msm1267 writes: Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored. Stephen Checkoway, assistant professor of computer science at the University of Illinois at Chicago, said that he and a number of crypto experts looked at dozens of versions of Juniper's NetScreen firewalls and learned that ANSI X9.31 was used exclusively until ScreenOS 6.2 when Juniper added Dual_EC. It also changed the size of the nonce used with ANSI X9.31 from 20 bytes to 32 bytes for Dual_EC, giving an attacker the necessary output to predict the PRNG output. 'And at the same time, Juniper introduced what was just a bizarre bug that caused the ANSI generator to never be used and instead just use the output of Dual_EC. They made all of these changes in the same version update.'

An anonymous reader writes: Transit tech firm TransLoc has agreed to partner with global ride-sharing giant Uber, to help public transport users plan their routes and schedule rides to reach their final destination. The set up will help users plan trips via different modes of transport and offer an end-to-end route planning service, according to the companies. The partnership will see the integration of Uber's ride-sharing API and the TransLoc 'Rider' app, which provides real-time public transit tracking, arrival predictions and proximity alerts. Users will be able to simply input their destination in the Rider app and receive a tailored journey, incorporating the 'optimal combination' of walking, public transit options and Uber.

MarkWhittington writes: Robert Bigelow of Bigelow Aerospace opened his new Twitter account with the suggestion that Donald Trump, the mercurial businessman who is running for president, might just give the United States an inspirational space program. Then, thinking better of the idea, Bigelow deleted the tweet and replaced it with an image of the Olympus inflatable space module, which his company envisions as being the basis of a commercial space station.

Zothecula writes: If one is going to get into the asteroid mining business, one needs to prove that you can do something with what's brought back. That seems to be the thinking behind Planetary Resources' recent presentation at CES in Las Vegas, where the asteroid mining company unveiled the first object 3D printed using extraterrestrial materials. Made in collaboration with 3D Systems, the nickel-iron sculpture represents a stylized, geometric spacecraft, such as might be used for asteroid mining or prospecting. Planetary Resources says it is representative of what could be printed in a weightless environment.

chicksdaddy writes: The U.S. Internal Revenue Service has announced that it will treat identity theft protection as a non-taxable, non-reportable benefit that companies can offer — even when the company in question hasn't experienced a data breach, and regardless of whether it is offered by an employer to employees, or by other businesses (such as online retailers) to its customers, the blog E for ERISA reports. In short: companies can now deduct the cost of offering identity theft protection as a benefit for employees or extending it to customers, even if their data hasn't been exposed to hackers.

The announcement comes only four months after an earlier announcement by the IRS that it would treat identity theft protection offered to employees or customers in the wake of a data breach as a non-taxable event. Comments to the IRS following the earlier decision suggested that many businesses view a data breach as "inevitable" rather than as a remote risk.

The truth of that statement was made clear to the IRS itself, which had to provide identity theft protection earlier this year in response to a hack of its online database of past-filed returns and other filed documents which ultimately affected over 300,000 taxpayers. The new IRS guidance could be a boon to providers of identity protection services such as Experian and Lifelock, though maybe not as much as one would expect. Data from Experian suggests that consumer adoption rates for identity theft protection services is low. Fewer than 10% of those potentially affected by a breach opt for free identity protection services when they are offered. For very large breaches that number is even lower — in the single digit percentages.

Koreantoast writes: It's no secret that governments across the globe have been taking advantage of new technologies to create stronger surveillance systems on citizens. While many have focused on the actions of intelligence agencies, local police departments continue to create more sophisticated systems as well. A recent article highlights one new system deployed by the Fresno, California police department, Intrado's Beware. The system scours police data, public records, social media, and public Internet data to provide a "threat level" of a potential suspect or residency. The software is part of a broader trend of military counterinsurgency tools and algorithms being repurposed for civil use. While these tools can help police manage actively dangerous situations, providing valuable intel when responding to calls, the analysis also raises serious civil liberties questions both in privacy (where the data comes from) and accuracy (is the data valid, was the analysis done correctly). Also worrying are the long term ramifications to such technologies: there has already been some speculation about "citizen scores," could a criminal threat score be something similar? At very least, as Matt Cagle of the ACLU noted, "there needs to be a meaningful debate... there needs to be safeguards and oversight."

sciencehabit writes: Thomas Edison would be pleased. Researchers have come up with a way to dramatically improve the efficiency of his signature invention, the incandescent light bulb. The approach uses nanoengineered mirrors to recycle much of the heat produced by the filament and convert it into additional visible light. The new-age incandescents are still far from a commercial product, but their efficiency is already nearly as good as commercial LED bulbs, while still maintaining a warm old-fashioned glow.

