Stories
Slash Boxes
Comments

SoylentNews is people

Log In

Log In

Create Account  |  Retrieve Password


Site News

Join our Folding@Home team:
Main F@H site
Our team page


Funding Goal
For 6-month period:
2022-07-01 to 2022-12-31
(All amounts are estimated)
Base Goal:
$3500.00

Currently:
$438.92

12.5%

Covers transactions:
2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
(SPIDs: [1838..1866])
Last Update:
2022-10-05 14:04:11 UTC --fnord666

Support us: Subscribe Here
and buy SoylentNews Swag


We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

What was highest label on your first car speedometer?

  • 80 mph
  • 88 mph
  • 100 mph
  • 120 mph
  • 150 mph
  • it was in kph like civilized countries use you insensitive clod
  • Other (please specify in comments)

[ Results | Polls ]
Comments:45 | Votes:100

posted by martyb on Saturday September 12 2020, @11:46PM   Printer-friendly
from the secure-verifiable-anonymous-(pick-two?) dept.

Why online voting is harder than online banking:

Why can't we use the same techniques [that we use for banking] to secure online votes?

[...] voting has some unique requirements that make secure online voting a particularly challenging problem.

Votes are anonymous, banking isn't

Every electronic transaction in the conventional banking system is tied to a specific sender and recipient who can confirm that a transaction is valid or raise the alarm if it isn't. Banks count on customers to periodically review their transactions—either online or in paper statements—and notify the bank if fraudulent transactions occur.

[...] Some online voting companies have dealt with this challenge by dispensing with strong ballot secrecy. Voatz, for example, gives each voter an anonymized identification number that allows them to look up their votes as they were recorded on the Voatz server. This is probably essential for ensuring that votes are recorded correctly. But it erodes the sanctity of the private ballot, since people in positions of power could coerce voters into revealing how they voted.

Online banking isn't actually that secure

The more important issue, however, is that online banking systems aren't actually that secure. Indeed, conventional payment networks get compromised constantly. The Nilson Report, a financial industry trade publication, estimated that credit card fraud cost the world almost $28 billion in 2018.

[...] Voting officials can't issue voters after-the-fact credits for their stolen votes the way banks do for stolen funds. An election needs to produce a definitive result that is quickly and widely accepted as legitimate. Even a small number of fraudulent votes could flip the results of an election and destroy public confidence in the voting process. Major elections, including the American presidency, have been decided by a few hundred votes out of millions cast.

So our voting infrastructure needs to be a lot more secure than our online banking infrastructure.


Original Submission

posted by Fnord666 on Saturday September 12 2020, @09:24PM   Printer-friendly
from the practice-safe-browsing dept.

Porn surfers have a dirty secret. They're using Internet Explorer:

They're back—attacks that use booby-trapped Web ads to install malware on the computers of unsuspecting visitors.

[...] But over the past month, malvertising has made something of a comeback, security firm Malwarebytes reported this week. Company researchers said they recently found two different groups placing booby-trapped ads on xHamster, a site with more than 1 billion monthly visits, according to SimilarWeb. The ads redirect visitors to sites that serve malicious code. When viewed with Internet Explorer or Adobe Flash, the code can exploit critical vulnerabilities in unpatched versions of Internet Explorer.

"Threat actors still leveraging exploit kits to deliver malware is one thing, but end users browsing with Internet Explorer is another," Malwarebytes researchers wrote. "Despite recommendations from Microsoft and security professionals, we can only witness that there are still a number of users (consumer and enterprise) worldwide that have yet to migrate to a modern and fully supported browser."

Internet Explorer has always been one of the more targeted browsers. In part, that was because of its once dominant market share. Subpar security protections, when compared to Chrome and later Firefox, was another key reason. Microsoft has since released Edge and encouraged all users to adopt it. But the software maker continues to offer IE since custom plugins and software often lock organizations and individuals into using the outdated browser.

