SoylentNews

upstart writes in with an IRC submission for AnonymousCoward:

Latest Apple Text-Bomb Crashes iPhones via Message Notifications:

Apple devices are vulnerable to a “text bomb” attack where simply looking at messages or posts containing characters in the Sindhi language can crash devices.

[...] The problem occurs in a number of different scenarios, including if the character string shows up in a text message – in fact, just looking at a message notification containing a message preview will crash the system. Viewing messages within apps leads to the same outcome, as does reading social media posts on one's phone or Mac. As for the latter point, Threatpost editors were able to independently confirm that looking at tweets containing the characters will indeed shut down an iPhone.

Cluley noted that completely rebooting the device fixes the problem – until another booby-trapped message comes along.

[...] Apple has had similar linguistic issues in the past; in 2013, certain combinations of Arabic characters were found to crash Macs and iPhones; while in 2018, messages containing letters of the south Indian language of Telugu were discovered to do the same thing.

Other text-bomb attacks that don't relate to Unicode symbols have made the rounds in the past: The chaiOS bug in 2018 for instance allowed attackers to crash or freeze phones just by sending a text message containing a hyperlink to malicious code hosted on GitHub. Recipients only needed to receive the malicious messages for the flaw to work: Clicking on the link wasn't required.

And last year, an Apple iMessage bug made the rounds that allowed attackers to brick iPhones running older iOS versions, by sending a specially crafted message to a vulnerable device.

In this case, Apple hasn't yet issued a public statement on the problem, but according to Cluley, the latest beta version of iOS fixes the issue.

See Also:
An unusual character string is causing Apple devices to crash:

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Instacart has a problem with third-party apps letting shoppers pay for early access to orders – TechCrunch:

Kara Carmichael has been an Instacart shopper for years in Orlando, Fla. It's how she's been able to support her family, she told TechCrunch. But she says she has noticed an increase in third-party bot activity that has made shopping "nearly impossible."

Despite the high demand for Instacart amid the COVID-19 pandemic, shoppers like Carmichael are facing difficulties claiming orders within the shopper app. This is the result of what appears to be some sophisticated work by third-party apps like Ninja Hours, Sushopper and others.

"They grab the batches within a blink of an eye," Carmichael said. "I can barely see the amounts offered. Sometimes I may even just receive a notification because the batch has been taken before it was even registered in my app."

Ninja Hours appeared on the scene about a year ago in the Little Havana community in Miami, according to Logan B., an Instacart shopper with experience using Ninja Hours. Shoppers could pay Ninja Hours about $25 to $35 a week to get access to hours for the following week and in exchange, Ninja Hours would take over the shopper’s app to claim hours on their behalf. This was during a time when Instacart required shoppers to claim hours rather than on-demand orders.

An Anonymous Coward writes:

Dolly Parton secretly produced Buffy the Vampire Slayer, and fans have only just found out:

While Parton was not herself credited as a producer on the long-running fantasy series, a company she co-created and owned was responsible for it coming to television.

Sandollar Entertainment, which is listed on the end credits of every episode of the show, was created by Parton and her friend and former business partner Sandy Gallin in 1986. It produced a number of films, including Father of the Bride (1991) and Fly Away Home (1996), as well as several Parton projects – most recently her Netflix anthology series Dolly Parton's Heartstrings.

It also produced the original Buffy the Vampire Slayer movie, released in 1992 to dismal reviews. It was Gail Berman, then an executive at Sandollar, who still believed there was potential in the property, and proposed launching the concept as a TV series.

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Valve confirms code leak for two online games [Updated]:

A major source code leak for Valve's biggest competitive PC multiplayer games—Counter-Strike: Global Offensive and Team Fortress 2—began making the rounds late Tuesday. Amid worries that this code leak for active online games would lead to hackers finding exploits and developing remote code executions (RCEs), Valve issued a statement on Wednesday that such worries were moot.

[...] We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds (as always, playing on the official servers is recommended for greatest security). We will continue to investigate the situation and will update news outlets and players if we find anything to prove otherwise. In the meantime, if anyone has more information about the leak, the Valve security page (https://www.valvesoftware.com/en/security) describes how best to report that information.

