SoylentNews

Arthur T Knackerbracket has found the following story:

The vast number of Internet-of-Things (IoT) devices are proving to be lucrative for botnet operators to carry out various attacks – from sending spam to launching harmful distributed denial-of-service (DDoS) attacks, according to Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs.

Manky said he’s seen an increase in a number of botnets made up of compromised IoT devices, which can be attributed to various factors. For one, it’s harder to track down the numerous compromised connected devices behind a botnet, as they’re scattered all over, said Manky. Also, more IoT devices are cropping up worldwide – many of which are insecure, easy targets for cybercriminals to exploit.

The full talk is available as an MP3 podcast

Original Submission

martyb writes:

The first attempt[*] was a no-go, and the weather forecast is up in the air (thanks to hurricane Eta), but if things work out, SpaceX's Crew-1 will fly to the ISS (International Space Station) today. The launch is scheduled for four hours from the time this story goes live. It marks the official end of the US needing to purchase launches from Russia to get to and from the ISS.

A lot has happened along the way to, during, and following the Crew-1 Demo mission where SpaceX sent a Crew Dragon carrying Doug Hurley and Bob Behnken to the ISS. For one thing, it was a demo flight. How well did things really work out?

It's launch day for the historic Crew-1 mission to the space station:

SpaceX and NASA set about reviewing data to ensure the actual [test] flight was consistent with all of their simulations over the course of nearly a decade. In developing Crew Dragon, among the raft of tests performed, SpaceX said it completed about 8 million hours of hardware-in-the-loop software testing, 700 tests of Dragon's SuperDraco thrusters, and nearly 100 tests and flights of Dragon's parachutes.

[...] Inside the spacecraft they've named Resilience, NASA astronauts Michael Hopkins, Victor Glover, and Shannon Walker, along with Japan Aerospace Exploration Agency mission specialist

Soichi Noguchi, will fly into orbit for a six-month stint on the International Space Station.

[...] There is no guarantee conditions will be great on Sunday at the launch site, Kennedy Space Center, nor downrange at "abort sites" across the Atlantic Ocean should Dragon need to jettison itself from the Falcon 9 rocket during an emergency. The forecast for Sunday calls for a 50-50 chance of getting the launch off during its instantaneous window—7:27pm ET (00:27 UTC Monday). If the launch attempt is scrubbed, a back-up opportunity is available Wednesday.

The crew has already awoken this morning and will receive a final weather briefing at 3:12pm local time today. The NASA webcast below will begin at about the same time. If conditions look decent enough, the crew will move to don suits immediately thereafter and make their formal walkout of the operations and checkout building at 4:05pm en route to the launch pad.

YouTube live-streams: SpaceX and NASA.

[*] See our prior coverage: NASA and SpaceX to Launch to ISS: Sun. 2020-11-15 @ 19:29 EST (Mon. 2020-11-16 @ 00:29 UTC.]

Original Submission

cosurgi writes:

Note from submitter: this story was originally submitted by u/ModeHopper on reddit r/PhysicsPapers, a sub which I recently discovered.

The Proxima b exoplanet resides within the stellar habitable zone, possibly allowing for liquid water on its surface, as on Earth. Here we demonstrate an inversion technique to indirectly image exoplanet surfaces using observed unresolved reflected light variations over the course of the exoplanet's orbital and axial rotation: ExoPlanet Surface Imaging (EPSI). We show that the reflected light curve contains enough information to detect both longitudinal and latitudinal structures and to map exoplanet surface features. We demonstrate this using examples of solar system planets and moons, as well as simulated planets with Earth-like life and artificial structures. We also describe how it is possible to infer the planet and orbit geometry from light curves.

Link to figures: https://ui.adsabs.harvard.edu/abs/2019AJ....158..246B/graphics

https://arxiv.org/abs/1711.00185

https://arxiv.org/pdf/1711.00185.pdf

Journal Reference:
S. V. Berdyugina, J. R. Kuhn. Surface Imaging of Proxima b and Other Exoplanets: Albedo Maps, Biosignatures, and Technosignatures - IOPscience, The Astronomical Journal (DOI: https://iopscience.iop.org/article/10.3847/1538-3881/ab2df3)

Original Submission #1  Original Submission #2 

[2020-11-15 17:42:54 UTC: Updated title: TCL Roku TVs are apparently not affected -- the vulnerability described apparently applies only to TCL Android TVs. --martyb]

takyon writes:

Major Security Flaws in TCL Android Smart TVs May Have Opened Chinese Backdoor, Researchers Say

Security vulnerabilities exist on all devices that can be connected to the internet. Some mitigate the risks by patching any security holes that exist while others are not very quick. That eventually leads to hackers compromising the system. Similarly, smart televisions too can be hacked and at the moment TCL smart TVs running the Android TV operating system seem to be vulnerable with backdoors, affecting millions of users.

