate and ammonium acetate," says the chemist on the ROSINA team and co-author of the current study, Dr. Nora Hänni. "Until now, the apparent absence of nitrogen on comets was a mystery. Our study now shows that it is very probable that nitrogen is present on comets, namely in the form of ammonium salts," Hänni continues.

The ammonium salts discovered include several astrobiologically relevant molecules which may result in the development of urea, amino acids, adenine and nucleotides. Kathrin Altwegg says: "This is definitely a further indication that comet impacts may be linked with the emergence of life on Earth."

As far as the origins of life are concerned, comets do seem to have the right stuff.

Kathrin Altwegg et al. Evidence of ammonium salts in comet 67P as explanation for the nitrogen depletion in cometary comae, Nature Astronomy (2020). DOI: 10.1038/s41550-019-0991-9

Original Submission

Freeman writes:

Two years ago, Apple dropped a plan that would have made it impossible for the company to decrypt iPhone and iPad backups for law enforcement, according to a Reuters report today. Reuters wrote that "six sources familiar with the matter" confirmed that Apple dropped the end-to-end encryption plan for iCloud Backup "after the FBI complained that the move would harm investigations."

[...] "Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order," the report continued.

[...] Apple had "10 or so experts" working on the end-to-end encryption plan, "variously code-named Plesio and KeyDrop," but told them to stop work on the project once the decision was made, according to Reuters' sources.

[...] Messages is a special case. Messages itself has end-to-end encryption, but iCloud Backup "includes a copy of the key protecting your Messages." If you want full protection for Messages, you'd want to disable iCloud Backup and back your iOS devices up to iTunes on your computer instead.

iCloud Backup's inclusion of a copy of the Messages key "ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices," Apple explains. "When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple."

[...] President Trump blasted Apple on Twitter last week, writing that Apple "refuse[s] to unlock phones used by killers, drug dealers and other violent criminal elements."

Apple countered that it gave the FBI "gigabytes of information" including "iCloud backups, account information and transactional data for multiple accounts."

Apple may be unable to unlock the phones since it hasn't granted the government's request for a backdoor—and continues to argue that encryption backdoors would harm security for all users.

https://arstechnica.com/tech-policy/2020/01/apple-reportedly-nixed-plan-for-end-to-end-encryption-in

Original Submission

Phoenix666 writes:

Hackaday:

How better to work on Open Source projects than to use a Libre computing device? But that's a hard goal to accomplish. If you're using a desktop computer, Libre software is easily achievable, though keeping your entire software stack free of closed source binary blobs might require a little extra work. But if you want a laptop, your options are few indeed. Lucky for us, there may be another device in the mix soon, because [Lukas Hartmann] has just about finalized the MNT Reform.

Since we started eagerly watching the Reform a couple years ago the hardware world has kept turning, and the Reform has improved accordingly. The i.MX6 series CPU is looking a little peaky now that it's approaching end of life, and the device has switched to a considerably more capable – but no less free – i.MX8M paired with 4 GB of DDR4 on a SODIMM-shaped System-On-Module. This particular SOM is notable because the manufacturer freely provides the module schematics, making it easy to upgrade or replace in the future. The screen has been bumped up to a 12.5″ 1080p panel and steps have been taken to make sure it can be driven without blobs in the graphics pipeline.

What has Soylentils' experience with open hardware been?

Original Submission

An Anonymous Coward writes:

China confirms human-to-human transmission of new coronavirus:

Human-to-human transmission of a new coronavirus strain has been confirmed in China, fueling fears of a major outbreak of the SARS-like virus as millions travel for the Lunar New Year holiday.

Zhong Nanshan, head of the National Health Commission, said on Monday patients may have contracted the new virus without having visited the central city of Wuhan where it was discovered before spreading across China and reaching three other Asian nations.

"Currently, it can be said it is affirmative that there is the phenomenon of human-to-human transmission," he said in an interview with China's CCTV state broadcaster.

Zhong said two people in Guangdong province in southern China caught the disease from family members who had visited Wuhan.

He added that 14 medical personnel helping with coronavirus patients have also been infected.

Human-to-human transmission could make the virus spread more quickly and widely.

CDC Confirms First US Case of New Coronavirus

Public health officials have confirmed the first U.S. case of a mysterious coronavirus that has already killed at least six people and sickened hundreds of others in China, the Centers for Disease Control and Prevention said Tuesday.

A male traveler from China has been diagnosed in Snohomish County, Washington State with the Wuhan coronavirus, according to the CDC.

Officials said the sick male, in his 30s, is “very healthy.” He is currently being isolated at a medical center in the state “out of caution” and “poses little risk” to the public, they said. The CDC said the male reached out to local health authorities on Jan. 15 once he started experiencing pneumonia-like symptoms.

Previously:
China Reports 3rd Death, Nearly 140 New Cases of Coronavirus

Original Submission

Arthur T Knackerbracket has found the following story:

Astronomers have found nearly 1 million asteroids in our Solar System, with the vast majority located in the asteroid belt between Mars and Jupiter.

It is far rarer to find asteroids with orbits closer to the Sun, and especially inside the orbit of Earth, due to Jupiter's gravitational influence. There are only about 20 known asteroids with orbits entirely inside that of Earth's. They are called Atira[*] asteroids.

Many of these Atira asteroids have orbits that are substantially tilted away from the plane of the Solar System, suggesting past encounters with Mercury or Venus.

Until now, scientists have theorized that Vatira asteroids might exist—those with orbits inside Venus—but had yet to find one. They would be difficult to observe because their orbits would bring them close to the Sun, leaving only a short window to find them in the dusk or dawn sky. And also because presumably they are quite rare due to the gravitational challenge of squeezing into a stable orbit so near the Sun.

But now astronomers have found a Vatira asteroid for the first time. The body, called 2020 AV2, was found earlier this month by the California Institute of Technology's Zwicky Transient Facility, and confirmed by other observatories around the world.

Wikipedia entry on Atira asteroids.

-- submitted from IRC

Original Submission