Intel

Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com) 375

An anonymous reader quotes a report from Hot Hardware: The tech blogosphere lit up yesterday afternoon after reports of a critical bug in modern Intel processors has the potential to seriously impact systems running Windows, Linux and macOS. The alleged bug is so severe that it cannot be corrected with a microcode update, and instead, OS manufacturers are being forced to address the issue with software updates, which in some instances requires a redesign of the kernel software. Some early performance benchmarks have even suggested that patches to fix the bug could result in a performance hit of as much as 30 percent. Since reports on the issues of exploded over the past 24 hours, Intel is looking to cut through the noise and tell its side of the story. The details of the exploit and software/firmware updates to address the matter at hand were scheduled to go live next week. However, Intel says that it is speaking out early to combat "inaccurate media reports."

Intel acknowledges that the exploit has "the potential to improperly gather sensitive data from computing devices that are operating as designed." The company further goes on state that "these exploits do not have the potential to corrupt, modify or delete data." The company goes on to state that the "average computer user" will be negligibly affected by any software fixes, and that any negative performance outcomes "will be mitigated over time." In a classic case of trying to point fingers at everyone else, Intel says that "many different vendors' processors" are vulnerable to these exploits.
You can read the full statement here.
Democrats

New Bill Could Finally Get Rid of Paperless Voting Machines (arstechnica.com) 391

An anonymous reader quotes a report from Ars Technica: A bipartisan group of six senators has introduced legislation that would take a huge step toward securing elections in the United States. Called the Secure Elections Act, the bill aims to eliminate insecure paperless voting machines from American elections while promoting routine audits that would dramatically reduce the danger of interference from foreign governments. "With the 2018 elections just around the corner, Russia will be back to interfere again," said co-sponsor Sen. Kamala Harris (D-Calif.). So a group of senators led by James Lankford (R-Okla.) wants to shore up the security of American voting systems ahead of the 2018 and 2020 elections. And the senators have focused on two major changes that have broad support from voting security experts.

The first objective is to get rid of paperless electronic voting machines. Computer scientists have been warning for more than a decade that these machines are vulnerable to hacking and can't be meaningfully audited. States have begun moving away from paperless systems, but budget constraints have forced some to continue relying on insecure paperless equipment. The Secure Elections Act would give states grants specifically earmarked for replacing these systems with more secure systems that use voter-verified paper ballots. The legislation's second big idea is to encourage states to perform routine post-election audits based on modern statistical techniques. Many states today only conduct recounts in the event of very close election outcomes. And these recounts involve counting a fixed percentage of ballots. That often leads to either counting way too many ballots (wasting taxpayer money) or too few (failing to fully verify the election outcome). The Lankford bill would encourage states to adopt more statistically sophisticated procedures to count as many ballots as needed to verify an election result was correct -- and no more.

AI

CMU Researchers Reveal How Their AI Beat The World's Top Poker Players (triblive.com) 36

2017 began with an AI named "Libratus" defeating four of the world's best poker players. Now the AI's creators reveal how exactly they did it. An anonymous reader quotes the Pittsburgh Tribune-Review: First, the AI made the game easier to understand. There are 10**161 potential outcomes in the game of poker -- that's a one followed by 161 zeros, potential outcomes in a game of poker. Libratus grouped similar hands, like a King-high flush and a Queen-high flush, and similar bet sizes to cut down that number. Libratus then created a detailed strategy for how it would play the early rounds of the game and a less-refined strategy for the final rounds. As the game nears the end, Libratus refined the second strategy based on how the game had gone.

A third strategy was at work as well. In real-time, Libratus created another model based on how its play stacked up against the play of the humans. If the humans did something unexpected to Libratus, the AI accounted for it and built it into the strategy. Instead of trying to exploit weaknesses in the play of the human, Libratus focused on improving its play.

The AI was created by a computer science professor at Carnegie Mellon University and his Ph.D. student, who argue in a new paper that "The techniques that we developed are largely domain independent and can thus be applied to other strategic imperfect-information interactions, including non-recreational applications."

