SoylentNews

We all know that when somebody gets unauthorised access to your computer hardware that security is out of the window! But what if you have to leave your hardware unattended but ostensibly in a 'secure' location - your hotel room or somebody else's home? fab23 has submitted this article on what you can do if that is the case:

fab23 writes:

The SANS Internet Storm Center published the guest diary Evil Maid Attacks - Remediation for the Cheap:

The so-called evil maid attack is an attack against hardware devices utilizing hard- and/or software. It is carried out when the hardware is left unattended, e.g., in a hotel room when you're out for breakfast. The attacker manipulates the device in a malicious way, e.g.:

There are several ways to minimize the risk of an unnoticed, successful evil maid attack. Which road you go depends on your personal threat model (and your budget, of course).

hubie writes:

'Protein hunger' drives overeating, large-scale population study shows:

A year-long study of the dietary habits of 9,341 Australians has backed growing evidence that highly processed and refined foods are the leading contributor of rising obesity rates in the Western world.

The new study, in the latest issue of the journal Obesity conducted by the University of Sydney's Charles Perkins Centre (CPC), was based on a national nutrition and physical activity survey undertaken by the Australian Bureau of Statistics (ABS), and further backs the 'Protein Leverage Hypothesis'.

First put forward in 2005 by professors Raubenheimer and Stephen Simpson, the Protein Leverage Hypothesis argues that people overeat fats and carbohydrates because of the body's strong appetite for protein, which the body actively favours over everything else. Because so much of modern diets consist of highly processed and refined foods – which are low in protein – people are driven to consume more energy-dense foods until they satisfy their protein demand.

[...] "It's increasingly clear that our bodies eat to satisfy a protein target," added Professor David Raubenheimer, the Leonard Ullmann Chair in Nutritional Ecology at the School of Life and Environmental Sciences.

"But the problem is that the food in Western diets contains increasingly less protein. So, you have to consume more of it to reach your protein target, which effectively elevates your daily energy intake.

[...] Participants with a lower proportion of protein than recommended at the first meal consumed more discretionary foods – energy-dense foods high in saturated fats, sugars, salt, or alcohol – throughout the day, and less of the recommended five food groups (grains; vegetables/legumes; fruit; dairy and meats). Consequently, they had an overall poorer diet at each mealtime, with their percentage of protein energy decreasing even as their discretionary food intake rose – an effect the scientists call 'protein dilution'.

Journal Reference:
Amanda Grech, Zhixian Sui, Anna Rangan, et al., Macronutrient (im)balance drives energy intake in anobesogenic food environment: An ecological analysis [open], Obesity, 30, 11, 2022. DOI: 10.1002/oby.23578

Original Submission

An Anonymous Coward writes:

https://www.howtogeek.com/848711/waymos-self-driving-taxis-are-becoming-meteorologists/

The Alphabet company announced that the latest version of the sensor array on its autonomous vehicles — using a combination of cameras, radar, and lidar — is able to measure weather conditions the car may face, specifically the intensity of rain drops (or lack thereof), as well as fog. It would turn the vehicles into, as the company puts it, "mobile weather stations."

This doesn't mean you'll be seeing a Waymo car giving out the weather on your local TV station anytime soon, but it will help the robotaxis make real-time decisions in adapting to the weather conditions on the ground. It's being tested to begin with in Phoenix and San Francisco, two very different climates.

But since the sensors ostensibly turn the vehicles into amateur meteorologists, Waymo is also able to use the data to create real-time weather maps on conditions like the progression of coastal fogs, as well as light drizzles that a radar might miss.

Original Submission

Runaway1956 writes:

The easy to use App Track Protection feature will block third party companies snooping in your apps:

DuckDuckGo released a new privacy tool for Android Wednesday that will help protect you from the companies harvesting personal data through your apps. The new App Tracking Protection feature, now available in beta in the DuckDuckGo for Android app, will let users take advantage of some of the privacy protections already enjoyed by iPhone users.

