Smallest pixels ever created, a million times smaller than on smartphones, could light up color-changing buildings

Posted on May 13, 2019 by Robin Edgar

The smallest pixels yet created—a million times smaller than those in smartphones, made by trapping particles of light under tiny rocks of gold—could be used for new types of large-scale flexible displays, big enough to cover entire buildings.

The colour pixels, developed by a team of scientists led by the University of Cambridge, are compatible with roll-to-roll fabrication on flexible plastic films, dramatically reducing their production cost. The results are reported in the journal Science Advances.

It has been a long-held dream to mimic the colour-changing skin of octopus or squid, allowing people or objects to disappear into the natural background, but making large-area flexible display screens is still prohibitively expensive because they are constructed from highly precise multiple layers.

At the centre of the pixels developed by the Cambridge scientists is a tiny particle of gold a few billionths of a metre across. The grain sits on top of a reflective surface, trapping light in the gap in between. Surrounding each grain is a thin sticky coating which changes chemically when electrically switched, causing the pixel to change colour across the spectrum.

The team of scientists, from different disciplines including physics, chemistry and manufacturing, made the pixels by coating vats of golden grains with an active polymer called polyaniline and then spraying them onto flexible mirror-coated plastic, to dramatically drive down production cost.

The pixels are the smallest yet created, a million times smaller than typical smartphone pixels. They can be seen in bright sunlight and because they do not need constant power to keep their set colour, have an energy performance that make large areas feasible and sustainable. “We started by washing them over aluminized food packets, but then found aerosol spraying is faster,” said co-lead author Hyeon-Ho Jeong from Cambridge’s Cavendish Laboratory.

“These are not the normal tools of nanotechnology, but this sort of radical approach is needed to make sustainable technologies feasible,” said Professor Jeremy J Baumberg of the NanoPhotonics Centre at Cambridge’s Cavendish Laboratory, who led the research. “The strange physics of light on the nanoscale allows it to be switched, even if less than a tenth of the film is coated with our active pixels. That’s because the apparent size of each pixel for light is many times larger than their physical area when using these resonant gold architectures.”

The pixels could enable a host of new application possibilities such as building-sized display screens, architecture which can switch off solar heat load, active camouflage clothing and coatings, as well as tiny indicators for coming internet-of-things devices.

The team are currently working at improving the colour range and are looking for partners to develop the technology further.

Source: Smallest pixels ever created could light up color-changing buildings

‘Seasteader’ Now on the Run For His Life from Thai Authorities who overran their seastead

Posted on May 13, 2019 by Robin Edgar

An American bitcoin trader and his girlfriend became the first couple to actually live on a “seastead” — a 20-meter octagon floating in international waters a full 12 nautical miles from Thailand.

Long-time Slashdot reader SonicSpike shared this article from the libertarian Foundation for Economic Education describing what happened next: [W]hile they got to experience true sovereignty for a handful of weeks, their experiment was cut short after the Thai government declared that their seastead was a threat to its national sovereignty… Asserting that [their seastead] “Exly” was still within Thailand’s 200-mile exclusive economic zone, the government made plans to charge the couple with threatening Thailand’s national sovereignty, a crime punishable by death. However, before the Thai Navy could come detain the couple, they were tipped off and managed to escape. They are now on the run, fleeing for their lives.
Venture capitalist and PayPal co-founder Peter Thiel has donated over $1 million to the Seasteading Institute — though news about this first experiment must be discouraging. “We lived on a floating house boat for a few weeks and now Thailand wants us killed,” one of the seasteaders posted on his Facebook feed.

Last week the Arizona Republic reported that since the Thai government dismantled his ocean home, he’s been “on the run” for over two weeks.

Source: Bitcoin-Trading ‘Seasteader’ Now on the Run For His Life – Slashdot

New study shows scientists who selfie garner more public trust

Posted on May 13, 2019 by Robin Edgar

The study builds on seminal work by Princeton University social psychologist Susan Fiske suggesting that scientists have earned Americans’ respect but not their trust. Trust depends on two perceived characteristics of an individual or social group: competence and warmth. Perceptions of competence involve the belief that members of a particular social group are intelligent and have the skills to achieve their goals. Perceptions of warmth involve the belief that the members of this group also have benevolent goals, or that they are friendly, altruistic, honest and share common values with people outside of their group. Together, perceptions of competence and warmth determine all group stereotypes, including stereotypes of scientists.