chalsall writes: Intel has confirmed an in-the-wild bug that can freeze its Skylake processors. The company is pushing out a BIOS fix. Ars reports: "No reason has been given as to why the bug occurs, but it's confirmed to affect both Linux and Windows-based systems. Prime95, which has historically been used to benchmark and stress-test computers, uses Fast Fourier Transforms to multiply extremely large numbers. A particular exponent size, 14,942,209, has been found to cause the system crashes. While the bug was discovered using Prime95, it could affect other industries that rely on complex computational workloads, such as scientific and financial institutions. GIMPS noted that its Prime95 software "works perfectly normal" on all other Intel processors of past generations."

jones_supa writes: North Korea has expanded its own loudspeaker broadcasts along the inter-Korean border as a counteraction to South Korea's retaliatory broadcasts critical of the communist nation, sources said Monday. In retaliation for North's nuclear test last Wednesday, South resumed its anti-Pyongyang broadcast campaign two days later, a form of psychological warfare detested by the communist country, where outside information is tightly blocked out. "The North initially operated its own loudspeakers at two locations and has now expanded to several locations," a government source said. "In fact, the anti-South loudspeaker broadcasts appear to be coming from every location where we are broadcasting." The North Korean broadcasts are not clearly audible from the South Korean side of the border, but mostly deal with internal propaganda messages and music promoting its leader Kim Jong-un. "We are not sure if it's an issue of electric power or the performance of the loudspeakers, but the sound is very weak," another government source said.

v3rgEz writes: When a dolphin died in New Jersey's South River last year, Carly Sitrin wanted to know what killed it. So she filed a public record request to the NJ Department of Agriculture in order to get the necropsy results. The DOA finally responded last week with the weird decision to deny the release of the record on grounds of medical privacy. The response reads in part: "We are in receipt of your request for information (#W101407) under the auspices of the State’s Open Public Records Act (O.P.R.A.). Specifically, you requested any and all reports associated with the necropsy of the dolphin that strayed into the South River on August 5, 2015 in Middlesex County, New Jersey. This request is denied as it would release information deemed confidential under O.P.R.A., specifically information related to a medical diagnosis or evaluation. (E.O. 26, McGreevey)"

szczys writes: "Hackers" — people who non-maliciously test the limits of technology — have a very different societal standing depending on the country they live in. To illustrate the concept, consider the history of hackers in the United States versus those in Germany. Both communities have their genesis with the telecom systems of the 1980's, when hackers were called Phone Phreakers and traded secrets on telephone system exploits. These groups were the earliest to test the security and vulnerability of the burgeoning Internet, but their paths diverged. Hackers in Germany formed political parties while in the US they were targeted by law enforcement. The result is two very different communities filled with highly skilled individuals, but one must fly under the radar while the other enjoys much wider open acceptance.

New submitter Zane C. writes: A new study once again shows vaccines have no link with yet another batch of medical disorders. The vaccine in question is a relatively new HPV vaccine called Gardasil, mainly targeting preteens to reduce infection. Phil Plait has more on this, debunking anti-vax claims and explaining why you should receive the vaccine: "It’s another typical anti-vax call to arms due to a complete and gross misunderstanding of how reality works. To them, if something happens after something else, it was caused by that first thing. This is the classic post hoc, ergo propter hoc fallacy. But the Universe doesn’t work that way. And this kind of bad thinking has consequences. In the U.S. alone, 79 million people are infected with HPV. That’s more than a quarter of the entire population. Fourteen million new cases crop up every year. Gardasil can substantially cut those numbers back—it’s working, and working well, in the U.S. and Australia—but not if the fearmongering falsehoods by anti-vaxxers get traction."

LichtSpektren writes: As you may recall, Microsoft has delivered KB3035583 as a 'recommended update' to users of Windows 7 and 8.1. What this update does is install GWX ("Get Windows 10"), a program which diagnoses the system to see if it is eligible for a free upgrade to Windows 10, and if so, asks the user if they would like to upgrade (though recently, the option to decline has been removed). Some users have gotten around this by editing Windows Registry values for "AllowOSUpgrade", "DisableOSUpgrade", "DisableGWX", and "ReservationsAllowed" in order to disable the prompt altogether. This advice was endorsed by Microsoft on their support forums.

According to a report by Woody Leonhard at InfoWorld, the newest version of the KB3035583 update includes a background process which scans the system's Windows Registry twice a day to see if the values for the four aforementioned registry inputs were manually edited to disable the upgrade prompt. If they were, the process will alter the values, silently re-download the Windows 10 installation files (about 6 GB in total), and prompt the user to upgrade.

Patrick O'Neill writes: The debate over surveillance hit the 2016 race for the White House again on Sunday when Republican presidential candidate Marco Rubio said he wants to add to American surveillance programs, many of which were created after 9/11. He invoked a recent shooting of a Philadelphia police officer by a man who allegedly pledged allegiance to the Islamic State. "This the kind of threat we now face in this country," Rubio said. "We need additional tools for intelligence." Rubio also addressed the NSA leaks that led to this debate: "Edward Snowden is a traitor. He took our intelligence information and gave it to the Chinese and gave it to the Russians. We cannot afford to have a commander-in-chief who thinks people like Edward Snowden are doing a good public service."

