Facebook: We’re not asking for financial data, we’re just partnering with banks

Posted in August 7, 2018 ¬ 17:51h.Robin EdgarComments Off on Facebook: We’re not asking for financial data, we’re just partnering with banks

Facebook is pushing back against a report in Monday’s Wall Street Journal that the company is asking major banks to provide private financial data.

The social media giant has reportedly had talks with JPMorgan Chase, Wells Fargo, Citigroup, and US Bancorp to discuss proposed features including fraud alerts and checking account balances via Messenger.

Elisabeth Diana, a Facebook spokeswoman, told Ars that while the WSJ reported that Facebook has “asked” banks “to share detailed financial information about their customers, including card transactions and checking-account balances,” this isn’t quite right.

“Like many online companies with commerce businesses, we partner with banks and credit card companies to offer services like customer chat or account management,” she said in a statement on behalf of the social media giant. “Account linking enables people to receive real-time updates in Facebook Messenger where people can keep track of their transaction data like account balances, receipts, and shipping updates. The idea is that messaging with a bank can be better than waiting on hold over the phone—and it’s completely opt-in. We’re not using this information beyond enabling these types of experiences—not for advertising or anything else.”

Diana further explained that account linking is already live with PayPal, Citi in Singapore, and American Express in the United States.

“We’re not shoring up financial data,” she added.

In recent months, Facebook has been scrutinized for its approach to user privacy.

Late last month, Facebook CFO David Wehner said, “We are also giving people who use our services more choices around data privacy, which may have an impact on our revenue growth.”

Source: Facebook: We’re not asking for financial data, we’re just partnering with banks | Ars Technica

But should you opt in, your financial data just happens to then belong to Facebook to do with as they please…

  • xyz_smap: 1
Global Domination

The cashless society is a con – and big finance is behind it

Posted in July 26, 2018 ¬ 16:25h.Robin EdgarComments Off on The cashless society is a con – and big finance is behind it

All over the western world banks are shutting down cash machines and branches. They are trying to push you into using their digital payments and digital banking infrastructure. Just like Google wants everyone to access and navigate the broader internet via its privately controlled search portal, so financial institutions want everyone to access and navigate the broader economy through their systems.

Another aim is to cut costs in order to boost profits. Branches require staff. Replacing them with standardised self-service apps allows the senior managers of financial institutions to directly control and monitor interactions with customers.

Banks, of course, tell us a different story about why they do this. I recently got a letter from my bank telling me that they are shutting down local branches because “customers are turning to digital”, and they are thus “responding to changing customer preferences”. I am one of the customers they are referring to, but I never asked them to shut down the branches.

There is a feedback loop going on here. In closing down their branches, or withdrawing their cash machines, they make it harder for me to use those services. I am much more likely to “choose” a digital option if the banks deliberately make it harder for me to choose a non-digital option.

In behavioural economics this is referred to as “nudging”. If a powerful institution wants to make people choose a certain thing, the best strategy is to make it difficult to choose the alternative.

[…]

Financial institutions, likewise, are trying to nudge us towards a cashless society and digital banking. The true motive is corporate profit. Payments companies such as Visa and Mastercard want to increase the volume of digital payments services they sell, while banks want to cut costs. The nudge requires two parts. First, they must increase the inconvenience of cash, ATMs and branches. Second, they must vigorously promote the alternative. They seek to make people “learn” that they want digital, and then “choose” it.

We can learn from the Marxist philosopher Antonio Gramsci in this regard. His concept of hegemony referred to the way in which powerful parties condition the cultural and economic environment in such a way that their interests begin to be perceived as natural and inevitable by the general public. Nobody was on the streets shouting for digital payment 20 years ago, but increasingly it seems obvious and “natural” that it should take over. That belief does not come from nowhere. It is the direct result of a hegemonic project on the part of financial institutions.

We can also learn from Louis Althusser’s concept of interpellation. The basic idea is that you can get people to internalise beliefs by addressing them as if they already had those beliefs. Twenty years ago nobody believed that cash was “inconvenient”, but every time I walk into London Underground I see adverts that address me as if I was a person who finds cash inconvenient. The objective is to reverse-engineer a belief within me that it is inconvenient, and that cashlessness is in my interests. But a cashless society is not in your interest. It is in the interest of banks and payments companies. Their job is to make you believe that it is in your interest too, and they are succeeding in doing that.

The recent Visa chaos, during which millions of people who have become dependent on digital payment suddenly found themselves stranded when the monopolistic payment network crashed, was a temporary setback. Digital systems may be “convenient”, but they often come with central points of failure. Cash, on the other hand, does not crash. It does not rely on external data centres, and is not subject to remote control or remote monitoring. The cash system allows for an unmonitored “off the grid” space. This is also the reason why financial institutions and financial technology companies want to get rid of it. Cash transactions are outside the net that such institutions cast to harvest fees and data.

A cashless society brings dangers. People without bank accounts will find themselves further marginalised, disenfranchised from the cash infrastructure that previously supported them. There are also poorly understood psychological implications about cash encouraging self-control while paying by card or a mobile phone can encourage spending. And a cashless society has major surveillance implications.

Source: The cashless society is a con – and big finance is behind it | Brett Scott | Opinion | The Guardian

  • xyz_smap: 1
Economics

Anti DRM software programmer Arrested For Cracking Denuvo Anti-Piracy Tech

Posted in July 26, 2018 ¬ 16:22h.Robin EdgarComments Off on Anti DRM software programmer Arrested For Cracking Denuvo Anti-Piracy Tech

Denuvo’s notorious anti-piracy tech used to be seen as uncrackable. It held up against hackers’ best efforts for years, contorting itself into obtuse new shapes every time anybody broke through. In 2016, a Bulgarian hacker calling himself Voksi came along with a breakthrough that revitalized the whole Denuvo cracking scene. He’s been a pillar of it ever since. Now he’s in deep trouble.

