Almost all Android devices released since 2012 are vulnerable to RAMpage bug, an international team of academics has revealed today. From a report: The vulnerability, tracked as CVE-2018-9442, is a variation of the Rowhammer attack. Rowhammer is a hardware bug in modern memory cards. A few years back researchers discovered that when someone would send repeated write/read requests to the same row of memory cells, the write/read operations would create an electrical field that would alter data stored on nearby memory. In the following years, researchers discovered that Rowhammer-like attacks affected personal computers, virtual machines, and Android devices. Through further researcher, they also found they could execute Rowhammer attacks via JavaScript code, GPU cards, and network packets.

DevNull127 writes: A grateful reporter whose father-in-law liberated a concentration camp after D-Day reports on a high-tech team that "accomplished in 13 minutes what took Alan Turing years to do — and at a cost of just $7."

"In late 2017, at the Imperial War Museum in London, developers applied modern AI techniques to break the 'unbreakable' Enigma machine used by the Nazis to encrypt their correspondences in World War II."

Two Polish co-founders of a company called Enigma Pattern decided to honor Alan Turing's ground-breaking work at Bletchley Park, where Turing had automated the testing of over 15 billion possible passwords each day by building what's considered the first modern computer. They took the problem to a modern cloud infrastructure provider, renting what one describes as "2,000 minions that do the tedious work" — specifically, crunching 41 million combinations each second — using Grimm's Fairy Tales to train an algorithm to recognize when they had found a commonly-used German word (including familiar bedtime stories like Hansel & Gretl and Rumpelstiltskin). "In the end the AI could not understand German. But it did what machine learning does best: recognize patterns."

"After 13 minutes of minion work, boom! The new Bombe had broken the code."

Turing's birthday is Saturday — and it's nice to see him being remembered so fondly.

A major U.S. government report warns that advances in synthetic biology now allow scientists to have the capability to recreate dangerous viruses from scratch; make harmful bacteria more deadly; and modify common microbes so that they churn out lethal toxins once they enter the body. The Guardian reports: In the report, the scientists describe how synthetic biology, which gives researchers precision tools to manipulate living organisms, "enhances and expands" opportunities to create bioweapons. "As the power of the technology increases, that brings a general need to scrutinize where harms could come from," said Peter Carr, a senior scientist at MIT's Synthetic Biology Center in Cambridge, Massachusetts.

The report calls on the U.S. government to rethink how it conducts disease surveillance, so it can better detect novel bioweapons, and to look at ways to bolster defenses, for example by finding ways to make and deploy vaccines far more rapidly. For every bioweapon the scientists consider, the report sets out key hurdles that, once cleared, will make the weapons more feasible. The Guardian references a case 20 years ago where geneticist Eckard Wimmer recreated the poliovirus in a test tube. Earlier this year, a team at the University of Alberta built an infectious horse pox virus. "The virus is a close relative of smallpox, which may have claimed half a billion lives in the 20th century," reports The Guardian. "Today, the genetic code of almost any mammalian virus can be found online and synthesized."

Wired has a story on Windows' red team, which consists of a group of hackers (one of whom jailbroke Nintendo handhelds in a former life, another has more than one zero-day exploit to his name, and a third signed on just prior to the devastating Shadow Brokers leak), who are tasked with finding holes in the world's most used desktop operating system. From the story: The Windows red team didn't exist four years ago. That's around the time that David Weston, who currently leads the crew as principal security group manager for Windows, made his pitch for Microsoft to rethink how it handled the security of its marquee product. "Most of our hardening of the Windows operating system in previous generations was: Wait for a big attack to happen, or wait for someone to tell us about a new technique, and then spend some time trying to fix that," Weston says. "Obviously that's not ideal when the stakes are very high."

