SoylentNews

maxwell demon writes:

Mozilla seems to be hell-bent on alienating users, as they did it again:

An update to the Android flavor of Firefox left fuming punters thinking a bad experimental build had been pushed to their smartphones. In fact, this was a deliberate software release.

A Reg reader yesterday alerted us to an August 20 version bump that was causing so many problems, our tipster thought it was a beta that had gone seriously awry. "To sum it up, on 20th of August, Firefox 79 was unexpectedly forced on a large batch of Firefox 68 Android users without any warning, way to opt out or roll back," our reader reported. "A lot got broken in the process: the user interface, tabs, navigation, add-ons."

Meanwhile, the Google Play store page for the completely free and open-source Firefox has a rash of one-star reviews echoing similar complaints: after the upgrade, little seemed to work as expected.

Among the complaints are a missing back button, frequent browser crashes, and extensions not working.

Sounds like a buggy release for sure. But:

Unfortunately for our source, and the other Firefox for Android users, this isn't a mistaken release or a broken beta build: it's the new version of Firefox for Android, and it's set to hit the UK today, August 25, and the US on the 27th.

Original Submission

takyon writes:

Russia Releases "Tsar Bomba" Test Footage Of The Most Powerful Nuclear Bomb Blast Ever

The nuclear bomb, codenamed "Ivan," that was dropped by the Soviet Union over Novaya Zemlya in the Arctic Ocean on October 30, 1961, was the largest device of its kind ever detonated. The monstrous weapon had a yield of around 50 megatons — equivalent to 50 million tons of TNT. Until now, the available imagery of that test has been strictly limited, consisting of short, grainy clips and poor-quality stills.

The colossal Ivan device was developed under a program known as izdeliye 202 (meaning "product 202", otherwise known simply as "V"). Years later, when more details became known about it in the West, the weapon would be dubbed "Tsar Bomba."

On August 20, 2020, the Rosatom State Atomic Energy Corporation — the Russian state concern responsible for nuclear enterprises, including nuclear weapons — released a 30-minute documentary film on its official YouTube channel showing the test in unprecedented detail, from the initial transport of the device itself to the mushroom cloud that later rose some 6.2 miles over the Arctic archipelago. The release of the film coincides with the 75th anniversary of Russia's nuclear industry — although a thermonuclear bomb popularly described in the West as a "doomsday weapon" was perhaps an unusual choice for the commemoration. Regardless, it was a remarkable technological achievement.

Test of a clean hydrogen bomb with a yield of 50 megatons (40m28s video). Detonation footage starts after 22:40, with more footage after the end of the documentary starting at 29:32.

Wikipedia entry for Tsar Bomba.

Original Submission

Freeman writes:

https://arstechnica.com/gaming/2020/08/judge-issues-restraining-order-protecting-unreal-engine-development-on-ios/

A Northern California federal judge has issued a temporary restraining order blocking Apple from going forward with plans to terminate Epic Games' Apple Developer Program account, which would have had a major impact on the development of Unreal Engine on iOS. At the same time, the judge left in place Apple's current blocking of Fortnite from the iOS App Store after Epic tried to insert an alternative payment platform into the mobile game.

Previously:
Microsoft Issues Statement in Support of Epic Games to Remain on Apple Ecosystem
Epic-Apple Feud Could Also Affect Third-Party Unreal Engine Games
Fortnite Maker Sues Apple after Removal of Game From App Store
Fortnite's Android Version Bypasses Google Play to Avoid 30% "Store Tax"

Original Submission

upstart writes in with an IRC submission:

New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls:

A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called 'ReVoLTE,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls.

The attack doesn't exploit any flaw in the Voice over LTE (VoLTE) protocol; instead, it leverages weak implementation of the LTE mobile network by most telecommunication providers in practice, allowing an attacker to eavesdrop on the encrypted phone calls made by targeted victims.

VoLTE or Voice over Long Term Evolution protocol is a standard high-speed wireless communication for mobile phones and data terminals, including Internet of things (IoT) devices and wearables, deploying 4G LTE radio access technology.

The crux of the problem is that most mobile operators often use the same keystream for two subsequent calls within one radio connection to encrypt the voice data between the phone and the same base station, i.e., mobile phone tower.

[...] To initiate this attack, the attacker must be connected to the same base station as the victim and place a downlink sniffer to monitor and record a 'targeted call' made by the victim to someone else that needs to be decrypted later, as part of the first phase of ReVoLTE attack.

Once the victim hangs up the 'targeted call,' the attacker is required to call the victim, usually within 10 seconds immediately, which would force the vulnerable network into initiating a new call between victim and attacker on the same radio connection as used by previous targeted call.

Also at: Threatpost.

Original Submission

upstart writes in with an IRC submission:

Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud:

A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.