"Due to the ubiquity of hidden information in real-world strategic interactions, we believe the paradigm introduced in Libratus will be critical to the future growth and widespread application of AI."
Biotech

Days Before Christmas, Theranos Secures $100 Million in New Funding (fortune.com) 96

An anonymous reader quotes Fortune: Call it a Christmas miracle -- albeit of a rather perverse sort. Theranos, the digraced medical-technology startup that infamously inflated the capabilities of its devices, has secured $100 million in new funding in the form of a loan. The loan, reported by the Wall Street Journal, will come from Fortress Investment Group. Fortress, whose other underdog bets include a private passenger rail line under construction in Florida, is set to be acquired by Japan's SoftBank. Theranos was reportedly on the verge of bankrutpcy...

By the end of 2016, the company reportedly still had $200 million in cash on hand, but had sharply limited prospects for attracting more capital. It has since settled a major lawsuit with Walgreens, a former client, for an undisclosed but likely substantial sum. According to the Journal, the Fortress loan is expected to keep Theranos solvent through 2018. That will give the company more time for its ongoing effort to reboot as a medical device manufacturer, rather than a testing service.

The loan is conditional on "achieving certain product and operational milestones," notes Fortune, adding "It's unclear whether those might include positive outcomes for the multiple investigations and lawsuits still facing the company."
Medicine

Study of 500,000 Teens Suggests Association Between Excessive Screen Time and Depression (vice.com) 128

An anonymous reader quotes a report from Motherboard: Depression and suicide rates in teenagers have jumped in the last decade -- doubling between 2007 and 2015 for girls -- and the trend suspiciously coincides with when smartphones became their constant companions. A recent study places their screen time around nine hours per day. Another study, published on Tuesday, suggests that suicide and depression could be connected to the rise of smartphones, and increased screen time. Around 58 percent more girls reported depression symptoms in 2015 than in 2009, and suicide rates rose 65 percent. Smack in the middle of that window of time, smartphones gained market saturation.

In Twenge's new study, published in the journal Clinical Psychological Science, the researchers looked at two samples: a nationally representative survey by ongoing study "Monitoring the Future" out of the University of Michigan, which is administered annually to 8th, 10th, and 12th graders, and the Centers for Disease Control's Youth Risk Behavior Surveillance System, a sample of high school students administered by the CDC every other year. (Both surveys began in 1991.) Altogether, over 500,000 young people were included. The study authors examined trends in how teens used social media, the internet, electronic devices (including gaming systems and tablets), and smartphones, as well as how much time they spent doing non-screen activities like homework, playing sports, or socializing. Comparing these to publicly available data on mental health and suicide for these ages between 2010 and 2017 showed "a clear pattern linking screen activities with higher levels of depressive symptoms/suicide-related outcomes and non-screen activities with lower levels," the researchers wrote in the study. All activities involving screens were associated with higher levels of depression or suicide and suicidal thinking, and activities done away from a screen were not.

AI

Without Humans, Artificial Intelligence Is Still Pretty Stupid (wsj.com) 96

Christopher Mims, writing for WSJ: The internet giants that tout their AI bona fides have tried to make their algorithms as human-free as possible, and that's been a problem. It has become increasingly apparent over the past year that building systems without humans "in the loop" -- especially in the case of Facebook and the ads it linked to 470 "inauthentic" Russian-backed accounts -- can lead to disastrous outcomes, as actual human brains figure out how to exploit them. Whether it's winning at games like Go or keeping watch for Russian influence operations, the best AI-powered systems require humans to play an active role in their creation, tending and operation (Editor's note: the link could be paywalled; alternative source). Facebook, of course, is now a prime example of this trend. The company recently announced it would add 10,000 content moderators to the 10,000 it already employs -- a hiring surge that will impact its future profitability, said Chief Executive Mark Zuckerberg.
AI

