Researchers at New York University and Michigan State University have recently found that the fingerprint sensor on your phone is not as safe as you think. "The team has developed a set of fake fingerprints that are digital composites of common features found in many people's fingerprints," reports Digital Trends. "Through computer simulations, they were able to achieve matches 65 percent of the time, though they estimate the scheme would be less successful in real life, on an actual phone." From the report: Nasir Memon, a computer science and engineering professor at New York University, explained the value of the study to The New York Times. Modern smartphones, tablets, and other computing devices that utilize biometric authentication typically only take a snapshots of sections of a user's finger, to compose a model of one fingerprint. But the chances of faking your way into someone else's phone are much higher if there are multiple fingerprints recorded on that device. "It's as if you have 30 passwords and the attacker only has to match one," Memon said. The professor, who was one of three authors on the study, theorized that if it were possible to create a glove with five different composite fingerprints, the attacker would likely be successful with about half of their attempts. For the record, Apple reported to the Times that the chance of a false match through the iPhone's TouchID system is 1 in 50,000 with only one fingerprint recorded.
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Google has updated its Chrome browser to fix the annoying page jumps that occur when pages are loading. While developers want pages to load the actual content of a page before additional ads and images appear, "the problem is that if you've already scrolled down, your page resets when some off-screen ad loads and you're suddenly looking at a completely different part of the page," reports TechCrunch. From the report: The latest versions of Chrome (56+) do their best to prevent these jumps with the help of a feature called scroll anchoring. Google tested scroll anchoring in the Chrome beta versions for the last year and now it's on by default. Google says the feature currently prevents almost three jumps per page view -- and, over time, that number will likely increase.
According to Reuters, Boeing has hired Norsk Titanium AS to print titanium parts for its 787 Dreamliner, paving the way to cost savings of $2 million to $3 million for each plane. The 3D-printed metal parts will replace pieces made with more expensive traditional manufacturing, thus making the 787 more profitable. From the report: Strong, lightweight titanium alloy is seven times more costly than aluminum, and accounts for about $17 million of the cost of a $265 million Dreamliner, industry sources say. Boeing has been trying to reduce titanium costs on the 787, which requires more of the metal than other models because of its carbon-fiber composite fuselage and wings. Titanium also is used extensively on Airbus Group SE's rival A350 jet. Norsk worked with Boeing for more than a year to design four 787 parts and obtain Federal Aviation Administration certification for them, Chip Yates, Norsk Titanium's vice president of marketing, said. Norsk expects the U.S. regulatory agency will approve the material properties and production process for the parts later this year, which would "open up the floodgates" and allow Norsk to print thousands of different parts for each Dreamliner, without each part requiring separate FAA approval, Yates said. Norsk said that initially it will print in Norway, but is building up a 67,000-square-foot (6,220-square-meter) facility in Plattsburgh in upstate New York, where it aims to have nine printers running by year-end.
Adidas has revealed that it will be mass-producing its first 3D-printed shoe, dubbed the Futurecraft 4D. "The mid-sole of the shoe is created using a process known as Continuous Liquid Interface Production, in which the design is essentially pulled out of a vat of liquid polymer resin, and fixed into its desired shape using ultraviolet light," reports The Verge. Adidas is collaborating with Silicon Valley startup Carbon, which created the "Continuous Liquid Interface Production" method that will ultimately make mass-production 3D printing a reality. The Verge reports: [T]his is still new technology, and Adidas isn't leaping two-footed into the 3D-printed future just yet. Only 5,000 pairs of Futurecraft shoes will go on sale later this year, although the company says it aims to produce 100,000 pairs in total by the end of 2018. "This is a milestone not only for us as a company but also for the industry," Adidas' Gerd Manz told Reuters. "We've cracked some of the boundaries." The cost of a pair of Futurecraft 4Ds is not yet known, but Adidas says it will be in the "premium" price range.
