Daily Archives: July 9, 2019

Study finds that parental ‘memory’ is inherited across generations

Posted on by

“While neuronally encoded behavior isn’t thought to be inherited across generations, we wanted to test the possibility that environmentally triggered modifications could allow ‘memory’ of parental experiences to be inherited,” explains Julianna “Lita” Bozler, a Ph.D. candidate in the Bosco Lab at the Geisel School of Medicine, who served as lead author on the study.

When exposed to —which deposit their eggs into and kill the larvae of fruit flies—Drosophila melanogaster females are known to shift their preference to food containing ethanol as an egg laying substrate, which protects their larvae from wasp infection.

For the study, the fruit flies were cohabitated with female wasps for four days before their eggs were collected. The embryos were separated into two cohorts—a wasp-exposed and unexposed (control) group—and developed to maturity without any contact with adult flies or wasps. One group was used to propagate the next generation and the other was analyzed for ethanol preference.

“We found that the original wasp-exposed flies laid about 94 percent of their eggs on ethanol food, and that this behavior persisted in their offspring, even though they’d never had direct interaction with wasps,” says Bozler.

The ethanol preference was less potent in the first-generation offspring, with 73 percent of their eggs laid on ethanol food. “But remarkably, this inherited ethanol preference persisted for five generations, gradually reverting back to a pre-wasp exposed level,” she says. “This tells us that inheritance of ethanol preference is not a permanent germline change, but rather a reversible trait.”

Importantly, the research team determined that one of the critical factors driving ethanol preference behavior is the depression of Neuropeptide-F (NPF) that is imprinted in a specific region of the female fly’s brain. While this change, based in part on visual signals, was required to initiate transgenerational inheritance, both male and female progeny were able to pass on preference to their offspring.

Source: Study finds that parental ‘memory’ is inherited across generations

Microsoft Action Pack software no longer for all sellers of MS products, reseller rebellion

Posted on by

More than 2,500 resellers and integrators have signed a petition opposing Microsoft’s intention to remove free software licences granted to members of the channel to run their business.The changes are described here:Effective July 1, 2020, we will retire the internal use rights (IUR) association with the product licenses partners receive in the Microsoft Action Pack and included with a competency. Product license use rights will be updated to be used for business development scenarios such as demonstration purposes, solution/services development purposes, and internal training.Beginning October 1, 2019, the product licenses included with competencies will be specific to the competency you attain. Please review the benefits you will receive with your competency in Partner Center at time of purchase. Additional licenses can be purchased through commercial licensing to run your business.There are a huge number of partners resellers, most of them small businesses, who recommend, resell and support customers running Microsoft wares or services. In 2017, Microsoft said that “our partners employ more than 17 million people around the world”.The barriers to entry are low and companies who sign up can qualify for a range of competencies, starting with an “Action Pack” subscription that comes with a wide range of benefits, such as five Office 365 seats, five Dynamics 365 licences, 2-core SQL Server, ten Windows 10 Enterprise packages, $100 per month Azure credit and so on. The Action Pack costs around £350 per year but represents excellent value if you would otherwise have to purchase the licences. The same is true of the higher levels, Silver and Gold competencies, which command a higher fee but provide a wider range of benefits.Resellers are not allowed to resell these specific licences, but critically, they do allow use for “internal business purposes”. Smaller Microsoft channel firms have been able to operate their businesses, in large part, using these subsidised licences.That offer is now ending. “We will retire product licenses for internal use purposes on July 1 2020,” stated the Microsoft Partner Network (MPN) guide.There are more changes too, and none of them good for partners. Free support incidents are being withdrawn. “Starting August 2019, on-premise Product Support incidents will no longer be available for Action Pack and competencies,” warned Microsoft.In addition, the matching of cloud benefits to specific competencies means reduced benefits. Dynamics 365 seats, for example, will now only be available to partners with the Cloud Business Applications Competency, instead of being doled out to all.

Source: Microsoft middlemen rebel against removal of free software licences • The Register

Over 90 Million Records Leaked by Chinese Public Security Department

Posted on by

A publicly accessible and unsecured ElasticSearch server owned by the Jiangsu Provincial Public Security Department of the Chinese province Jiangsu leaked two databases containing over 90 million people and business records.