The malvertising renaissance seems to be motivated by attackers "squeezing the last bit of juice from vulnerabilities in Internet Explorer and Flash Player (due to retire for good next year)," the Malwarebytes post observed.


Original Submission

posted by Fnord666 on Saturday September 12 2020, @07:03PM   Printer-friendly

Ireland's Data Protection commissioner has ordered Facebook not to send any more personal data from Europe to the US. The regulator has the authority to fine Facebook up to 4% of its global turnover, should non-compliance be an issue.

The order, described to Independent.ie by people close to the situation as "well progressed", is the result of a European Court decision in July, which struck down the transatlantic 'Privacy Shield' treaty.

It means that the validity of 'standard contractual clauses' (SCCs) used by thousands of Irish and European companies to transfer data, is now closer to being cancelled.

However, the process is only about half over. The order is only preliminary, so far, and Facebook is doing what it can to appeal or subvert the ruling. The NYOB post links to three letters which provide background on the matter between Data Protection Commission and Facebook.

Previously:
(2020) CJEU Issues Judgment on Schrems II Case
(2018) Privacy Expert Schrems Files GDPR Complaints Against Google, Facebook, Instagram and WhatsApp
(2018) ICANN's Pre-Emptive Attack on the GDPR Thrown out by German Court
(2018) Facebook is Trying to Block Schrems II Privacy Referral to EU Top Court
(2015) EU Top Court Rules Safe Harbour Treaty Invalid


Original Submission

posted by Fnord666 on Saturday September 12 2020, @04:42PM   Printer-friendly
from the truth-more-entertaining-than-fiction dept.

[Ed Note - Not our usual fare but and interesting an fun read for the weekend. ]

From https://www.texasmonthly.com/articles/it-was-never-enough/ comes the story of an international arms dealer. Excellent weekend reading for anyone that wants to lead a more exciting life!

T. R.'s confidence helped him build a lucrative career at a very early age. According to T. R., it began like this: At sixteen, he worked at a kiosk in the local mall, selling cellphone accessories, but around two years later, when the kiosk's parent company went under, his boss told him that as his last payment he could have all the remaining inventory, signs, and displays from two kiosks—the value of which he estimates at $80,000. He sold that inventory and some additional merchandise and invested the proceeds in setting up more kiosks. By his nineteenth birthday, he said, he had $4.5 million, all of which he invested in a kiosk company he called Wright Marketing Group, spread over forty locations. He eventually broadened sales to novelties and games—"all kinds of stupid gifts, with a two-thousand-percent markup."

The venture escalated on a kiosk-buying trip to the Shenzhen International Toy and Education Fair, in China, where, T. R. claimed, he came up with an idea for a console for pirated video games called Power Player that would plug into a TV and allow users to play classics like Space Invaders and Galaga. He decided to focus on selling Power Player wholesale. It was a huge hit, T. R. said, until the FBI began arresting the biggest Power Player retail operators. Panicking, he abandoned his business and left the United States with $8,000 to travel in Europe.

The story builds from there, with all the juicy details -- cars, planes, yachts, girls (no mention of drugs or rock'n'roll) and plenty of adventures.

Me? I'm just happy reading these stories, the quiet life is fine!


Original Submission

posted by Fnord666 on Saturday September 12 2020, @02:21PM   Printer-friendly
from the ET-phone-Earth dept.

Another Sweeping Search for Aliens Comes Up Short:

A groundbreaking survey of over 10 million star systems has failed to detect signs of extraterrestrial intelligence.

Astronomers working with the Murchison Widefield Array (MWA) radio telescope in Western Australia were unable to detect alien technosignatures while surveying millions of star systems in the Vela constellation, according to new research published in Publications of the Astronomical Society of Australia. The authors of the new study, Chenoa Tremblay from CSIRO and Steven Tingay from the International Centre for Radio Astronomy Research (ICRAR), were hunting for low radio frequencies similar to those produced by our own civilization.

