2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
2022-10-05 14:04:11 UTC --fnord666
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
We all know that when somebody gets unauthorised access to your computer hardware that security is out of the window! But what if you have to leave your hardware unattended but ostensibly in a 'secure' location - your hotel room or somebody else's home? fab23 has submitted this article on what you can do if that is the case:
The so-called evil maid attack is an attack against hardware devices utilizing hard- and/or software. It is carried out when the hardware is left unattended, e.g., in a hotel room when you're out for breakfast. The attacker manipulates the device in a malicious way, e.g.:
There are several ways to minimize the risk of an unnoticed, successful evil maid attack. Which road you go depends on your personal threat model (and your budget, of course).
[...] If you want to have a cheap solution to be reasonably sure nobody messes unnoticed with your device when you have to leave it alone, you may carry out some countermeasures, e.g.:
Seal all screws with nail polish or glue with glitter pieces in it, and take pictures that are stored offline so that you will be able to spot manipulations
Seal not needed peripheral interfaces (e.g. USB ports)
Lock needed peripheral ports with tamper-proof solutions (e.g. one-time locks which have to be destroyed to access the port)
Leave the device in the bootup password prompt of the FDE (Full Disk Encryption) password:
Reboot your device to the FDE password prompt
and enter the first few chars of the correct password (important!)
make sure the device stays in this mode till you return (e.g. has enough power or the power supply is plugged in, disable energy saving settings, ...)
When you're back, enter the rest of the FDE password, and if the device boots, then you could be reasonably sure it hasn't been tampered with. Of course, you have to examine the device physically thoroughly, e.g., the screws, peripheral ports, seals, etc. One important precondition for this to work is that the FDE boot code allows the password prompt to stay as it is after entering some chars. Fedora 7 and Ubuntu 20.04 seem to work, but Bitlocker (Windows) does not. Is this bulletproof? No. Will this be reasonably secure? Depends on your threat model. But it's definitely better than doing nothing, having the OS left up and running, or having the device powered off completely. Stay safe and secure!
So, if you absolutely have no other option, what do you do to ensure that your data remains as secure as possible?
A year-long study of the dietary habits of 9,341 Australians has backed growing evidence that highly processed and refined foods are the leading contributor of rising obesity rates in the Western world.
The new study, in the latest issue of the journal Obesity conducted by the University of Sydney's Charles Perkins Centre (CPC), was based on a national nutrition and physical activity survey undertaken by the Australian Bureau of Statistics (ABS), and further backs the 'Protein Leverage Hypothesis'.
First put forward in 2005 by professors Raubenheimer and Stephen Simpson, the Protein Leverage Hypothesis argues that people overeat fats and carbohydrates because of the body's strong appetite for protein, which the body actively favours over everything else. Because so much of modern diets consist of highly processed and refined foods – which are low in protein – people are driven to consume more energy-dense foods until they satisfy their protein demand.
[...] "It's increasingly clear that our bodies eat to satisfy a protein target," added Professor David Raubenheimer, the Leonard Ullmann Chair in Nutritional Ecology at the School of Life and Environmental Sciences.
"But the problem is that the food in Western diets contains increasingly less protein. So, you have to consume more of it to reach your protein target, which effectively elevates your daily energy intake.
[...] Participants with a lower proportion of protein than recommended at the first meal consumed more discretionary foods – energy-dense foods high in saturated fats, sugars, salt, or alcohol – throughout the day, and less of the recommended five food groups (grains; vegetables/legumes; fruit; dairy and meats). Consequently, they had an overall poorer diet at each mealtime, with their percentage of protein energy decreasing even as their discretionary food intake rose – an effect the scientists call 'protein dilution'.
Amanda Grech, Zhixian Sui, Anna Rangan, et al., Macronutrient (im)balance drives energy intake in anobesogenic food environment: An ecological analysis [open], Obesity, 30, 11, 2022. DOI: 10.1002/oby.23578
The Alphabet company announced that the latest version of the sensor array on its autonomous vehicles — using a combination of cameras, radar, and lidar — is able to measure weather conditions the car may face, specifically the intensity of rain drops (or lack thereof), as well as fog. It would turn the vehicles into, as the company puts it, "mobile weather stations."
