SoylentNews

upstart writes in with an IRC submission for AnonymousCoward:

India's Chandrayaan 2 is creating the highest-resolution map we have of the moon:

India's space organization, ISRO, launched Chandrayaan 2 to the moon last year in July. While its lander Vikram crashed on the lunar surface on September 7, the Chandrayaan 2 orbiter continues to orbit the moon.

The Chandrayaan 2 orbiter hosts an extensive set of instruments to map the moon, and now, we get a peek at the data it has sent.

ISRO scientists had submitted a raft of initial results from the orbiter's mapping instruments to present at the flagship 51st Lunar and Planetary Science Conference in March. This is an annual conference hosted in the United States where more than 2000 planetary scientists and students from around the world attend and present their latest work. However, due to concerns about the novel coronavirus, the conference has been canceled.

[...] The Terrain Mapping Camera (TMC 2) onboard Chandrayaan 2 is a stereo imager, meaning it can capture 3-D images. It does that by imaging the same site from three different angles, akin to NASA's LRO, from which a 3-D image is constructed.

TMC 2 has beamed back images taken from 100 km above the lunar surface and the 3-D views generated from them look great. Here is one of a crater and a wrinkled ridge, the latter being a tectonic feature.

Such images are very useful for understanding how lunar features form and get their shape. For example, a 3-D image can help construct an accurate picture of the geometry of the impact that formed a crater.

Over time, Chandrayaan 2 will provide the highest resolution 3-D images of the entire moon, the best case resolution being 5 meters/pixel.

Original Submission

upstart writes in with an IRC submission for SoyCow420:

Comcast accidentally published 200,000 "unlisted" phone numbers:

Comcast mistakenly published the names, phone numbers, and addresses of nearly 200,000 customers who paid monthly fees to make their numbers unlisted. The names and numbers were made available on Ecolisting, a directory run by Comcast, and picked up by third-party directories. After discovering the mistake, Comcast shut Ecolisting down, gave $100 credits to affected customers, and advised them that they can change their phone numbers at no charge.

This is similar to a mistake in the early 2010s that resulted in Comcast paying a $33 million settlement in 2015.

The Denver Post reported last week:

For years, customers have had the ability to pay a small sum per month to ensure their phone numbers and personal information remain off of telephone and online directories. But in January and February, thousands of people across the country received letters from Xfinity telling them the company had inadvertently published personal information on Comcast's online directory, Ecolisting.com. The issue affected 2 percent of Comcast's 9.9 million voice customers, the company said.

Comcast charged $3.50 a month for the number-privacy feature in Pennsylvania, The Philadelphia Inquirer wrote. Customers elsewhere apparently paid more—some Comcast users on a support forum reported having to pay $5.50 per month.

In a statement to Ars, Comcast said, "We have corrected this issue for our identified customers, apologized to them for this error, and given them an additional $100 credit. We are working with our customers directly to address this issue and help make it right, and are taking steps to prevent this from happening again."

Related: https://www.techlicious.com/tip/remove-yourself-spokeo-intelius-peoplesmart-mylife/

Original Submission

DannyB writes:

Apple fined a record $1.2 billion by French antitrust authorities

French antitrust authorities ordered Apple on Monday to pay a 1.1 billion euro ($1.23 billion) fine for anti-competitive behavior.

The French competition authority said the iPhone-maker was guilty of creating cartels within its distribution network and abusing the economic dependence of its outside resellers.

Two of Apple's wholesalers were also fined for agreeing on prices: Tech Data and Ingram Micro received fines of 76.1 million euros and 62.9 million euros respectively. Both companies were not immediately available for comment when contacted by CNBC.

The French authority said this penalty — totaling 1.24 billion euros — was the largest ever handed down in one case.

"Apple and its two wholesalers agreed not to compete and prevent distributors from competing with each other, thereby sterilizing the wholesale market for Apple products," said Isabelle de Silva, president of the French Competition Authority.

[ . . . ] Monday's announcement is the second fine that French authorities have imposed on Apple in two months. The regulators hit Apple with a 25 million euro fine in February over its software updates, which were concluded to have slowed down older iPhones.