[...] The new search, which included over 10 million stars, was "orders of magnitude" higher than previous MWA surveys, as the authors wrote. From the 30 hours of observation, 17 were "free from imaging artifacts likely caused due to the instrument being actively worked on during the day, while the observations were taken at night."

The null result is not entirely surprising, as the volume of space surveyed by the astronomers is still exceptionally small. In the press release, Tingay said it "was the equivalent of trying to find something in the Earth's oceans but only searching a volume of water equivalent to a large backyard swimming pool."


Original Submission

posted by Fnord666 on Saturday September 12 2020, @11:59AM   Printer-friendly

Portland adopts strictest facial recognition ban in nation to date:

City leaders in Portland, Oregon, [Wednesday] adopted the most sweeping ban on facial recognition technology passed anywhere in the United States so far.

The Portland City Council voted on two ordinances related to facial recognition: one prohibiting use by public entities, including the police, and the other limiting its use by private entities. Both measures passed unanimously, according to local NPR and PBS affiliate Oregon Public Broadcasting.

The first ordinance (PDF) bans the "acquisition and use" of facial recognition technologies by any bureau of the city of Portland. The second (PDF) prohibits private entities from using facial recognition technologies "in places of public accommodation" in the city.

Both ordinances hold that facial recognition technology has a disparate impact on underprivileged communities, particularly people of color and people with disabilities, and that those disproportionate effects fall afoul of the city's commitment to "human rights principles such as privacy and freedom of expression." Any framework for city use of facial recognition and other technologies must include "impacted communities and transparent decision-making authority" to ensure that the city does not "harm civil rights and civil liberties."

The city also explicitly recognizes a degree of privacy as one of those rights. "Portland residents and visitors should enjoy access to public spaces with a reasonable assumption of anonymity and personal privacy," the second ordinance reads. "This is true for particularly those who have been historically over-surveilled and experience surveillance technologies differently."


Original Submission

posted by Fnord666 on Saturday September 12 2020, @09:38AM   Printer-friendly
from the from-the-are-we-talking-about-real-money-yet? dept.

Charlie Bolden says the quiet part out loud: SLS rocket will go away:

Charlie Bolden, a four-time astronaut, served as NASA administrator from mid-2009 through early 2017. During that time, he oversaw the creation and initial development of the agency's large Space Launch System rocket.

Although some NASA officials such as then-Deputy Director Lori Garver were wary of the rocket's costs—about $20 billion has now been poured into development of a launch vehicle based on existing technology—Bolden remained a defender of the large rocket, calling it a lynchpin of the agency's plans to send humans beyond low-Earth orbit, perhaps to the Moon or Mars. He also dismissed the efforts of commercial space companies like SpaceX to build comparable technology.

[...] Since that time, a lot has changed. In February, 2018, SpaceX launched the Falcon Heavy rocket for the first time. It has since flown successfully two more times, and it will play a role in NASA's future exploration plans. Meanwhile, the SLS rocket, originally due to launch in 2017, is now delayed until at least the end of 2021.

As a result of this, Bolden appears to have changed his mind. In an interview with Politico published Friday morning in the publication's Space newsletter, Bolden was asked what might happen during the next four years.

"SLS will go away," he said. "It could go away during a Biden administration or a next Trump administration... because at some point commercial entities are going to catch up. They are really going to build a heavy lift launch vehicle sort of like SLS that they will be able to fly for a much cheaper price than NASA can do SLS. That's just the way it works."


Original Submission

posted by Fnord666 on Saturday September 12 2020, @07:17AM   Printer-friendly
from the sudden-outbreak-of-common-sense dept.

OVPN Wins Court Battle After Pirate Bay Data Demands Rejected * TorrentFreak:

Court Sides With OVPN, Believes No-Logging Claims

Following a decision handed down Thursday at the Patent and Market Court in Stockholm, OVPN has now emerged victorious. Given the complexities of the case, the decision appears to have been a relatively simple one for the Court.