[...] Together, the red teamers spend their days attacking Windows. Every year, they develop a zero-day exploit to test their defensive blue-team counterparts. And when emergencies like Spectre or EternalBlue happen, they're among the first to get the call. Again, red teams aren't novel; companies that can afford them -- and that are aware they could be targeted -- tend to use them. If anything, it may come as a surprise that Microsoft hadn't sicced one on Windows until so recently. Microsoft as a company already had several other red teams in place by the time Weston built one for Windows, though those focused more on operational issues like unpatched machines. "Windows is still the central repository of malware and exploits. Practically, there's so much business done around the world on Windows. The attacker mentality is to get the biggest return on investment in what you develop in terms of code and exploits," says Aaron Lint, who regularly works with red teams in his role as chief scientist at application protection provider Arxan. "Windows is the obvious target."

Artem Tashkinov shares a report from The Register: DeepMind has taught artificially intelligent programs to play classic Atari computer games by making them watch YouTube videos. Exploration games like 1984's Montezuma's Revenge are particularly difficult for AI to crack, because it's not obvious where you should go, which items you need and in which order, and where you should use them. That makes defining rewards difficult without spelling out exactly how to play the thing, and thus defeating the point of the exercise. For example, Montezuma's Revenge requires the agent to direct a cowboy-hat-wearing character, known as Panama Joe, through a series of rooms and scenarios to reach a treasure chamber in a temple, where all the goodies are hidden. Pocketing a golden key, your first crucial item, takes about 100 steps, and is equivalent to 100^18 possible action sequences.

To educate their code, the researchers chose three YouTube gameplay videos for each of the three titles: Montezuma's Revenge, Pitfall, and Private Eye. Each game had its own agent, which had to map the actions and features of the title into a form it could understand. The team used two methods: temporal distance classification (TDC), and cross-modal temporal distance classification (CDC). The DeepMind code still relies on lots of small rewards, of a kind, although they are referred to as checkpoints. While playing the game, every sixteenth video frame of the agent's session is taken as a snapshot and compared to a frame in a fourth video of a human playing the same game. If the agent's game frame is close or matches the one in the human's video, it is rewarded. Over time, it imitates the way the game is played in the videos by carrying out a similar sequence of moves to match the checkpoint frame. In the end, the agent was able to exceed average human players and other RL algorithms: Rainbow, ApeX, and DQfD. The researchers documented their method in a paper this week. You can view the agent in action here.

Yuriy Bulygin, the former head of Intel's advanced threat team, has published research showing that the Spectre CPU flaws can be used to break into the highly privileged CPU mode on Intel x86 systems known as System Management Mode (SMM). ZDNet reports: Bulygin, who has launched security firm Eclypsium, has modified Spectre variant 1 with kernel privileges to attack a host system's firmware and expose code in SMM, a secure portion of BIOS or UEFI firmware. SMM resides in SMRAM, a protected region of physical memory that should only be accessible by BIOS firmware and not the operating system kernel, hypervisors or security software. SMM handles especially disruptive interrupts and is accessible through the SMM runtime of the firmware, knows as System Management Interrupt (SMI) handlers.

"Because SMM generally has privileged access to physical memory, including memory isolated from operating systems, our research demonstrates that Spectre-based attacks can reveal other secrets in memory (eg, hypervisor, operating system, or application)," Bulygin explains. To expose code in SMM, Bulygin modified a publicly available proof-of-concept Spectre 1 exploit running with kernel-level privileges to bypass Intel's System Management Range Register (SMRR), a set or range registers that protect SMM memory. "These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," he notes.

Malicious Android apps that have been previously reported to Google are showing up again on company's marquee Play Store with new names, security researchers are reporting. BleepingComputer: Seven of these apps have been "rediscovered," said Symantec in a report published yesterday. The company's experts say the author of the original malicious apps didn't do anything special, but only changed the app's names, without making modifications to the code, and re-uploaded the apps on the Play Store from a new developer account under a new name. Symantec says it detected seven of these re-uploaded apps on the Play Store, which it re-reported to Google's security team and had them taken down again.