[...] Thanks to this vacuum of official word on TF2's state, fans are left to refer to panicky responses from major voices in the TF2 community. In particular, two popular community-run server hubs, Redsun.tf and Creators.tf, have temporarily shut down their operations due to "the uncertainty surrounding security of our infrastructure, as well as a potential for damage to be caused to your computer." In Redsun's case, a widely circulated comment from one of its moderators says that their team is waiting for "Valve [to] give us the clear" before resuming operations.

upstart writes in with an IRC submission for AnonymousCoward:

Bing disables “trending” feature after wildly inappropriate results:

Microsoft has shut down a feature in its Bing search engine that shows popular articles from major websites after Ars Technica reported that the feature was showing wildly inappropriate results from the stock photo site Shutterstock. How inappropriate? Well, here are a couple of screenshots I took on Wednesday morning after a reader tipped me off to the problem:

[screenshots presenting Bing's Trending carousel]

This is what I saw after searching Bing for "Shutterstock." These weren't the very top results—I scrolled down a bit before taking these screenshots—but this "trending articles" carousel appeared on the first page.

I wasn't about to click on a link to "boys erection" without talking to a lawyer first. So my editor advised our tipster to notify the FBI, while I emailed Microsoft and Shutterstock to see if they could explain what was going on.

Happily, Microsoft and Shutterstock confirmed that there was no child porn here. The "boys erection" video is an entirely wholesome video of a boy "erecting" a tent. The "big tits stock video" link went to a video of a bird called a tit. There's nothing pornographic about the "mature mom and young son" video—though it was easy to assume otherwise given the titles of the other links.

[...] As the name suggests, this "trending articles" carousel is supposed to highlight articles on a website (Shutterstock in this case) that are most popular at the moment. Microsoft didn't just shut it down for Shutterstock. It has disabled the feature for all websites.

[...] While Microsoft says it takes full responsibility for not filtering out these results, the company says that all the data—including phrases like "boys erection" and "big tits"—came from Shutterstock's website. The titles shown in these results are not the titles shown on the corresponding video pages. The tent video, for example, is labeled "caucasian dad and son assembling tent on holiday outdoors," not "boys erection."

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

BCI system gives paralyzed man back his sense of touch with haptic feedback:

Ian Burkhart, now 28, had a diving accident in 2010 that severely damaged his spinal cord, leaving him paralyzed and confined to a wheelchair, with only limited movement in his elbow and shoulders. Thanks to an implanted brain-computer-interface (BCI) developed by Battelle, he has made significant progress over the last six years in restoring small movements; he's even able to play Guitar Hero again. And now Battelle scientists have succeeded in restoring his sense of touch, according to a new paper in the journal Cell.

BCIs are a booming R&D field, with startups like Elon Musk's Neuralink looking ahead to a world where human beings will connect directly to their computers with either external devices (similar in function to an EEG) or biologically compatible implanted BCIs. Such systems require a way to record neural activity (electrode sensors), a way to transmit those signals (like a small wireless chipset), and algorithms that can translate those signals into action. BCIs are already a medical reality for patients with spinal cord injuries, like Burkhart, or those who suffer from Parkinson's or epileptic seizures. The benefits patients gain far outweigh the risks of surgical implantation.

Over the past 90 years or so, Battelle has been instrumental in developing such prominent technologies as the Xerox machine, cruise control, and CD-ROMs, along with numerous medical devices. Patrick Ganzer, lead author on the new Cell paper, is a research scientist with the organization's medical devices division, working with the NeuroLife group to develop a BCI for clinical trial. Burkhart has been working with Ganzer and NeuroLife since 2014 to restore motor function to his right arm.

Battelle's "neural bypass system" has three primary components, according to Ganzer. The first is the surgically implanted chip, placed in an area of the brain that responds to thoughts of movement. Next, the system must take the brain wave and brain signal recordings and decode what movements the patient (in this case, Burkhart) is thinking about. "If I want to open my hand, or close my hand, those look like different activity patterns in the brain," Ganzer told Ars. Finally, the system translates thoughts into stimulations of muscles on the arm, resulting in movement.

upstart writes in with an IRC submission for AnonymousCoward:

Long-Lost U.S. Military Satellite Found By Amateur Radio Operator:

There are more than 2,000 active satellites orbiting Earth. At the end of their useful lives, many will simply burn up as they reenter the atmosphere. But some will continue circling as "zombie" satellites — neither alive nor quite dead.

