Feed aggregator

GCHQ Has Disclosed Over 20 Vulnerabilities This Year

/. - 3 hours 8 min ago
Joseph Cox, reporting for Motherboard: Earlier this week, it emerged that a section of Government Communications Headquarters (GCHQ), the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen individual vulnerabilities in the past few months, including in highly popular pieces of software like iOS. "So far in 2016 GCHQ/CESG has disclosed more than 20 vulnerabilities across a number of software products," a GCHQ spokesperson told Motherboard in an email. CESG, or the National Technical Authority for Information Assurance, is the information security wing of GCHQ. Those issues include a kernel vulnerability in OS X El Captain v10.11.4, the latest version, that would allow arbitrary code execution, and two in iOS 9.3, one of which would have done largely the same thing, and the other could have let an application launch a denial of service attack.

Read more of this story at Slashdot.

Microsoft Experiments With DNA Data Storage

Soylent New - 3 hours 9 min ago

Microsoft is purchasing synthesized strands of DNA to test DNA data storage:

Microsoft is buying ten million strands of DNA from biology startup Twist Bioscience to investigate the use of genetic material to store data.

The data density of DNA is orders of magnitude higher than conventional storage systems, with 1 gram of DNA able to represent close to 1 billion terabytes (1 zettabyte) of data. DNA is also remarkably robust; DNA fragments thousands of years old have been successfully sequenced. These properties make it an intriguing option for long-term data archiving. Binary data has already been successfully stored as DNA base pairs, with estimates in 2013 suggesting that it would be economically viable for storage of 500 years or more.

At a future price of 2 cents per base pair, or 1 cent per bit (ignoring the need for error correction), a terabyte would cost $80 billion (and weigh a nanogram). Once synthesized, copying it would be as cheap as using a PCR machine.

Also at TechCrunch.

Related: An Isolated Vault Could Store Our Data on DNA for 2 Million Years
Scientists Store Digital Images in DNA, and Retrieve Them Perfectly

Original Submission

Read more of this story at SoylentNews.

Microsoft Flow -- An IFTTT Alternative -- Aims To Connect Your Online Apps

/. - 3 hours 38 min ago
An anonymous user writes: Microsoft has unveiled a new product called Microsoft Flow, which is designed to better connect diverse services so that you could, if you were so inclined, put all your tweets into a spreadsheet or get an SMS alert when you receive an email. That example may be a solution in search of a problem, but there are other more useful possibilities. Flow could be set up so that any email from your boss triggers an SMS notification to your phone, for example. Or you could make sure any updated work documents get deposited in your team's SharePoint. To be sure, Microsoft is not first to this app-integration party. Many people already use If This Then That (IFTTT) or Zapier, which claims more than 500 app integrations, to knit their services together.Some IFTTT users must be breathing a sigh of relief.

Read more of this story at Slashdot.

US Calls Switzerland An Internet Piracy Haven

/. - 4 hours 18 min ago
An anonymous reader writes: The Office of the United States Trade Representative has published its annual Special 301 Report calling out other nations for failing to live up to U.S. IP enforcement standards. This year European ally Switzerland has been placed on the Watch List for protecting file-sharers and playing host to many pirate sites. "Generally speaking, Switzerland broadly provides high-levels of IPR protection and enforcement in its territory. Switzerland makes important contributions to promoting such protection and enforcement internationally, including in bilateral and multilateral contexts, which are welcomed by the United States," the USTR writes in its assessment.

Read more of this story at Slashdot.

Devuan, Systemd-Free Debian Fork, Rolls Out First Beta Release

Soylent New - 4 hours 51 min ago

Almost a year and a half in the making, Devuan no longer is an Alpha-stage Linux distribution. A major site overhaul salutes the rollout of the first Beta release:

Here is an excerpt from an article from The Register on the release:

The effort to create a systemd-free Debian fork has borne fruit, with a beta of "Devuan Jessie" appearing in the wild.

Devuan came into being after a rebellion by a self-described "Veteran Unix Admin collective" argued that Debian had betrayed its roots and was becoming too desktop-oriented. The item to which they objected most vigorously was the inclusion of the systemd bootloader. The rebels therefore decided to fork Debian and "preserve Init freedom". The group renamed itself and its distribution "Devuan" and got work, promising a fork that looked, felt, and quacked like Debian in all regards other than imposing systemd as the default Init option.

