SoylentNews

fliptop writes:

In a press release, security firm Avast has said around 3 million people are affected worldwide:

Threat Intelligence researchers from Avast (LSE:AVST), a global leader in digital security and privacy products, have identified malware hidden in at least 28 third party Google Chrome and Microsoft Edge extensions associated with some of the world's most popular platforms. The malware has the functionality to redirect user's traffic to ads or phishing sites and to steal people's personal data, such as birth dates, email addresses, and active devices. According to the app stores' download numbers, around three million people may be affected worldwide.

The extensions which aid users in downloading videos from these platforms include Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock, and other browser extensions on the Google Chrome Browser, and some on Microsoft Edge Browser. The researchers have identified malicious code in the Javascript-based extensions that allows the extensions to download further malware onto a user's PC.

[...] The Avast Threat Intelligence team started monitoring this threat in November 2020, but believe that it could have been active for years without anyone noticing. There are reviews on the Chrome Web Store mentioning link hijacking from as far back as December 2018. Rubín added, "The extensions' backdoors are well-hidden and the extensions only start to exhibit malicious behavior days after installation, which made it hard for any security software to discover."

[...] At this moment, the infected extensions are still available for download. Avast has contacted the Microsoft and Google Chrome teams to report them. Both Microsoft and Google confirmed they are currently looking into the issue. In the meantime, Avast recommends users disable or uninstall the extensions for now until the problem is resolved and then scan for and remove the malware.

Original Submission

fliptop writes:

Raspberry Pi has launched a program for approved design partners to help businesses integrate Raspberry Pi into new products:

As it has its best ever year for sales, Raspberry Pi wants to do more to help businesses that want to integrate its tiny computers into their devices.

The Cambridge-based single-board computer maker has sold seven million Raspberry Pi units during 2020. In March, Raspberry Pi CEO Eben Upton said it had its second highest monthly sales ever, reaching 640,000 units, with sales accelerating as people sought cheap computers for learning during lockdown.

[...] But a big chunk of its sales are destined for industrial applications. Raspberry Pi estimates 44% of the computers are sold to the industrial market each year. It bases this figure on the observation that large numbers of older models continue being bought after sales of the latest Raspberry Pi decline.

[...] To support industrial customers, Raspberry Pi has launched an Approved Design Partners program that other businesses match up with if they want to integrate the Raspberry Pi into their products.

It's also published a new 'for industry' website with resources for those who want to integrate the Pi into their products. The primary model for that is the Compute Module 4, which lacks the usual USB and HDMI ports and is compact enough to fit in small products.

Blog post.

Original Submission

upstart writes in with an IRC submission:

Antikythera Mechanism : British Horological Institute:

New analysis of the Antikythera Mechanism presents evidence that the mechanism's front-dial ring is a 354-day lunar calendar, not a 365-day calendar as previously supposed.

The importance of the Antikythera Mechanism has been recognised since nearly the moment of its discovery on the Mediterranean Sea floor  in 1901. It is a complex mechanical computer that could be used to predict, amongst other things, solar and lunar motions and their eclipses. It links the craft of the clockmaker all the way back to the origins of mechanical devices 2100 years ago.

Scholars including Derek de Solla Price, Tony Freeth, Alexander Jones, Michael Wright, and Mike Edmunds have expanded our understanding of this device. The authors of this paper based their work on a new statistical analysis of the hole-spacing in the front calendar ring, combined with practical insights gained by experience in construction of traditional clocks and reconstruction of mechanisms from antiquity.

Download Antikythera Mechanism Full Paper

Original Submission

upstart writes in with an IRC submission:

Qualcomm promises three years of Android updates for its entire SoC lineup:

Google and Qualcomm are teaming up to enable a longer support window for flagship Android smartphones. Qualcomm, with Google's help, will now support its chipsets for three years of major OS updates and four years of security updates, enabling a better-than-Pixel level for all future Android phones, provided your OEM is willing to cooperate. This policy is starting with the flagship Snapdragon 888, but even lower-end chips will be supported. Qualcomm PR tells us "the plan is to roll this out to all Snapdragon chipsets, including lower-tier ones, but starting the new Snapdragon 888 platform."

Part of the challenge of Android updates is the continuous chain of software custody that has to be maintained, across several companies, from the Android repository to your phone. Google and Qualcomm now say they are willing to pass the update baton to OEMs for three major updates and four years of security updates, but OEMs will actually need to update their Android skins and ship working builds to each of their devices. If they don't, we at least know who to blame now.