Study Finds Robot Surgeons Are Actually Slower and More Expensive (theregister.co.uk) 44

"Robot-assisted surgery costs more time and money than traditional methods, but isn't more effective, for certain types of operations," reports the Register, in an article shared by schwit1: In a study of almost 24,000 laparoscopic surgeries just published in The Journal of American Medicine, researchers from Stanford University School of Medicine analyzed data from 416 hospitals around the U.S. from 2003 to 2015. Robotic assistance provides 3D-visualization, a broader range of motion for instruments, and better ergonomics for physicians, according to the study. While it has advantages in scenarios where a high-degree of precision is required or where improved outcomes have been demonstrated (like radical prostatectomy), it appears to be a waste of resources for the two operations examined... But the patient outcomes were more or less the same.

A thematically-related economic study presented by the National Bureau for Economic Research on Monday suggests that while AI and machine learning have received substantial investment over the past five years and have been widely touted as a transformative technologies, "there is little sign that they have yet affected aggregate productivity statistics... The simplest possibility is that the optimism about the potential technologies is misplaced and unfounded," muse Erik Brynjolfsson and Daniel Rock (MIT), Chad Syverson (University of Chicago) in the paper.

But instead the paper's author suggest that fully realizing the benefits of AI "will require effort and entrepreneurship to develop the needed complements, and adaptability at the individual, organizational, and societal levels to undertake the associated restructuring."
Medicine

Anti-Aging Stem Cell Treatment Proves Successful In Early Human Trials (newatlas.com) 84

An anonymous reader quotes a report from New Atlas: The results of two human clinical trials into a stem cell therapy that can reverse symptoms of age-associated frailty have been published, and the indications are that this landmark treatment is both safe and strikingly effective in tackling key factors in aging. Mesenchymal stem cells (MSCs) are a particular type of adult stem cell generating a great deal of interest in the world of science. This new MSC treatment is targeted at reducing the effects of frailty on senior citizens. This is the first anti-aging stem cell treatment directed specifically at the problem of age-associated frailty to move close to a final FDA approval stage. The treatment derives human mesenchymal stem cells from adult donor bone marrow and in these clinical trials involves a single infusion in patients with an average age of 76. Both Phase 1 and Phase 2 human trials have demonstrated the treatment to have no adverse health effects.

Although the two human trials were ostensibly designed to just demonstrate safety they do offer remarkable results in efficacy as well, paving the way for larger, Phase 3 clinical trials. In the first trial 15 frail patients received a single MSC infusion collected from bone marrow donors aged between 20 and 45 years old. Six months later all patients demonstrated improved fitness outcomes, tumor necrosis factor levels and overall quality of life. The second trial was a randomized, double blind study with placebo group. Again no adverse affects were reported and physical improvements were noted by the researchers as "remarkable." The next stage for the research is to move into an expanded Phase 2b clinical trial involving 120 subjects across 10 locations. After that a final, large randomized Phase 3 clinical trial will be the only thing holding the treatment back from final public approval.
The results of the Phase 1 clinical trial were recently published in The Journals of Gerontology. The results of the Phase 2 clinical trial were recently published in The Journals of Gerontology. Further reading available via University of Miami, Miller School of Medicine.
Medicine

High-Nicotine E-Cigarettes May Make Teens Vape More, Study Warns (philly.com) 173

An anonymous reader quotes a report from Philly.com: Teens who vape e-cigarettes with higher nicotine levels are more likely to start smoking conventional cigarettes soon after, new research shows. E-cigarettes are sold with nicotine levels ranging from zero to more than 25 milligrams of nicotine per milliliter (mg/mL). In this study, a high-nicotine device was defined as having levels at or above 18 mg/mL. Leventhal's team tracked outcomes for 181 grade-10 students from high schools in the Los Angeles area. All of the teens said they had used e-cigarettes within the past month, and they provided data on nicotine levels in the devices they used. Six months later, those who used higher nicotine levels in their e-cigarettes were more likely to report use of both e-cigarettes and regular cigarettes within the past month. These teens also reported vaping and/or smoking more intensely. While 43 percent of the students who'd used high-nicotine e-cigarettes said they were "frequent smokers" of traditional cigarettes six months later, that was true for only 10 percent of those who'd vaped using lower-nicotine devices, Leventhal's group found. And teens who vaped using high-nicotine e-cigarettes smoked an average of 14 times as many "regular" cigarettes per day six months later compared to those who'd tried nicotine-free versions of the devices, the findings showed. The study was published in JAMA Pediatrics.
Education