[...] Kudos, though, to the group for getting it out there! Now to see if there's really a groundswell of support for the cause of "Init freedom", as the greybeards name their cause.

The inclusion of systemd appears not to be holding rival Linux distros back: our review of Ubuntu 16.04 suggests it will be a speed bump for most users. Our Debian Jessie review said it slices a few seconds off boot times but is removable with little fuss for those who would prefer to go their own way at startup time. ®

How many people have been using this distro out of their worry over systemd's voracious appetite of everything standing between the kernel and the user? What are others using who share similar worries but have turned to other distros?

Original Submission

Read more of this story at SoylentNews.

Freshly Minted Unicorns Now a Rare Sighting In Silicon Valley

/. - 4 hours 58 min ago
An anonymous reader shares a Quartz report: Unicorns, start-up companies valued at over $1 billion each, once a rare sighting for investors, have frolicked across Silicon Valley of late. Now the market seems to be yanking on the reins. Venture capital research firm CB Insights reports the number of venture-backed startups achieving a $1 billion or more valuation ground to a halt over the last six months. In the first quarter of 2016, only five new unicorns arrived. That's compared to an average of about 20 per quarter last year. The number of startups worth at least $1 billion has doubled since 2015 to more than 160, says CB Insights. At the same time, the number of such companies accepting "down rounds" or exits with lower valuations is now up. That number exceeded the quantity of new unicorns being created starting in the last quarter of 2015.

Read more of this story at Slashdot.

Google AI Has Access To 1.6M People's NHS Records

/. - 5 hours 37 min ago
Hal Hodson, reporting for New Scientist:It's no secret that Google has broad ambitions in healthcare. But a document obtained by New Scientist reveals that the tech giant's collaboration with the UK's National Health Service goes far beyond what has been publicly announced. The document -- a data-sharing agreement between Google-owned artificial intelligence company DeepMind and the Royal Free NHS Trust -- gives the clearest picture yet of what the company is doing and what sensitive data it now has access to. The agreement gives DeepMind access to a wide range of healthcare data on the 1.6 million patients who pass through three London hospitals run by the Royal Free NHS Trust -- Barnet, Chase Farm and the Royal Free -- each year. This will include information about people who are HIV-positive, for instance, as well as details of drug overdoses and abortions. The agreement also includes access to patient data from the last five years. According to their original agreement, Google cannot use the data in any other part of its business.

Read more of this story at Slashdot.

US Toy Maker Maisto's Website Pushes Ransomware

/. - 6 hours 16 min ago
An anonymous reader shares a PCWorld article: Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files. [...] Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption toolto add support for CryptXXX affected files. The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

Read more of this story at Slashdot.

Sunny U.S. States Are Sabotaging Solar Energy

Soylent New - 6 hours 32 min ago


"The 10 states account for more than 35 percent of the total rooftop solar potential in the contiguous United States but have just 6 percent of rooftop capacity, the report [PDF] said, citing data from the National Renewable Energy Laboratory."
"Environmentalists say impediments to rooftop solar make it difficult for the United States to meet fossil-fuel emission reductions established by the Paris climate change accord, which 175 world leaders signed at the United Nations on April 22."
"Sixty percent of all installed solar capacity in the United States have been done by utilities [and] nearly all of that came from large-scale installations.
That's probably because rooftop solar is not as profitable."
"Under most net metering policies, utilities are required to buy this power at the full retail rate, even though it would cost them less to produce the electricity themselves," David Owen, executive vice president of the Edison Electric Institute, said in February.

No free sun for you(tm)!

Original Submission

Read more of this story at SoylentNews.