In a post today on CrackWatch, a subreddit dedicated to removing DRM and other copy protection software from games, Voksi explained the sudden outage of the website of his hacker group, REVOLT. Yesterday, he got arrested, and the police raided his house.

“It finally happened,” Voksi wrote. “I can’t say it wasn’t expected. Denuvo filed a case against me to the Bulgarian authorities. Police came yesterday and took the server PC and my personal PC. I had to go to the police afterwards and explain myself.”

In a statement sent to Kotaku, Denuvo said that Voksi’s arrest came about through the dual efforts of Denuvo parent company Irdeto and the Bulgarian Cybercrime Unit. “The swift action of the Bulgarian police on this matter shows the power of collaboration between law enforcement and technology providers and that piracy is a serious offence that will be acted upon,” said Irdeto VP of cybersecurity services Mark Mulready.

Denuvo’s statement also included a quote from the Bulgarian Cybercrime Unit, which said: “We can confirm that a 21-year-old man was arrested on Tuesday on suspicion of offenses related to cybercrime and that computing equipment was confiscated. Our investigations are ongoing.”

Source: Renowned Hacker Arrested For Cracking Denuvo Anti-Piracy Tech

It’s a bit bizarre when the guys making locks start arresting the guys making keys. DRM is a bad idea anyway, but arresting people for breaking it shows you’d rather sweep your problems under a rug than fixing them. If you arrest enough people, pretty soon you will find there are a lot more problems in your software. This has been proven time and again and won’t change now.

Maybe the authorities should arrest the Denuvo people on charges of installing unwanted software along with your game on your PC.

  • xyz_smap: 1
Global Domination

Work less, get more: New Zealand firm’s four-day week an ‘unmitigated success’

Posted in July 26, 2018 ¬ 16:12h.Robin EdgarComments Off on Work less, get more: New Zealand firm’s four-day week an ‘unmitigated success’

The New Zealand company behind a landmark trial of a four-day working week has concluded it an unmitigated success, with 78% of employees feeling they were able to successfully manage their work-life balance, an increase of 24 percentage points.

Two-hundred-and-forty staff at Perpetual Guardian, a company which manages trusts, wills and estate planning, trialled a four-day working week over March and April, working four, eight-hour days but getting paid for five.

Academics studied the trial before, during and after its implementation, collecting qualitative and quantitative data.

Perpetual Guardian founder Andrew Barnes came up with the idea in an attempt to give his employees better work-life balance, and help them focus on the business while in the office on company time, and manage life and home commitments on their extra day off.

Jarrod Haar, professor of human resource management at Auckland University of Technology, found job and life satisfaction increased on all levels across the home and work front, with employees performing better in their jobs and enjoying them more than before the experiment.

Work-life balance, which reflected how well respondents felt they could successfully manage their work and non-work roles, increased by 24 percentage points.

In November last year just over half (54%) of staff felt they could effectively balance their work and home commitments, while after the trial this number jumped to 78%.

Staff stress levels decreased by 7 percentage points across the board as a result of the trial, while stimulation, commitment and a sense of empowerment at work all improved significantly, with overall life satisfaction increasing by 5 percentage points.

Source: Work less, get more: New Zealand firm’s four-day week an ‘unmitigated success’ | World news | The Guardian

  • xyz_smap: 1
Human Interest

Windows 10 now uses machine learning to stop updates installing when a PC is in use

Posted in July 26, 2018 ¬ 16:10h.Robin EdgarComments Off on Windows 10 now uses machine learning to stop updates installing when a PC is in use

One of the more frustrating aspects of Windows 10 is the operating system’s ability to start installing updates when you’re in the middle of using it. While Microsoft has tried to address this aggressive approach to updates with features to snooze installation, Windows 10 users continue to complain that updates reboot devices when they’re in use.

Reacting to this feedback, Microsoft says it’s aware of the issues. “We heard you, and to alleviate this pain, if you have an update pending we’ve updated our reboot logic to use a new system that is more adaptive and proactive,” explains Microsoft’s Windows Insider chief Dona Sarkar. Microsoft says it has trained a “predictive model” that will accurately predict when the best time to restart the device is thanks to machine learning. “We will not only check if you are currently using your device before we restart, but we will also try to predict if you had just left the device to grab a cup of coffee and return shortly after,” says Sarkar.

Microsoft has been testing this new model internally, and says it has seen “promising results.”

Source: Windows 10 now uses machine learning to stop updates installing when a PC is in use – The Verge

Yet another great reason to not use Windows 10

  • xyz_smap: 1
Artificial Intelligence

Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities

Posted in July 25, 2018 ¬ 11:10h.Robin EdgarComments Off on Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities

The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America’s critical infrastructure.

Uncle Sam’s finest reckon Moscow’s agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the Yanks, and plunged America into darkness.

The hackers, dubbed Dragonfly and Energetic Bear, struck in the spring of 2016, and continued throughout 2017 and into 2018, even invading air-gapped networks, it is claimed.

This seemingly Hollywood screenplay emerged on Monday in the pages of the Wall Street Journal (paywalled) which spoke to Homeland Security officials on the record.

The Energetic Bear aka Dragonfly crew – fingered in 2014 by Crowdstrike and Symantec – was inside “hundreds” of power grid control rooms by last year, it is claimed. Indeed, since 2014, power companies have been warned by Homeland Security to be on the look out for state-backed snoops – with technical details on intrusions published here.

The Russians hacked into the utilities’ equipment vendors and suppliers by spear-phishing staff for their login credentials or installing malware on their machines via boobytrapped webpages, it is alleged.

The miscreants then leveraged their position within these vendors to infiltrate the utilities and squeeze into the isolated air-gapped networks in control rooms, it is further alleged. The hacker crew also swiped confidential internal information and blueprints to learn how American power plants and the grid system work.

We’re told, and can well believe, that the equipment makers and suppliers have special access into the utilities’ networks in order to provide remote around-the-clock support and patch deployment – access that, it seems, turned into a handy conduit for Kremlin spies.