Code Bootcamp Fined $375K Over Employment Claims and Licensing Issues (arstechnica.com) 61

An anonymous reader quotes Ars Technica: [O]ne of the most prominent institutions, New York's Flatiron School, will be shelling out $375,000 to settle charges brought by New York Attorney General Eric Schneiderman's office. The AG said the school operated for a period without the proper educational license, and it improperly marketed both its job placement rates and the salaries of its graduates. New York regulators didn't find any inaccuracies in Flatiron's "outcomes report," a document the company is proud of. However, the Attorney General's office found that certain statements made on Flatiron's website didn't constitute "clear and conspicuous" disclosure.

For instance, Flatiron claimed that 98.5 percent of graduates were employed within 180 days of graduation. However, only by carefully reading the outcomes report would one find that the rate included not just full-time employees, but apprentices, contract workers, and freelancers. Some of the freelancers worked for less than 12 weeks. The school also reported an average salary of $74,447 but didn't mention on its website that the average salary claim only applied to graduates who achieved full-time employment. That group comprised only 58 percent of classroom graduates and 39 percent of those who took online courses.

The school's courses last 12 to 16 weeks, and cost between $12,000 and $15,000, according to a statement from the attorney general's office [PDF]. (Or $1,500 a month for an onine coding class). Eligible graduate can claim their share of the $375,000 by filing a complaint within the next thee months.
Earth

Heavier Rainfall Will Increase Water Pollution In the Future (nationalgeographic.com) 233

An anonymous reader shares a report from National Geographic: If climate change continues to progress, increased precipitation could mean detrimental outcomes for water quality in the United States, a major new study warns. An intensifying water cycle can substantially overload waterways with excess nitrogen runoff -- which could near 20 percent by 2100 -- and increase the likelihood of events that severely impair water quality, according to a new study published by Science. When rainfall washes nitrogen and phosphorus from human activities like agriculture and fossil fuel combustion into rivers and lakes, those waterways are overloaded with nutrients, and a phenomenon called "eutrophication" occurs. This can be dangerous for both people and animals. Toxic algal blooms can develop, as well as harmful low-oxygen dead zones known as hypoxia, which can cause negative impacts on human health, aquatic ecosystems, and the economy. In the new study, researchers predict how climate change might increase eutrophication and threats to water resources by using projections from 21 different climate models, each of which was run for three climate scenarios and two different time periods (near future, 2031-2060, and far-future, 2071-2100).
Communications

Why Your Call Center is Only Getting Noisier (mckinsey.com) 105

From a report by research firm McKinsey & Company: Organizations have been investing in all manner of customer-facing technology solutions to replace live calls. Of all operational call-center technologies, digital solutions were ranked as one of the most important over the next five years by four out of five executives. Only agent desktop tools ranked higher. These technologies begin with websites, chat bots, and apps and extend to artificial-intelligence robots that simulate human conversations -- redefining the way organizations interact with customers -- as well as more tried-and-tested functionalities such as improved web, app, or self-service capabilities in interactive voice-response (IVR) systems. And yet, despite this plethora of technology solutions, we see that calls are not going away and instead are catching call-center executives off guard in their efforts to reduce volumes. It's not that a spike in call volumes is necessarily a bad thing. On the contrary, the proliferation of digital tools can awaken previously dormant customers, sparking new inquiries from an engaged customer base. But in many instances, we've also observed that the volumes of unwanted calls exceed what would be expected during a learning period, or remain constant or rise over time, defeating strategic goals and leaving managers bewildered and unable to tie tech investments to improved operational outcomes. Why are so many organizations struggling with reaping the full benefits from these investments? In our experience, the answer often lies in two core areas. First, as companies turn to technology to address call-center volumes, they allow customer experience to take a back seat to digital technology in their operations, creating dissonance in direct customer interaction, where the objective is harmony and efficiency. Second, by counting on technology to solve their call-center issues, executives lose focus on core operations and upset the balance between human interaction and automation in an era of evolved customer service.
AI