Qualcomm and Google's blog posts both contain the same phrasing, that they will "support 4 Android OS versions and 4 years of security updates." Read that quote closely and you'll spot two different units of measurement happening there, which some people have misinterpreted. While there are four years of security updates, the two companies are counting the initial release of Android in their quote of "4 Android OS versions," so it's three years of major Android updates, not four years. We double-checked with Qualcomm and got back "Qualcomm will support the launch version + 3 OS upgrades, for a total of 4 major Android OS versions. Snapdragon 888 will support Android 11, 12, 13, and 14."

This is the same update plan Pixels have gotten and what Samsung has promised, but with one more year of security updates. Keep in mind, Qualcomm is also bringing this level of support to low-end devices, so while this is only a baby step for flagship phones, lower-end phones could see greatly increased support windows.

Original Submission

takyon writes:

Ampere Altra Performance Shows It Can Compete With - Or Even Outperform - AMD EPYC & Intel Xeon

While the talk in recent weeks has been about the performance of Apple's M1 ARM chip and then rumors there might be a 32 core chip in the pipe, there is already something much stronger: Ampere Altra has begun shipping and its flagship 80-core SoC with up to two sockets per server can easily take on the AMD EPYC 7742 "Rome" and Intel Xeon Platinum 8280 "Cascade Lake" performance across a variety of workloads. Here is our initial look at the Ampere Altra performance on Linux in our independent performance benchmarks.

[...] Prior to receiving the Ampere Altra Mount Jade server and prior to seeing the performance potential with Apple's M1 chip on the desktop side, I figured the Ampere Altra performance would be like that of prior ARM server chips where in best case scenarios may put up a good fight against Intel/AMD but not outright exceed in both raw performance and performance-per-Watt for a variety of workloads. After seeing the results I was very surprised with how well the Ampere Altra Q80-33 2P performance is against the Xeon Platinum 8280 and EPYC 7742 servers. The performance exceeded my expectations where the Ampere Altra was able to collect wins in not only the performance-per-Watt but in the raw performance as well. Aside from software not yet optimized for the AArch64 architecture, the worst case was generally the Ampere Altra coming a bit behind the x86_64 competition but even then it enjoyed much lower power consumption than the x86_64 processors tested.

Previously: 80-Core Arm CPU To Bring Lower Power, Higher Density To A Rack Near You
Ampere Announces Altra ARM CPUs with Up to 80 Cores, Going to 128 Cores by 2021

Original Submission

takyon writes:

Revealed: China suspected of spying on Americans via Caribbean phone networks

China appears to have used mobile phone networks in the Caribbean to surveil US mobile phone subscribers as part of its espionage campaign against Americans, according to a mobile network security expert who has analysed sensitive signals data.

The findings paint an alarming picture of how China has allegedly exploited decades-old vulnerabilities in the global telecommunications network to route "active" surveillance attacks through telecoms operators.

The alleged attacks appear to be enabling China to target, track, and intercept phone communications of US phone subscribers, according to research and analysis by Gary Miller, a Washington state-based former mobile network security executive.

Original Submission

takyon writes:

GTK 4.0 Toolkit Officially Released

GTK 4.0 features new widgets and reworks to existing elements, integrated media playback support, GPU acceleration improvements like work on its new Vulkan renderer, and better macOS support are some of the leading highlights. Some other additions include data transfer improvements, overhauling shaders, GPU accelerated scrolling, custom entry widgets are easy to make, OpenGL rendering improvements beyond the Vulkan work, restoring work on HTMl5 Broadway, better Windows support, and more.

GTK 4.0 is now considered stable for applications to begin supporting it. GTK 3 will continue to be maintained for the "foreseeable future" while GTK 2 is no longer going to be supported beyond one more point release.

GTK 4.0.

Original Submission

Fnord666 writes:

SpaceX Won "rural" FCC Funding in Surprising Places, Like Major Airports

FCC Chairman Ajit Pai is "subsidiz[ing] broadband for the rich," according to the title of an analysis last week by Derek Turner, research director at advocacy group Free Press. Turner has a strong track record analyzing FCC broadband data and last year found major errors in Pai's broadband-deployment claims.

[...] SpaceX CEO Elon Musk has said Starlink is targeted at rural areas and "will serve the hardest-to-serve customers that telcos otherwise have trouble" reaching. While SpaceX did get FCC funding for plenty of rural areas, it also won "the right to serve a large number of very urban areas that the FCC's broken system deemed eligible for awards," Turner wrote. For example, Turner wrote that SpaceX won broadband subsidies in locations at or adjacent to major airports in Atlanta, Chicago, Denver, New York City, Seattle, Las Vegas, Newark, Miami, Boston, Minneapolis-Saint Paul, Fort Lauderdale-Hollywood, Detroit, and Philadelphia.