Doctor Ready to Perform First Human Head Transplant

/. - 6 hours 57 min ago
Ross Kenneth Urken, reporting for Newsweek (edited and condensed): Italian neurosurgeon Sergio Canavero had his Dr. Strange moment when he announced he'd be able to do a human head transplant in a two-part procedure he dubs HEAVEN (paywalled, this alternate link could help) (head anastomosis venture) and Gemini (the subsequent spinal cord fusion). [...] Canavero has a plan: It's a 36-hour, $20 million procedure involving at least 150 people, including doctors, nurses, technicians, psychologists and virtual reality engineers. In a specially equipped hospital suite, two surgical teams will work simultaneously -- one focused on Valery Spiridonov (patient) and the other on the donor's body, selected from a brain-dead patient and matched with the Spiridonov for height, build and immunotype. Both patients -- anesthetized and outfitted with breathing tubes -- will have their heads locked using metal pins and clamps, and electrodes will be attached to their bodies to monitor brain and heart activity. Next, Spiridonov's head will be nearly frozen, ultimately reaching 12 to 15 degrees Celsius, which will make him temporarily brain-dead.Shouldn't it be called a body transplant? Since a person is often defined by the brain. You can read the complete procedure here.

Read more of this story at Slashdot.

Supreme Court Gives FBI More Hacking Power

/. - 7 hours 38 min ago
An anonymous reader cites an article on The Intercept (edited and condensed): The Supreme Court on Thursday approved changes that would make it easier for the FBI to hack into computers, many of them belonging to victims of cybercrime. The changes, which will take immediate effect in December unless Congress adopts competing legislation, would allow the FBI go hunting for anyone browsing the Internet anonymously in the U.S. with a single warrant. Previously, under the federal rules on criminal procedures, a magistrate judge couldn't approve a warrant request to search a computer remotely if the investigator didn't know where the computer was -- because it might be outside his or her jurisdiction. The rule change would allow a magistrate judge to issue a warrant to search or seize an electronic device if the target is using anonymity software like Tor."Unbelievable," said Edward Snowden. "FBI sneaks radical expansion of power through courts, avoiding public debate." Ahmed Ghappour, a visiting professor at University of California Hastings Law School, has described it as "possibly the broadest expansion of extraterritorial surveillance power since the FBI's inception."

Read more of this story at Slashdot.

UC Davis Chancellor Suspended After $175,000 Online Name-Scrubbing Antics

Soylent New - 8 hours 9 min ago

El Reg reports

Linda Katehi, the chancellor of the University of California, Davis, has been suspended pending an investigation into the decision to spent hundreds of thousand of dollars improving Google search results for her name, amid a range of other questionable activities.

The decision to put Katehi on paid administrative leave was made by UC President Janet Napolitano, who wrote a two-page letter(PDF) to Katehi noting she would be suspended for 90 days pending the outcome of a "rigorous and transparent investigation."

The revelation that Katehi's office had spent $175,000 in an effort to "achieve a reasonable balance of positive natural search results on common terms concerning UC Davis and Chancellor Katehi" was dug out by the Sacramento Bee looking into why UC Davis' "strategic communications budget" had jumped from $2.93M in 2009 to $5.47M in 2015.

The events Katehi was seeking to whitewash--when security officers pepper-sprayed sitting students back in 2011--received nationwide press attention for the seemingly callous way in which the undergraduates were treated. The news that the university had secretly spent hundreds of thousands of dollars trying to remove that reputational stain was similarly covered.

[...] Napolitano's letter also puts a spotlight on other concerns over Katehi's behavior, including the employment of her son, her husband, and her daughter-in-law by the university.

[...] The letter [also] refers to complaints that student fees have been used for "unapproved instructional purposes" which would be "a serious violation of University policy".

[...] UC Davis students have been holding rallies calling for Katehi's resignation for over a week.

Previous: University of California in Davis Spent $175k on SEO and "Reputation Management"

Original Submission

Read more of this story at SoylentNews.

The Critical Hole At the Heart Of Our Cell Phone Networks

/. - 8 hours 36 min ago
An anonymous reader writes: Kim Zetter from WIRED writes an intriguing report about a vulnerability at the heart of our cell phone networks. It centers around Signaling System No. 7 (SS7), which refers to a data network -- and the protocols or rules that govern how information gets exchanged over it. Zetter writes, "It was designed in the 1970s to track and connect landline calls across different carrier networks, but is now commonly used to calculate cellular billing and send text messages, in addition to routing mobile and landline calls between carriers and regional switching centers. SS7 is part of the telecommunications backbone but is not the network your voice calls go through; it's a separate administrative network with a different function." According to WIRED, the problem is that SS7 is based on trust -- any request a telecom receives is considered legitimate. In addition to telecoms, government agencies, commercial companies and criminal groups can gain access to the network. Most attacks can be defended with readily available technologies, but more involved attacks take longer to defend against. T-Mobile and ATT have vulnerabilities with fixes that have yet to be implemented for example.