Artificial Intelligence Has Race, Gender Biases (axios.com) 465

An anonymous reader shares a report: The ACLU has begun to worry that artificial intelligence is discriminatory based on race, gender and age. So it teamed up with computer science researchers to launch a program to promote applications of AI that protect rights and lead to equitable outcomes. MIT Technology Review reports that the initiative is the latest to illustrate general concern that the increasing reliance on algorithms to make decisions in the areas of hiring, criminal justice, and financial services will reinforce racial and gender biases. A computer program used by jurisdictions to help with paroling prisoners that ProPublica found would go easy on white offenders while being unduly harsh to black ones.
Education

Students Are Better Off Without a Laptop In the Classroom (scientificamerican.com) 247

Cindi May writes via Scientific American about new research that "suggests that laptops do not enhance classroom learning, and in fact students would be better off leaving their laptops in the dorm during class." From the report: Although computer use during class may create the illusion of enhanced engagement with course content, it more often reflects engagement with social media, YouTube videos, instant messaging, and other nonacademic content. This self-inflicted distraction comes at a cost, as students are spending up to one-third of valuable (and costly) class time zoned out, and the longer they are online the more their grades tend to suffer. To understand how students are using computers during class and the impact it has on learning, Susan Ravizza and colleagues took the unique approach of asking students to voluntarily login to a proxy server at the start of each class, with the understanding that their internet use (including the sites they visited) would be tracked. Participants were required to login for at least half of the 15 class periods, though they were not required to use the internet in any way once they logged in to the server. Researchers were able to track the internet use and academic performance of 84 students across the semester.

participants spent almost 40 minutes out of every 100-minute class period using the internet for nonacademic purposes, including social media, checking email, shopping, reading the news, chatting, watching videos, and playing games. This nonacademic use was negatively associated with final exam scores, such that students with higher use tended to score lower on the exam. Social media sites were the most-frequently visited sites during class, and importantly these sites, along with online video sites, proved to be the most disruptive with respect to academic outcomes. In contrast with their heavy nonacademic internet use, students spent less than 5 minutes on average using the internet for class-related purposes (e.g., accessing the syllabus, reviewing course-related slides or supplemental materials, searching for content related to the lecture). Given the relatively small amount of time students spent on academic internet use, it is not surprising that academic internet use was unrelated to course performance. Thus students who brought their laptops to class to view online course-related materials did not actually spend much time doing so, and furthermore showed no benefit of having access to those materials in class.

Education

Researchers Find Dozens of Genes Associated With Measures of Intelligence (arstechnica.com) 267