Maybe they should have kept the headphone jack.

Original Submission

Don't worry; they'll make more.

Runaway1956 writes:

[Editor's preface: SoylentNews has a Folding@Home team (#230319) As of this writing, SoylentNews.org is ranked at number 210 in the entire world! My current Core 2 Duo laptop would do little to support the effort compute-wise, so I assist as best I can by cheerleading, communicating our team's progress, and similar activities. We have a channel on our IRC (Internet Relay Chat) server "#folding" where there is sporadic discussion about progress. Check out the list of previous stories at the bottom of this story... to get involved, just mention it in the comments and come join our team!

If you are wondering what in the world F@H is, Wikipedia has a nice summary of Folding@Home . And, of course, there is F@H's "About" page, too. --martyb]

Intro:
If you are a Folding@Home (F@H) contributor, you may have noticed that you aren't getting your normal allotment of work units. It appears to have started some time Friday, March 13. The root cause? Schools shutting down around the United States.

Looking for Work [Units]:
Kids are scared (some more, some less) of the Coronavirus, they read something somewhere about efforts such as F@H that are working on curing various diseases. Those kid's gaming rigs are exactly what F@H and other similar research groups need. And, some of these kids have machines that most of us would envy! A well-built gaming machine is simply awesome!

https://foldingforum.org/viewforum.php?f=61

That forum is filled with "newbs" trying to figure out how to set up F@H on their machines, and then complaining that they can't get a work unit.

This post, specifically, explains that the huge influx of volunteers has depleted the available work units. https://foldingforum.org/viewtopic.php?f=24&t=32424 Apparently, on Friday, the staff filled the WU servers' caches with the normal weekend's amount of WU's and they were gone by early Saturday morning. Someone volunteered to work on Saturday to refill the caches, which were promptly emptied out again.

One of the posts on the F@H forum suggests that F@H has about 4 times the number of folders that it had a week ago.

What to do?
If you find yourself unable to download a WU, take a look at the log. You will probably find complaints,
"No WUs available for this configuration" and/or "Port 8080 unreachable, trying port 80" and/or "no http service available".

Those and more are all related to the fact that the servers are being hammered by half a zillion school kids who are looking for something useful to do with their time, and their computers.

Be patient, and just let your client work through it. It will eventually download a work unit, crunch it, and return it.

Official Statement:
Straight from the F@H project: Coronavirus – What we're doing and how you can help in simple terms – Folding@home

upstart writes in with an IRC submission for AnonymousCoward:

Bacteria form biofilms like settlers form cities:

Microbiologists have long adopted the language of human settlement to describe how bacteria live and grow: They "invade" and "colonize." Relations dwelling in close proximity are "colonies."

By pairing super-resolution imaging technology with a computational algorithm, a new study in Nature Communications confirms that this metaphor is more apt than scientists may have realized. The findings show that, as individual bacteria multiply and grow into a dense and sticky biofilm, such as the community that forms dental plaque, their growth patterns and dynamics mirror those seen in the growth of cities.

"We take this 'satellite-level' view, following hundreds of bacteria distributed on a surface from their initial colonization to biofilm formation," says Hyun (Michel) Koo, a professor in Penn's School of Dental Medicine and senior author on the work. "And what we see is that, remarkably, the spatial and structural features of their growth are analogous to what we see in urbanization."

This new perspective on how biofilms grow could help inform efforts to either promote the growth of beneficial microbes or break up and kill undesirable biofilms with therapeutics.

[...] Overall, the growth patterns were reminiscent of the formation of urban areas, the team found. Some individual "settlers" grew, expanding into small bacteria "villages." Then, as the boundaries of the villages grew and, in some cases met, they joined to form larger villages and eventually "cities." Some of these cities then merged to form larger "megacities."

Surprising the researchers, their results showed that only a subset of the bacteria grew. "We thought that the majority of the individual bacteria would end up growing," says Koo. "But the actual number was less than 40%, with the rest either dying off or being engulfed by the growth of other microcolonies."

[...] On both the individual bacteria and biofilm-wide scale, the researchers confirmed that the gluelike secretion known as extracellular polymeric substances (EPS) enabled bacteria to pack together closely and firmly in the biofilm. When they introduced an enzyme that digested EPS, the communities dissolved and returned to a collection of individual bacteria.