[...] The RDOF[^*] and other universal service programs run by the FCC are paid for by Americans through fees imposed on phone bills. According to rules set by the FCC, the entire $9.2 billion must fund deployment only in census blocks where no ISPs report offering service with at least 25Mbps download and 3Mbps upload speeds.

But census blocks are small, and blocks that are counted as unserved "may be surrounded on all sides by fiber," Turner told Ars via email. "That's because of an important design flaw in the FCC's mapping system: ISPs are [required] to report the blocks where they currently offer service or could without extraordinary use of resources within a 10-day period. Thus a block can show up as 'unserved' even though it isn't any more expensive than any typical block to serve; it just means an ISP didn't claim the block."

SpaceX "appears to have played by the rules. But the FCC's rules created a broken system," Turner wrote in his post on the Free Press site. "By bidding for subsidies assigned to dense urban areas, Musk's firm and others were able to get potentially hundreds of millions in subsidies meant for people and businesses in rural areas that would never see broadband deployment without the government's help."

RDOF - Rural Digital Opportunity Fund

Original Submission

Fnord666 writes:

Senator Tries to Block Frontier's FCC Funding, Citing ISP's Various Failures

A Republican US senator from West Virginia has asked the government to block broadband funding earmarked for Frontier Communications, saying that the ISP is not capable of delivering gigabit-speed Internet service to all required locations.

Sen. Shelley Moore Capito (R-W.Va.) outlined her concerns in a letter to Federal Communications Commission Chairman Ajit Pai last week. Capito told Pai that Frontier has mismanaged previous government funding and seems to lack both the technological capabilities and financial ability to deliver on its new obligations.

[...] Capito urged Pai to block Frontier's new funding by rejecting the ISP's long-form application, which must be completed by winning bidders in order to receive the allocated money. "The stakes are simply too high to provide nearly $250 million to a company that does not have the capability to deliver on the commitments made to the FCC," she wrote.

[...] Capito is not the only official from West Virginia who has objected to Frontier getting federal money, as shown in a West Virginia Public Broadcasting report last week. Mike Holstine, secretary-treasurer of the West Virginia Broadband Enhancement Council, called Frontier's new funding "unbelievable."

"'I think the state is going to get screwed again,' [Holstine] said, referencing the Broadband Technology Opportunities Program scandal in which West Virginia was forced to return nearly $5 million in federal funds in 2017 after regulators discovered Frontier had wasted it," the news report said.

Original Submission

upstart writes in with an IRC submission:

FTC Orders Amazon, YouTube, Discord, and 6 More to Explain What the Hell They're Doing With Your Data:

The Federal Trade Commission on Monday announced it was issuing orders to nine of the most popular social media and streaming platforms in the U.S., requiring them to offer up intel on business practices ranging from data collection to advertising, to the way that user engagement gets tracked overtime.

The orders issued to Amazon, Discord, Facebook, Reddit, Snap, Twitter, WhatsApp, YouTube, and TikTok parent company Bytedance, aren't intended for any specific regulatory action. Rather, the inquiries are meant to be part of a wide-ranging study examining how each of these companies treats consumer privacy.

As Axios, which first reported news of the FTC probe, points out, just because this initiative lacks a specific goal doesn't mean it is inconsequential. These types of inquiries, specifically known as 6(b) orders, have been used in the past to gather data that can be used in later investigations.

Additional coverage at ArsTechnica

Original Submission

upstart writes in with an IRC submission:

Sentencing Nears for Gamer Who DDoS'd PlayStation Network as a Minor:

A person behind a October 2016 cyberattack that temporarily crippled Sony's Playstation Network and other online services has pleaded guilty to committing the act as a juvenile, Justice Department officials in New Hampshire said Thursday.

For no fewer than 11 months, officials said, the individual "conspired with others" to create possibly multiple botnets, one of which was used in 2016 to launch a distributed denial-of-service attack against the PlayStation Network.

[...] The former-juvenile offender's sentence will be decided next month.

Original Submission

upstart writes in with an IRC submission for c0lo:

Trucks with first COVID-19 vaccine in US get ready to roll:

The first of many freezer-packed COVID-19 vaccine vials made their way to distribution sites across the United States on Sunday, as the nation's pandemic deaths approached the horrifying new milestone of 300,000.

The rollout of the Pfizer vaccine, the first to be approved by the Food and Drug Administration, ushers in the biggest vaccination effort in U.S. history — one that health officials hope the American public will embrace, even as some have voiced initial skepticism or worry. Shots are expected to be given to health care workers and nursing home residents beginning Monday.