An anonymous reader quotes a report from The Verge: U.S. Secretary of State Rex Tillerson has ordered a "mandatory social media check" on all visa applicants who have ever visited ISIS-controlled territory, according to diplomatic cables obtained by Reuters. The four memos were sent to American diplomatic missions over the past two weeks, with the most recent issued on March 17th. According to Reuters, they provide details into a revised screening process that President Donald Trump has described as "extreme vetting." A memo sent on March 16th rescinds some of the instructions that Tillerson outlined in the previous cables, including an order that would have required visa applicants to hand over all phone numbers, email addresses, and social media accounts that they have used in the past. The secretary of state issued the memo after a Hawaii judge blocked the Trump administration's revised travel ban on citizens from six predominantly Muslim countries. In addition to the social media check, the most recent memo calls for consular officials to identify "populations warranting increased scrutiny." Two former government officials tell Reuters that the social media order could lead to delays in processing visa applications, with one saying that such checks were previously carried out on rare occasions.
An anonymous reader quotes a report from 9to5Mac: The U.S. Court of Appeals for the Federal Circuit made a decision today to throw out the verdict of a two-year old legal case against Apple based on data storage patents. The original verdict reached by a Texas jury stuck Apple with $533 million in damages. Smartflash LLC targeted game developers who largely all settled out of court in 2014, but Apple defended its use of data storage management and payment processing technology in court. Reuters has more on the new developments: "The trial judge vacated the large damages award a few months after a Texas federal jury imposed it in February 2015, but the U.S. Court of Appeals for the Federal Circuit said on Wednesday the judge should have ruled Smartflash's patents invalid and set aside the verdict entirely. A unanimous three-judge appeals panel said Smartflash's patents were too 'abstract' and did not go far enough in describing an actual invention to warrant protection."
An anonymous reader quotes a report from Reuters: General Motors Co plans to deploy thousands of self-driving electric cars in test fleets in partnership with ride-sharing affiliate Lyft Inc, beginning in 2018, two sources familiar with the automaker's plans said this week. It is expected to be the largest such test of fully autonomous vehicles by any major automaker before 2020, when several companies have said they plan to begin building and deploying such vehicles in higher volumes. Most of the specially equipped versions of the Chevrolet Bolt electric vehicle will be used by San Francisco-based Lyft, which will test them in its ride-sharing fleet in several states, one of the sources said. GM has no immediate plans to sell the Bolt AV to individual customers, according to the source. In a statement on Friday, GM said: "We do not provide specific details on potential future products or technology rollout plans. We have said that our AV technology will appear in an on-demand ride sharing network application sooner than you might think."
Tesla has filed a lawsuit Thursday against its former director of Autopilot Programs, Sterling Anderson, for breach of contract. The company alleges Anderson took proprietary information about the Autopilot program and recruited fellow Tesla employees to work with him at another autonomous driving company. In addition, the lawsuit names the former head of Google's autonomous car project, Chris Urmson, as a defendant, and alleges both executives were attempting to start a company together, called Aurora. CNBC reports: According to TechCrunch, Anderson had acted as Tesla's director of Autopilot Programs for a little over a year. Tesla alleges that Anderson, while still a Tesla employee, pulled "hundreds of gigabytes" of proprietary data from company computers, and installed it on a personal hard drive. Tesla also alleges that Anderson tried to hide his tracks by wiping phones, deleting browser histories, permanently erasing computer files, and even manipulating time stamps on related files, "in an apparent effort to obscure the dates on which they had last been modified or accessed." Tesla also alleges the pair attempted to poach at least 12 other Tesla employees, though they only successfully recruited two. "Automakers have created a get-rich-quick environment. Small teams of programmers with little more than demoware have been bought for as much as a billion dollars. Cruise Automation, a 40-person firm, was purchased by General Motors in July 2016 for nearly $1 billion. In August 2016, Uber acquired Otto, another self-driving startup that had been founded only seven months earlier, in a deal worth more than $680 million," the company said in the suit.