The attacks are believed to be ongoing, and some utilities may not yet be aware they’ve been pwned, we were warned. It is feared the stolen information, as well as these early intrusions, could be part of a much larger looming assault.

“They got to the point where they could have thrown switches,” Jonathan Homer, chief of industrial control system analysis for Homeland Security, told the paper.

Source: No big deal… Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities • The Register

  • xyz_smap: 1
Security

UK snooping ‘unlawful for more than decade’ – but seemingly (and amazingly) responsible

Posted in July 25, 2018 ¬ 11:09h.Robin EdgarComments Off on UK snooping ‘unlawful for more than decade’ – but seemingly (and amazingly) responsible

The system that allowed spy agency GCHQ access to vast amounts of personal data from telecoms companies was unlawful for more than a decade, a surveillance watchdog has ruled.

The Investigatory Powers Tribunal said that successive foreign secretaries had delegated powers without oversight.

But it added there was no evidence GCHQ had misused the system.

Privacy International criticised the “cavalier manner” in which personal data was shared.

The group brought the legal challenge and solicitor Millie Graham Wood said it was “proof positive” that the system set up to protect personal data was flawed.

“The foreign secretary was supposed to protect access to our data by personally authorising what is necessary and proportionate for telecommunications companies to provide to the agencies.

“The way that these directions were drafted risked nullifying that safeguard by delegating that power to GCHQ – a violation that went undetected by the system of commissioners for years and was seemingly consented to by all of the telecommunications companies affected.”

Under security rules introduced after the attacks on 11 September 2001, the UK’s foreign secretary had the power to direct GCHQ to obtain data from telecoms companies, with little oversight of what they were subsequently asking for.

Carte blanche

The Investigatory Powers Tribunal (IPT) – set up to investigate complaints about how personal data is handled by public bodies – ruled that most of the directions given between 2001 and 2012 had been unlawful.

The tribunal was critical of the way the government handed on requests to GCHQ, partly because phone and internet providers “would not be in any position to question the scope of the requirement” because they “would have no knowledge of the limited basis upon which the direction had been made”.

“In form, the general direction was a carte blanche. In practice, it was not treated as such and there is no evidence that GCHQ ever sought to obtain communications data which fell outside the scope of data which had been sought in the submission to the foreign secretary,” the IPT ruled.

It added that a series of improvements had been made and were in force “from at least 2014” that ensured “great care” was now taken to ensure the foreign secretary approved any changes to the information being demanded from telecoms companies.

Source: UK snooping ‘unlawful for more than decade’ – BBC News

  • xyz_smap: 1
Privacy

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Posted in July 25, 2018 ¬ 11:07h.Robin EdgarComments Off on Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses.

According to a lawsuit filed last month in the Western District of Virginia, the first heist took place in late May 2016, after an employee at The National Bank of Blacksburg fell victim to a targeted phishing email.

The email allowed the intruders to install malware on the victim’s PC and to compromise a second computer at the bank that had access to the STAR Network, a system run by financial industry giant First Data that the bank uses to handle debit card transactions for customers. That second computer had the ability to manage National Bank customer accounts and their use of ATMs and bank cards.

Armed with this access, the bank says, hackers were able to disable and alter anti-theft and anti-fraud protections, such as 4-digit personal identification numbers (PINs), daily withdrawal limits, daily debit card usage limits, and fraud score protections.

National Bank said the first breach began Saturday, May 28, 2016 and continued through the following Monday. Normally, the bank would be open on a Monday, but that particular Monday was Memorial Day, a federal holiday in the United States. The hackers used hundreds of ATMs across North America to dispense funds from customer accounts. All told, the perpetrators stole more than $569,000 in that incident.

[…]

But just eight months later — in January 2017 according to the lawsuit — hackers broke in to the bank’s systems once more, again gaining access to the financial institution’s systems via a phishing email.

[…]

Prior to executing the second heist, the hackers used the bank’s Navigator system to fraudulently credit more than $2 million to various National Bank accounts. As with the first incident, the intruders executed their heist on a weekend. Between Jan. 7 and 9, 2017, the hackers modified or removed critical security controls and withdrew the fraudulent credits using hundreds of ATMs.

All the while, the intruders used the bank’s systems to actively monitor customer accounts from which the funds were being withdrawn. At the conclusion of the 2017 heist, the hackers used their access to delete evidence of fraudulent debits from customer accounts. The bank’s total reported loss from that breach was $1,833,984.

Source: Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M — Krebs on Security

  • xyz_smap: 1
Security

Bluetooth security: Flaw could allow nearby attacker to grab your private data

Posted in July 25, 2018 ¬ 11:02h.Robin EdgarComments Off on Bluetooth security: Flaw could allow nearby attacker to grab your private data

A cryptographic bug in many Bluetooth firmware and operating system drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices.

The flaw was found by Lior Neumann and Eli Biham of the Israel Institute of Technology, and flagged today by Carnegie Mellon University CERT. The flaw, which is tracked as CVE-2018-5383, has been confirmed to affect Apple, Broadcom, Intel, and Qualcomm hardware, and some Android handsets. It affects Bluetooth’s Secure Simple Pairing and Low Energy Secure Connections. Fortunately for macOS users, Apple released a patch for the flaw in July.

As the CERT notification explains, the vulnerability is caused by some vendors’ Bluetooth implementations not properly validating the cryptographic key exchange when Bluetooth devices are pairing. The flaw slipped into the Bluetooth key exchange implementation which uses the elliptic-curve Diffie-Hellman (ECDH) key exchange to establish a secure connection over an insecure channel.

This may allow a nearby but remote attacker to inject a a bogus public key to determine the session key during the public-private key exchange. They could then conduct a man-in-the-middle attack and “passively intercept and decrypt all device messages, and/or forge and inject malicious messages”.

Source: Bluetooth security: Flaw could allow nearby attacker to grab your private data | ZDNet

  • xyz_smap: 1
Security

On Highway Noise Barriers, the Science Is Mixed. Are There Alternatives?