[...] "This is a historic day," said Richard W. Smith, who oversees operations in the Americas for FedEx Express, which is delivering 630-some packages of vaccine to distribution sites across the country. United Parcel Service also is transporting a share of the vaccine.

[...] Dr. Stephen Hahn, commissioner of the FDA, which approved the Pfizer vaccine Friday, has repeatedly insisted that the agency's decision was based on science, not politics, despite a White House threat to fire him if the vaccine wasn't approved before Saturday.

[...] While the vaccine was determined to be safe, regulators in the U.K. are investigating several severe allergic reactions. The FDA's instructions tell providers not to give it to those with a known history of severe allergic reactions to any of its ingredients.

The Moderna vaccine will be reviewed by an expert panel Thursday and soon afterward could be allowed for public use.

Original Submission

upstart writes in with an IRC submission:

Cyberpunk 2077 has involved months of crunch, despite past promises:

Cyberpunk 2077, one of the most highly anticipated video games of the past decade, has already been delayed three times. Employees at CD Projekt Red, the Polish studio behind the game, have reportedly been required to work long hours, including six-day weeks, for more than a year. The practice is called "crunch" in the video game industry, and it is sadly all too common.

It's also something that the leadership at CD Projekt Red said wasn't going to happen to the people making Cyberpunk 2077.

[...] In January 2020, CD Projekt announced the game's first delay. [...] That same day, during a public call with investors, CD Projekt revealed that crunch would ultimately be needed to get the game done on time. It would also be mandatory for at least some employees.

[...] In September, Bloomberg reiterated what CD Projekt's leaders said to investors months before. A leaked email mandated six-day work weeks. Crunch had become a requirement, and according to anonymous employees, some developers had been working nights and weekends "for more than a year."

[...] But let's not sugarcoat it: Crunch is cruel. It is the result of poor management, and evidence of a disregard for the people working to make the games that we love to play. Crunch at this scale, and for this duration, casts a shadow over Cyberpunk 2077 — and actively undermines some of the progressive and cautionary themes no doubt present in the game itself.

Crunch Time

Original Submission

upstart writes in with an IRC submission for AzumaHazuki:

Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems:

Academics from an Israeli university have published new research today detailing a technique to convert a RAM card into an impromptu wireless emitter and transmit sensitive data from inside a non-networked air-gapped computer that has no Wi-Fi card.

Named AIR-FI, the technique is the work of Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev, in Israel.

Over the last half-decade, Guri has led tens of research projects that investigated stealing data through unconventional methods from air-gapped systems.

[...] In his research paper, titled "AIR-FI: Generating Covert WiFi Signals from Air-Gapped Computers," Guri shows that perfectly timed read-write operations to a computer's RAM card can make the card's memory bus emit electromagnetic waves consistent with a weak Wi-Fi signal.

This signal can then be picked up by anything with a Wi-Fi antenna in the proximity of an air-gapped system, such as smartphones, laptops, IoT devices, smartwatches, and more.

Journal Reference:
Guri, Mordechai. AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers, (DOI: https://arxiv.org/abs/2012.06884)

Original Submission

An Anonymous Coward writes:

FSB Team of Chemical Weapon Experts Implicated in Alexey Navalny Novichok Poisoning:

A joint investigation between Bellingcat and The Insider, in cooperation with Der Spiegel and CNN, has discovered voluminous telecom and travel data that implicates Russia's Federal Security Service (FSB) in the poisoning of the prominent Russian opposition politician Alexey Navalny[*]. Moreover, the August 2020 poisoning in the Siberian city of Tomsk appears to have happened after years of surveillance, which began in 2017 shortly after Navalny first announced his intention to run for president of Russia. Throughout 2017, and again in 2019 and 2020, FSB operatives from a clandestine unit specialized in working with poisonous substances shadowed Navalny during his trips across Russia, traveling alongside him on more than 30 overlapping flights to the same destinations. It is also possible there were earlier attempts to poison Navalny, including one in the Western Russian city of Kaliningrad only a month before the near-fatal Novichok poisoning in Siberia.

Our investigation identified three FSB operatives from this clandestine unit who traveled alongside Navalny to Novosibirsk and then followed him to the city of Tomsk where he was ultimately poisoned. These operatives, two of whom traveled under cover identities, are Alexey Alexandrov (39), Ivan Osipov (44) – both medical doctors – and Vladimir Panyaev (40). These three were supported and supervised by at least five more FSB operatives, some of whom also traveled to Omsk, where Navalny had been hospitalized. Members of the unit communicated with one another throughout the trip, with sudden peaks of communication just before the poisoning as well as during the night-time hours (Moscow time) when Navalny left his hotel and headed to the Tomsk airport.