Jiangsu (江苏省) is an eastern-central coastal Chinese province with a population of over 80 million and an urban population of more than 55 million accounting for 68.76% of its total population according to a 2018 population census from the National Bureau of Statistics, which makes it the fifth most populous province in China.

Provincial public security departments are “functional organization under the dual leadership of Provincial Government and the Ministry of Public Security in charge of the whole province’s public security work.”

The two now secured databases contained than 26 GB of data in the form of personally identifiable information (PII) names, birth dates, genders, identity card numbers, location coordinates, as well as info on city_relations, city_open_id, and province_open_id for individuals.

In the case of businesses, the records included business IDs, business types, location coordinates, city_open_id, and memos designed to track if the owner of the business is known.

Besides the two exposed ElasticSearch databases, the Jiangsu Provincial Public Security Department also had a Public Security Network admin console that required a valid user/password combo for access, as well as a publicly-accessible Kibana installation running on the server which would help browse and analyze the stored data using a GUI-based interface.

However, unlike other cases of exposed Kibana installations, this one was not fully configured seeing that, once loaded in a web browser, it would go straight to the “Create index pattern page.”

Source: Over 90 Million Records Leaked by Chinese Public Security Department

Magento webshop Automated Magecart Campaign Hits Over 960 Breached Stores

Posted on by

A large-scale payment card skimming campaign that successfully breached 962 e-commerce stores was discovered today by Magento security research company Sanguine Security.

The campaign seems to be automated according to Sanguine Security researcher Willem de Groot who told BleepingComputer that the card skimming script was added within a 24-hour timeframe. “It would be nearly impossible to breach 960+ stores manually in such a short time,” he added.

Even though no information on how such automated Magecart attacks against e-commerce websites would work was shared by Sanguine Security, the procedure would most likely entail scanning for and exploiting security flaws in the stores’ software platform.

“Have not gotten confirmation yet, but it seems that several victims were missing patches against PHP object injection exploits,” also said de Groot.

While details on how the online stores were breached are still scarce given that the logs are still being analyzed, the JavaScript-based payment data skimmer script was decoded and uploaded by the security company to GitHub Gist.

As shown from its source code, the skimmer was used by the attackers to collect e-commerce customers’ payment info on breached stores, including full credit card data, names, phones, and addresses.

Source: Automated Magecart Campaign Hits Over 960 Breached Stores

Canon Stabs Tradition in the Back With Camera That Supports Vertical Video

Posted on by

Canon’s G7 X line has long been a favorite of photographers who wanted a travel-friendly camera that could still capture high-quality images. But with the rise of smartphones and the decline of point-and-shoots, Canon began pushing its compact cameras towards vloggers, who I’ve seen use cameras like the G7 X and Sony’s RX100 line as a backup or more portable alternative to a big mirrorless or DSLR cam. After all, when you’re attaching a camera to a gimbal or the end of a GorillaPod, every extra bit of lightness make a camera easier to handle.

So for the new G7 X III, it seems the influencers have influenced Canon because one of the camera’s new standout features is the ability to record vertical videos without rotating the footage in post natively. Using a new built-in gyro, the G7 X III can determine the camera’s orientation and then embed that info into a clip’s metadata, which means filming vertical videos for your Instagram stories on the G7 X III is as simple as turning the camera sideways.

And if that’s enough not to excite attendees of VidCon 2019—the vlogger convention where the $750 G7 X is making its official debut—Canon also gave the camera the ability to livestream video directly to YouTube over wifi via the company’s Image Gateway software. The G7 X III also comes with a built-in microphone jack for vloggers who aren’t satisfied with the camera’s on-board audio, and a 3-inch touchscreen that can flip up 180-degree so that vloggers can check their composition while they’re filming themselves.

Source: Canon Stabs Tradition in the Back With Camera That Supports Vertical Video

Indoor carbon dioxide levels could be a health hazard, scientists warn

Posted on by

Indoor levels of carbon dioxide could be clouding our thinking and may even pose a wider danger to human health, researchers say.