"Without EPS, they lose the ability to densely pack and form these 'cities,'" says Koo.

Journal Reference:
Amauri J. Paula, et al. Dynamics of bacterial population growth in biofilms resemble spatial and structural aspects of urbanization, Nature Communications (2020). (DOI: 10.1038/s41467-020-15165-4)

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs:

Cybercriminals continue to firehose financial services companies with new and innovative cyberattacks. Research from Akamai recently found that up to 75 percent of all credential abuse attacks against the financial services industry in 2019 targeted APIs directly (rather than user-facing login pages). One such credential stuffing attack, observed last summer, hit one of Akamai's financial services customers with a blizzard of 55 million malicious login attempts.

"We talk about API attacks and the reason why criminals are using targeted methods against API because the traditional 'throw it and hope it sticks' against financial services just isn't cutting it anymore, they have to be more creative," Steve Ragan, security researcher with Akamai, told Threatpost. "And of course this creates this 'run and gun' type of situation to where the financial services industry has to keep adding more layers and getting more creative with how they're doing defense because the criminals are obviously coming at them full steam ahead."

Threatpost talks to Ragan about the hardest hitting attack threats against the financial services industry, including credential stuffing attacks, DDoS attacks and more.

Original Submission

Arthur T Knackerbracket has found the following story:

The first science experiments that will be hosted on the Gateway, the international research outpost orbiting the moon, have been selected by ESA and NASA. Europe's contribution will monitor radiation to gain a complete understanding of cosmic and solar rays in unexplored areas as the orbital outpost is assembled around the moon.

The first module for the Gateway, the Power and Propulsion Element, is set to launch on the second Artemis mission and will host two external scientific investigations.

ESA's hardware will actively monitor radiation at all times and return data for all scientists from participating countries to consult.

As the Gateway module flies to its position in a halo-like orbit around the moon, it will pass through the Van Allen radiation belt—an area around Earth where high-energy particles are trapped by our planet's magnetic field. The particles can cause more radiation damage to humans, and the hardware will provide useful information on to how to keep astronauts safe as they pass through the belt.

Once in position, the Gateway will orbit the moon flying as close as 3000 km from the lunar surface and at its furthest, 70 000 km. The radiation investigation will continue to monitor the changes in protons, electrons and heavy ions and neutrons as they hit the measuring instruments.

"Heavy neutrons are of particular interest for us," says ESA's Science Team Leader of Human and Robotic Exploration Jennifer Ngo-Anh "some cosmic rays hit the moon and interact with the surface to reflect as heavy neutrons that are particularly damaging to humans. We need to know more about where and how these particles form, to protect astronauts."

[...] The Gateway will be built and assembled this decade as a platform for science in deep space and as an outpost for astronauts traveling onwards to the lunar surface. It is led by NASA. Following decisions at Space19+, ESA will build a Habitation module, communications systems and a refuelling module for the Gateway. The Canadian Space Agency has committed to provide advanced robotics for the lunar outpost. The Japanese Aerospace Exploration Agency is also in discussion to supply elements.

Original Submission

upstart writes in with an IRC submission for SoyCow4275:

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw:

Cybersecurity firm Volexity is warning that nation-state actors are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers tracked as CVE-2020-0688.

The experts did not provide details on the threat actors that are exploiting the vulnerability, according [to] ZDNet that cited a DOD source the attackers belong to prominent APT groups.

The CVE-2020-0688 flaw resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time.

"Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM." reads the advisory published by Microsoft.

A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC.

Original Submission

Arthur T Knackerbracket has found the following story:

A study of the second HIV patient to undergo successful stem cell transplantation from donors with a HIV-resistant gene, finds that there was no active viral infection in the patient's blood 30 months after they stopped anti-retroviral therapy, according to a case report published in The Lancet HIV journal and presented at CROI (Conference on Retroviruses and Opportunistic Infections).

Although there was no active viral infection in the patient's body, remnants of integrated HIV-1 DNA remained in tissue samples, which were also found in the first patient to be cured of HIV. The authors suggest that these can be regarded as so-called 'fossils', as they are unlikely to be capable of reproducing the virus.