This doesn't mean you'll be seeing a Waymo car giving out the weather on your local TV station anytime soon, but it will help the robotaxis make real-time decisions in adapting to the weather conditions on the ground. It's being tested to begin with in Phoenix and San Francisco, two very different climates.
But since the sensors ostensibly turn the vehicles into amateur meteorologists, Waymo is also able to use the data to create real-time weather maps on conditions like the progression of coastal fogs, as well as light drizzles that a radar might miss.
DuckDuckGo released a new privacy tool for Android Wednesday that will help protect you from the companies harvesting personal data through your apps. The new App Tracking Protection feature, now available in beta in the DuckDuckGo for Android app, will let users take advantage of some of the privacy protections already enjoyed by iPhone users.
The company's App Tracking Protection tool doesn't just block the data collection, it also gives you a firsthand look at what information apps are trying to harvest and where they're trying to send it. DuckDuckGo spent the last year testing the feature with real users. The feature is easy to use. All you have to do is install the DuckDuckGo app, open Settings, select "App Tracking Protection," and follow the onscreen instructions.
[...] App Tracking Protection runs in the background of your day-to-day phone use, but if you open it up, the DuckDuckGo app gives you a real time summary of the attempts to collect your data. The numbers will be staggering if you aren't familiar with the inner workings of tech products.
According to DuckDuckGo, the average Android user has about 35 apps on their phone. In their tests, a phone with 35 apps on it will send about 1,000-2,000 packets of tracking data to over 70 different tracking companies every day—but that number can be far worse depending on which apps you use.
[...] Apple introduced a similarly named privacy setting last year called App Tracking Transparency. The setting, which caused an earthquake in the tech industry (Meta said the setting cost it $10 billion in a year), gave iPhone users some of best, easy-to-use privacy protection available to date. But Android doesn't offer anything similar built-in to the operating system. There are a number of other tracker protection tools Android users can install, but DuckDuckGo's offering is free and built by a company with a history of protecting users' privacy.
In fact, DuckDuckGo's privacy tool is even more powerful than Apple's offering in some ways. Apple's App Tracking Transparency takes a policy-based approach, telling apps they're not allows to track users and making it impossible to collect an ID number used for adverting. DuckDuckGo's tool applies more broadly; rather than protecting certain data points, it blocks communication with many third parties altogether, no matter what kind of data is involved.
"We feel that its necessary to block the requests of these trackers outright to stop that data being collected," Dolanjski said. The company chose to bring the feature to Android first because users don't have any meaningful built-in protection. "Apart from Google introducing additional controls in the future, you're not going to be able the data collection any other way," he said. DuckDuckGo is considering adding the feature to its iPhone app in the future.
[Ed: Anyone try it yet? --hubie]
In the spring of 2021, Cynthia and John Grano, who own a cattle operation and sell performance horses in Culpeper County, Virginia, started noticing some of their cows slowing down and acting "spacey." They figured the animals were suffering from anaplasmosis, a common infectious disease that causes anemia in cattle. But Melinda McCall, their veterinarian, had warned them that another disease carried by a parasite was spreading rapidly in the area.
After a third cow died, the Granos decided to test its blood. Sure enough, the test came back positive for the disease: theileria. And with no treatment available, the cows kept dying. In September, by which time the couple had already lost six cows and seven calves, Cynthia noticed a cow separated from the herd. She was walking up to it when it suddenly charged at her and knocked her over, breaking her shoulder blade. By that afternoon, the cow was dead.
[...] Theileria, which is in the same family as malaria, is being transmitted largely through the Asian longhorned tick, an invasive species first discovered in the US in 2017. The tick is native to Korea, China, Russia, and Japan. As it has spread in the US, so has theileria; the disease has been found in cattle in West Virginia, North Carolina, Tennessee, Kentucky, Pennsylvania, and Kansas. Some sale barns in Virginia saw the prevalence of theileria increase from two to 20 percent in just two years.