The company's App Tracking Protection tool doesn't just block the data collection, it also gives you a firsthand look at what information apps are trying to harvest and where they're trying to send it. DuckDuckGo spent the last year testing the feature with real users. The feature is easy to use. All you have to do is install the DuckDuckGo app, open Settings, select "App Tracking Protection," and follow the onscreen instructions.

[...] App Tracking Protection runs in the background of your day-to-day phone use, but if you open it up, the DuckDuckGo app gives you a real time summary of the attempts to collect your data. The numbers will be staggering if you aren't familiar with the inner workings of tech products.

According to DuckDuckGo, the average Android user has about 35 apps on their phone. In their tests, a phone with 35 apps on it will send about 1,000-2,000 packets of tracking data to over 70 different tracking companies every day—but that number can be far worse depending on which apps you use.

An Anonymous Coward writes:

https://www.technologyreview.com/2022/11/17/1063352/new-tick-borne-disease-killing-cattle-in-us/

In the spring of 2021, Cynthia and John Grano, who own a cattle operation and sell performance horses in Culpeper County, Virginia, started noticing some of their cows slowing down and acting "spacey." They figured the animals were suffering from anaplasmosis, a common infectious disease that causes anemia in cattle. But Melinda McCall, their veterinarian, had warned them that another disease carried by a parasite was spreading rapidly in the area.

After a third cow died, the Granos decided to test its blood. Sure enough, the test came back positive for the disease: theileria. And with no treatment available, the cows kept dying. In September, by which time the couple had already lost six cows and seven calves, Cynthia noticed a cow separated from the herd. She was walking up to it when it suddenly charged at her and knocked her over, breaking her shoulder blade. By that afternoon, the cow was dead.

[...] Theileria, which is in the same family as malaria, is being transmitted largely through the Asian longhorned tick, an invasive species first discovered in the US in 2017. The tick is native to Korea, China, Russia, and Japan. As it has spread in the US, so has theileria; the disease has been found in cattle in West Virginia, North Carolina, Tennessee, Kentucky, Pennsylvania, and Kansas. Some sale barns in Virginia saw the prevalence of theileria increase from two to 20 percent in just two years.

Theileria can cause cows to abort their fetuses. It can also cause anemia so severe that a cow will die. In Australia, where the disease has been spreading since 2012 and now affects a quarter of the cattle, theileria costs the beef industry an estimated $19.6 million a year in reduced milk and meat yields, according to a 2021 paper. In Japan and Korea, the combined loss is an estimated $100 million annually. Kevin Lawrence, an associate professor at Massey University who studies theileria in New Zealand, says that country has managed to avoid abortions because 95 percent of cows calve in the spring there, the same season he's seen theileria infecting cows. In the US, however, calving season can be year-round. "I think in America, you're going to see abortions," he says. "You're going to see deaths."

Original Submission

An Anonymous Coward writes:

https://www.wired.com/story/the-6-billion-dollar-shot-at-making-new-antibiotics-before-the-old-ones-fail/

[...] A piece of legislation lined up for a vote in Congress, called the Pasteur Act (named both for the 19th-century microbiologist and to stand for Pioneering Antimicrobial Subscriptions to End Upsurging Resistance), could repopulate that empty landscape by guaranteeing government funds to help a small number of new antibiotics make it to market. The proposal has bipartisan support in both the House and Senate, is backed by the Department of Health and Human Services (HHS), was implicitly endorsed in the last White House budget, and resembles programs already implemented in other countries.

[...] "If this doesn't pass, or something like it doesn't get implemented, then I don't know what Plan B is," says Joe Larsen, a vice president at Locus Biosciences Inc. who launched an Obama–era program of antibiotic investment while serving in the US government's Biomedical Advanced Research Development Authority. "We need to re-envision the way we support antimicrobials in the US."

That patients might run out of effective antibiotics is a jarring thought. The Centers for Disease Control and Prevention estimates that antibiotic-resistant infections already kill more than 48,000 Americans each year and sicken 2.8 million. A January study in The Lancet estimated the annual global death toll at 1.27 million. Antibiotic resistance got worse during the pandemic as health care workers tried to protect Covid patients from bacterial infections, not just in individual outbreaks in hospitals but across the US.