An anonymous reader writes: Five years after AT&T discontinued its unlimited mobile data plan, the company is bringing it back with a catch: users must be subscribed to DirecTV or U-verse TV as well. The service will start at $100/month for a single subscriber. Two additional users can be added for $40/month each, and the fourth is free. There's also one more caveat: "Customers that exceed 22 gigabytes of data use in one month will have their speed throttled during peak network traffic periods." AT&T looks to do battle with T-Mobile, who has a similar four-person plan. This is one of the first major consequences of AT&T's acquisition of DirecTV last year for $48.5 billion. The company says it will soon roll out other plans to combine the services.

itwbennett writes: A new study of a recent cyberattack against Ukrainian power companies suggests malware didn't directly cause the outages that affected at least 80,000 customers. While malware was used to gain access to networks, the attackers then opened circuit breakers that cut power, according to information published Saturday by the SANS Industrial Control Systems (ICS) team. The attackers used direct intervention to try to mask their actions to the power systems operators and also conducted denial-of-service attacks on the utilities' phone systems to block complaints from affected customers, SANS said.

An anonymous reader writes: Nvidia GPUs don't clear out memory that was previously allocated, and neither does Chrome before releasing memory back to the shared memory pool. When a user recently fired up Diablo 3 several hours after closing an Incognito Mode window that contained pornography, the game launched with snapshots of the last "private" browsing session appearing on the screen — revealing his prior activities. He says, "It's a fairly easy bug to fix. A patch to the GPU drivers could ensure that buffers are always erased before giving them to the application. It's what an operating system does with the CPU RAM, and it makes sense to use the same rules with a GPU. Additionally, Google Chrome could erase their GPU resources before quitting."

echo-e writes: Renowned singer David Bowie has died after an 18-month battle with cancer. His latest album, Blackstar, was only just released on Friday — his birthday. His last live show was in 2006. Bowie rose to fame in the 1970s, and he is known for hits such as Under Pressure, Let's Dance, and Space Oddity. He also appeared in handful of films, such as Labyrinth in 1986. Bowie was also notable for being one of the few musicians to immediately see the value and staying power of MP3s and the digital distribution of music. If anything, he was overly optimistic about it. In 2002, he said, "I don't even know why I would want to be on a label in a few years, because I don't think it's going to work by labels and by distribution systems in the same way. The absolute transformation of everything that we ever thought about music will take place within 10 years, and nothing is going to be able to stop it. I see absolutely no point in pretending that it's not going to happen. I'm fully confident that copyright, for instance, will no longer exist in 10 years, and authorship and intellectual property is in for such a bashing."

theodp writes: When President Obama delivers his final State of the Union address on Tuesday, the White House reports that the inspiring individuals seated with the First Lady will include Microsoft CEO Satya Nadella. "Microsoft has been a leader in expanding access to computer science in K-12 classrooms," explains the White House, perhaps unaware that the company reportedly struck a deal to kill BASIC on Macs in 1985 and stopped including BASIC on PCs after Windows 95. Ironically, Microsoft now laments that girls began to stop seeing themselves as coders after 1984, which gave rise to the need for today's Microsoft-led national K-12 CS intervention. "Girls don't see other girls programming," Microsoft explained in 2013, "so they just don't know that it's available to them." So, is there such a thing as corporate Munchausen syndrome by proxy?

Trailrunner7 writes: Perhaps because smart lightbulbs that refuse firmware updates and refrigerators with blue screens of death aren't enough fun on their own, a new WiFi protocol designed specifically for IoT devices and appliances is on the horizon, bringing with it all of the potential security challenges you've come to know and love in WiFi classic. The new protocol is based on the 802.11ah standard from the IEEE and is being billed as Wi-Fi HaLow by the Wi-Fi Alliance. Wi-Fi HaLow differs from the wireless signal that most current devices uses in a couple of key ways. First, it's designed as a low-powered protocol and will operate in the range below one gigahertz. Second, the protocol will have a much longer range than traditional Wi-Fi, a feature that will make it attractive for use in applications such as connecting traffic lights and cameras in smart cities. But, as with any new protocol or system, Wi-Fi HaLow will carry with it new security considerations to face. And one of the main challenges will be securing all of the various implementations of the protocol.

joabj writes: For years, PostgreSQL users would ask when their favorite open source database system would get the UPSERT operator, which can either insert an entry or update it if a previous version already existed. Other RDMS have long offered this feature. Bruce Momjian, one of the chief contributors to PostgreSQL, admits to being embarrassed that it wasn't supported. Well, PostgreSQL 9.5, now generally available, finally offers a version of UPSERT and users may be glad the dev team took their time with it. Implementations of UPSERT on other database systems were "handled very badly," sometimes leading to unexpected error messages Momjian said. Turns out it is very difficult to implement on multi-user systems. "What is nice about our implementation is that it never generates an unexpected error. You can have multiple people doing this, and there is very little performance impact," Momjian said. Because it can work on multiple tables at once, it can even be used to merge one table into another.