Posted in July 25, 2018 ¬ 09:42h.Robin EdgarComments Off on On Highway Noise Barriers, the Science Is Mixed. Are There Alternatives?

Engineers and acousticians have known for years that the sound barriers bracketing America’s urban and suburban highways are only marginally useful, and that a variety of better technologies could be developed.

The problem: Nobody has an incentive to get them on the road.

“Walls are not a very effective solution,” said Robert Bernhard, vice president for research at the University of Notre Dame and an expert on noise control. Because the federal government pays for noise walls — and only noise walls — as part of highway expansion projects, he said, there is little incentive for researchers to keep testing and perfecting the alternatives.

Sound moves in not-so-mysterious ways, meaning that typical sound barriers have only limited effectiveness.

Visual: Wisconsin DOT

[…]

Even with the sound reduction, however, roadside residents are unlikely to hear crickets chirping. A dishwasher running in the next room is 50 dB, as are the ambient sounds of a laid-back city. The noise criteria aim to allow people to talk over their backyard picnic table, or shout at someone several feet away. “It’s not a situation where meeting the standard makes for a great backyard environment,” Bernhard said.

Of course, some of our ability to process sound is psychological: If people can see the tops of trucks over the wall they say it’s noisier, something people in the field call “psycho-coustics,” explained Bruce Rymer, a senior engineer at the California Department of Transportation. Just by ensuring a wall breaks that line of sight, “we achieve a reduction of 5 decibels,” said Mariano Berrios, environmental programs coordinator at FDOT.

But because noise travels in waves, not straight lines, sounds can and do go over the walls. This is why even with barriers standing 16 feet, homes several blocks away can hear the highway. Part of the sound wave is absorbed, part is reflected away from the wall, and part is transmitted through, Berrios explained. “Most of it goes above the barrier and gets diffracted, and gets to the receiver,” — that is, to a resident’s ears — he said.

This is especially problematic during certain weather conditions. When the consulting firm Bowlby & Associates, in Franklin, Tennessee, measured sounds around a highway in a yet-to-be-published study, they found that residents hundreds of feet from the highway could hear sounds some 5 decibels louder if the wind was blowing towards them, said Darlene D. Reiter, the firm’s president.

Weather, however, isn’t taken into account by the regulations. The noise model “assumes neutral conditions — no wind and no temperature effects — when in reality that happens only occasionally,” Reiter said. In the early morning, if the ground is cool but the air warms up, for instance, sound that would normally be pushed up is refracted downward, causing homes some 500 or 1,000 feet from the road to hear it loudly.

Source: On Highway Noise Barriers, the Science Is Mixed. Are There Alternatives?

  • xyz_smap: 1
Science

Fur, Feathers, Hair, and Scales May Have the Same Ancient Origin

Posted in July 20, 2018 ¬ 12:48h.Robin EdgarComments Off on Fur, Feathers, Hair, and Scales May Have the Same Ancient Origin

New research shows that the processes involved in hair, fur, and feather growth are remarkably similar to the way scales grow on fish—a finding that points to a single, ancient origin of these protective coverings.

When our very early ancestors transitioned from sea to land some 385 million years ago, they brought their armor-like scales along with them. But instead of wasting away like worthless vestigial organs, these scales retailed their utility at the genetic level, providing a springboard for adaptive skin-borne characteristics. Over time, scales turned into feathers, fur, and hair.

We know this from the archaeological record, but as a new research published this week in the science journal eLife shows, we also know this because the molecular processes required to grow hair, fur, and feathers are remarkably similar to the ones involved in the development of fish scales.

Source: Fur, Feathers, Hair, and Scales May Have the Same Ancient Origin

  • xyz_smap: 1
Human Interest

AI can untangle the jumble of neurons packed in brain scans

Posted in July 20, 2018 ¬ 12:45h.Robin EdgarComments Off on AI can untangle the jumble of neurons packed in brain scans

AI can help neurologists automatically map the connections between different neurons in brain scans, a tedious task that can take hundreds and thousands of hours.

In a paper published in Nature Methods, AI researchers from Google collaborated with scientists from the Max Planck Institute of Neurobiology to inspect the brain of a Zebra Finch, a small Australian bird renowned for its singing.

Although the contents of their craniums are small, Zebra Finches aren’t birdbrains, their connectome* is densely packed with neurons. To study the connections, scientists study a slice of the brain using an electron microscope. It requires high resolution to make out all the different neurites, the nerve cells extending from neurons.

The neural circuits then have to be reconstructed by tracing out the cells. There are several methods that help neurologists flesh these out, but the error rates are high and it still requires human expertise to look over the maps. It’s a painstaking chore, a cubic millimetre of brain tissue can generate over 1,000 terabytes of data.

“A recent estimate put the amount of human labor needed to reconstruct a 1003-µm3 volume at more than 100,000 h, even with an optimized pipeline,” according to the paper.

Now, AI researchers have developed a new method using a recurrent convolutional neural network known as a “flood-filling network”. It’s essentially an algorithm that finds the edges of a neuron path and fleshes out the space in between to build up a map of the different connections.

Here’s a video showing how they work.

“The algorithm is seeded at a specific pixel location and then iteratively “fills” a region using a recurrent convolutional neural network that predicts which pixels are part of the same object as the seed,” said Viren Jain and Michal Januszewski, co-authors of the paper and AI researchers at Google.

The flood-filling network was trained using supervised learning on a small region of a Zebra Finch brain complete with annotations. It’s difficult to measure the accuracy of the network, and instead the researchers use a “expected run length” (ERL) metric that measures how far it can trace out a neuron before making a mistake.

Flood-filling networks have a longer ERL than other deep learning methods that have also been tested on the same dataset. The algorithms were better than humans at identifying dendritic spines, tiny threads jutting off dendrites that help transmit electrical signals to cells. But the level of recall, a property measuring the completeness of the map, was much lower than data collected by a professional neurologist.

Another significant disadvantage of this approach is the high computational cost. “For example, a single pass of the fully convolutional FFN over a full volume is an order of magnitude more computationally expensive than the more traditional 3D convolution-pooling architecture in the baseline approach we used for comparison,” the researchers said.