According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company Mobvista — includes an SDK component that allows it to collect URLs, device identifiers, IP Address, operating system version, and other user sensitive data from compromised apps to a remote logging server.

The malicious iOS SDK has been named "SourMint" by Snyk researchers.

"The malicious code can spy on user activity by logging URL-based requests made through the app," Snyk's Alyssa Miller said in a Monday analysis. "This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive information."

"Furthermore, the SDK fraudulently reports user clicks on ads, stealing potential revenue from competing ad networks and, in some cases, the developer/publisher of the application," Miller added.

Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK (6.3.5.0), with the first version of the malicious SDK dating back to July 17, 2019 (5.5.1). The Android version of the SDK, however, doesn't appear to be affected.

Original Submission

Booga1 writes:

The Hacker News is reporting an exploitable feature of Google Drive could allow an attacker to replace legitimate files with files of their choosing.

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate.

The latest security issue—of which Google is aware but, unfortunately, left unpatched—resides in the "manage versions" functionality offered by Google Drive that allows users to upload and manage different versions of a file, as well as in the way its interface provides a new version of the files to the users.

Logically, the manage versions functionally should allow Google Drive users to update an older version of a file with a new version having the same file extension, but it turns out that it's not the case.

According to A. Nikoci, a system administrator by profession who reported the flaw to Google and later disclosed it to The Hacker News, the affected functionally allows users to upload a new version with any file extension for any existing file on the cloud storage, even with a malicious executable.

As shown in the demo videos—which Nikoci shared exclusively with The Hacker News—in doing so, a legitimate version of the file that's already been shared among a group of users can be replaced by a malicious file, which when previewed online doesn't indicate newly made changes or raise any alarm, but when downloaded can be employed to infect targeted systems.

"Google lets you change the file version without checking if it's the same type," Nikoci said. "They did not even force the same extension."

Original Submission

upstart writes in with an IRC submission:

Coronavirus SARS-CoV-2 spreads more indoors at low humidity :

An Indo-German research team is now pointing out another aspect that has received little attention so far and could become particularly important in the next flu season: Indoor humidity. Physicists at the Leibniz Institute for Tropospheric Research (TROPOS) in Leipzig and the CSIR National Physical Laboratory in New Delhi have been studying the physical properties of aerosol particles for years in order to better estimate their effects on air quality or cloud formation.

[...] Result: Air humidity influences the spread of corona viruses indoors in three different ways: (a) the behaviour of microorganisms within the virus droplets, (b) the survival or inactivation of the virus on the surfaces, and (c) the role of dry indoor air in the airborne transmission of viruses. Although, low humidity causes the droplets containing viruses to dry out more quickly, the survivability of the viruses still seems to remain high. The team concludes that other processes are more important for infection: "If the relative humidity of indoor air is below 40 percent, the particles emitted by infected people absorb less water, remain lighter, fly further through the room and are more likely to be inhaled by healthy people. In addition, dry air also makes the mucous membranes in our noses dry and more permeable to viruses," summarizes Dr. Ajit Ahlawat.

[...] At a higher humidity, the droplets grow faster, fall to the ground earlier and can be inhaled less by healthy people. "A humidity level of at least 40 percent in public buildings and local transport would therefore not only reduce the effects of COVID-19, but also of other viral diseases such as seasonal flu. Authorities should include the humidity factor in future indoor guidelines," demands Dr. Sumit Kumar Mishra of CSIR - National Physical Laboratory in New Delhi.

Journal Reference:
Ahlawat, A., Wiedensohler, A. and Mishra, S.K., An Overview on the Role of Relative Humidity in Airborne Transmission of SARS-CoV-2 in Indoor Environments [open], Aerosol and Air Quality Research (DOI: 10.4209/aaqr.2020.06.0302)

Original Submission

upstart writes in with an IRC submission:

Smartphones May Help Detect Diabetes:

"The ability to detect a condition like diabetes that has so many severe health consequences using a painless, smartphone-based test raises so many possibilities," said co-senior author Geoffrey H. Tison, MD, MPH, assistant professor in cardiology, of the Aug. 17, 2020, study in Nature Medicine. "The vision would be for a tool like this to assist in identifying people at higher risk of having diabetes, ultimately helping to decrease the prevalence of undiagnosed diabetes."

[...] In developing the biomarker, the researchers hypothesized that a smartphone camera could be used to detect vascular damage due to diabetes by measuring signals called photoplethysmography (PPG), which most mobile devices, including smartwatches and fitness trackers, are capable of acquiring. The researchers used the phone flashlight and camera to measure PPGs by capturing color changes in the fingertip corresponding with each heartbeat.