Theileria can cause cows to abort their fetuses. It can also cause anemia so severe that a cow will die. In Australia, where the disease has been spreading since 2012 and now affects a quarter of the cattle, theileria costs the beef industry an estimated $19.6 million a year in reduced milk and meat yields, according to a 2021 paper. In Japan and Korea, the combined loss is an estimated $100 million annually. Kevin Lawrence, an associate professor at Massey University who studies theileria in New Zealand, says that country has managed to avoid abortions because 95 percent of cows calve in the spring there, the same season he's seen theileria infecting cows. In the US, however, calving season can be year-round. "I think in America, you're going to see abortions," he says. "You're going to see deaths."
[...] A piece of legislation lined up for a vote in Congress, called the Pasteur Act (named both for the 19th-century microbiologist and to stand for Pioneering Antimicrobial Subscriptions to End Upsurging Resistance), could repopulate that empty landscape by guaranteeing government funds to help a small number of new antibiotics make it to market. The proposal has bipartisan support in both the House and Senate, is backed by the Department of Health and Human Services (HHS), was implicitly endorsed in the last White House budget, and resembles programs already implemented in other countries.
[...] "If this doesn't pass, or something like it doesn't get implemented, then I don't know what Plan B is," says Joe Larsen, a vice president at Locus Biosciences Inc. who launched an Obama–era program of antibiotic investment while serving in the US government's Biomedical Advanced Research Development Authority. "We need to re-envision the way we support antimicrobials in the US."
That patients might run out of effective antibiotics is a jarring thought. The Centers for Disease Control and Prevention estimates that antibiotic-resistant infections already kill more than 48,000 Americans each year and sicken 2.8 million. A January study in The Lancet estimated the annual global death toll at 1.27 million. Antibiotic resistance got worse during the pandemic as health care workers tried to protect Covid patients from bacterial infections, not just in individual outbreaks in hospitals but across the US.
[...] Lacking enough income to balance their expenditures, the big companies left the field to small biotechs. These new players believe in the mission, but typically don't have income from other product lines to buoy them while they wait for sales. Since 2010, the makers of five out of 15 new antibiotics approved by the FDA have folded or sold themselves at auction because they could not outlast the lag between approval and earnings. A sixth company backed off an antibiotic in Phase 3 trials in May and laid off three-fourths of its staff. A seventh reorganized itself just last month.
On October 17, Jonathan Chambers received an email that wasn't meant for him.
Chambers is one of the top executives at Conexon, a broadband company that has built and operates dozens of fiber networks in rural parts of America. Conexon recently won one of the Louisiana state government's GUMBO grants to deploy fiber-to-the-home service in East Carroll Parish, where the poverty rate of 37.6 percent is over three times the national average.
"This isn't our biggest project anywhere. But in many ways it's our most important," Chambers told Ars in a phone interview. Conexon primarily works with electric cooperatives, favoring a business model in which the local community owns the fiber network and Conexon operates it under a lease agreement.
But the East Carroll Parish grant—$4 million to serve over 2,500 households in an area that has been called one of the least connected in the state—is in limbo because of an eleventh-hour challenge from Cable One, a cable provider that offers services under its SparkLight brand name. Cable One plans to make similar challenges in other states; in fact, blocking government grants to other ISPs is one of Cable One's top priorities, according to the accidental email received by Chambers.
"Challenging publicly funded overbuilds is becoming one of the most important tasks we do as a company," Cable One Assistant General Counsel Patrick Caron wrote in the email.
The Earth's climate has undergone some big changes, from global volcanism to planet-cooling ice ages and dramatic shifts in solar radiation. And yet life, for the last 3.7 billion years, has kept on beating.
Now, a study by MIT researchers in Science Advances confirms that the planet harbors a "stabilizing feedback" mechanism that acts over hundreds of thousands of years to pull the climate back from the brink, keeping global temperatures within a steady, habitable range.