Lead author on the study, Professor Ravindra Kumar Gupta, University of Cambridge, UK, says: "We propose that these results represent the second ever case of a patient to be cured of HIV. Our findings show that the success of stem cell transplantation as a cure for HIV, first reported nine years ago in the Berlin patient, can be replicated."

He cautions: "It is important to note that this curative treatment is high-risk, and only used as a last resort for patients with HIV who also have life-threatening haematological malignancies. Therefore, this is not a treatment that would be offered widely to patients with HIV who are on successful antiretroviral treatment.

-- submitted from IRC

Ravindra Kumar Gupta, Et Al. Evidence for HIV-1 cure after CCR5Δ32/Δ32 allogeneic haemopoietic stem-cell transplantation 30 months post analytical treatment interruption: a case report. The Lancet HIV, 2020; DOI: 10.1016/S2352-3018(20)30069-2

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

New universal carrier ink for 3-D printing:

Researchers at ETH have produced a gel from cellulose fibers and biodegradable nanoparticles that liquefies when pressed through the nozzle of a 3-D printer, but then quickly returns to its original shape. Their invention paves the way for personalized biomaterial implants.

In the same way that medicine has seen a trend towards precision medicine—where treatment is tailored to the genetic make-up of the patient—in recent years, materials scientists are increasingly turning their attention to precision biomaterials. As things stand, however, personalised implants are still a long way off. "But at the moment, we're making great progress toward this goal—and learning a lot in the process," says Mark Tibbitt, Professor of Macromolecular Engineering in the Department of Mechanical and Process Engineering at ETH Zurich.

[...] This is where the universal carrier ink that Tibbitt's team has developed can help. It consists of cellulose fibers dissolved in water combined with biodegradable polymeric nanoparticles. When no external pressure is being exerted, the fibers attach themselves to the particles. This creates a transient network that can be disrupted when subjected to the high shear forces in the printer nozzle—but that quickly reforms after passing through the narrow opening.

In further experiments, Tibbitt and his team of researchers added different polymers (such as hyaluronic acid, gelatine, collagen, or fibrinogen) to their new carrier ink. These secondary polymers did not change the ink's flow behavior through the head of the printer nozzle, but enabled the researchers to solidify the transient network to form the printed structure in a second, subsequent step.

Elia A. Guzzi et al. Universal Nanocarrier Ink Platform for Biomaterials Additive Manufacturing, Small (2019). DOI: 10.1002/smll.201905421

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Avast pulls plug on insecure JavaScript engine in its security software suite:

Avast has disabled a component in its Windows anti-malware suite that posed, ironically enough, a significant security risk.

The software maker switched off the JavaScript interpreter in its toolkit after Google Project Zero's Tavis Ormandy, and his colleagues, alerted the developer to design flaws in the code.

According to Avast, Ormandy potentially found a remote-code execution vulnerability in the software, the details of which were not publicly shared. Five days later, the Googler released a shell for poking around in Avast's JavaScript engine for anyone interested in assessing the antivirus suite. He also revealed that if miscreants were able to exploit any holes in Avast's JS engine on a victim's computer, they would be able to run malware on that PC with system-admin-level privileges.

[...]"Despite being highly privileged and processing untrusted input by design, it is unsandboxed and has poor mitigation coverage," Ormandy explained earlier this week. It should be noted Ormandy did not disclose any specific bugs.

A couple days after the analysis tool was released, the vendor opted to do away with the emulator entirely. It does not believe the removal will significantly impact the suite's ability to detect malware. The swift action was applauded by Ormandy.

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

[Ed. note: For those who are unfamiliar or need a reminder, a quick search brought up this YouTube video.]

Scientists analyze Monty Python's silly walks, determine they are indeed silly:

The Ministry of Silly Walks set a new standard for absurdity when the comedy sketch first appeared on Monty Python's Flying Circus television show in 1970. But just exactly how silly were those walks? Extremely silly, new research suggests.