Source: AI can untangle the jumble of neurons packed in brain scans • The Register

  • xyz_smap: 1
Artificial Intelligence

The SIM Hijackers: how hackers take your phone number and then all of your accounts

Posted in July 20, 2018 ¬ 12:44h.Robin EdgarComments Off on The SIM Hijackers: how hackers take your phone number and then all of your accounts

In the buzzing underground market for stolen social media and gaming handles, a short, unique username can go for between $500 and $5,000, according to people involved in the trade and a review of listings on a popular marketplace. Several hackers involved in the market claimed that the Instagram account @t, for example, recently sold for around $40,000 worth of Bitcoin.

By hijacking Rachel’s phone number, the hackers were able to seize not only Rachel’s Instagram, but her Amazon, Ebay, Paypal, Netflix, and Hulu accounts too. None of the security measures Rachel took to secure some of those accounts, including two-factor authentication, mattered once the hackers took control of her phone number.

In February, T-Mobile sent a mass text warning customers of an “industry-wide” threat. Criminals, the company said, are increasingly utilizing a technique called “port out scam” to target and steal people’s phone numbers. The scam, also known as SIM swapping or SIM hijacking, is simple but tremendously effective.

First, criminals call a cell phone carrier’s tech support number pretending to be their target. They explain to the company’s employee that they “lost” their SIM card, requesting their phone number be transferred, or ported, to a new SIM card that the hackers themselves already own. With a bit of social engineering—perhaps by providing the victim’s Social Security Number or home address (which is often available from one of the many data breaches that have happened in the last few years)—the criminals convince the employee that they really are who they claim to be, at which point the employee ports the phone number to the new SIM card.

Game over.

“With someone’s phone number,” a hacker who does SIM swapping told me, “you can get into every account they own within minutes and they can’t do anything about it.”

Source: The SIM Hijackers – Motherboard

  • xyz_smap: 1
Security

Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

Posted in July 20, 2018 ¬ 12:29h.Robin EdgarComments Off on Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

Remote-access software and modems on election equipment ‘is the worst decision for security short of leaving ballot boxes on a Moscow street corner.’

The nation’s top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had “provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006,” which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. “None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software,” the spokesperson said.

ES&S did not respond on Monday to questions from Motherboard, and it’s not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

Source: Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States – Motherboard

That is incredible poor, especially with all the talk of hackable voting machines.

  • xyz_smap: 1
Security

Blue Origin pushed its rocket ‘to its limits’ with another succesful high-altitude emergency abort test

Posted in July 20, 2018 ¬ 12:24h.Robin EdgarComments Off on Blue Origin pushed its rocket ‘to its limits’ with another succesful high-altitude emergency abort test

Update July 18th, 11:35AM ET: Blue Origin pulled off another successful test launch today, landing both the New Shepard rocket and capsule after flight. The company ignited the capsule’s emergency motor after it had separated from the rocket, pushing the spacecraft up to a top altitude of around 74 miles — a new record for Blue Origin. The firing also caused the capsule to sustain up to 10 Gs during the test, but Blue Origin host Ariane Cornell said “that is well within what humans can take, especially for such a short spurt of time.”

[…]

Blue Origin will be igniting the escape motor on the crew capsule. It’s a small engine located on the bottom of the capsule that can quickly propel the spacecraft up and away from the rocket booster in case there is an emergency during the flight. Blue Origin tested out this motor once before during a test launch in October 2016, fully expecting the motor to destroy the booster. When the motor ignites, it slams the booster with 70,000 pounds of thrust and forceful exhaust. And yet, the booster survived the test, managing to land on the floor of the Texas desert.

This time around, Blue Origin plans to ignite the motor at a higher altitude than last time, “pushing the rocket to its limits,” according to the company. It’s unclear how high the ignition will occur, though, and if the booster will survive the test again.

No passengers will be flying on this trip, except for Blue Origin’s test dummy, which the company has named Mannequin Skywalker. Mannequin will be riding inside the crew capsule along with numerous science experiments from NASA, commercial companies, and universities. Santa Fe company Solstar, which flew with Blue Origin during its last launch, is going to test out its Wi-Fi access again during the flight. NASA will have a payload designed to take measurements of the conditions inside the capsule throughout the trip, such as temperature, pressure, and acoustics. There’s even a bunch of payloads made by Blue Origin’s employees as part of the company’s own “Fly My Stuff” program.

Source: Blue Origin pushed its rocket ‘to its limits’ with high-altitude emergency abort test – The Verge

Isn’t it refreshing to see a private space programme that not only doesn’t crash and explode all the time (*cough* Elon) but works better than expected!

  • xyz_smap: 1
Space

Robocall Firm Exposes Hundreds of Thousands of US Voters’ Records

Posted in July 20, 2018 ¬ 11:00h.Robin EdgarComments Off on Robocall Firm Exposes Hundreds of Thousands of US Voters’ Records

Personal details and political affiliations exposed

The server that drew Diachenko’s attention, this time, contained 2,584 files, which the researcher later connected to RoboCent.

The type of user data exposed via Robocent’s bucket included:

⬖  Full Name, suffix, prefix
⬖  Phone numbers (cell and landlines)
⬖  Address with house, street, city, state, zip, precinct
⬖  Political affiliation provided by state, or inferred based on voting history
⬖  Age and birth year
⬖  Gender
⬖  Jurisdiction breakdown based on district, zip code, precinct, county, state
⬖  Demographics based on ethnicity, language, education

Other data found on the servers, but not necessarily personal data, included audio files with prerecorded political messages used for robocalls.

According to RoboCent’s website, the company was not only providing robo-calling services for political surveys and inquiries but was also selling this data in raw format.

“Clients can now purchase voter data directly from their RoboCall provider,” the company’s website reads. “We provide voter files for every need, whether it be for a new RoboCall or simply to update records for door knocking.”