Two cybersecurity researchers dug deep into the world of smart TVs to study the cybersecurity infrastructure and were stunned by TCL's lackluster security flaws. Sick Codes, a white-hat hacker and John Jackson, an application security engineer at Shutterstock, a photo-licensing company found that TCL smart TVs' entire file system could be accessed over Wi-Fi through undocumented TCP/IP port. Besides that, the files could also be overwritten without any authentication (no username and password needed).

"I can wholeheartedly say that there were multiple moments that I, and another security researcher that I met along the way, couldn't believe what was happening. On multiple occasions I found myself feeling as though, you couldn't even make this up," Sick Codes wrote in a blog post.

Suddenly that $150 4K TV doesn't seem like such a great deal.

TCL Technology.

Also at The Security Ledger and Hot Hardware.

Original Submission

upstart writes in with an IRC submission for Runaway1956_:

Preliminary data suggest that cod liver oil users have lower risk of getting COVID-19:

Norwegian researchers are about to embark on one of the country's largest clinical trials[...]

"Preliminary data from our ongoing COVID-19 study, Koronastudien, suggest that cod liver oil users may have a reduced risk of COVID-19 and a lower risk of severe disease outcomes if they are infected", says Arne Søraas, in the press release. He is a physician-scientist at the Department of Microbiology at Oslo University Hospital.

[...] Cod liver oil is rich in vitamin D and omega-3 fatty acids. Cod liver oil is among the few natural sources of vitamin D in the nordic diet, writes Store Norske Leksikon.

[...] To answer this question, a randomized study needs to be done.

[...] Half of them will take a daily dose of cod liver oil, the other half will be given a placebo product. As it goes in randomized studies, participants will not know if they are taking the real or the fake stuff.

The study is partially funded by the company Orkla, who produce the brand Möllers Cod Liver Oil. This is also the oil which will be used in the project.

"We were contacted by Oslo University Hospital and saw this as an opportunity to contribute to the fight against the pandemic while also gaining new insight into the positive effects of taking cod liver oil", Gunnhild Aarstad says in the press release. She is head of Research, Development and Innovation at Orkla Health.

The study will run from November until April next year and will also look for the effect of cod liver oil on other viral diseases such as seasonal flu and ordinary colds.

For more information, see the Oslo University Hospital press release.

Original Submission

takyon writes:

Google Takes Down Repositories That Circumvent its Widevine DRM

GitHub has removed several repositories that helped to bypass Google's Widevine DRM, which is used by popular streaming services such as Netflix and Amazon. Google requested the code to be removed as it would violate the DMCA. The company also sent a sensitive data takedown request for the associated RSA key which, ironically, remains easy to find through Google.

[...] The code, originally published by security researcher Tomer Hadad, is a proof-of-concept code Chrome extension that shows how easy it is to bypass the low-security ["L3" version of Widevine Digital Rights Management]. Google was aware of this vulnerability and previously informed Krebs on Security that it would address the issue.

[...] Google sees the code, which was explicitly published for educational purposes only, as a circumvention tool. As such, it allegedly violates section 1201 of the DMCA, an allegation that was also made against the youtube-dl code last month.

[...] This 'key controversy' is reminiscent of an issue that was widely debated thirteen years ago. At the time, a hacker leaked the AACS cryptographic key "09 F9" online which prompted the MPAA and AACS LA to issue DMCA takedown requests to sites where it surfaced.

DMCA: Digital Millennium Copyright Act
DRM: Digital Rights Management
AACS: Advanced Access Content System
MPAA: Motion Picture Association of America
AACS: Advanced Access Content System
AACS LA: https://en.wikipedia.org/wiki/AACS_LA

Original Submission

Arthur T Knackerbracket has found the following story:

Earth has captured a tiny object from its orbit around the sun and will keep it as a temporary satellite for a few months before it escapes back to a solar orbit. But the object is likely not an asteroid; it's probably the Centaur upper stage rocket booster that helped lift NASA's ill-fated Surveyor 2 spacecraft toward the moon in 1966.

This story of celestial catch-and-release begins with the detection of an unknown object by the NASA-funded Pan-STARRS1 survey telescope on Maui in September. Astronomers at Pan-STARRS noticed that this object followed a slight but distinctly curved path in the sky, which is a sign of its proximity to Earth. The apparent curvature is caused by the rotation of the observer around Earth's axis as our planet spins. Assumed to be an asteroid orbiting the sun, the object was given a standard designation by the Minor Planet Center in Cambridge, Massachusetts: 2020 SO. But scientists at the Center for Near-Earth Object Studies (CNEOS) at NASA's Jet Propulsion Laboratory in Southern California saw the object's orbit and suspected it was not a normal asteroid.

