Submission + - Study: Men develop atrial fibrillation a decade earlier than women (upi.com)

schwit1 writes: Men are likely to develop atrial fibrillation, a type of irregular heartbeat, significantly earlier than women, with researchers reporting that weight is a major factor along with age.

The new study, published today in the journal Circulation, suggests that men are at increased risk to develop atrial fibrillation 10 years earlier than women.

Atrial fibrillation is a type of irregular heartbeat in the upper chambers of the heart, or atria, and if left untreated, it can increase a person's risk of heart-related death. Atrial fibrillation is associated with a five times increased risk of stroke.

"We advise weight reduction for both men and women," Magnussen said. "As elevated body mass index seems to be more detrimental for men, weight control seems to be essential, particularly in overweight and obese men."

Maybe we could use pink cupcakes as weight reduction milestones.

Submission + - Smishing scams are becoming worse than spam. 3

deviated_prevert writes: Which providers are best at reducing the recent onslaught of obvious text smishing scams coming into the cell phone networks?

For instance I give you this very obvious one claiming that I have a 79 dollar refund coming from my cell provider with a reference to this phoney (pardon the pun) site 419mobile-ref.com that is just a call back trap set in the text.

It seems that smishing is becoming rampant and a very real threat for which there is as yet no effective filter. Other than knowing how these criminals work and constantly ignoring then deleting all the smishing text communications.

What solutions to this problem do you recommend? Completely ignoring unsolicited text seems to be the only real answer here. The same and only solution to the onslaught of fraudulent communications many wind up having to do with their land line connected telephone. Automated call filtering is not a working solution quite yet. Is a cell text interface modified to only accept text from solicited numbers even possible?

Submission + - Russian troll factory paid US activists to fund protests during election (theguardian.com) 1

bestweasel writes: The Guardian reports on another story about Russian meddling but interestingly this one comes from a Russian news source, RBC. Russian trolls posing as Americans made payments to genuine activists in the US to help fund protest movements on socially divisive issues.
On Tuesday, the newspaper RBC published a major investigation into the work of a so-called Russian âoetroll factoryâ since 2015, including during the period of the US election campaign, disclosures that are likely to put further spotlight on alleged Russian meddling in the election.
RBC said it had identified 118 accounts or groups inÂFacebook, Instagram and Twitter that were linked to the troll factory, all of which had been blocked in August and September this year as part of the US investigation into Russian electoral meddling.
RBC story (in Russian).
Moscow Times: Kremlin Troll Factory's Methods and Figures Revealed

Submission + - Tribal "Sovereign Immunity" Patent Protection Could Be Outlawed

AnalogDiehard writes: The recent — and questionable — practice of technological and pharmaceutical companies selling their patents to US native indian tribes (where they enjoy "sovereign immunity" from the inter partes review (IPR) process of the PTO) then the tribes licensing them back to the companies is drawing scrutiny from a federal court and has inspired a new US bill outlawing the practice. The IPR process is a "fast track" (read: much less expensive) process through the PTO to review the validity of challenged patents — it is loved by defendants and hated by patent holders. Not only has US Circuit Judge William Bryson invalidated Allergan's pharmaceutical patents due to "obviousness", he is questioning the legitimacy of the sovereign immunity tactic. The judge was well aware that the tactic could endanger the IPR process which was a central component of the America Invents Act of 2011 and writes that sovereign immunity "should not be treated as a monetizable commodity that can be purchased by private entities as part of a scheme to evade their legal responsibility." US Senator Claire McCaskill (D-Mo.) — no stranger to abuses of the patent system — has introduced a bill that would outlaw the practice she describes as "one of the most brazen and absurd loopholes I've ever seen and it should be illegal." Sovereign immunity is not absolute and has been limited by Congress and the courts in the past. The bill would apply only to the IPR proceedings and not to patent disputes in federal courts.