The company sells voter records for a price of 3¢/record. Leaving the core of its business available online on an AWS bucket without authentication is… self-defeating.

Source: Robocall Firm Exposes Hundreds of Thousands of US Voters’ Records

  • xyz_smap: 1
Privacy - Security

CORSAIR VENGEANCE RGB 32GB (2x16GB) DDR4 RAM With LED lighting options!

Posted in July 20, 2018 ¬ 10:55h.Robin EdgarComments Off on CORSAIR VENGEANCE RGB 32GB (2x16GB) DDR4 RAM With LED lighting options!

https://www.amazon.com/gp/product/B074Q45BNH/?tag=kinjadeals-20&ascsubtag=ebf789a7fa46899cb34d591a207ded5de5249450&rawdata=%5Br%7C(direct)%5Bt%7Clink%5Bp%7C1827726564%5Ba%7CB074Q45BNH%5Bau%7C5727177402741770316%5Bb%7Ctheinventory

 

  • Broad range of lighting configurations to complement the style of your system
  • CORSAIR LINK enables fully programmable lighting effects, memory monitoring, and additional integration with other CORSAIR products
  • Allows for a clean, seamless integration
  • Improves thermal conductivity and appearance
  • Superior overclocking potential

https://www.amazon.com/gp/product/B074Q45BNH/?tag=kinjadeals-20&ascsubtag=ebf789a7fa46899cb34d591a207ded5de5249450&rawdata=%5Br%7C(direct)%5Bt%7Clink%5Bp%7C1827726564%5Ba%7CB074Q45BNH%5Bau%7C5727177402741770316%5Bb%7Ctheinventory

 

  • xyz_smap: 1
Gadgets

AI plus a chemistry robot finds all the reactions that will work

Posted in July 20, 2018 ¬ 10:49h.Robin EdgarComments Off on AI plus a chemistry robot finds all the reactions that will work

Lee Cronin, the researcher who organized the work, was kind enough to send along an image of the setup, which looks nothing like our typical conception of a robot (the researchers refer to it as “bespoke”). Most of its parts are dispersed through a fume hood, which ensures safe ventilation of any products that somehow escape the system. The upper right is a collection of tanks containing starting materials and pumps that send them into one of six reaction chambers, which can be operated in parallel.

The robot in question. MS = Mass Spectrometer; IR = Infrared Spectrometer.
Enlarge / The robot in question. MS = Mass Spectrometer; IR = Infrared Spectrometer.
Lee Cronin

The outcomes of these reactions can then be sent on for analysis. Pumps can feed samples into an IR spectrometer, a mass spectrometer, and a compact NMR machine—the latter being the only bit of equipment that didn’t fit in the fume hood. Collectively, these can create a fingerprint of the molecules that occupy a reaction chamber. By comparing this to the fingerprint of the starting materials, it’s possible to determine whether a chemical reaction took place and infer some things about its products.

All of that is a substitute for a chemist’s hands, but it doesn’t replace the brains that evaluate potential reactions. That’s where a machine-learning algorithm comes in. The system was given a set of 72 reactions with known products and used those to generate predictions of the outcomes of further reactions. From there, it started choosing reactions at random from the remaining list of options and determining whether they, too, produced products. By the time the algorithm had sampled 10 percent of the total possible reactions, it was able to predict the outcome of untested reactions with more than 80-percent accuracy.

And, since the earlier reactions it tested were chosen at random, the system wasn’t biased by human expectations of what reactions would or wouldn’t work.

Once it had built a model, the system was set up to evaluate which of the remaining possible reactions was most likely to produce products and prioritize testing those. The system could continue on until it reached a set number of reactions, stop after a certain number of tests no longer produced products, or simply go until it tested every possible reaction.

Neural networking

Not content with this degree of success, the research team went on to add a neural network that was provided with data from the research literature on the yield of a class of reactions that links two hydrocarbon chains. After training on nearly 3,500 reactions, the system had an error of only 11 percent when predicting the yield on another 1,700 reactions from the literature.

This system was then integrated with the existing test setup and set loose on reactions that hadn’t been reported in the literature. This allowed the system to prioritize not only by whether the reaction was likely to make a product but also how much of the product would be produced by the reaction.

All this, on its own, is pretty impressive. As the authors put it, “by realizing only 10 percent of the total number of reactions, we can predict the outcomes of the remaining 90 percent without needing to carry out the experiments.” But the system also helped them identify a few surprises—cases where the fingerprint of the reaction mix suggested that the product was something more than a simple combination of starting materials. These reactions were explored further by actual human chemists, who identified both ring-breaking and ring-forming reactions this way.

That last aspect really goes a long way toward explaining how this sort of capability will fit into future chemistry labs. People tend to think of robots as replacing humans. But in this context, the robots are simply taking some of the drudgery away from humans. No sane human would ever consider trying every possible combination of reactants to see what they’d do, and humans couldn’t perform the testing 24 hours a day without dangerous levels of caffeine anyway. The robots will also be good at identifying the rare cases where highly trained intuitions turn out to lead us astray about the utility of trying some reactions.

Source: AI plus a chemistry robot finds all the reactions that will work | Ars Technica

  • xyz_smap: 1
Artificial Intelligence

Dutch F-16 flies using fryer fat

Posted in July 20, 2018 ¬ 09:55h.Robin EdgarComments Off on Dutch F-16 flies using fryer fat

The aircraft flew for two weeks on kerosine with 5% biofuel. Unfortunately there is not enough fuel available to allow for more than one aircraft to fly for two weeks. A chicken and egg dilemma.

Een F-16 van Vliegbasis Leeuwarden stootte de afgelopen 2 weken minder CO2 uit tijdens het vliegen. Het toestel koos het luchtruim op kerosine met 5% BioFuel. De proef stopt nu, omdat er op dit moment onvoldoende biobrandstof beschikbaar is om met meer dan 1 toestel of langer dan 2 weken te vliegen.