"Most zombie satellites are satellites that are no longer under human control, or have failed to some degree," says Scott Tilley.

Tilley, an amateur radio operator living in Canada, has a passion for hunting them down.

In 2018, he found a signal from a NASA probe called IMAGE that the space agency had lost track of in 2005. With Tilley's help, NASA was able to reestablish contact. But he has tracked down zombies even older than IMAGE.

"The oldest one I've seen is Transit 5B-5. And it launched in 1965," he says, referring to a nuclear-powered U.S. Navy navigation satellite that still circles the Earth in a polar orbit, long forgotten by all but a few amateurs interested in hearing it "sing" as it passes overhead.

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

The Hubble Space Telescope launched 30 years ago:

The mission was novel from the beginning, with a planned orbit at 612km above the planet's surface requiring the vehicle to fly higher than any shuttle mission to date. Telescope deployment came a day after the shuttle reached orbit and involved a complicated sequence of events. After disconnecting the telescope from the shuttle's power supply, astronauts would use a robotic arm to move the instrument from the shuttle's payload bay, open its solar arrays, and finally release the telescope.

"From the time we disconnected Hubble from the shuttle's power, we had two clocks running," explained Bill Reeves, who was the mission's flight director and supervised operations from Johnson Space Center. "The telescope was on battery power from that moment, and there was a limited supply. And with the telescope attached to the arm, the shuttle had to be on free drift, as thruster firings might damage the instrument."

When ground controllers commanded the telescope to begin unfurling its two solar arrays, one of the arrays did not do so properly. Minutes turned into hours as engineers on the ground troubleshot the problem.

[...] As Reeves contemplated whether to give [an] egress order, engineers said they thought they had identified a problem with the software that monitored tension in the solar array. Making a small change, they proposed, would fix the problem. This worked, and the second solar array unfurled beside its companion.

[...] For a while, [STS-31 pilot Charlie] Bolden recalls being on top of the world after landing. Like everyone else, the astronauts eagerly awaited the first image from the telescope, a shot of a distant star named HD96755 captured on May 20, 1990. Their elation was crushed when the first picture turned out to be blurry and only marginally better than ground-based telescopes. Soon, astronomers realized the telescope had a warped mirror.

upstart writes in with an IRC submission for AnonymousCoward:

'Deficiencies' that broke FCC commenting system in net neutrality fight detailed by GAO:

Today marks the conclusion of a years-long saga that started when John Oliver did a segment on Net Neutrality that was so popular that it brought the FCC's comment system to its knees. Two years later it is finally near addressing all the issues brought up in an investigation from the General Accountability Office.

The report covers numerous cybersecurity and IT issues, some of which the FCC addressed quickly, some not so quickly and some it's still working on.

"Today's GAO report makes clear what we knew all along: the FCC's system for collecting public input has problems," Commissioner Jessica Rosenworcel told TechCrunch. "The agency needs to fully fix this mess because this is the way the FCC is supposed to take input from the public. But as this report demonstrates, we have real work to do."

The linked article chronicles several events and prevarications by the FCC and observations by critics. It then continues:

takyon writes:

The FCC ratified Wi-Fi 6E this morning (Thursday April 23):

During the Federal Communications Commission's monthly meeting today, it ratified unlicensed use of the 6GHz radio frequency spectrum in the USA. This decision opens the way for the proposed Wi-Fi 6E standard to move forward.

[...] Although the FCC was widely expected to unanimously ratify unlicensed use of 6GHz spectrum in general, the associated usage rules were less certain. Until today, the 6GHz spectrum was for licensed use only—but that doesn't mean it isn't already in use.