Essentially, if a party denies it has access to specific information – in this case information related to OVPN's alleged customer The Pirate Bay – it falls upon the applicants to provide sufficient evidence that the data is available to be retrieved.

The statements and evidence provided by the plaintiffs failed to show that, according to the Court.

"[I]t is not possible on the basis of the statements, which contain a number of uncertainties, to draw any definite conclusions about OVPN's access to the information to which the application for an injunction relates. Nor does any other investigation arrive at such conclusions," the decision reads.

"Applicants' application for an information injunction should therefore be rejected," it concludes.

[...] For those interested in studying the case in-depth, all relevant court documents can be obtained here (zip)

Previously:
Anti-Piracy Outfit Hires VPN Expert to Help Track Down the Pirate Bay


Original Submission

posted by Fnord666 on Saturday September 12 2020, @04:56AM   Printer-friendly
from the it's-only-going-to-get-worse dept.

New cyberattacks targeting U.S. elections

In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns, as detailed below. We have and will continue to defend our democracy against these attacks through notifications of such activity to impacted customers, security features in our products and services, and legal and technical disruptions. The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported. We also report here on attacks against other institutions and enterprises worldwide that reflect similar adversary activity.

We have observed that:

Strontium, operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants

Zirconium, operating from China, has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community

Phosphorus, operating from Iran, has continued to attack the personal accounts of people associated with the Donald J. Trump for President campaign

People here may view Microsoft's claims of stopping all these cyber-attacks with derision. Although, this is a Microsoft Memo, many other media outlets have have gone ahead with the story. I expect that all countries that are capable of such cyber-attacks shall make attempts. They have nothing much to lose and no incentive to stop trying!

Other coverage: Russian Intelligence Hackers Are Back, Microsoft Warns, Aiming at Officials of Both Parties and China, Russia and Iran all attacking US elections and using some nasty new tactics, says Microsoft.


Original Submission

posted by chromas on Saturday September 12 2020, @02:34AM   Printer-friendly

Loss of sea otters accelerating the effects of climate change:

The impacts of predator loss and climate change are combining to devastate living reefs that have defined Alaskan kelp forests for centuries, according to new research published in Science.

"We discovered that massive limestone reefs built by algae underpin the Aleutian Islands' kelp forest ecosystem," said Douglas Rasher, a senior research scientist at Bigelow Laboratory for Ocean Sciences and the lead author of the study. "However, these long-lived reefs are now disappearing before our eyes, and we're looking at a collapse likely on the order of decades rather than centuries."

The coral-like reefs, built by the red alga Clathromorphum nereostratum, are being ground down by sea urchins. Sea urchins exploded in number after their predator, the Aleutian sea otter, became functionally extinct in the 1990's. Without the urchins' natural predator to keep them in check, urchins have transformed the seascape—first by mowing down the dense kelp forests, and now by turning their attention to the coralline algae that form the reef.

Clathromorphum produces a limestone skeleton that protects the organism from grazers and, over hundreds of years, forms a complex reef that nurtures a rich diversity of sea life. With kelp gone from the menu, urchins are now boring through the alga's tough protective layer to eat the alga—a process that has become much easier due to climate change.

"Ocean warming and acidification are making it difficult for calcifying organisms to produce their shells, or in this case, the alga's protective skeleton," said Rasher, who led the international team of researchers that included coauthors Jim Estes from UC Santa Cruz and Bob Steneck from University of Maine. "This critical species has now become highly vulnerable to urchin grazing—right as urchin abundance is peaking. It's a devasting combination."

Journal Reference:
Douglas B. Rasher, Robert S. Steneck, Jochen Halfar, et al. Keystone predators govern the pathway and pace of climate impacts in a subarctic marine ecosystem [$], Science (DOI: 10.1126/science.aav7515)


Original Submission

posted by martyb on Saturday September 12 2020, @12:08AM   Printer-friendly
from the who-can-field-the-best-roadblocks-on-the-information-superhighway? dept.