In the Nature Medicine study, UCSF researchers obtained nearly 3 million PPG recordings from 53,870 patients in the Health eHeart Study who used the Azumio Instant Heart Rate app on the iPhone and reported having been diagnosed with diabetes by a health care provider. This data was used to both develop and validate a deep-learning algorithm to detect the presence of diabetes using smartphone-measured PPG signals.

[...] "We demonstrated that the algorithm's performance is comparable to other commonly used tests, such as mammography for breast cancer or cervical cytology for cervical cancer, and its painlessness makes it attractive for repeated testing," said study author Jeffrey Olgin, MD, a UCSF Health cardiologist and professor and chief of the UCSF Division of Cardiology. "A widely accessible smartphone-based tool like this could be used to identify and encourage individuals at higher risk of having prevalent diabetes to seek medical care and obtain a low-cost confirmatory test."

Journal Reference:
Robert Avram, et al. A digital biomarker of diabetes from smartphone-based vascular signals. Nat Med (2020). DOI: https://doi.org/10.1038/s41591-020-1010-5

Original Submission

upstart writes in with an IRC submission for RandomFactor:

Facebook Braces Itself for Trump to Cast Doubt on Election Results:

Facebook spent years preparing to ward off any tampering on its site ahead of November's presidential election. Now the social network is getting ready in case President Trump interferes once the vote is over.

Employees at the Silicon Valley company are laying out contingency plans and walking through postelection scenarios that include attempts by Mr. Trump or his campaign to use the platform to delegitimize the results, people with knowledge of Facebook's plans said.

Facebook is preparing steps to take should Mr. Trump wrongly claim on the site that he won another four-year term, said the people, who spoke on the condition of anonymity. Facebook is also working through how it might act if Mr. Trump tries to invalidate the results by declaring that the Postal Service lost mail-in ballots or that other groups meddled with the vote, the people said.

Mark Zuckerberg, Facebook's chief executive, and some of his lieutenants have started holding daily meetings about minimizing how the platform can be used to dispute the election, the people said. They have discussed a "kill switch" to shut off political advertising after Election Day since the ads, which Facebook does not police for truthfulness, could be used to spread misinformation, the people said.

upstart writes in with an IRC submission for RandomFactor:

Pigs Grow New Liver in Lymph Nodes, Study Shows:

Hepatocytes — the chief functional cells of the liver — are natural regenerators, and the lymph nodes serve as a nurturing place where they can multiply. In a new study published online and appearing in a coming issue of the journal Liver Transplantation, researchers at the University of Pittsburgh School of Medicine showed that large animals with ailing livers can grow a new organ in their lymph nodes from their own hepatocytes. A human clinical trial is next.

"It's all about location, location, location," said senior author Eric Lagasse, Pharm.D., Ph.D., associate professor of pathology at Pitt "If hepatocytes get in the right spot and there is a need for liver functions, they will form an ectopic liver in the lymph node."

The cells of the liver normally replenish themselves, but need a healthy, nurturing environment to regenerate. However, in end-stage liver disease, the liver is bound up by scar tissue and too toxic for the cells to make a comeback.

"The liver is in a frenzy to regenerate," said Lagasse, who also is a member of the McGowan Institute for Regenerative Medicine and the Pittsburgh Liver Research Center. "The hepatocytes try to repair their native liver, but they can't and they die."

Freeman writes:

https://arstechnica.com/tech-policy/2020/08/china-trade-war-could-push-iphone-contractor-foxconn-to-build-in-mexico/

For years, iPhones (or their boxes) have said that they were "designed by Apple in California. Assembled in China." But thanks to an escalating trade war between the US and China, that might not be true in the coming years. Reuters reports that two of Apple's biggest manufacturing contractors, Foxconn and Pegatron, are working to expand their facilities in Mexico with an eye toward eventually building iPhones there.

[...] This isn't Foxconn's only effort to diversify away from China. Last year, Foxconn announced plans to begin manufacturing iPhones in India, and the company is now manufacturing the iPhone SE there.

Sources told Reuters that Taiwan-based iPhone contractor Pegatron is also considering a shift to Mexico, but few details about its plans are known.

Previously:

upstart writes in with an IRC submission for nutherguy:

'Electric mud' teems with new, mysterious bacteria:

For Lars Peter Nielsen, it all began with the mysterious disappearance of hydrogen sulfide. The microbiologist had collected black, stinky mud from the bottom of Aarhus Harbor in Denmark, dropped it into big glass beakers, and inserted custom microsensors that detected changes in the mud's chemistry. At the start of the experiment, the muck was saturated with hydrogen sulfide—the source of the sediment's stink and color. But 30 days later, one band of mud had become paler, suggesting some hydrogen sulphide had gone missing. Eventually, the microsensors indicated that all of the compound had disappeared. Given what scientists knew about the biogeochemistry of mud, recalls Nielsen, who works at Aarhus University, "This didn't make sense at all."