In addition to rifles, mortars, artillery and suicidal car bombs, ISIS has recently added commercial drones, converted into tiny bombs, into the mix of weapons it uses to fight in Iraq. In October, The New York Times reported that the Islamic State was using small consumer drones rigged with explosives to fight Kurdish forces in Iraq. Two Kurdish soldiers died dismantling a booby-trapped ISIS drone. Several months later and it appears the use of drones on the battlefield is becoming more prevalent. Popular Science reports: Previously, we've seen ISIS scratch-build drones, and as Iraqi Security Forces retook parts of Mosul, they discovered a vast infrastructure of workshops (complete with quality control) for building standardized munitions, weapons, and explosives. These drone bombers recently captured by Iraqi forces and shared with American advisors appear to be commercial, off-the-shelf models, adapted to carry grenade-sized payloads. "It's not as if it is a large, armed UAV [unmanned aerial vehicle] that is dropping munitions from the wings -- but literally, a very small quadcopter that drops a small munition in a somewhat imprecise manner," [Col. Brett] Sylvia, commander of an American military advising mission in Iraq, told Military Times. "They are very short-range, targeting those front-line troops from the Iraqis." Because the drones used are commercial models, it likely means that anti-drone weapons already on hand with the American advisors are sufficient to stop them. It's worth noting that the bomb-dropping drones are just a small part of how ISIS uses the cheap, unmanned flying machines. Other applications include scouts and explosive decoys, as well as one-use weapons. ISIS is also likely not the first group to figure out how to drop grenades from small drones; it's a growing field of research and development among many violent, nonstate actors and insurgent groups. Despite the relative novelty, it's also likely not the deadliest thing insurgents can do with drones.
An anonymous reader quotes a report from Motherboard: According to research published Thursday in Science, physicists at Princeton University have designed a device that allows a single electron to pass its quantum information to a photon in what could be a big breakthrough for silicon-based quantum computers. The device designed by the Princeton researchers is the result of five years of research and works by trapping an electron and a photon within a device built by HRL laboratories, which is owned by Boeing and General Motors. It is a semi-conductor chip made from layers of silicon and silicon-germanium, materials that are inexpensive and already widely deployed in consumer electronics. Across the top of this wafer of silicon layers were laid a number of nanowires, each smaller than the width of a human hair, which were used to deliver energy to the chip. This energy allowed the researchers to trap an electron in between the silicon layers of the chip in microstructures known as quantum dots. The researchers settled on photons as the medium of exchange between electrons since they are less sensitive to disruption from their environment and could potentially be used to carry quantum information between quantum chips, rather than within the circuits on a single quantum chip. The ability to scale up this device would mean that photons could be used to pass quantum information from electron to electron in order to form the circuits for a quantum computer. "We now have the ability to actually transmit the quantum state to a photon," said Xiao Mi, a graduate student in Princeton's Department of Physics. "This has never been done before in a semiconductor device because the quantum state was lost before it could transfer its information."
An anonymous reader quotes a report from Reuters: A California state senator introduced a bill on Monday that would mandate reporting of antibiotic-resistant infections and deaths and require doctors to record the infections on death certificates when they are a cause of death. The legislation also aims to establish the nation's most comprehensive statewide surveillance system to track infections and deaths from drug-resistant pathogens. Data from death certificates would be used to help compile an annual state report on superbug infections and related deaths. In September, a Reuters investigation revealed that tens of thousands of superbug deaths nationwide go uncounted every year. The infections are often omitted from death certificates, and even when they are recorded, they aren't counted because of the lack of a unified national surveillance system. Because there is no federal surveillance system, monitoring of superbug infections and deaths falls to the states. A Reuters survey of all 50 state health departments and the District of Columbia found that reporting requirements vary widely. Hill's bill would require hospitals and clinical labs to submit an annual summary of antibiotic-resistant infections to the California Department of Health beginning July 1, 2018; amend a law governing death certificates by requiring that doctors specify on death certificates when a superbug was the leading or a contributing cause of death; and require the state Health Department to publish an annual report on resistant infections and deaths, including data culled from death certificates.
Amazon is making good on its promise to ban "incentivized" reviews from its website, according to a new analysis of over 32,000 products and around 65 million reviews. From a TechCrunch article: The ban was meant to address the growing problem of less trustworthy reviews that had been plaguing the retailer's site, leading to products with higher ratings than they would otherwise deserve. Incentivized reviews are those where the vendor offers free or discounted products to reviewers, in exchange for recipients writing their "honest opinion" of the item in an Amazon review. However, data has shown that these reviewers tend to write more positive reviews overall, with products earning an average of 4.74 stars out of five, compared with an average rating of 4.36 for non-incentivized reviews. Over time, these reviews proliferated on Amazon, and damaged consumers' trust in the review system as a whole. And that can impact consumers' purchase decisions.