Source: F-16 vliegt prima op frituurvet | Nieuwsbericht | Defensie.nl

  • xyz_smap: 1
Military

China’s latest quantum radar could help detect stealth planes, missiles

Posted in July 20, 2018 ¬ 09:42h.Robin EdgarComments Off on China’s latest quantum radar could help detect stealth planes, missiles

On June 22, China Electronics Technology Group Corporation (CETC), China’s foremost military electronics company, announced that its groundbreaking quantum radar has achieved new gains, which could allow it to detect stealth planes.

The CETC claims its system is now capable of tracking high altitude objects, likely by increasing the coherence time entangled photons. CETC envisions that its quantum radar will be used in the stratosphere to track objects in “the upper atmosphere and beyond” (including space).

While conventional radars just measure the reflection of radio waves, a quantum radar uses entangled photons, which result when a microwave signal beam is entangled with an optical idler beam. The microwave beam’s entangled photons bounce off of the target object and back to the quantum radar. The system compares them with the entangled photons of the optical idler beam. As a result, it can identify the position, radar cross section, speed, direction and other properties of detected objects. Importantly, attempts to spoof the quantum radar would be easily noticed since any attempt to alter or duplicate the entangled photons would be detected by the radar.

Quantum Radar China

Quantum Radar

The quantum radar could ‘observe’ on the composition of the target, since in the state of entanglement, the entangled photons remaining in the radar would show the same changes that transmitted photons would have when interacting with the target (known as quantum correlation).

Li Huifang, Wang Kai, Wang Kaibing, Wu Jun

This shift is important to the back and forth of detection that has long been the story of radars vs stealth planes (which are a crucial feature of US air power). Because stealth aircraft are optimized to elude radio waves used by conventional radars, they would be much more susceptible to detection by their interaction with entangled photons. Additionally, the quantum radar could ‘observe’ on the composition of the target. Such a capability is important not just for detecting aircraft, but would also be very valuable in missile defense, where one could differentiate between an actual nuclear warhead against inflatable decoys.

China Yuanmeng airship

Yuanmeng

This concept art shows China’s 18,000 cubic meter Yuanmeng airship 20km above the ground (and for some reason, off the coast of the Mid Atlantic U.S.). One of the highest flying airships, the Yuanmeng can provide wide area surveillance and communications capability.

cannews.com

For its near-space platform, the quantum radar will be installed on either a high altitude blimp or a very high altitude UAV. In this role, quantum radar would be a strategic warning system against enemy ballistic missiles and detection system against high-speed aircraft like the SR-72. For space surveillance missions, it could provide high-fidelity details on classified systems such as spy satellites and space planes like the X-37B—possibly including payload details.

Source: China’s latest quantum radar could help detect stealth planes, missiles | Popular Science

  • xyz_smap: 1
Military

Python creator Guido van Rossum sys.exit()s as language overlord

Posted in July 18, 2018 ¬ 09:17h.Robin EdgarComments Off on Python creator Guido van Rossum sys.exit()s as language overlord

Guido van Rossum – who created the Python programming language in 1989, was jokingly styled as its “benevolent dictator for life”, and ushered it to global ubiquity – has stepped down, and won’t appoint a successor.

In a mailing list post on Thursday titled, “Transfer of Power,” he wrote: “Now that PEP 572 is done, I don’t ever want to have to fight so hard for a PEP and find that so many people despise my decisions.”

A PEP is a Python Enhancement Proposal, and it’s the process by which Python evolves with new features or adjacent standards.

In his friendly dictatorial role, Van Rossum signed off on each of proposal personally, an approach that contrasts strongly with comparable projects, such as PHP, that put such matters to a vote.

[…]

“I’ll still be there for a while as an ordinary core dev, and I’ll still be available to mentor people – possibly more available,” he added. “But I’m basically giving myself a permanent vacation from being BDFL, and you all will be on your own.”

He’s left behind no governing principles or a successor, but said a debate on those issues was coming anyway, citing the potential for him to be hit by a bus and the fact that “I’m not getting younger… (I’ll spare you the list of medical issues.)”

“So what are you all going to do?” he asked the python-committers mailing list. “Create a democracy? Anarchy? A dictatorship? A federation? We may be able to write up processes for these things as PEPs (maybe those PEPs will form a kind of constitution). But here’s the catch. I’m going to try and let you all (the current committers) figure it out for yourselves.

“I’ll still be here, but I’m trying to let you all figure something out for yourselves.”

Van Rossum’s achievements are hard to overstate: Python is among the most-used languages in the world. It’s advanced as an ideal beginners’ language, and has also been used in heavyweight enterprise apps. The likes of YouTube, Instagram, and Dropbox (van Rossum’s day job) all use it.

CodingDojo recently rated it the second-most-in-demand skill in job ads for developers. Stack Overflow’s 2018 developer survey ranked Python as the seventh-most popular “Programming, Scripting, and Markup Language”, ahead of C#, Ruby and PHP.

Source: Python creator Guido van Rossum sys.exit()s as language overlord • The Register

  • xyz_smap: 1
Software

Newly Discovered ‘Asteroid’ Is actually two orbiting around each other

Posted in July 18, 2018 ¬ 09:11h.Robin EdgarComments Off on Newly Discovered ‘Asteroid’ Is actually two orbiting around each other

Near-Earth object 2017 YE5 was first spotted by astronomers at the Oukaïmeden Observatory in Morocco in December of last year, but virtually nothing about it, beyond its presence, was known. In June, the object made the closest approach it will make to Earth for the next 170 years, allowing scientists to take a closer look. What was initially assessed as a single asteroid turned out to be two objects in orbit around each other: a double asteroid.

Yep, there’s two of ‘em.
Image: Arecibo/GBO/NSF/NASA/JPL-Caltech

Normally we’d say this is no biggie; around 15 percent of all known asteroids larger than 650 feet (200 meters) in diameter are binaries. But 2017 YE5 is special because it’s an “equal mass” binary, in which the two objects are roughly the same mass. The vast majority of binaries involve an unequal pair, in which one asteroid is significantly larger than the other. Astronomers have documented tens of thousands of asteroids in the Solar System, yet this is just the fourth known equal mass binary. The latest observations are now offering the most detailed images ever taken of this exceptionally rare phenomenon.