The first explanation, he says, was that the sensors were wrong. But the cause turned out to be far stranger: bacteria that join cells end to end to build electrical cables able to carry current up to 5 centimeters [~2 inches] through mud. The adaptation, never seen before in a microbe, allows these so-called cable bacteria to overcome a major challenge facing many organisms that live in mud: a lack of oxygen. Its absence would normally keep bacteria from metabolizing compounds, such as hydrogen sulfide, as food. But the cables, by linking the microbes to sediments richer in oxygen, allow them to carry out the reaction long distance.

When Nielsen first described the discovery in 2009, colleagues were skeptical.

[...] But the more researchers have looked for "electrified" mud, the more they have found it, in both saltwater and fresh. They have also identified a second kind of mud-loving electric microbe: nanowire bacteria, individual cells that grow protein structures capable of moving electrons over shorter distances. These nanowire microbes live seemingly everywhere—including in the human mouth.

[Ed note: The story provides an outstanding example of the scientific method at work: hypothesize, test, examine results, and repeat as needed. Well worth reading.]

Original Submission

takyon writes:

Microsoft Issues Statement In Support of Epic Games To Remain On Apple Ecosystem

Earlier this afternoon, Microsoft's Executive Vice President of Gaming Phil Spencer issued a statement on Twitter declaring a desire for ongoing support for Unreal Engine within the Apple ecosystem. With many developers opting to use Unreal Engine over other proprietary development tools, suddenly shutting off access to an entire marketplace for gaming could have a huge impact with bifurcating mobile gaming in general.

The statement released today was prepared by Kevin Gammill, the General Manager for Gaming Developer Experiences for Microsoft. Kevin declared that the Unreal Engine provided by Epic Games, if not kept available on the Apple App Store for developers, would require Microsoft "to choose between abandoning its customers and potential customers on the iOS and macOS plattforms or choosing a different game engine when preparing to develop new games."

Previously: Fortnite Maker Sues Apple after Removal of Game From App Store
Epic-Apple Feud Could Also Affect Third-Party Unreal Engine Games

Original Submission

upstart writes in with an IRC submission for nutherguy:

The Weather Channel app settles suit over selling location data - 9to5Mac:

IBM and the Los Angeles city attorney's office have settled a privacy lawsuit brought after The Weather Channel app was found to be selling user location data without proper disclosure. The lawsuit was filed last year, at which point the app had 45 million active users.

[...] The dispute centers on how users were informed. iOS requires apps to use a permission request system built into iOS, and they must specify the reason they want location access. However, the text is provided by the app, and The Weather Channel text said only that it was to provide local forecasts and alerts.

[...] It made no mention of the fact that user location data would also be sold. Despite this, IBM claimed that it was 'transparent' about what it was doing with the data.

[...] The reality, however, was that this disclosure was made only within a 10,000 word privacy policy that it knew almost nobody ever reads.

Additional coverage at TheVerge, threatpost, and NBC Los Angeles.

Original Submission

upstart writes in with an IRC submission:

Facebook AI produces accurate MRI images 4 times faster than current tech:

Two years ago a team of radiologists from the New York University Grossman School of Medicine joined forces with Facebook's Artificial Intelligence Research (FAIR) group to try and develop a neural network that can produce effective MRI scans from as little data as possible.

[...] The collaborative project, called fastMRI, produced an AI model that can generate detailed MRI images from a quarter of the data traditionally needed. However, as outlined in a blog post penned by the Facebook AI team, creating accurate MRI images was only the first step for the researchers.

"Generating an accurate image isn't the only challenge," the Facebook team writes. "The AI model must also create images that are visually indistinguishable from traditional MRI images. Radiologists spend many hours carefully analyzing these images and an unfamiliar look and feel could make radiologists less likely to adopt fastMRI in their practices."

[...] "This study is an important step toward clinical acceptance and utilization of AI-accelerated MRI scans because it demonstrates for the first time that AI-generated images are essentially indistinguishable in appearance from standard clinical MRI exams and are interchangeable in regards to diagnostic accuracy," says lead author on the new study, Michael Recht. "This marks an exciting paradigm shift in how we are able to improve the patient experience and create images."

The results produced by the fastMRI project are open source, so the research team is hoping MRI hardware vendors can begin rapidly incorporating the new algorithms into their products. The innovation should also be easily incorporated over the next few years into pre-existing MRI hardware currently in hospitals, making patient experiences more comfortable while expanding MRI access to a greater number of people.

Journal Reference:
Michael P. Recht, MD, et. al., Using Deep Learning to Accelerate Knee MRI at 3T: Results of an Interchangeability Study, American Journal of Roentgenology (DOI: 10.2214/AJR.20.23313)

Original Submission