Submission + - Tesla employees detail how they were fired, claim dismissals were not performanc (cnbc.com)

joshtops writes: Tesla is trying to disguise layoffs by calling the widespread terminations performance related, allege several current and former employees. On Friday, the San Jose Mercury News first reported that Tesla had dismissed an estimated 400 to 700 employees. That number represents between 1 and 2 percent of its entire workforce. But one former employee, citing internal information shared by a manager, said the total number fired is higher than 700 at this point. Most of the people let go from Tesla so far have been from its motors business, said people familiar with the matter. They were not from other initiatives like Tesla Powerwall, which is helping restore electricity to the residents of Puerto Rico now. The mass firings, which affected Tesla employees across the U.S., had begun by the weekend of Oct. 7 and continued even after the initial news report, sources said. Among those whose jobs were terminated in this phase, some were given severance packages quickly while others are still waiting on separation agreements. Some terminated employees told CNBC they were informed via email or a phone call "without warning," and told not to come into work the next day. The company also dismissed other employees without specifying a given performance issue, according to these people. "Seems like performance has nothing to do with it," one Tesla employee told CNBC under the condition of anonymity. "Those terminated were generally the highest paid in their position," this person said, suggesting that the firings were driven by cost-cutting. That assessment was echoed by several others, including three employees fired from Tesla during this latest wave.

Submission + - In a Post-Password Era, Getting Rid of Passwords is the Problem (securityledger.com)

chicksdaddy writes: Large, tech savvy corporations recognize that the static password is dead. Still, they can't seem to stop using and relying on them. That's the conclusion of a panel discussion at the Akamai EDGE (https://edge.akamai.com) event in Las Vegas last week, where executives at some of the U.S.’s leading corporations, agreed that the much maligned password won’t be abandoned any time soon, even as data breaches and follow-on attacks like automated “credential stuffing” make passwords more susceptible than ever to abuse, The Security Ledger reports. (https://securityledger.com/2017/10/in-post-password-era-passwords-are-the-problem/)

“We reached the end of needing passwords maybe seven years ago, but we still use them,” said Steve Winterfeld, Director of Cybersecurity, at clothing retailer Nordstrom. “They’re still the primary layer of defense.” “It’s hard to kill them,” noted Shalini Mayor, who is a Senior Director at Visa Inc. “The question is what to replace them with.”

This, even though the cost of using passwords is high and getting higher, as sophisticated attacks attempt to compromise legitimate accounts using so-called “credential stuffing” techniques, which use automated password guessing attacks against web-based applications.

Large retailers and other vendors often perceive what Patrick Sullivan, the Director of Security Technology and Strategy at Akamai likened to a “disruption in the force” well before major breaches are disclosed as stolen credentials from those hacks are used to try to break into their own system. However, the sheer number of breaches make spotting the source of a particular leaked credential all but impossible.

Stronger and more reliable alternatives to passwords already exist, but the obstacles to using them are often prohibitive. Shalani said Visa is “looking at” biometric technologies like Apple’s TouchID as a tool for making payments securely. Such technologies – from fingerprint scans to facial and retinal scans – promise more secure and reliable factors than alphanumeric passwords, the executives agreed. But customers often resist the technologies or find them error prone or too difficult to use.

Submission + - Google Home finally gets a real sleep timer! (vortex.com)

Lauren Weinstein writes: Google Home, nearly a year after its initial release, finally has a real sleep timer! (https://support.google.com/googlehome/answer/7028899).

Some readers have speculated that this popular post from early this month: "How to Fake a Sleep Timer on Google Home" (https://lauren.vortex.com/2017/10/04/how-to-fake-a-sleep-timer-on-google-home)
somehow "shamed" Google into final action on this. I wouldn't go that far. But I'll admit that it's somewhat difficult to stop chuckling a bit right now. In any case, thanks to the Home team!