Read more of this story at Slashdot.

Some Protection for Email and Cloud Data

Soylent New - 9 hours 51 min ago

Info World reports

The U.S. House of Representatives, in a rare unanimous vote, has approved a bill to strengthen privacy protections for email and other data stored in the cloud.

The Email Privacy Act would require law enforcement agencies to get court-ordered warrants to search email and other data stored with third parties for longer than six months. The House on Wednesday voted 419-0 to pass the legislation and send it to the Senate.

Under US law, stuff left on a computer account is deemed abandoned after 180 days, something left over from when people failed to pick up their mail at the post office.

This had been expanded over time to mean just about any email you keep in imap folders or even deleted pop mail, not routinely expunged. And of course cloud storage is often left sitting that long.

Getting a warrant has not proven to be an insurmountable problem for police, apparently they are available for the asking, with no recourse to the email provider or the email customer. But at least there may come to be the pretense of due process if the Senate also passes this bill, and the president signs it. (Which he may not do).

Original Submission

Read more of this story at SoylentNews.

DRM in HTML5 Will be Hardware Specific and Hooked to the DMCA

Soylent New - 11 hours 35 min ago

The working group that is drafting the W3C's Encrypted Media Extension (EME) specification (aka DRM in HTML5) is baking in language that would allow the DMCA to be invoked despite denials that "EME [is] putting DRM in HTML".

The EME is a set of predefined javascript functions that invoke functions is Content Decryption Modules (CDM) and CDMs are containers for DRM functionality. It's simple and innocuous but how it's worded and what they refuse to define is where the danger lies.

First, the EME is hooked to the DMCA by using very specific legal language: "content protection". One of the people working on the specification freely admits that "it is well-known that the purpose of content protection is not to prevent all unauthorized access to the content (this is impossible)" but despite the fact that it cannot protect the content, the entire working group insists on this very specific language and has refused alternative wording. The reason of course is because "protected content" is the legal term that DRM implementers always use.

Second, the EME is hardware specific by refusing to make a specification for CDMs. By not defining how CDMs are implemented, this leaves it up to each browser author to invent their own. All existing implementations of the CDMs are done using non-portable binary plugins that execute directly on your computer. This means that if a website is using a CDM that isn't ported to your specific browser, OS and architecture, you cannot view the video on that page. So if your computer runs on PowerPC instead of x86 you are out of luck, every site using CDMs will be out of your reach. That's not all, despite having a 4K SmartTV, you can't watch Netflix in 4K because it uses PlayReady 3.0 and it was reveiled last year that PlayReady 3.0 is only for Windows 10 and requires hardware DRM. Specifically it uses an instruction set extension to use a hidden "security processor" which is only in the latest generation of Intel and AMD chips.

All proposed alternatives to the legal language and a legitimate alternative to hardware specific lock-in were rejected by those drafting the EME. After looking into their backgrounds, I found that the group is composed exclusively of Microsoft, Netflix and Google employees.

If you wish to express your concerns, you can still do so on the github issue pages:
Issue #159: Remove all "protection" language
Issue #166: EME specification needs to include a CDM specification

Original Submission

Read more of this story at SoylentNews.

Obesity 'Explosion' In Young Rural Chinese A Result Of Socioeconomic Changes, Study Warns

/. - 11 hours 37 min ago
An anonymous reader quotes a report from BBC: Obesity has rapidly increased in young rural Chinese, a study has warned, because of socioeconomic changes. Researchers found 17% of boys and 9% of girls under the age of 19 were obese in 2014, up from 1% for each in 1985. The 29-year study, published in the European Journal of Preventive Cardiology, involved nearly 28,000 students in Shandong province. The study said China's rapid socioeconomic and nutritional transition has led to an increase in energy intake and a decrease in physical activity. The data was taken from six government surveys of rural school children in Shandong aged between seven and 18. The percentage of overweight children has also grown from 0.7% to 16.4% for boys and from 1.5% to nearly 14% for girls, the study said. "It is the worst explosion of childhood and adolescent obesity that I have ever seen," Joep Perk from the European Society of Cardiology told AFP news agency.

Read more of this story at Slashdot.