Source: Newly Discovered ‘Asteroid’ Is Far Freakier Than Astronomers Expected

  • xyz_smap: 1
Space

Two Cancer Drugs Found to Boost Aging Immune Systems 

Posted in July 18, 2018 ¬ 09:09h.Robin EdgarComments Off on Two Cancer Drugs Found to Boost Aging Immune Systems 

A new clinical trial published Wednesday in Science Translational Medicine has found evidence that low doses of two existing drugs can boost the immune system of an elderly person, helping it fight common deadly infections, including the flu, with seemingly little to no side effects.

The trial, run by scientists at the pharmaceutical company Novartis, involved more than 250 relatively healthy people over the age of 65 and was conducted from 2013 to 2015. The volunteers were randomly divided into five groups. Two groups received different doses of the approved chemotherapy and immunosuppressant drug everolimus; one received a dose of the experimental chemotherapy drug dactolisib; and one received a dose of everolimus and dactolisib combined (both drugs were developed by Novartis). The fifth group was simply given a placebo. The groups took the drugs or placebo daily for six weeks, then got the 2014 seasonal flu shot two weeks later. For the next nine months, their health was meticulously tracked though diaries and blood tests.

By the end of the year, all of the drug groups reported fewer infections than the placebo group. But the difference was largest among the people who took both drugs at once: They reported an average of 1.49 infections during the year, compared to the 2.41 infections reported by the placebo group. They were also the only treatment group whose blood showed a significantly better immune response to the flu vaccine to the placebo group, indicating they were more protected.

[…]

These drugs inhibit the production of mTOR, an enzyme that help cells produce other substances. For decades, though, scientists have suspected that mTOR plays a role in aging. Experiments in mice and other animals have shown that knocking out mTOR incidentally extends their lives. There are two major cellular pathways that mTOR is involved in, though, TORC1 and TORC2, and it’s only knocking out TORC1 that has been associated with anti-aging effects. In the low doses used by the researchers, the drugs only inhibit TORC1.

The effects of improved immunity seem to come without any major side effects. None of the treatment groups had a higher rate of side effects than the placebo group, and no single reported side effect, such as diarrhea, was directly attributed to the drugs. There was even evidence that these drugs lowered the risk of high blood sugar and cholesterol as well as improved immune function.

[…]

“More studies to query the benefits of mTOR antagonists in ‘healthy older persons’ are needed… and the sooner the better,” he added.

That said, some caution is warranted. The study was only a Phase 2a clinical trial, which is used to figure out the best dosage of an experimental treatment. The next step is to suss out just how effective these drugs can be with a larger group of volunteers, and whether they can work better for vulnerable groups, such as the especially elderly (over age 85), who are at higher risk of dying from respiratory infections.

“Our clinical trial is a first step in determining if mTOR inhibitors can be used to promote healthy aging in humans,” study author Joan Mannick told Gizmodo. “However we still have a lot to learn, and the results need to be reproduced and validated in additional clinical trials.”

Source: Two Cancer Drugs Found to Boost Aging Immune Systems 

  • xyz_smap: 1
Human Interest

Roku releases speakers that turn volume down for loud ads and up for soft programmes. Unfortunately, only for Roku TVs.

Posted in July 18, 2018 ¬ 08:57h.Robin EdgarComments Off on Roku releases speakers that turn volume down for loud ads and up for soft programmes. Unfortunately, only for Roku TVs.

While the tech specs of the speakers haven’t been released yet, we know how they’ll connect to and work with Roku TVs. The speaker set pairs wirelessly with Roku TVs via Roku Connect, and, thanks to built-in software that works with Roku OS, the speakers will sync up with whatever you’re watching on the smart TV. Roku told Ars in a briefing that the speakers will play optimized audio from anything connected to the paired Roku TV, including cable boxes, antennas, and even Bluetooth devices like your smartphone.

“Optimized” in this sense refers to the software-improved audio quality: automatic volume leveling will boost lower audio in quiet scenes and lower audio in loud scenes (and in booming commercials), and dialogue enhancement will improve speech intelligibility.

Source: Roku wants to grab audiophiles with its new wireless speakers for Roku TVs | Ars Technica

What a brilliant idea, and why can’t we all get it?!

  • xyz_smap: 1
Gadgets

‘007’ code helps stop Spectre exploits before they exist

Posted in July 18, 2018 ¬ 08:55h.Robin EdgarComments Off on ‘007’ code helps stop Spectre exploits before they exist

At arXiv, Singaporean and US researchers have published work, appropriately dubbed “007”, which checks code to see if it’s trying to exploit Spectre; and at Virus Bulletin, Fortinet’s Axelle Apvrille takes a look at the bug from an Android point of view.

Apvrille’s work backs up what we’ve heard from other researchers: so far, Spectre exploitation is theoretical, with no exploits in the wild. She wrote that while there was a flurry of “Spectre exploit” stories based on AV-Test sample collection, it turned out that all of the reported samples were proofs-of-concept rather than genuine malware.

She adds: “there is a significant difference between a PoC of Spectre and a piece of malware using Spectre. Turning a PoC into a malicious executable is far from a trivial process.”

That doesn’t make this kind of work pointless, though, since it’s a good thing to stay ahead of whatever nasties black hats might devise.

In developing a detection technique, Apvrille’s second conclusion was also good news: an attack against Spectre, she found, seems relatively easy to detect.

She wrote that “we had expected several false positives with this signature, but that was not the case: this imperfect signature turns out to be quite good in practice.”

The signature Apvrille searched for (using the in-practice impracticably-slow technique of searching whole binaries) was to identify “Flush+Reload cache attacks in ELF x86-64 executables”.

Source: ‘007’ code helps stop Spectre exploits before they exist • The Register

  • xyz_smap: 1
Security
 
Skip to toolbar