“Scientists are famously competent—people report we’re smart, curious, lab nerds—but they’re silent about scientists’ more human qualities,” Fiske said.

While perceptions of both the competence and the warmth of members of a social group are important in determining trust and even action, it turns out that perceived warmth is more important. And, as Fiske showed in a study published in 2014 in Proceedings of the National Academy of Sciences, Americans see scientists as competent but only as moderately warm. Scientists’ perceived warmth is on par with that of retail workers, bus drivers and construction workers but far below that of doctors, nurses and teachers.

The researchers of the new PLOS ONE study launched the investigation into perceptions of scientist Instagrammers after being struck with the idea that the competence versus warmth stereotype of scientists may not be an insurmountable challenge given the power of social media to bring scientists and nonscientists together.

[…]

To explore this idea, the team launched a research project popularly referred to as ScientistsWhoSelfie, based on the hashtag the researchers introduced to raise awareness about the project in an online crowdfunding campaign that raised more than $10,000. A few dozen scientists around the globe helped to develop a series of images for the project.

The idea was to show research participants images published to one of four different “Scientists of Instagram” rotation-curation accounts and then to ask them questions about their perceptions of the scientists represented in these images as well as of scientists in general. Each participant was shown three types of images: a scientific setting or a piece of equipment such as a microscope, a bioreactor on the lab bench or a plant experiment set-up in a greenhouse with no humans in any of the images but with captions attributing the images to either male or female scientists by name; a smiling male scientist looking at the camera in the same scientific setting; or a smiling female scientist looking at the camera in the same scientific setting.

A total of 1,620 U.S.-representative participants recruited online viewed these images in an online survey. People who saw images including a scientist’s smiling face, or “scientist selfies,” evaluated the scientists in the images and scientists in general as significantly warmer than people who saw control images or images of scientific environments or equipment that did not include a person. This perception of scientists as warm was especially prominent among people who saw images featuring a female scientist’s face, as female scientists in selfies were evaluated as significantly warmer than male scientists in selfies or science-only images. There was also a slight increase in the perceived competence of female scientists in selfies. Competence cues such as lab coats and equipment likely played a role in preserving the perceived competence of scientists in selfies.

“Seeing scientist selfies, but not images of scientific objects posted by scientists online, boosted perceptions that scientists are both competent and warm,” said lead author LSU alumna Paige Jarreau, who is a former LSU science communication specialist and current director of social media and science communication at LifeOmic. “We think this is because people who viewed science images with a scientist’s face in the picture began to see these scientist communicators on Instagram not as belonging to some unfamiliar group of stereotypically socially inept geniuses, but as individuals and even as ‘everyday’ people with ‘normal’ interests—people who, like us, enjoy taking selfies! Female scientists, in particular, when represented in substantial numbers and diversity, may cause viewers to re-evaluate stereotypical perceptions of who a scientist is.”

The team further found that seeing a series of female scientist selfies on Instagram significantly shifted gender-related science stereotypes, namely those that associate STEM fields with being male. However, they also found that people who saw female scientist selfies evaluated these scientists as significantly more attractive than male scientist selfies. This might help explain female scientists’ boosted warmth evaluations, as physical attractiveness is positively associated with perceived warmth. However, this could also be an indicator that viewers focused more on the physical appearance of female scientists than on male scientists. By extension, female scientists could be more unfairly evaluated for defying gender norms in their selfies, such as not smiling or appearing warm. In their PLOS ONE paper, the team writes that this possibility should be investigated further in future research.

Source: New study shows scientists who selfie garner more public trust

New Intel firmware boot verification bypass enables low-level persistent backdoors

Posted on May 13, 2019 by Robin Edgar

Researchers have found a new way to defeat the boot verification process for some Intel-based systems, but the technique can also impact other platforms and can be used to compromise machines in a stealthy and persistent way.

Researchers Peter Bosch and Trammell Hudson presented a time-of-check, time-of-use (TOCTOU) attack against the Boot Guard feature of Intel’s reference Unified Extensible Firmware Interface (UEFI) implementation at the Hack in the Box conference in Amsterdam this week.