While air pollutants such as tiny particles and nitrogen oxides have been the subject of much research, there have been far fewer studies looking into the health impact of CO2.

However, the authors of the latest study – which reviews current evidence on the issue – say there is a growing body of research suggesting levels of CO2 that can be found in bedrooms, classrooms and offices might have harmful effects on the body, including affecting cognitive performance.

“There is enough evidence to be concerned, not enough to be alarmed. But there is no time to waste,” said Dr Michael Hernke, a co-author of the study from the University of Wisconsin-Madison, stressing further research was needed.

Writing in the journal Nature Sustainability, Hernke and colleagues report that they considered 18 studies of the levels of CO2 humans are exposed to, as well as its health impacts on both humans and animals.

Traditionally, the team say, it had been thought that CO2 levels would need to reach a very high concentration of at least 5,000 parts per million (ppm) before they would affect human health. But a growing body of research suggests CO2 levels as low as 1,000ppm could cause health problems, even if exposure only lasts for a few hours.

The team say crowded or poorly ventilated classrooms, office environments and bedrooms have all been found to have levels of CO2 that exceed 1,000ppm, and are spaces that people often remain in for many hours at a time. Air-conditioned trains and planes have also been found to exceed 1,000ppm.

[…]

The team found a number of studies have looked at the impact of such levels on human cognitive performance and productivity. In one study of 24 employees, cognitive scores were 50% lower when the participants were exposed to 1,400ppm of CO2 compared with 550ppm during a working day.

The team additionally looked at the impact of CO2 levels on animals, finding that a few hours’ exposure to 2,000 ppm was linked to inflammatory responses that could lead to damage to blood vessels. There is also tentative evidence suggesting that prolonged exposure to levels between 2,000 and 3,000ppm is linked to effects including stress, kidney calcification and bone demineralisation.

Source: Indoor carbon dioxide levels could be a health hazard, scientists warn | Environment | The Guardian

Another reason to limit creation of it

Serious Security Flaw With Teleconferencing App Zoom Allows Websites to Hijack Mac Webcams – and you can’t fix it by uninstalling

Posted on by

On Monday, security researcher Jonathan Leitschuh publicly disclosed a serious zero-day vulnerability in conferencing software Zoom—which apparently achieves its click-to-join feature, which allows users to go directly to a video meeting from a browser link, on Mac computers by installing a local web server running as a background process that “accepts requests regular browsers wouldn’t,” per the Verge. As a result, Zoom could be hijacked by any website to force a Mac user to join a call without their permission, and with webcams activated unless a specific setting was enabled.

Worse, Leitschuh wrote that the local web server persists even if Zoom is uninstalled and is capable of reinstalling the app on its own, and that when he contacted the company they did little to resolve the issues.

In a Medium post on Monday, Leitschuh provided a demo in the form of a link that, when clicked, took Mac users who have ever installed the app to a conference room with their video cameras activated (it’s here, if you must try yourself). Leitschuh noted that the code to do this can be embedded in any website as well as “in malicious ads, or it could be used as a part of a phishing campaign.” Additionally, Leitschuh wrote that even if users uninstall Zoom, the insecure local web server persists and “will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”

This implementation leaves open other nefarious ways to abuse the local web server, per the Verge:

Turning on your camera is bad enough, but the existence of the web server on their computers could open up more significant problems for Mac users. For example, in an older version of Zoom (since patched), it was possible to enact a denial of service attack on Macs by constantly pinging the web server: “By simply sending repeated GET requests for a bad number, Zoom app would constantly request ‘focus’ from the OS,” Leitschuh writes.

According to Leitschuh, he contacted Zoom on March 26, saying he would disclose the exploit in 90 days. Zoom did issue a “quick fix” patch that only disabled “a meeting creator’s ability to automatically enable a participants video by default,” he added, though this was far from a complete solution (and did nothing to negate the “ability for an attacker to forcibly join to a call anyone visiting a malicious site”) and only came in mid-June.

On July 7, he wrote, a “regression in the fix” caused it to no longer work, and though Zoom issued another patch on Sunday, he was able to create a workaround.

Source: Serious Security Flaw With Teleconferencing App Could Allow Websites to Hijack Mac Webcams