Google's DeepMind isn't the only team working to defeat professional Go players with artificial intelligence. At Facebook's F8 developer conference today, the company announced a Go bot of its own that has now achieved professional status after winning all 14 games it played against a group of top 30 human Go players. TechCrunch reports: "We salute our friends at DeepMind for doing awesome work," Facebook CTO Mike Schroepfer said in today's keynote. "But we wondered: Are there some unanswered questions? What else can you apply these tools to." As Facebook notes in a blog post today, the DeepMind model itself also remains under wraps. In contrast, Facebook has open-sourced its bot. "To make this work both reproducible and available to AI researchers around the world, we created an open source Go bot, called ELF OpenGo, that performs well enough to answer some of the key questions unanswered by AlphaGo," the team writes today. Facebook's AI Research group is also developing a StarCraft bot that it too plans to open source.

An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions."

TechCrunch reports of a flaw in LinkedIn's AutoFill plugin that could have allowed hackers to steal your full name, phone number, email address, location (ZIP code), company, and job title. "Malicious sites have been able to invisibly render the plugin on their entire page so if users who are logged into LinkedIn click anywhere, they'd effectively be hitting a hidden 'AutoFill with LinkedIn' button and giving up their data." From the report: Researcher Jack Cable discovered the issue on April 9th, 2018 and immediately disclosed it to LinkedIn. The company issued a fix on April 10th but didn't inform the public of the issue. Cable quickly informed LinkedIn that its fix, which restricted the use of its AutoFill feature to whitelisted sites who pay LinkedIn to host their ads, still left it open to abuse. If any of those sites have cross-site scripting vulnerabilities, which Cable confirmed some do, hackers can still run AutoFill on their sites by installing an iframe to the vulnerable whitelisted site. He got no response from LinkedIn over the last 9 days so Cable reached out to TechCrunch. A LinkedIn spokesperson issued this statement to TechCrunch: "We immediately prevented unauthorized use of this feature, once we were made aware of the issue. We are now pushing another fix that will address potential additional abuse cases and it will be in place shortly. While we've seen no signs of abuse, we're constantly working to ensure our members' data stays protected. We appreciate the researcher responsibly reporting this and our security team will continue to stay in touch with them. For clarity, LinkedIn AutoFill is not broadly available and only works on whitelisted domains for approved advertisers. It allows visitors to a website to choose to pre-populate a form with information from their LinkedIn profile."

An anonymous reader quotes a report from Deadline: In a competitive situation, Apple has nabbed a TV series adaptation of Foundation, the seminal Isaac Asimov science fiction novel trilogy. The project, from Skydance Television, has been put in development for straight-to-series consideration. Deadline revealed last June that Skydance had made a deal with the Asimov estate and that David S. Goyer and Josh Friedman were cracking the code on a sprawling series based on the books that informed Star Wars and many other sci-fi films and TV series. Goyer and Friedman will be executive producers and showrunners. Skydance's David Ellison, Dana Goldberg and Marcy Ross also will executive produce.

Originally published as a short story series in Astounding Magazine in 1942, Asimov's Foundation is the complex saga of humans scattered on planets throughout the galaxy, all living under the rule of the Galactic Empire. The protagonist is a psycho-historian who has an ability to read the future and foresees the empire's imminent collapse. He sets out to save the knowledge of mankind from being wiped out. Even the Game of Thrones' creative team would marvel at the number of empires that rise and fall in Foundation. Asimov's trilogy has been tried numerous times as a feature film at Fox, Warner Bros (with Bob Shaye and Michael Lynne, who greenlit The Lord of the Rings), and then at Sony with Independence Day director Roland Emmerich. Many top sci-fi writers have done scripts and found it daunting to constrict the sprawling saga to a feature film format. Most recently, HBO tried developing a series with Interstellar co-writer and Westworld exec producer Jonathan Nolan, but a script was never ordered.

New submitter xonen shares a report from NPR: For decades, scientists have thought that black holes should sink to the center of galaxies and accumulate there. But scientists had no proof that these exotic objects had actually gathered together in the center of the Milky Way. Isolated black holes are almost impossible to detect, but black holes that have a companion -- an orbiting star -- interact with that star in ways that allow the pair to be spotted by telltale X-ray emissions. The team searched for those signals in a region stretching about three light-years out from our galaxy's central supermassive black hole. What they found there: a dozen black holes paired up with stars. Finding so many in such a small region is significant, because until now scientists have found evidence of only about five dozen black holes throughout the entire galaxy. What they've found should help theorists make better predictions about how many cosmic smashups might occur and generate detectable gravitational waves. The study has been published in the journal Nature.