[...] Lacking enough income to balance their expenditures, the big companies left the field to small biotechs. These new players believe in the mission, but typically don't have income from other product lines to buoy them while they wait for sales. Since 2010, the makers of five out of 15 new antibiotics approved by the FDA have folded or sold themselves at auction because they could not outlast the lag between approval and earnings. A sixth company backed off an antibiotic in Phase 3 trials in May and laid off three-fourths of its staff. A seventh reorganized itself just last month.

Original Submission

Freeman writes:

Cable company's accidental email to rival discusses plan to block competition

On October 17, Jonathan Chambers received an email that wasn't meant for him.

Chambers is one of the top executives at Conexon, a broadband company that has built and operates dozens of fiber networks in rural parts of America. Conexon recently won one of the Louisiana state government's GUMBO grants to deploy fiber-to-the-home service in East Carroll Parish, where the poverty rate of 37.6 percent is over three times the national average.

"This isn't our biggest project anywhere. But in many ways it's our most important," Chambers told Ars in a phone interview. Conexon primarily works with electric cooperatives, favoring a business model in which the local community owns the fiber network and Conexon operates it under a lease agreement.

But the East Carroll Parish grant—$4 million to serve over 2,500 households in an area that has been called one of the least connected in the state—is in limbo because of an eleventh-hour challenge from Cable One, a cable provider that offers services under its SparkLight brand name. Cable One plans to make similar challenges in other states; in fact, blocking government grants to other ISPs is one of Cable One's top priorities, according to the accidental email received by Chambers.

"Challenging publicly funded overbuilds is becoming one of the most important tasks we do as a company," Cable One Assistant General Counsel Patrick Caron wrote in the email.

Original Submission

Runaway1956 writes:

https://phys.org/news/2022-11-earth-temperature-millennia.html

The Earth's climate has undergone some big changes, from global volcanism to planet-cooling ice ages and dramatic shifts in solar radiation. And yet life, for the last 3.7 billion years, has kept on beating.

Now, a study by MIT researchers in Science Advances confirms that the planet harbors a "stabilizing feedback" mechanism that acts over hundreds of thousands of years to pull the climate back from the brink, keeping global temperatures within a steady, habitable range.

Just how does it accomplish this? A likely mechanism is "silicate weathering"—a geological process by which the slow and steady weathering of silicate rocks involves chemical reactions that ultimately draw carbon dioxide out of the atmosphere and into ocean sediments, trapping the gas in rocks.

Scientists have long suspected that silicate weathering plays a major role in regulating the Earth's carbon cycle. The mechanism of silicate weathering could provide a geologically constant force in keeping carbon dioxide—and global temperatures—in check. But there's never been direct evidence for the continual operation of such a feedback, until now.

An Anonymous Coward writes:

Cascade Lake and Skylake prove even more expensive than expected:

VLSI Technology, a patent holding company affiliated with Softbank's Fortress Investment Group, has been awarded $948.8 million in a patent infringement claim against Intel Corporation.

On Tuesday, a federal jury in the Western District of Texas, a popular venue for patent claims, found that Intel's Cascade Lake and Skylake processors violated a VLSI data processing patent.

Intel in a statement emailed to The Register said it intends to appeal the decision.

"This case is just one example of many that shows the US patent system is in urgent need of reform," a company spokesperson said. "VLSI is a 'patent troll' created by Fortress, a hedge fund that is bankrolled by large investment groups for the sole purpose of filing lawsuits to extract billions from American innovators like Intel."

"This is the third time that Intel has been forced to defend itself against meritless patent infringement claims made by VLSI. Intel strongly disagrees with the jury's verdict and the excessive damages awarded. We intend to appeal and are confident in the strength of our case."

An attorney representing VLSI did not immediately respond to request for comment.

Fnord666 writes:

This would increase the odds of finding another prehistoric human body in melting ice:

In 1991, a group of hikers found the mummified remains of Ötzi the Iceman emerging from a melting glacier. The popular interpretation—given the extraordinary preservation of the body—is that Ötzi fled from the valley after being attacked and froze to death in the gully where his mummified remains were found. His body and the tools he brought with him were quickly buried beneath the ice and remained frozen under a moving glacier for the next 5,300 years. The gully served as a kind of time capsule, protecting the remains from damage by the glacier.