Boot Guard is a technology that was added in Intel Core 4th generation microarchitecture — also known as Haswell — and is meant to provide assurance that the low-level firmware (UEFI) has not been maliciously modified. It does this by checking that the loaded firmware modules are digitally signed with trusted keys that belong to Intel or the PC manufacturer every time the computer starts.

[…

While the attack requires opening the laptop case to attach clip-on connectors to the chip, there are ways to make it permanent, such as replacing the SPI chip with a rogue one that emulates the UEFI and also serves malicious code. In fact, Hudson has already designed such an emulator chip that has the same dimensions as a real SPI flash chip and could easily pass as one upon visual inspection if some plastic coating is added to it.

[…]

The Intel Boot Guard and Secure Boot features were created to prevent attackers from injecting malware into the UEFI or other components loaded during the booting process such as the OS bootloader or the kernel. Such malware programs have existed for a long time and are called boot rootkits, or bootkits, and attackers have used them because they are very persistent and hard to remove. That’s because they re-infect the operating system after every reboot before any antivirus program has a chance to start and detect them.

In its chip-swapping variant, Hudson’s and Bosch’s attack acts like a persistent hardware-based bootkit. It can be used to steal disk encryption passwords and other sensitive information from the system and it’s very hard to detect without opening the device and closely inspecting its motherboard.

Even though such physical attacks require a targeted approach and will never be a widespread threat, they can pose a serious risk to businesses and users who have access to valuable information.

[…]

The problem is that distributing UEFI patches has never been an easy process. Intel shares its UEFI kit with UEFI/BIOS vendors who have contracts with various PC manufacturers. Those OEMs then make their own firmware customizations before they ship it inside their products. This means that any subsequent fixes require collaboration and coordination from all involved parties, not to mention end users who need to actually care enough to install those UEFI updates.

The patches for the critical Meltdown and Spectre vulnerabilities that affected Intel CPUs also required UEFI updates and it took months for some PC vendors to release them for their affected products. Many models never received the patches in the form of UEFI updates because their manufacturers no longer supported them.

The two researchers plan to release their proof-of-concept code in the following months as part of a tool called SPISpy that they hope will help other researchers and interested parties to check if their own machines are vulnerable and to investigate similar issues on other platforms.

“I would really like to see the industry move towards opening the source to their firmware, to make it more easy to verify its correctness and security,” says Bosch.

Source: New Intel firmware boot verification bypass enables low-level backdoors | CSO Online

Over 275 Million Indian Personal Records Exposed by Unsecured MongoDB Database

Posted on May 13, 2019 by Robin Edgar

A huge MongoDB database exposing 275,265,298 records of Indian citizens containing detailed personally identifiable information (PII) was left unprotected on the Internet for more than two weeks.

Security Discovery researcher Bob Diachenko discovered the publicly accessible MongoDB database hosted on Amazon AWS using Shodan, and as historical data provided by the platform showed, the huge cache of PII data was first indexed on April 23, 2019.

As he found out after further investigation, the exposed data included information such as name, gender, date of birth, email, mobile phone number, education details, professional info (employer, employment history, skills, functional area), and current salary for each of the database records.

[…]

Additionally, the names of the data collections stored within the database suggested that the entire cache of resumes was collected “as part of a massive scraping operation” for unknown purposes.

Exposed database contents

The researcher “immediately notified Indian CERT team on the incident, however, database remained open and searchable until today, May 8th, when it got dropped by hackers known as ‘Unistellar’ group.”

After the database got dropped by the hackers, Diachenko discovered the following message left behind after deleting all the data:

The message left by the hackers

Diachenko found multiple other unsecured databases and servers, unearthing a publicly accessible 140+ GB MongoDB database containing a huge collection of 808,539,939 email records during Early-March and another one with over 200 million records with resumes from Chinese job seekers in January.

He was also the one who discovered the personal information of more than 66 million individuals left out in the open on the Internet during December and an extra 11 million records during September, with all of them being stored in misconfigured and passwordless MongoDB instances.

These data leaks are a thing because a lot of MongoDB databases are left publicly accessible by their owners and are not properly secured. This means that they can be blocked by securing the database instance.