An anonymous reader quotes a report from Ars Technica: We don't know a lot about the biological basis of our mental abilities -- we can't even consistently agree on how best to test them -- but a few things seem clear. One is that performance on a number of standardized tests that purport to measure intelligence tends to correlate with outcomes we'd associate with intelligence, like educational achievement. A second is that this performance seems to have a large genetic component. But initial studies clearly indicated that the effect of any individual gene on intelligence is small. As a result, the first genetics studies found very little, since you needed to look at a large number of people in order to see these small effects. Now, a new study has combined much of the previous work and has turned up 40 new genetic regions associated with intelligence test scores. But again, the effect of any individual gene is pretty minor. The team behind the new work took advantage of open data to pull together information from 13 different studies, which cumulatively looked through the genomes of over 78,000 individuals. While those individuals had been given a variety of tests, the authors focused on measures of general intelligence or fluid intelligence (the two seem to measure similar things). The genomes of these individuals had been scanned for single base pair differences, allowing the authors to look for correlations between regions of the genome and test scores. Two separate analyses were done. The first simply looked at each base difference individually. That turned up 336 individual bases, which clustered into 22 different genes. Half of these had not been associated with intelligence previously. To provide a separate validation of these results, the authors did a similar analysis with educational achievement. They found that nearly all of the sites they identified also correlated with that. In a second analysis, the authors tracked base differences that cluster in a single gene. Since there are more markers for each gene, this tends to be a more sensitive way of looking for effects. And in fact, it produced 47 genes associated with the intelligence test scores. Seventeen of those had been identified in the earlier analysis, which brought the total genes identified to 52, only 12 of which had been previously associated with intelligence test scores.
Education

Maryland Awards 21 Grants To Prepare 'Open Source' Textbooks (usmd.edu) 98

"The University System of Maryland has awarded 21 "mini grants" to university faculty to "help them expand open education resources," reports OpenSource.com. Recipients of the grants are also given time off to prepare courses that use open textbooks, and will receive personalized support and training on effective course design. An anonymous reader writes: "Although our faculty view textbooks as essential, some of our students see them as a luxury they cannot afford," said Community College of Baltimore County President Sandra Kurtinitis. "Having access to open educational resources will provide some financial relief for our students as well as contribute to their academic success." The cost of textbooks has risen 812% since 1978, the school system said in an announcement, "outpacing even the cost of medical services and new housing. Nationally, students spend an average of $1,200 a year on textbooks."

The Maryland Open Source Textbook initiative started in 2013 "to provide a state-wide opportunity for faculty to explore the promise of open education resources to reduce students' cost of attendance while maintaining, or perhaps even improving, learning outcomes." Since then it's helped replace traditional textbooks in over 60 different courses at 14 public institutions across the state, resulting in a cumulative cost savings of over $1 million for 3,500 students. "In addition to saving students money, faculty have gained the ability to adapt and customize their instructional materials to ensure they are aligned with their pedagogical methods to best meet their students' needs," the school system reports. "In follow up surveys with students participating in the MOST initiative, 93% reported that the open educational resource content they used was the same or better quality than traditional textbooks."

Piracy

A Prenda Copyright Troll Finally Pleaded Guilty (popehat.com) 46

"One of the attorneys behind the Prenda Law 'copyright trolling' scheme has pleaded guilty to federal charges of fraud and money laundering," reports Ars Technica. Long-time Slashdot reader Freshly Exhumed shares this article from the law blog Popehat: The factual basis section -- which Steele admits is true (as to facts he knows) or that the government can prove (as to facts he doesn't know directly) -- is a startling 16 pages long [PDF] and lavishly documents the entire scheme, complete with many details that accusers have been pointing out for years. In short, Steele admits that he and Hansmeier used sham entities to obtain the copyright to (or in some cases film) porn, uploaded it to file-sharing websites, and then filed "false and deceptive" copyright suits against downloaders designed to conceal their role in distributing the films and their stake in the outcomes. They lied to courts themselves, sent others to court to lie, lied at depositions, lied in sworn affidavits, created sham entities as plaintiffs, created fraudulent hacking allegations to try to obtain discovery into the identity of downloaders, used "ruse defendants" (strawmen, in effect) to get courts to approve broad discovery into IP addresses.
Facing a maximum of 40 years in prison, Steele could get his sentence reduced if he testifies against Hansmeier, according to the article, and "Steele appears to have pinned all of his hopes on that option... I've seen a lot of plea agreements in a lot of federal cases, and I don't recall another one that so clearly conveyed the defendant utterly surrendering and accepting everything the government demanded, all in hopes of talking his sentence down later."
AI