FBI Can't Say How It Hacked IPhone 5C

Soylent New - 13 hours 17 min ago

The Guardian is reporting that...

On Wednesday, the FBI confirmed it wouldn't tell Apple about the security flaw it exploited to break inside the iPhone 5C of San Bernardino gunman Syed Farook in part, because the bureau says it didn't buy the rights to the technical details of the hacking tool.

"Currently we do not have enough technical information about any vulnerability that would permit any meaningful review," said Amy Hess, the FBI's executive assistant director for science and technology.

$1.3m and no source code?

Original Submission

Read more of this story at SoylentNews.

In Internet Age, Pirate Radio Arises As Surprising Challenge

/. - 14 hours 37 min ago
K7DAN writes: Just as the demise of terrestrial radio has been greatly exaggerated, so has the assumed parallel death of pirate radio. Due to the failure of licensed stations to meet the needs of many niche communities, pirate radio continues to increase in popularity. Helping facilitate this growth is the weakening power of the FCC to stop it, reports the Associated Press. Rogue stations can cover up to several square miles thanks largely in part to cheaper technology. The appeal? "The DJs sound like you and they talk about things that you're interested in," said Jay Blessed, an online DJ who has listened to various unlicensed stations since she moved from Trinidad to Brooklyn more than a decade ago. "You call them up and say, 'I want to hear this song,' and they play it for you," Blessed said. "It's interactive. It's engaging. It's communal." It's upsetting many congressional members who are urging the FCC to do more about the "unprecedented growth of pirate radio operations." They're accusing said pirates of undermining licensed minority stations while ignoring consumer protection laws that guard against indecency and false advertising.

Read more of this story at Slashdot.

Printers at German Universities Mysteriously Churn Out Anti-Semitic Fliers

Soylent New - 15 hours 2 min ago

The New York Times published an article that says something about the security of networks at German universities, and at universities in general:

Printers at several universities across Germany produced anti-Semitic leaflets on or before Hitler's birthday this week, after hackers appeared to break into their computer systems, according to university officials.

Universities in Hamburg, Lüneburg and Tübingen confirmed that printers connected to their computer networks had suddenly started churning out the leaflets, most of them on Wednesday, the anniversary of Hitler's birth in Braunau, Austria, in 1889.

At least six other universities in Germany reported similar episodes, according to the German news agency DPA.

The leaflet produced at the University of Hamburg carried the slogan "Europe, awake!" and alluded to the mass migration that brought more than one million people, many from the Middle East, to the Continent last year. "Europe is being flooded by enemy strangers," it read, in part.

Without naming Hitler, the leaflet referred to "the words of a former European führer" who blamed the Jews for bringing non-Europeans to the Rhineland.

The article noted a similar breach at American universities, including one at Princeton in March.

Original Submission

Read more of this story at SoylentNews.

Take an Inside Tour of the Gigafactory With Tesla's JB Straubel

Soylent New - 16 hours 47 min ago

Gigafactory article" has lots of pretty pictures of it...

With such enormous interest in the new mass-market Tesla Model 3 electric vehicle, it's imperative that Tesla Motors [NASDAQ:TSLA] get their massive battery factory, the Gigafactory, constructed and fully operating on a tight timeline. In addition, Tesla's got significant demand for it's stationary storage products, the Powerwall and Powerpack, which also depend on heavily on the Gigafactory. To get a 'Gig' status update, Lauren Sommer from KQED Science* got an exclusive interview with JB Straubel, Tesla co-founder and Chief Technical Officer, and offers us a rare, inside look at progress.

Sommer writes, "Tesla's Gigafactory is a lot like Willy Wonka's Chocolate Factory: it's mysterious, it's big and few people have been inside... It's tucked away in a dusty valley, half an hour east of Reno. Driving up Electric Avenue, the factory is a stark contrast on the horizon. It's a sleek white building with a red stripe, almost like one of the company's cars." In her interview with Tesla's top brass, Straubel proclaims, "It's really hard to get a sense of scale. I mean, it's huge... I think it's on the order of around a hundred football fields." Straubel says, the Gigafactory is about scale. He believes scaling up could drive down the cost of batteries 30 percent or more. "We think we'll probably be able to exceed that," Straubel says. "Our vehicles can be more affordable. More people can have access to them."

Original Submission

Read more of this story at SoylentNews.