But a new paper published in the journal The Holocene challenges that interpretation, suggesting that the Ötzi died elsewhere on the mountain and that normal environmental changes gradually moved his remains down into the gully. Further, for the first 1,500 years after his death, Ötzi's remains likely thawed and refroze at least once and quite possibly several times. That means it's much more likely that another ice mummy will be discovered, since no extraordinary circumstances are required to explain Ötzi's preservation.

[...] According to Lars Pilø, a glacial archaeologist with Norway's Department of Cultural Heritage, and his co-authors, even in 1992, there were some who questioned whether the mummy's remarkable preservation was due to extraordinary circumstances, most notably archaeologist Werner Meyer. The ensuing decades have seen the rise of so-called glacial archaeology, bringing its own methodology and a deeper understanding of just how complex archaeological ice sites can be. "The [original] story is so at odds with how glacial archaeological sites work," Pilø told Gizmodo. "We conclude that the find circumstances surrounding Ötzi are not a string of miracles, but can be better explained by normal processes on glacial archaeological sites."

Original Submission

fab23 writes:

Again a publication from Brian Krebs with a lot of insight and technical details (with screenshots as well):

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.

The Disneyland Team uses common misspellings for top bank brands in its domains. For example, one domain the gang has used since March 2022 is ushank[.]com — which was created to phish U.S. Bank customers.

But this group also usually makes use of Punycode to make their phony bank domains look more legit. The U.S. financial services firm Ameriprise uses the domain ameriprise.com; the Disneyland Team's domain for Ameriprise customers is https[:]//www.xn--meripris-mx0doj[.]com [brackets added to defang the domain], which displays in the browser URL bar as ạmeriprisẹ[.]com.

Look carefully, and you'll notice small dots beneath the "a" and the second "e". You could be forgiven if you mistook one or both of those dots for a spec of dust on your computer screen or mobile device.

This candid view inside the Disneyland Team comes from Alex Holden, founder of the Milwaukee-based cybersecurity consulting firm Hold Security. Holden's analysts gained access to a Web-based control panel the crime group has been using to keep track of victim credentials (see screenshot above). The panel reveals the gang has been operating dozens of Punycode-based phishing domains for the better part of 2022.

To read and see the whole article visit Krebs On Security

Original Submission

An Anonymous Coward writes:

Employee expenses were approved by posting emoji in Slack channels, DMs:

Sam Bankman-Fried's failed FTX business empire misused customer funds and lacked trustworthy financial statements or any real internal controls, according to the new boss of the collapsed $32 billion crypto exchange.

John Ray III, a veteran insolvency professional who oversaw the liquidation of Enron, said in a US court filing on Thursday that FTX was the worst case of corporate failure that he had seen in his more than 40-year career.

"Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here," he wrote.

The statement underlined the chaos and mismanagement at the heart of what was once a leading crypto industry player with deep ties in Washington DC. The demise of Bankman-Fried's FTX empire has plunged crypto markets into a crisis. Bankman-Fried did not immediately respond to a request for comment on the new filing.

Ray said he had found at FTX international, FTX US and Bankman-Fried's Alameda Research trading company "compromised systems integrity," "faulty regulatory oversight," and a "concentration of control in the hands of a very small group of inexperienced, unsophisticated, and potentially compromised individuals."

Runaway1956 writes:

"You'll get to know the difference when you either die or you pass through":

A team of physicists from Sofia University in Bulgaria say that wormholes, which are hypothetical tunnels linking one part of the universe to another, might be hiding in plain sight — in the form of black holes, New Scientist reports.

Black holes have long puzzled scientists, gobbling up matter and never letting it escape.

But where does all of this matter go? Physicists have long toyed with the idea that these black holes could be leading to "white holes," or wells that spew out streams of particles and radiation.

These two ends could together form a wormhole, or an Einstein-Rosen bridge to be specific, which some physicists believe could stretch any amount of time and space, a tantalizing theory that could rewrite the laws of spacetime as we understand them today.