Just how does it accomplish this? A likely mechanism is "silicate weathering"—a geological process by which the slow and steady weathering of silicate rocks involves chemical reactions that ultimately draw carbon dioxide out of the atmosphere and into ocean sediments, trapping the gas in rocks.
Scientists have long suspected that silicate weathering plays a major role in regulating the Earth's carbon cycle. The mechanism of silicate weathering could provide a geologically constant force in keeping carbon dioxide—and global temperatures—in check. But there's never been direct evidence for the continual operation of such a feedback, until now.
The new findings are based on a study of paleoclimate data that record changes in average global temperatures over the last 66 million years. The MIT team applied a mathematical analysis to see whether the data revealed any patterns characteristic of stabilizing phenomena that reined in global temperatures on a geologic timescale.
They found that indeed there appears to be a consistent pattern in which the Earth's temperature swings are dampened over timescales of hundreds of thousands of years. The duration of this effect is similar to the timescales over which silicate weathering is predicted to act.
The results are the first to use actual data to confirm the existence of a stabilizing feedback, the mechanism of which is likely silicate weathering. This stabilizing feedback would explain how the Earth has remained habitable through dramatic climate events in the geologic past.
"On the one hand, it's good because we know that today's global warming will eventually be canceled out through this stabilizing feedback," says Constantin Arnscheidt, a graduate student in MIT's Department of Earth, Atmospheric, and Planetary Sciences (EAPS). "But on the other hand, it will take hundreds of thousands of years to happen, so not fast enough to solve our present-day issues."
More information: Constantin Arnscheidt, Presence or absence of stabilizing Earth system feedbacks on different timescales, Science Advances (2022). DOI: 10.1126/sciadv.adc9241
VLSI Technology, a patent holding company affiliated with Softbank's Fortress Investment Group, has been awarded $948.8 million in a patent infringement claim against Intel Corporation.
On Tuesday, a federal jury in the Western District of Texas, a popular venue for patent claims, found that Intel's Cascade Lake and Skylake processors violated a VLSI data processing patent.
Intel in a statement emailed to The Register said it intends to appeal the decision.
"This case is just one example of many that shows the US patent system is in urgent need of reform," a company spokesperson said. "VLSI is a 'patent troll' created by Fortress, a hedge fund that is bankrolled by large investment groups for the sole purpose of filing lawsuits to extract billions from American innovators like Intel."
"This is the third time that Intel has been forced to defend itself against meritless patent infringement claims made by VLSI. Intel strongly disagrees with the jury's verdict and the excessive damages awarded. We intend to appeal and are confident in the strength of our case."
An attorney representing VLSI did not immediately respond to request for comment.
[...] A 2014 academic paper, "The Direct Costs from NPE Disputes," [PDF] found that in 2011, "the estimated direct, accrued costs of NPE [non-practicing entities] patent assertions totaled $29 billion."
Large technology companies – many of which have amassed large patent portfolios, which they often justify as defensive weapons – have complained for years about patent trolls/patent assertion entities [PAE] /NPEs, which are companies that exist to file infringement claims.
Legal changes, like the US Supreme Court's Alice Corp. v. CLS Bank International decision, which made software patents more difficult to obtain, have reduced patent trials – more claims are being dismissed. But Intel in its antitrust argument against Fortress has suggested that patent assertion entities are adapting to the new legal landscape.
"In the face of these challenges, PAEs have evolved," the company said. "PAEs have increasingly been partnering with investment firms to fuel their litigation."
In 1991, a group of hikers found the mummified remains of Ötzi the Iceman emerging from a melting glacier. The popular interpretation—given the extraordinary preservation of the body—is that Ötzi fled from the valley after being attacked and froze to death in the gully where his mummified remains were found. His body and the tools he brought with him were quickly buried beneath the ice and remained frozen under a moving glacier for the next 5,300 years. The gully served as a kind of time capsule, protecting the remains from damage by the glacier.