Licensed use of the 6GHz spectrum includes point-to-point microwave backhaul (used by commercial wireless providers), telephone and utility communication, and control links. It also includes Cable Television Relay Links—which are mobile links used by newscasters doing onsite live reporting—and radio astronomy.

The truly excellent news for Wi-Fi 6E backers—and future users—is that the FCC has ratified unlicensed use of the entire 1.2GHz spectrum for low-power indoor devices. Separating unlicensed outdoor and high-powered usage from indoor and low power allows for the maximum utility of spectrum in the most common (and most crowded) Wi-Fi environments, while preserving the utility of incumbent licensed users.

[...] With usable rules for unlicensed 6GHz spectrum use defined, we broadly expect to see Wi-Fi 6E devices beginning to become available to consumers in late 2020 or early 2021.

Previously: Wi-Fi Alliance Announces Wi-Fi 6E for Devices Operating in the 6 GHz Band
The FCC Sets a Vote for Expanding Wi-Fi into the 6GHz Band

Original Submission

An Anonymous Coward writes:

The silence of the owls describes an interesting new look at owl flight, and a recent attempt to figure out why they are so much quieter than other birds, and quieter than just about any other flying thing. Based on this paper, https://www.annualreviews.org/doi/10.1146/annurev-fluid-010518-040436

Laboratory measurements have shown that the slight swoosh made by a barn owl is below the threshold of human hearing until the owl is about three feet away — a feat of stealth that biologists and engineers are far from completely understanding. But researchers from both disciplines are working to solve the riddle of silent flight — some with the aim of designing quieter fans, turbine blades and airplane wings.

Such owl-inspired innovations can reduce noise by as much as 10 decibels, similar to the difference in noise between a passing truck and a passing car...
...
First, Graham [1934] pointed out an unusual structure called the "comb," which literally looks like a comb projecting forward from the wing's leading edge. Second, he noted that most of the owl wing is covered with a soft layer of velvety feathers. Finally, he observed that the feathers on the trailing edge of the wing form a ragged fringe.

Most researchers still agree that the comb, the velvet and the fringe combine in some way to reduce noise, but the owl may have more tricks up its sleeve. "When all is said and done, I think we'll have a number of mechanisms, including Graham's," says Clark.

The article goes on to quantify the sound of an owl relative to human hearing. Also shows some CFD that purports to show tiny vortices shed off an owl wing, these rotate both ways and there is the possibility of destructive interference.

Journal Reference:
Justin W. Jaworski and N. Peake. Aeroacoustics of Silent Owl Flight, Annual Review of Fluid Mechanics Vol. 52:395-420 (DOI: 10.1146/annurev-fluid-010518-040436)

Once, sitting around a dying campfire in the north woods with a few friends, we all noticed a presence overhead, the barest of swishes, could have only been an owl. It was a pitch black night, we never saw a thing.

Original Submission

upstart writes in with an IRC submission for Bytram:

USGS releases first-ever comprehensive geologic map of the Moon:

Have you ever wondered what kind of rocks make up those bright and dark splotches on the moon? Well, the USGS has just released a new authoritative map to help explain the 4.5-billion-year-old history of our nearest neighbor in space.

For the first time, the entire lunar surface has been completely mapped and uniformly classified by scientists from the USGS, in collaboration with NASA and the Lunar Planetary Institute.

[...] To create the new digital map, scientists used information from six Apollo-era regional maps along with updated information from recent satellite missions to the moon. The existing historical maps were redrawn to align them with the modern data sets, thus preserving previous observations and interpretations. Along with merging new and old data, USGS researchers also developed a unified description of the stratigraphy, or rock layers, of the moon. This resolved issues from previous maps where rock names, descriptions and ages were sometimes inconsistent.

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Almost 8,000 could be affected by federal emergency loan data breach:

Almost 8,000 business owners who applied for a loan from the Small Business Administration may have had their personal information exposed to other applicants, the SBA admitted on Tuesday.

[...] A Trump administration official described the problem to CNBC:

The official said that in order to access other business owners' information, small business applicants must have been in the loan application portal. If the user attempted to hit the page back button, he or she may have seen information that belonged to another business owner, not their own.