A team of scientists from Dartmouth College conducted a gait analysis on the walks performed by John Cleese (the minister) and Michael Palin (Mr. Pudey, a man applying for a grant to improve his own silly walk). The results appeared in the journal Gait & Posture.

"In the spirit of Monty Python's humor, based on an actual gait analysis, a Dartmouth research team finds that the minister's silly walk is 6.7 times more variable than a normal walk," the college said in a statement on Thursday. Mr. Pudey's walk was found to be 3.3 times more variable than a typical walk.

A chart released with the paper illustrates just how different the Pythons' walks are from a standard gait.

Monty Python's silly walk: A gait analysis and wake-up call to peer review inefficiencies:

upstart writes in with an IRC submission for SoyCow4275:

FYI: When Virgin Media said it leaked 'limited contact info', it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more:

A Virgin Media server left facing the public internet contained more than just 900,000 people's "limited contact information" as the Brit cable giant's CEO put it yesterday.

In fact, the marketing database also contained some subscribers' requests to block or unblock access to X-rated and gambling websites, unique ID numbers of stolen cellphones, and records of whichever site they were visiting before arriving at the Virgin Media website.

This is according to British infosec shop Turgensec, which discovered the poorly secured Virgin Media info silo and privately reported it to the broadband-and-TV-and-phone provider. The research team today said the extent of the data spill was more extensive, and personal, than Virgin Media's official disclosure seemed to suggest.

Here, in full, is what Turgensec said it found in the data cache that was exposed from mid-April to this month:

• Full names, addresses, date of birth, phone numbers, alternative contact phone numbers and IP addresses – corresponding to both customers and “friends” referred to the service by customers.
• Requests to block or unblock various pornographic, gore related and gambling websites, corresponding to full names and addresses. IMEI numbers associated with stolen phones.
• Subscriptions to the different aspects of their services, including premium components.
• The device type owned by the user, where relevant.
• The “Referrer” header taken seemingly from a users browser, containing what would appear to be the previous website that the user visited before accessing Virgin Media.
• Form submissions by users from their website.

quietus writes:

German company CureVac has received a rather strange offer from the current White House.

On March 3, CureVac's CEO was invited to the White House, for a meeting with President Trump, Vice Pence and several members of the Coronavirus Task Force. Asked for when a vaccine could be ready, he estimated that a potential candidate could be ready within a few months. Apparently, that triggered the members of the meeting so much, that they've now offered to buy the company, at whatever price.

One condition though: production would be exclusively for the United States.

The move is not exactly one to gain popularity, and follows on the heels of the President's worrying statement that "a large number of new clusters in the United States were seeded by travelers from Europe".

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Hacking a Mileage Manipulator CAN Bus Filter Device:

I have read an article on the teardown of a dashboard mileage manipulator dongle on Hackaday. A “CAN bus filter” device was found in a vehicle, connected to the back of its instrument cluster. When it was removed and the original connections were restored, the odometer immediately showed 40 000 kilometers more than before. The author made a quick teardown and analysis on the device but because it was supposed to be locked (according to the article), the firmware was not extracted, leaving the big question unanswered: What it does and how it does it?

Mileage manipulation is illegal in many countries and one could easily go to jail if kept doing it. Still, this is quite common practice on the used car market and mileage manipulator devices could be easily purchased by anyone. The main purpose of these “greyish” tools is to mislead and to fool the buyers. Considering this, I was happy to extend my “to be hacked” list with them, and I also wanted to see how they work and if there is anything to do against the “attack”. Everything was set for a cool project combining car hacking, hardware hacking and reverse engineering. Due to the nature of the topic, I expect readers with less relevant technical knowledge as well, so I tried to provide a bit more details and explanation, to make sure everyone can follow along.

These boards can be found on eBay for $15-25, e.g. by searching for “18 in 1 Universal CAN Filter“. Several sellers are providing them under different fantasy names and with some variance in their supported vehicle list. I decided to order two type of CAN filters from two different sellers. They had the same functionalities, but their PCB looked a bit different. Both CAN filter devices support a bunch of car models from two major German OEMs (just look for the description in the eBay product pages). After one makes the mileage manipulation, this device will prevent the odometer’s sync and increase, by manipulating the relevant communication.

Original Submission