An anonymous reader quotes a report from TechCrunch: Everyone, it seems, is going the fast charging route these days. Thanks to the nearing ubiquity of USB-C on flagship devices, the feature is quickly becoming a standard -- "standard" in the sense that everyone is doing it, not so much that there's any consistency to the tech. All in all, it's a nice addition to manufacturers' newfound focus on battery life. And while Google has embraced its own version on its new Pixel devices, the company's not so keen on letting everyone implement their own version. In newly released Android Compatibility Definition papers issued for Nougat, the company stops short of an outright ban on technologies like Qualcomm's Quick Charge, though it does take a pretty clear stand, "strongly recommend[ing]" against it. At issue, among other things here, is potential compatibility issues with standard USB chargers. Google said in its latest revision of the Android Compatibility Definition Document, "Type-C devices are STRONGLY RECOMMENDED to not support proprietary charging methods that modify Vbus voltage beyond default levels, or alter sink/source roles as such may result in interoperability issues with the chargers or devices that support the standard USB Power Delivery methods. While this is called out as "STRONGLY RECOMMENDED," in future Android versions we might REQUIRE all type-C devices to support full interoperability with standard type-C chargers."
Cory Doctorow, writing for BoingBoing (condensed):The Canadian Broadcasting Corporation (CBC) publishes several excellent podcasts, and like every podcast in the world, these podcasts are available via any podcast app in the same way that all web pages can be fetched with all web browsers -- this being the entire point of podcasts. In a move of breathtaking, lawless ignorance, the CBC has begun to send legal threats to podcast app-makers, arguing that making an app that pulls down public RSS feeds is a "commercial use" and a violation of the public broadcaster's copyrights. This is a revival of an old, dark era in the web's history, when linking policies prevailed, through which publishes argued that they had the right to control who could make a link to their sites -- that is, who could state the public, true fact that "a page exists at this address." But the CBC is going one worse here: their argument is that making a tool that allows someone to load a public URL without permission is violating copyright law -- it's the same thing as saying, "Because Google is a for-profit corporation, any time a Chrome user loads a CBC page in the Chrome browser without the CBC's permission, Google is violating CBC's copyright."We hope it was all an accidental mistake from the CBC, because it seems like a very stupid thing to do otherwise.
An anonymous reader quotes a report from TechCrunch: Google has been highly involved with connecting U.S. voters to timely information throughout this election cycle, by offering everything from voter registration assistance to polling place information in its search result pages. Today, the company announced plans to display the results of the U.S. election directly in search, in over 30 languages, as soon as the polls close. Web searchers who query for "election results" will be able to view detailed information on the Presidential, Senatorial, Congressional, Gubernatorial races as well as state-level referenda and ballot propositions, says Google. The results will be updated continuously -- every 30 seconds, as indicated by a screenshot shared by the company on its official blog post detailing the new features. Tabs across the top will let you switch to between the various races, like President, House, and Senate, for example. The results will also include information like how many more electoral votes a presidential candidate needs to win, how many seats are up for grabs in the House and Senate, and how many Gubernatorial races are underway, among other things. This data is presented in an easy-to-read format, with Democrats in blue, Republicans in red, and simple graphs, alongside the key numbers.
An anonymous reader quotes a report from Reuters: Wireless carrier Sprint Corp on Tuesday pledged to provide 1 million U.S. high school students with free mobile devices and internet access as part of a White House initiative to expand opportunities for lower income kids. Marcelo Claure, chief executive of Sprint, said the plan builds on the company's prior commitment through the White House's ConnectED program to get 50,000 students high speed internet. He said Sprint realized that while providing students with internet at school was helpful, students would still need to be able to use the internet at home. "We are going to equip 1 million kids with the tools they need to reach their full potential and achieve their dreams," Claure told reporters on a White House call. Sprint aims to give cell phones, tablets, laptops or mobile hot spots to students who do not have internet at home. Students would be able to choose the type of device that might meet their needs and it would be coupled with four years of free data plans. The company hopes to reach its goal of a million students in five years. Manufacturers have agreed to provide the mobile devices at no cost, Claure said. He also said the company would encourage customers to donate their old devices to the program and that it would not cost Sprint much to allow the free use of its network.