An anonymous reader quotes a report from Bleeping Computer: An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air. The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker's gains. The attack took place yesterday, and initially users thought it was a over "51% attack," an attack where a malicious actor takes control over the more than half of the network nodes, giving himself the power to forge transactions. Nonetheless, users who later looked into the suspicious network activity eventually tracked down what happened, revealing that a mysterious attacker had mined Verge coins at a near impossible speed of 1,560 Verge coins (XVG) per second, the equivalent of $78/s. The malicious mining lasted only three hours, according to the Verge team. According to users who tracked the illegally mined funds on the Verge blockchain said the hacker appears to have made around 15.6 million Verge coins, which is around $780,000.

Microsoft has released a tool to help Linux distribution maintainers bring their distros to the Windows Store to run on Windows 10's Windows Subsystem for Linux. From a report: Microsoft describes the tool as a "reference implementation for a Windows Subsystem for Linux (WSL) distribution installer application," which is aimed at both distribution maintainers and developers who want to create custom Linux distributions for running on WSL. "We know that many Linux distros rely entirely on open-source software, so we would like to bring WSL closer to the OSS community," said Tara Raj of Microsoft's WSL team. "We hope open-sourcing this project will help increase community engagement and bring more of your favorite distros to the Microsoft Store." WSL helps programmers build a full Linux development environment for testing production code on a Windows machine.

wiredmikey writes: Researchers have discovered a new side-channel attack method dubbed "BranchScope" that can be launched against devices with Intel processors. The attack has been identified and demonstrated by a team of researchers, and similar to Meltdown and Spectre, can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly. The attacker needs to have access to the targeted system and they must be able to execute arbitrary code.

Researchers believe the requirements for such an attack are realistic, making it a serious threat to modern computers, "on par with other side-channel attacks." The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures. Further reading: As predicted, more branch prediction processor attacks are discovered (ArsTechnica).

Formula One world champion Lewis Hamilton was left fuming after a software glitch denied him an easy win in the first race of the 2018 season on Sunday. From a report: Hamilton held a comfortable lead in Australia's Melbourne grand prix from the start. After pitting for fresh rubber ahead of the Ferraris of Kimi Raikkonen and Sebastian Vettel, Hamilton looked set for an easy win. Then both of the American Haas team's cars had to be taken off the circuit after their wheel nuts became loose. That triggered a virtual safety car (VSC). The VSC is a fairly new concept: while active, the drivers have to slow down, they cannot overtake, and they must not go below minimum times for each circuit sector. Failure to follow the rules will result in penalties. This is all done to preserve the race state while giving safety marshals time to clear debris or vehicles off the track.

While the VSC was active on Sunday, second-placed Vettel ducked into the pit lane, where the virtual car's speed rules did not apply, picked up fresh tires, and emerged ahead of Hamilton to take first place. Vettel was able to do this because Hamilton's car software miscalculated the minimum sector time according to the VSC rules, causing the Brit to slow down more than was necessary. The code thought Vettel would spend 15 seconds in the pits; the Ferrari driver and his team took just 11 seconds.

An anonymous reader quotes a report from TechCrunch: A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped. The holes, which Rashid described on his blog, allowed for both a "supply chain attack" -- meaning a hack that could compromise the device before it was shipped to the customer -- and another attack that could allow a hacker to steal private keys after the device was initialized. The Ledger team described the vulnerabilities dangerous but avoidable. For the "supply chain attack," they wrote: "by having physical access to the device before generation of the seed, an attacker could fool the device by injecting his seed instead of generating a new one. The most likely scenario would be a scam operation from a shady reseller." "If you bought your device from a different channel, if this is a second hand device, or if you are unsure, then you could be victim of an elaborate scam. However, as no demonstration of the attack in the real has been shown, it is very unlikely. In both cases, a successful firmware update is the proof that your device has never been compromised," wrote the team.