Most asteroids' orbits are more elongated and tilted relative to Earth's orbit. But the orbit of 2020 SO around the sun was very similar to that of Earth: It was at about the same distance, nearly circular, and in an orbital plane that almost exactly matched that of our planet—highly unusual for a natural asteroid.

As astronomers at Pan-STARRS and around the world made additional observations of 2020 SO, the data also started to reveal the degree to which the sun's radiation was changing 2020 SO's trajectory—an indication that it may not be an asteroid after all.

[...] Before it leaves, 2020 SO will make two large loops around our planet, with its closest approach on Dec. 1. During this period, astronomers will get a closer look and study its composition using spectroscopy to confirm if 2020 SO is indeed an artifact from the early Space Age.

Original Submission

canopic jug writes:

Fifty years ago on November 12^th, 1970 the Oregon State Highway Department used dynamite to blast the rotting corpse of a stranded whale. It did not go well.

KATU donated the original 16mm footage to the Oregon Historical Society in the late 1980s. The footage has been transferred over the years to various video formats, but this is the first time it has been scanned at 4K resolution — or a display resolution of approximately 4,000 glorious pixels across the horizontal.

Also at KLCC.

50 years ago this Thursday, (Nov. 12), the detonation of a dead, beached sperm whale in Florence ended in chaos. Instead of blowing up into fine fragments, the corpse rained back down in large chunks. While a car was crushed, no one was hurt, fortunately. KLCC's Brian Bull talked to former KATU-TV reporter Paul Linnman, who covered the bizarre fish tale - and for a while, found himself wishing it away. Linnman related to Bull how he got the assignment back in 1970.

Not covered previously at SN, though a great many other whale topics are present.

Original Submission

upstart writes in with an IRC submission for Teckla:

Your Computer Isn't Yours:

On modern versions of macOS, you simply can't power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.

It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn't realize this, because it's silent and invisible and it fails instantly and gracefully when you're offline, but today the server got really slow and it didn't hit the fail-fast code path, and everyone's apps failed to open if they were connected to the internet.

Because it does this using the internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, and allows for a table that has the following headings: Date, Time, Computer, ISP, City, State, Application Hash

Apple (or anyone else) can, of course, calculate these hashes for common programs: everything in the App Store, the Creative Cloud, Tor Browser, cracking or reverse engineering tools, whatever.

This means that Apple knows when you're at home. When you're at work. What apps you open there, and how often. They know when you open Premiere over at a friend's house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city.

And it has already been been postponed:

1:07 PM - 13 Nov 2020: Jim Bridenstine (@JimBridenstine) "Update: Due to onshore winds and recovery operations, @NASA and @SpaceX are targeting launch of the Crew-1 mission with astronauts to the @Space_Station at 7:27 p.m. EST Sunday, Nov. 15. The first stage booster is planned to be reused to fly astronauts on Crew-2. #LaunchAmerica"

(Original story follows)

upstart writes in with an IRC submission for c0lo:

Nasa poised to return to crewed spaceflight with SpaceX capsule launch:

High prevalence of SARS-CoV-2 antibodies in pets from COVID-19+ households

An Anonymous Coward writes:

https://www.sciencedirect.com/science/article/pii/S2352771420302937

In a survey of household cats and dogs of laboratory-confirmed COVID-19 patients, we found a high seroprevalence of SARS-CoV-2 antibodies, ranging from 21% to 53%, depending on the positivity criteria chosen. Seropositivity was significantly greater among pets from COVID-19+ households compared to those with owners of unknown status. Our results highlight the potential role of pets in the spread of the epidemic.

Journal Reference:
Matthieu Fritz, Béatrice Rosolen, Emilie Krafft, et al. High prevalence of SARS-CoV-2 antibodies in pets from COVID-19+ households One Health (DOI: 10.1016/j.onehlt.2020.100192)

Covid Infections in Animals Prompt Scientific Concern

Separately, there is concern that Coronavirus mutations could develop in animals and be transmitted back to humans, possibly in a more virulent form. Further, having a reservoir of virus in non-humans could make it much more difficult to eradicate. A recent article in The New York Times expounds on this:

The decision this week by the Danish government to kill millions of mink because of coronavirus concerns, effectively wiping out a major national industry, has put the spotlight on simmering worries among scientists and conservationists about the vulnerability of animals to the pandemic virus, and what infections among animals could mean for humans.

The most disturbing possibility is that the virus could mutate in animals and become more transmissible or more dangerous to humans. In Denmark, the virus has shifted from humans to mink and back to humans, and has mutated in the process. Mink are the only animals known to have passed the coronavirus to humans, except for the initial spillover event from an unknown species. Other animals, like cats and dogs, have been infected by exposure to humans, but there are no known cases of people being infected by exposure to their pets.

Arthur T Knackerbracket has found the following story:

Cybercriminals stole Facebook passwords and lured their victims' friends to websites promoting a bitcoin scam. Then they exposed their whole operation on an unsecured database, researchers found.