The SBA says it discovered the flaw on March 25 and notified affected users. One victim posted a copy last Friday of a paper letter she received about the breach. The letter stated that personally identifiable information—including Social Security numbers, addresses, dates of birth, and financial data—may have been exposed. The letter said that, as of last week, there was no sign yet of the data being misused.

The SBA says that it immediately disabled the portion of its website that was exposing applicant data, fixed the problem, and re-launched the website. Affected businesses have been offered a year of free credit monitoring.

Related:
SBA reveals potential data breach impacting 8,000 emergency business loan applicants
SBA says data breach affected nearly 8,000 small businesses
Small Business Administration reports data breach in disaster loan website
A data leak is just the latest example of the Small Business Administration's struggles with shaky IT, and experts fear the worst could be yet to come

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Nintendo Confirms Breach of 160,000 Accounts:

Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were logging into victims' accounts and abusing the payment cards connected to the accounts to buy digital goods on Nintendo's online stores, such as V-Bucks, in-game currency used in Fortnite.

In a Friday statement, Nintendo said that attackers have been abusing its NNID (Nintendo Network ID) legacy login system since the beginning of April to hack into the accounts. NNID was primarily used for the Nintendo 3DS handheld and Wii U console (both now discontinued). This is different from a Nintendo account, which is used for the Nintendo Switch (Nintendo's most recent gaming console, released in 2017).

A NNID can be linked to a Nintendo account and used as a login option. If attackers were able to access a linked NNID, they could then access the linked Nintendo account. From there, they'd have access to payment methods (via PayPal or payment cards) necessary for making in-game purchases.

Nintendo did not provide further detail about how attackers had accessed NNID accounts other than to say they were "obtained illegally by some means other than our service." It has now disabled the ability to log into a Nintendo account using NNID.

In response to recent incidents related to some Nintendo Accounts, it is no longer possible to sign into a Nintendo Account using a Nintendo Network ID. We apologise for any inconvenience caused. Please visit our Support website for more information: https://t.co/GMrXr5OHW0

— Nintendo UK (@NintendoUK) April 24, 2020

Attackers may have also been able to access users' nicknames, dates of birth, countries and email address information, all of which were associated with the NNID, Nintendo warned. Credit card data was not accessed.

Original Submission

MrPlow writes:

Submitted via IRC for Soybull

Source: Insects' Extreme Farming Methods Offer us Lessons to Learn and Oddities to Avoid:

To picture this farm, imagine some dark blobs dangling high up in a tree.

Each blob can reach "about soccer ball size," says evolutionary biologist Guillaume Chomicki of Durham University in England. From this bulbous base, a Squamellaria plant eventually sprouts leafy shoots and hangs, slumping sideways or upside down, from its host tree's branches. In Fiji, one of the local names for the plant translates as "testicle of the trees."

Some Squamellaria species grow in clusters and teem with fiercely protective ants. As a young seedling blob plumps up, jelly bean–shaped bubbles form inside, reachable only through ant-sized doorways. As soon as a young plant cracks open its first door to daylight, "ant workers start to enter and defecate inside the seedling to fertilize it," Chomicki says.

The idea that ants tend these plants as farmers gave Chomicki one of those surprise-left-turn moments in science. In a string of papers published since 2016, he and colleagues share evidence for the idea that the Philidris nagasau ants may be the first known animals other than humans to farm plants. (The other known insect farmers cultivate fungi.) Chomicki's latest paper, in the Feb. 4 Proceedings of the National Academy of Sciences, reports that ants planting seeds of their blobby crop make trade-offs, going for full sun and maximizing the rewarding, sweet flowers rather than planting in the shade, where plants would have higher nitrogen.

Until Chomicki's work, biologists accepted only three groups of fungus-farming insects as achieving the essentials of full agriculture and so rivaling human efforts. Select types of beetles, termites and ants each tamed different fungi, tending their much-needed food crop from sowing to harvest.

Journal Reference
Guillaume Chomicki, Gudrun Kadereit, Susanne S. Renner, et al. Tradeoffs in the evolution of plant farming by ants [$], Proceedings of the National Academy of Sciences (DOI: 10.1073/pnas.1919611117)

Original Submission