Further, the post-purchase hack "can be achieved only by having physical access to the device, knowing your PIN code and installing a rogue unsigned application. This rogue app could break isolation between apps and access sensitive data managed by specific apps such as GPG, U2F or Neo." Ledger CEO Eric Larcheveque claimed that there were no reports of the vulnerability effecting any active devices. "No one was compromised that we know of," he said. "We have no knowledge that any device was affected." Rashid, for his part, was disappointed with the speed Ledger responded to his claims.

Long-time Slashdot reader jebrick quotes an article from Ars Technica about how Norway's government-owned public broadcasting company "employs open source tactics to fight trolling": The five-person team behind a simple WordPress plugin, which took three hours to code, never expected to receive worldwide attention as a result. But NRKbeta, the tech-testing group at Norway's largest national media organization, tapped into a meaty vein with the unveiling of last February's Know2Comment, an open source plugin that can attach to any WordPress site's comment section. "It was a basic idea," NRKbeta developer Stale Grut told a South By Southwest crowd on Tuesday. "Readers had to prove they read a story before they were able to comment on it"... He and fellow staffers spent three hours building the plugin, which Grut reminded the crowd is wholly open source... "[W]e realized not every article is in need of this. We are a tech site; we don't have a lot of controversy, so there's not a big need for it. We use it now on stories where we anticipate there'll be uninformed debate to add this speed bump."
What do you think? And would a quiz-for-commenting-privileges be a good addition to Slashdot?

Previously unreported samples of Hacking Team's infamous surveillance tool -- the Remote Control System (RCS) -- are in the wild, and have been detected by ESET systems in fourteen countries. From a report: Our analysis of the samples reveals evidence suggesting that Hacking Team's developers themselves are actively continuing the development of this spyware. Since being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world. The capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device's webcam and microphone. The company has been criticized for selling these capabilities to authoritarian governments -- an allegation it has consistently denied. When the tables turned in July 2015, with Hacking Team itself suffering a damaging hack, the reported use of RCS by oppressive regimes was confirmed. With 400GB of internal data -- including the once-secret list of customers, internal communications, and spyware source code -- leaked online, Hacking Team was forced to request its customers to suspend all use of RCS, and was left facing an uncertain future.

An anonymous reader writes: Last month Eric S. Raymond complained about his choices for a UPS (Uninterruptible Power Supply), adding that "This whole category begs to be disrupted by an open-hardware [and open-source] design that could be assembled cheaply in a makerspace from off-the-shelf components, an Arduino-class microcontroller, and a PROM...because it's possible, and otherwise the incentives on the vendors won't change." It could be designed to work with longer-lasting and more environmentally friendly batteries, using "EV-style intelligent battery-current sensors to enable accurate projection of battery performance" (along with a text-based alert system and a USB monitoring port).

Calling the response "astonishing," Raymond noted the emergence within a week of "the outlines of a coherent design," and in an update on GitLab reported that "The response on my blog and G+ was intense, almost overwhelming. It seems many UPS users are unhappy with what the vendors are pushing" -- and thus, the UPSide project was launched. "We welcome contributors: people with interest in UPSes who have expertise in battery technology, power-switching electronics, writing device-control firmware, relevant standards such as USB and the DMTF battery-management profile. We also welcome participation from established UPS and electronics vendors. We know that consumer electronics is a cutthroat low-margin business in which it's tough to support a real R&D team or make possibly-risky product bets. Help us, and then let us help you!"

There's already a Wiki with design documents -- plus a process document -- and Raymond says the project now even has a hardware lead with 30 years experience as a power and signals engineer, plus "a really sharp dev group. Half a dozen experts have shown up to help spec this thing, critique the design docs, and explain EE things to ignorant me." And he's already touting "industry participation! We have a friendly observer who's the lead software architect for one of the major UPS vendors." Earlier Raymond identified his role as "basically, product manager -- keeper of the requirements list and recruiter of talent" -- though he admits on his blog that he's already used a "cute hack" to create a state/action diagram for the system, "by writing a DSL to generate code in another DSL and provably correct equivalent C application logic."

He adds to readers of the blog that if that seems weird to you, "you must be new here."