Which is the most powerful cyber nation in the world? That is the research question that a smart, creative, and hard-working team from the Belfer Center for Science and International Affairs at the Harvard Kennedy School seeks to answer with this innovative and intellectually illuminating study on cyber power. This is important work in both academia and the real world: the study threads the needle of providing robust academic insights in a policy-relevant model.

Executive Summary
The Belfer National Cyber Power Index (NCPI) measures 30 countries' cyber capabilities in the context of seven national objectives, using 32 intent indicators and 27 capability indicators with evidence collected from publicly available data.

In contrast to existing cyber related indices, we believe there is no single measure of cyber power. Cyber Power is made up of multiple components and should be considered in the context of a country's national objectives. We take an all-of-country approach to measuring cyber power. By considering "all-of-country" we include all aspects under the control of a government where possible.

Table 1: The rankings:

1) US
2) China
3) UK
4) Russia
5) Netherlands
6) France
7) Germany
8) Canada
9) Japan
10) Australia

[...] National Cyber Power Index 2020

See also: Ranking National Cyber Power

[Note: this is one organization's assessment; others may rank things differently.--Ed.]


Original Submission

posted by martyb on Friday September 11 2020, @09:56PM   Printer-friendly
from the my-brain-hurts! dept.

UK mathematician wins richest prize in academia:

Martin Hairer, an Austrian-British researcher at Imperial College London, is the winner of the 2021 Breakthrough prize for mathematics, an annual $3m (£2.3m) award that has come to rival the Nobels in terms of kudos and prestige.

Hairer landed the prize for his work on stochastic analysis, a field that describes how random effects turn the maths of things like stirring a cup of tea, the growth of a forest fire, or the spread of a water droplet that has fallen on a tissue into a fiendishly complex problem.

His major work, a 180-page treatise that introduced the world to “regularity structures”, so stunned his colleagues that one suggested it must have been transmitted to Hairer by a more intelligent alien civilisation.

[...] Hairer’s expertise lies in stochastic partial differential equations, a branch of mathematics that describes how randomness throws disorder into processes such as the movement of wind in a wind tunnel or the creeping boundary of a water droplet landing on a tissue. When the randomness is strong enough, solutions to the equations get out of control. “In some cases, the solutions fluctuate so wildly that it is not even clear what the equation meant in the first place,” he said.

With the invention of regularity structures, Hairer showed how the infinitely jagged noise that threw his equations into chaos could be reframed and tamed. When he published the theory in 2014, it made an immediate splash.

[...] While his peers roundly consider Hairer a genius, he admits mathematics can be infuriating. “Most of the time it doesn’t work out. As pretty much every single graduate student in mathematics can attest, during your PhD you probably spend two-thirds of your time getting stuck and banging your head against a wall.”

Differential equations come in different forms; among them: Ordinary, Partial, and Non-linear. Martin worked on solving to stochastic differential equations.

Journal Reference:
Hairer, Martin. A theory of regularity structures, (DOI: 10.1007/s00222-014-0505-4)


Original Submission

posted by martyb on Friday September 11 2020, @07:46PM   Printer-friendly
from the "may"..."suggests"..."might" dept.

The coronavirus may have reached Los Angeles even before China announced its outbreak

Was the novel coronavirus on the loose in Los Angeles way back in December, before the World Health Organization was even aware of an unusual cluster of pneumonia cases in Wuhan, China?

A new analysis of medical records from UCLA hospitals and clinics suggests the answer might be yes.

Researchers from UCLA and their colleagues at the University of Washington documented an unmistakable uptick in patients seeking treatment for coughs. The increase began the week of Dec. 22, 2019, and persisted through the end of February.

Also at KTLA.