A crime operation appears to have tricked hundreds of thousands of Facebook users into handing over their account passwords. The fraudsters then exposed their own operation by making a basic security mistake: They forgot to lock down a cloud database storing the pilfered login credentials with a password of their own.

That meant anyone with a web browser could view the information, which included further details on how they carried out the operation. The findings come from Israeli security researchers Noam Rotem and Ran Locar, who published their research Friday with security website vpnMentor. 

Rotem and Locar reported their findings to Facebook, and the database is no longer exposed. Facebook forced a reset of the passwords for affected accounts.

Original Submission

Arthur T Knackerbracket has found the following story:

Researchers can now more accurately and precisely target specific proteins in yeast, mammalian cells and mice to study how knocking down specific protein traits can influence physical manifestation in a cell or organism.

[...] "Conditional gene knockout and small interfering RNA (siRNA), which is used to silence proteins without knocking them out completely, has been employed in many studies," said Masato T. Kanemaki, professor at the National Institute of Genetics in the Research Organization of Information and Systems (ROIS). "However, these technologies are not ideal for studying highly dynamic processes, such as cell cycle, differentiation or neural activity, because of the slow rate of depletion of the protein of interest."

[...] The ability to knock out genes in mice is a critical step in genetic research and therapeutics. According to Kanemaki, an approach may work well in cultured cells, but it must work in a whole model system, such as a mouse. The "leaky degradation" of the AID system meant that a targeted protein would only degraded weakly without auxin, but the level of auxin required to induce full degradation appeared to have long-term negative effects on cell growth.

"In this paper, we describe the AID2 system, which overcomes all the drawbacks of the original AID system," Kanemaki said, noting that they did not detect leaky degradation with the system, the degradation was quicker, and the required dose of auxin was much lower.

To establish the AID2 system, the researchers employed what is known as a "bump-and-hole" strategy to create an empty space in a mutant version of a plant protein (called TIR1) that recognizes and induces the degradation of degron-fused proteins. An auxin analog can bind directly to the TIR1 mutant and initiate the degradation process. Since the approach is very efficient, less auxin analog is needed. The researchers found that depletion could be induced at a concentration about 670 times lower than in the original system.

More information:
Aisha Yesbolatova et al. The auxin-inducible degron 2 technology provides sharp degradation control in yeast, mammalian cells, and mice, Nature Communications (2020). DOI: 10.1038/s41467-020-19532-z

Journal information: Nature Communications

Original Submission

Arthur T Knackerbracket has found the following story:

The US Commerce Department has halted a ban on TikTok that was due to come into effect on Thursday night.

The order would have prevented the app from being downloaded in the US.

The Commerce Department delayed the ban "pending further legal developments," citing a Philadelphia court ruling from September where three prominent TikTokers had argued the app should be allowed to operate in America.

The decision will be a relief to the estimated 100 million US TikTok users.

In September, TikTok's Chinese owner, ByteDance announced a deal with Walmart and Oracle to shift TikTok's US assets into a new entity called TikTok Global.

Ars Technica adds:

ByteDance filed an appeal in federal court earlier this week asking for more time to make the Oracle deal happen. In short, ByteDance said, it has followed through on its end of the deal—now, it just needs the US government to remember what's going on.

"For a year, TikTok has actively engaged with CFIUS in good faith to address its national security concerns, even as we disagree with its assessment," TikTok said Tuesday in a statement. "In the nearly two months since the president gave his preliminary approval to our proposal to satisfy those concerns, we have offered detailed solutions to finalize that agreement—but have received no substantive feedback on our extensive data privacy and security framework."

Meanwhile, thanks to all that "pending legal action," the administration was already prohibited from putting any part of its TikTok bans into effect today.

Original Submission

takyon writes:

Apple Announces The Apple Silicon M1: Ditching x86 - What to Expect, Based on A14

The new processor is called the Apple M1, the company's first SoC designed with Macs in mind. With four large performance cores, four efficiency cores, and an 8-GPU core GPU, it features 16 billion transistors on a 5nm process node. Apple's is starting a new SoC naming scheme for this new family of processors, but at least on paper it looks a lot like an A14X.

[...] Apple made mention that the M1 is a true SoC, including the functionality of what previously was several discrete chips inside of Mac laptops, such as I/O controllers and Apple's SSD and security controllers.

[....] Whilst in the past 5 years Intel has managed to increase their best single-thread performance by about 28%, Apple has managed to improve their designs by 198%, or 2.98x (let's call it 3x) the performance of the Apple A9 of late 2015.

[...] Apple has claimed that they will completely transition their whole consumer line-up to Apple Silicon within two years, which is an indicator that we'll be seeing a high-TDP many-core design to power a future Mac Pro. If the company is able to continue on their current performance trajectory, it will look extremely impressive.