But a new paper published in the journal The Holocene challenges that interpretation, suggesting that the Ötzi died elsewhere on the mountain and that normal environmental changes gradually moved his remains down into the gully. Further, for the first 1,500 years after his death, Ötzi's remains likely thawed and refroze at least once and quite possibly several times. That means it's much more likely that another ice mummy will be discovered, since no extraordinary circumstances are required to explain Ötzi's preservation.
[...] According to Lars Pilø, a glacial archaeologist with Norway's Department of Cultural Heritage, and his co-authors, even in 1992, there were some who questioned whether the mummy's remarkable preservation was due to extraordinary circumstances, most notably archaeologist Werner Meyer. The ensuing decades have seen the rise of so-called glacial archaeology, bringing its own methodology and a deeper understanding of just how complex archaeological ice sites can be. "The [original] story is so at odds with how glacial archaeological sites work," Pilø told Gizmodo. "We conclude that the find circumstances surrounding Ötzi are not a string of miracles, but can be better explained by normal processes on glacial archaeological sites."
Again a publication from Brian Krebs with a lot of insight and technical details (with screenshots as well):
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.
The Disneyland Team uses common misspellings for top bank brands in its domains. For example, one domain the gang has used since March 2022 is ushank[.]com — which was created to phish U.S. Bank customers.
But this group also usually makes use of Punycode to make their phony bank domains look more legit. The U.S. financial services firm Ameriprise uses the domain ameriprise.com; the Disneyland Team's domain for Ameriprise customers is https[:]//www.xn--meripris-mx0doj[.]com [brackets added to defang the domain], which displays in the browser URL bar as ạmeriprisẹ[.]com.
Look carefully, and you'll notice small dots beneath the "a" and the second "e". You could be forgiven if you mistook one or both of those dots for a spec of dust on your computer screen or mobile device.
This candid view inside the Disneyland Team comes from Alex Holden, founder of the Milwaukee-based cybersecurity consulting firm Hold Security. Holden's analysts gained access to a Web-based control panel the crime group has been using to keep track of victim credentials (see screenshot above). The panel reveals the gang has been operating dozens of Punycode-based phishing domains for the better part of 2022.
To read and see the whole article visit Krebs On Security
Sam Bankman-Fried's failed FTX business empire misused customer funds and lacked trustworthy financial statements or any real internal controls, according to the new boss of the collapsed $32 billion crypto exchange.
John Ray III, a veteran insolvency professional who oversaw the liquidation of Enron, said in a US court filing on Thursday that FTX was the worst case of corporate failure that he had seen in his more than 40-year career.
"Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here," he wrote.
The statement underlined the chaos and mismanagement at the heart of what was once a leading crypto industry player with deep ties in Washington DC. The demise of Bankman-Fried's FTX empire has plunged crypto markets into a crisis. Bankman-Fried did not immediately respond to a request for comment on the new filing.
Ray said he had found at FTX international, FTX US and Bankman-Fried's Alameda Research trading company "compromised systems integrity," "faulty regulatory oversight," and a "concentration of control in the hands of a very small group of inexperienced, unsophisticated, and potentially compromised individuals."
The scathing filing in the federal bankruptcy court in Delaware painted a picture of severe mismanagement by Bankman-Fried at FTX, a company that raised billions of dollars from top-tier venture capital investors such as Sequoia, SoftBank and Temasek.
FTX failed to keep proper books, records, or security controls for the digital assets it held for customers; used software to "conceal the misuse of customer funds"; and gave special treatment to Alameda, said Ray, adding that "the debtors do not have an accounting department and outsource this function."
He said the company did not have "an accurate list" of its own bank accounts, or even a complete record of the people who worked for FTX. He added that FTX used "an unsecured group email account" to manage the security keys for its digital assets.
A team of physicists from Sofia University in Bulgaria say that wormholes, which are hypothetical tunnels linking one part of the universe to another, might be hiding in plain sight — in the form of black holes, New Scientist reports.
Black holes have long puzzled scientists, gobbling up matter and never letting it escape.