AI Scientists Gather to Plot Doomsday Scenarios (bloomberg.com) 126

Dina Bass, reporting for Bloomberg: Artificial intelligence boosters predict a brave new world of flying cars and cancer cures. Detractors worry about a future where humans are enslaved to an evil race of robot overlords. Veteran AI scientist Eric Horvitz and Doomsday Clock guru Lawrence Krauss, seeking a middle ground, gathered a group of experts in the Arizona desert to discuss the worst that could possibly happen -- and how to stop it. Their workshop took place last weekend at Arizona State University with funding from Tesla co-founder Elon Musk and Skype co-founder Jaan Tallinn. Officially dubbed "Envisioning and Addressing Adverse AI Outcomes," it was a kind of AI doomsday games that organized some 40 scientists, cyber-security experts and policy wonks into groups of attackers -- the red team -- and defenders -- blue team -- playing out AI-gone-very-wrong scenarios, ranging from stock-market manipulation to global warfare.
Security

The 'USB Killer' Has Been Mass Produced -- Available Online For About $50 (arstechnica.com) 243

New submitter npslider writes: The "USB Killer," a USB stick that fries almost everything that it is plugged into, has been mass produced -- available online for about $50. Ars Technica first wrote about this diabolical device that looks like a fairly humdrum memory stick a year ago. From the report: "The USB Killer is shockingly simple in its operation. As soon as you plug it in, a DC-to-DC converter starts drawing power from the host system and storing electricity in its bank of capacitors (the square-shaped components). When the capacitors reach a potential of -220V, the device dumps all of that electricity into the USB data lines, most likely frying whatever is on the other end. If the host doesn't just roll over and die, the USB stick does the charge-discharge process again and again until it sizzles. Since the USB Killer has gone on sale, it has been used to fry laptops (including an old ThinkPad and a brand new MacBook Pro), an Xbox One, the new Google Pixel phone, and some cars (infotainment units, rather than whole cars... for now). Notably, some devices fare better than others, and there's a range of possible outcomes -- the USB Killer doesn't just nuke everything completely." You can watch a video of EverythingApplePro using the USB Killer to fry a variety of electronic devices. It looks like the only real defense from the USB Killer is physically capping your ports.
Security

Cryptsetup Vulnerability Grants Root Shell Access On Some Linux Systems (threatpost.com) 89

msm1267 quotes a report from Threatpost: A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate data. Cryptsetup, a utility used to setup disk encryption based on the dm-crypt kernel module, is usually deployed in Debian and Ubuntu. Researchers warned late last week that if anyone uses the tool to encrypt system partitions for the operating systems, they're likely vulnerable. Two researchers, Hector Marco of the University of the West of Scotland and Ismael Ripoll, of the Polytechnic University of Valencia, in Spain, disclosed the vulnerability on Friday at DeepSec, a security conference held at the Imperial Riding School Renaissance Vienna Hotel in Austria. According to a post published to the Full Disclosure mailing list, the vulnerability (CVE-2016-4484) affects packages 2.1 and earlier. Systems that use Dracut, an infrastructure commonly deployed on Fedora in lieu of initramfs -- a simple RAM file system directory, are also vulnerable, according to the researchers. The pair say additional Linux distributions outside of Debian and Ubuntu may be vulnerable, they just haven't tested them yet. The report adds: "The problem stems from the incorrect handling of a password check when a partition is ciphered with LUKS, or Linux Unified Key Setup, a disk encryption specification that's standard for Linux. Assuming an attacker has access to the computer's console, when presented with the LUKS password prompt, they could exploit the vulnerability simply by pressing 'Enter' over and over again until a shell appears. The researchers say the exploit could take as few as 70 seconds. After a user exceeds the maximum number of three password tries, the boot sequence continues normally. Another script in the utility doesn't realize this, and drops a BusyBox shell. After carrying out the exploit, the attacker could obtain a root initramfs, or rescue shell. Since the shell can be executed in the initrd, or initial ram disk, environment, it can lead to a handful of scary outcomes, including elevation of privilege, information disclosure, or denial of service."

Slashdot Top Deals