Submission + - Smartphones Are Killing Americans, But Nobody's Counting (bloomberg.com)

Zorro writes: Amid a historic spike in U.S. traffic fatalities, federal data on the danger of distracted driving are getting worse.

Increase in fatalities has been largely among bicyclists, motorcyclists, and pedestrians—all of whom are easier to miss from the driver’s seat than, say, a 4,000-pound SUV—especially if you’re glancing up from your phone rather than concentrating on the road. Last year, 5,987 pedestrians were killed by cars in the U.S., almost 1,100 more than in 2014—that’s a 22 percent increase in just two years.

Submission + - These guys are transcribing all the audio on the internet. (fluiddata.com)

An anonymous reader writes: I've been into podcasting for a number of years now and I ran across this website called FluidDATA. It looks like they've made an audio search engine that lets your search for words or phrases in audio files. And from what I can tell, it looks like they have millions of files...

Are these guys going to be the google of audio?

Submission + - Mobile Phone Companies Appear To Be Selling Your Location To Almost Anyone (techcrunch.com) 2

An anonymous reader writes: You may remember that last year, Verizon (which owns Oath, which owns TechCrunch) was punished by the FCC for injecting information into its subscribers’ traffic that allowed them to be tracked without their consent. That practice appears to be alive and well despite being disallowed in a ruling last March: companies appear to be able to request your number, location, and other details from your mobile provider quite easily. The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)

Submission + - Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com)

An anonymous reader writes: As reported previously by ZDNet, the bug, dubbed "KRACK" — which stands for Key Reinstallation Attack — is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the US Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. ZDNet has a list of all the patches currently available.

Submission + - Ophelia Became a Major Hurricane Where No Storm Had Before (arstechnica.com)

An anonymous reader writes: The system formerly known as Hurricane Ophelia is moving into Ireland on Monday, bringing "status red" weather throughout the day to the island. The Irish National Meteorological Service, Met Eireann, has warned that, "Violent and destructive gusts of 120 to 150km/h are forecast countrywide, and in excess of these values in some very exposed and hilly areas. There is a danger to life and property." Ophelia transitioned from a hurricane to an extra-tropical system on Sunday, but that only marginally diminished its threat to Ireland and the United Kingdom on Monday, before it likely dissipates near Norway on Tuesday. The primary threat from the system was high winds, with heavy rains. Forecasters marveled at the intensification of Ophelia on Saturday, as it reached Category 3 status on the Saffir-Simpson scale and became a major hurricane. For a storm in the Atlantic basin, this is the farthest east that a major hurricane has been recorded during the satellite era of observations. Additionally, it was the farthest north, at 35.9 degrees north, that an Atlantic major hurricane has existed this late in the year since 1939.

Submission + - Second Crypto Bug of the Day: Infineon TPM Chipsets Generate Insecure RSA Keys (bleepingcomputer.com)

An anonymous reader writes: Infineon TPM chipsets that come with many modern-day motherboards generate insecure RSA encryption keys that put devices at risk of attack. TPM stands for Trusted Platform Module (TPM), which is an international standard for secure cryptoprocessors that are used to store critical data such as passwords, certificates, and encryption keys.

According to a security alert issued by Infineon last week and research published today, a vulnerability in the Infineon TPM firmware results in the generation of weak RSA keys. The vulnerability allows for an attack on RSA1024 and RSA2048, and affects chips manufactured as early as 2012. RSA encryption works by encrypting data with a dual private and public key. The attack allows an attacker to determine the private key.

  Infineon issued a firmware update last week and has forwarded the update to motherboard vendors which are now working on integrating the Infineon TPM firmware update into all their products. Known affected vendors include Acer, ASUS, Fujitsu, HP, Lenovo, LG, Samsung, Toshiba, and other smaller Chromebook vendors. Both Microsoft and Google have issued "workarounds" as part of security updates, but fixing this attack surface will require manually patching the motherboard firmware of all affected vendors.

Slashdot Top Deals