Arguably one of the best password manager applications in the wild, LastPass, is making select services available to its mobile users for free. Under the new plan, LastPass's free services will now include two-factor authentication, password generation and sync, and access from unlimited devices. Previously, the browser extension was available for free but users had to pay a $12 annual free to take their passwords with them on mobile. There is still a subscription fee for the LastPass Premium service, which includes access to family password sharing, two-factor authentication methods like YubiKey and Sesame, encrypted file storage, fingerprint identification on desktop, priority customer support and an ad-free password vault. TechCrunch reports: Basically, LastPass is now charging only for enhanced features rather than convenient access. The company also earns revenue from its enterprise offerings. LastPass says that the change is motivated by a commitment to bringing password security to the masses. "Today's reality is that people's digital lives are increasingly in the cloud -- and inherently span countless personal and work devices. We believe that to truly benefit from the security and convenience of a password manager, it should be available whenever and wherever you need it," LastPass vice president Joe Siegrist said in a statement. "By offering LastPass for free across all your devices, we're making it that much easier for everyone to make good password habits the norm, while resetting the expectations of what a great password management experience should be in a multi-device world." But the pricing change might also be intended to lure users from other paid password management services. LogMeIn CEO Bill Wagner said on an earnings call last week that free users drive revenue for LastPass because they often convert to Premium services or serve as referrals for enterprise business opportunities.
An anonymous reader quotes a report from PC Magazine: Hacker George Hotz is gearing up to launch his automotive AI start-up's first official product. In December, the 26-year-old -- known for infiltrating Apple's iPhone and Sony's PlayStation 3J -- moved on to bigger things: turning a 2016 Acura ILX into an autonomous vehicle. According to Bloomberg, Hotz outfitted the car with a laser-based radar (lidar) system, a camera, a 21.5-inch screen, a "tangle of electronics," and a joystick attached to a wooden board. Nine months later, the famed hacker this week unveiled the Comma One. As described by TechCrunch, the $999 add-on comes with a $24 monthly subscription fee for software that can pilot a car for miles without a driver touching the wheel, brake, or gas. But unlike systems currently under development by Google, Tesla, and nearly every major vehicle manufacturer, Comma.ai's "shippable" Comma One does not require users to buy a new car. "It's fully functional. It's about on par with Tesla Autopilot," Hotz said during this week's TechCrunch Disrupt in San Francisco.
hackingbear quotes a report from Popular Science: While SpaceX is making news with its recoverable rockets, China announced that it is working on the next big thing in spaceflight: a hypersonic spaceplane. The China Aerospace Science and Technology Corporation is beginning advanced research on a high tech, more efficient successor to the retired Space Shuttle, with hybrid combined cycle engines combining turbofan, ramjet, scramjet and rocket engines, that can takeoff from an airport's landing strip and fly straight into orbit. CASTC's rapid research timeline also suggests that the reports in 2015 of a Mach 4 test flight for a recoverable drone testbed for a combined cycle ramjet/turbofan engine were accurate. And China also has the world's largest hypersonic wind tunnel, the Mach 9 JF-12, which could be used to easily test hypersonic scramjets without costly and potentially dangerous flight testing at altitude. Its nearest competitor, the British Skylon in contrast uses pre-cooled jet engines built by Reaction Engines Limited to achieve hypersonic atmospheric flight, as opposed to scramjets. Both spacecraft will probably first fly around the mid 2020s.
An anonymous reader quotes a report from Reuters: Hong Kong-based digital currency exchange Bitfinex said late on Tuesday it has suspended trading on its exchange after it discovered a security breach, according to a company statement on its website. The company said it has also suspended deposits and withdrawals of digital currencies from the exchange. "We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen," the company said. "We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up." The company said it has reported the theft to law enforcement. It said it has not yet determined the value of digital currencies stolen from customer accounts. CoinDesk reports that the company confirmed roughly 120,000 BTC (more than $60 million) has been stolen via social media. "In response, bitcoin prices fell to $560.16 by 19:30 UTC, $530 by 23:30 and $480 at press time, CoinDesk USD Bitcoin Price Index (BPI) data reveals," reports CoinDesk. "This price was roughly 20% lower than the day's opening of $607.37 and 27% below the high of $658.28 reached on Saturday, July 30th, when the digital currency began pushing lower."