Now, the researchers suggest that the "throat" of a wormhole could look very similar to previously discovered black holes, like the monster Sagittarius A* which is believed to be lurking at the center of our galaxy.

"Ten years ago, wormholes were completely in the area of science fiction," team lead Petya Nedkova at Sofia University told New Scientist. "Now, they are coming forward to the frontiers of science and people are actively searching."

[...] The only way to really tell for sure would be to scan these celestial oddities with an even higher-resolution telescope.

The other option, of course, would be to risk it all by flinging yourself into a black hole.

"If you were nearby, you would find out too late," Nedkova told the publication. "You'll get to know the difference when you either die or you pass through."

Also see: Wormholes Could Be Hiding in Plain Sight

Journal Reference:
Valentin Deliyski, Galin Gyulchev, Petya Nedkova, and Stoytcho Yazadjiev, Polarized image of equatorial emission in horizonless spacetimes: Traversable wormholes, Phys. Rev. D, 106, 2022. DOI: 10.1103/PhysRevD.106.104024

Original Submission

Fnord666 writes:

Active in dozens of advanced hacks since 2009, Billbug is still going strong:

Nation-state hackers based in China recently infected a certificate authority and several government and defense agencies with a potent malware cocktail for burrowing inside a network and stealing sensitive information, researchers said on Tuesday.

The successful compromise of the unnamed certificate authority is potentially serious, because these entities are trusted by browsers and operating systems to certify the identities responsible for a particular server or app. In the event the hackers obtained control of the organization's infrastructure, they could use it to digitally sign their malware to make it more easily slip past endpoint protections. They might also be able to cryptographically impersonate trusted websites or intercept encrypted data.

While the researchers who discovered the breach found no evidence the certificate infrastructure had been compromised, they said that this campaign was only the latest by a group they call Billbug, which has a documented history of noteworthy hacks dating back to at least 2009.

"The ability of this actor to compromise multiple victims at once indicates that this threat group remains a skilled and well-resourced operator that is capable of carrying out sustained and wide-ranging campaigns," Symantec researchers wrote. "Billbug also appears to be undeterred by the possibility of having this activity attributed to it, with it reusing tools that have been linked to the group in the past."

[...] Tuesday's post includes a host of technical details people can use to determine if they've been targeted by Billbug. Symantec is the security arm of Broadcom Software.

Remember that you can always edit/manage the list of trusted Certificate Authorities on your own machines.

Original Submission

mrpg writes:

Conservation efforts and fishery management have allowed tuna and billfish to recover:

After decades of population declines, the future is looking brighter for several tuna and billfish species, such as southern bluefin tuna, black marlins and swordfish, thanks to years of successful fisheries management and conservation actions. But some sharks that live in these fishes' open water habitats are still in trouble, new research suggests.

These sharks, including oceanic whitetips and porbeagles, are often caught by accident within tuna and billfish fisheries. And a lack of dedicated management of these species has meant their chances of extinction continue to rise, researchers report in the Nov. 11 Science.

[...] The team found that the extinction risk for tunas and billfishes increased throughout the last half of the 20th century, with the trend reversing for tunas starting in the 1990s and billfishes in the 2010s. These shifts are tied to known reductions in fishing deaths for these species that occurred at the same time.

[...] But shark species are floundering in these very same waters where tuna and billfish are fished, where the sharks are often caught as bycatch.

[...] "While we are increasingly sustainably managing the commercially important, valuable target species of tunas and billfishes," says Juan-Jordá, "shark populations continue to decline, therefore, the risk of extinction has continued to increase."

Some solutions going forward, says Juan-Jordá, include catch limits for some species and establishing sustainability goals within tuna and billfish fisheries beyond just the targeted species, addressing the issue of sharks that are incidentally caught. And it's important to see if measures taken to reduce shark bycatch deaths are actually effective, she says.

"There is a clear need for significant improvement in shark-focused management, and organizations responsible for their management need to act quickly before it is too late," Simpfendorfer says.

Original Submission