Original Submission

posted by martyb on Friday September 11 2020, @05:38PM   Printer-friendly
from the only-criminals-would-change-a-URL dept.

Legality of Security Research to be Decided in US Supreme Court Case:

A ruling that a police officer's personal use of a law enforcement database is "hacking" has security researchers worried for the future.

Independent security researchers, digital-rights groups, and technology companies have issued friend-of-the-court briefs in a US Supreme Court case that could determine whether violating the terms of service for software, hardware, or an online service equates to hacking under the law.

The case—Nathan Van Buren v. United States—stems from the appeal of Van Buren, a police sergeant in Cumming, Georgia, who was found guilty in May 2018 of honest services wire-fraud and a single charge of violating the Computer Fraud and Abuse Act (CFAA) for accessing state and government databases to look up a license plate in exchange for money. While Van Buren was authorized to use the Georgia Crime Information Center (GCIC) to access information, including license plates, federal prosecutors argued successfully that he exceeded that authorization by looking up information for a non-law enforcement purpose.

[...] With the appeal accepted by the US Supreme Court, security researchers and technology companies are concerned with the potential for the case to turn independent vulnerability research into unauthorized access and, thus, a prosecutable offense. If the US Supreme Court rules that Van Buren's actions are a violation of the CFAA, it will undermine software and cloud security, says Casey Ellis, chief technology officer and founder of crowdsourced bug bounty firm Bugcrowd.

"Unauthorized access is one of the main purposes of security research—by making it illegal, researchers will be unable to effectively do their jobs, the organization will not be able to close all vulnerabilities, and attackers will win," Ellis says, adding, "the purpose of the CFAA is to outlaw malicious cyberattacks, not grant organizations the ability to halt vulnerability reporting by holding ethical researchers legally accountable for their actions."

[...] Security researchers are not the only ones at risk, says Bugcrowd's Ellis. Anyone who uses a computer system in a way not intended by the manufacturer could find themselves the target of legal action and, perhaps, prosecution, he says.

"The law is so broadly written that it criminalizes acts that otherwise violate a website's terms of services, from lying about your name on a Web form to the socially beneficial security testing that ethical security researchers undertake," he says. "A broader interpretation of 'exceeds unauthorized access' in CFAA works directly against the goals of a safer and more resilient Internet."

A date for oral arguments in the case has not been set.

Original Submission

posted by Fnord666 on Friday September 11 2020, @03:29PM   Printer-friendly
from the theoretical-but-not-practical dept.

New Raccoon Attack Can Allow Decryption of TLS Connections:

Researchers from universities in Germany and Israel have disclosed the details of a new timing attack that could allow malicious actors to decrypt TLS-protected communications.

Named "Raccoon," the attack has been described as complex and the vulnerability is "very hard to exploit." While most users should probably not be concerned about Raccoon, several major software vendors have released patches and mitigations to protect customers.

Raccoon can allow a man-in-the-middle (MitM) attacker to crack encrypted communications that could contain sensitive information. However, the attack is only successful if the targeted server reuses public Diffie-Hellman (DH) keys in the TLS handshake (i.e. the server uses static or ephemeral cipher suites such as TLS-DH or TLS-DHE), and if the attacker can conduct precise timing measurements.

[...] "For a real attacker, this is a lot to ask for. However, in comparison to what an attacker would need to do to break modern cryptographic primitives like AES, the attack does not look complex anymore. But still, a real-world attacker will probably use other attack vectors that are simpler and more reliable than this attack," they explained.

The underlying vulnerability has existed for over 20 years, and it was fixed with the release of TLS 1.3.

[...] Additional details on the Raccoon attack are available on raccoon-attack.com. The researchers also plan on releasing a tool that can be used to check if a server is vulnerable. In the meantime, they recommend Qualys' SSL Server Test — a server could be affected if the result of "DH public server param (Ys) reuse" is "yes."


Original Submission