But where does all of this matter go? Physicists have long toyed with the idea that these black holes could be leading to "white holes," or wells that spew out streams of particles and radiation.
These two ends could together form a wormhole, or an Einstein-Rosen bridge to be specific, which some physicists believe could stretch any amount of time and space, a tantalizing theory that could rewrite the laws of spacetime as we understand them today.
Now, the researchers suggest that the "throat" of a wormhole could look very similar to previously discovered black holes, like the monster Sagittarius A* which is believed to be lurking at the center of our galaxy.
"Ten years ago, wormholes were completely in the area of science fiction," team lead Petya Nedkova at Sofia University told New Scientist. "Now, they are coming forward to the frontiers of science and people are actively searching."
[...] The only way to really tell for sure would be to scan these celestial oddities with an even higher-resolution telescope.
The other option, of course, would be to risk it all by flinging yourself into a black hole.
"If you were nearby, you would find out too late," Nedkova told the publication. "You'll get to know the difference when you either die or you pass through."
Also see: Wormholes Could Be Hiding in Plain Sight
Valentin Deliyski, Galin Gyulchev, Petya Nedkova, and Stoytcho Yazadjiev, Polarized image of equatorial emission in horizonless spacetimes: Traversable wormholes, Phys. Rev. D, 106, 2022. DOI: 10.1103/PhysRevD.106.104024
Nation-state hackers based in China recently infected a certificate authority and several government and defense agencies with a potent malware cocktail for burrowing inside a network and stealing sensitive information, researchers said on Tuesday.
The successful compromise of the unnamed certificate authority is potentially serious, because these entities are trusted by browsers and operating systems to certify the identities responsible for a particular server or app. In the event the hackers obtained control of the organization's infrastructure, they could use it to digitally sign their malware to make it more easily slip past endpoint protections. They might also be able to cryptographically impersonate trusted websites or intercept encrypted data.
While the researchers who discovered the breach found no evidence the certificate infrastructure had been compromised, they said that this campaign was only the latest by a group they call Billbug, which has a documented history of noteworthy hacks dating back to at least 2009.
"The ability of this actor to compromise multiple victims at once indicates that this threat group remains a skilled and well-resourced operator that is capable of carrying out sustained and wide-ranging campaigns," Symantec researchers wrote. "Billbug also appears to be undeterred by the possibility of having this activity attributed to it, with it reusing tools that have been linked to the group in the past."
[...] Tuesday's post includes a host of technical details people can use to determine if they've been targeted by Billbug. Symantec is the security arm of Broadcom Software.
Remember that you can always edit/manage the list of trusted Certificate Authorities on your own machines.
After decades of population declines, the future is looking brighter for several tuna and billfish species, such as southern bluefin tuna, black marlins and swordfish, thanks to years of successful fisheries management and conservation actions. But some sharks that live in these fishes' open water habitats are still in trouble, new research suggests.
These sharks, including oceanic whitetips and porbeagles, are often caught by accident within tuna and billfish fisheries. And a lack of dedicated management of these species has meant their chances of extinction continue to rise, researchers report in the Nov. 11 Science.
[...] The team found that the extinction risk for tunas and billfishes increased throughout the last half of the 20th century, with the trend reversing for tunas starting in the 1990s and billfishes in the 2010s. These shifts are tied to known reductions in fishing deaths for these species that occurred at the same time.
[...] But shark species are floundering in these very same waters where tuna and billfish are fished, where the sharks are often caught as bycatch.
[...] "While we are increasingly sustainably managing the commercially important, valuable target species of tunas and billfishes," says Juan-Jordá, "shark populations continue to decline, therefore, the risk of extinction has continued to increase."
Some solutions going forward, says Juan-Jordá, include catch limits for some species and establishing sustainability goals within tuna and billfish fisheries beyond just the targeted species, addressing the issue of sharks that are incidentally caught. And it's important to see if measures taken to reduce shark bycatch deaths are actually effective, she says.
"There is a clear need for significant improvement in shark-focused management, and organizations responsible for their management need to act quickly before it is too late," Simpfendorfer says.