Boutzev writes: There is information circulating about a new vulnerability in Broadcom WIFI chipsets, used in smartphones from major vendors (Apple, Samsung). The issue (called "broadp0wn) is apparently remotely exploitable. This is unrelated to the recently released KRACK vulnerability in the WPA2 protocol. From wired.com:
IF YOU HAVEN'T updated your iPhone or Android device lately, do it now. Until very recent patches, a bug in a little-examined Wi-Fi chip would have allowed a hacker to invisibly hack into any one of a billion devices. Yes, billion with a b. A vulnerability that pervasive is rare, for good reason. Apple and Google pile millions of dollars into securing their mobile operating systems, layering on hurdles for hackers and paying bounties for information about vulnerabilities in their software. But a modern computer or smartphone is a kind of silicon Frankenstein, with components sourced from third-party companies whose code Apple and Google don't entirely control. And when security researcher Nitay Artenstein dug into the Broadcom chip module that helps power every iPhone and most modern Android devices, he found a flaw that had the potential to completely undermine the expensive security of all of them.
schwit1 writes: There's a long-known relationship between cancer and sugar, but figuring out exactly how it works has proven elusive. Now, thanks to a nine-year research project, scientists have made a breakthrough.
They've narrowed down the mechanism whereby cancer cells metabolise sugar. The focus of the new research was on a metabolic effect that has been understood for over 90 years.
We know that almost all the cells in the human body require energy, and they derive this energy from the sugars in the food we eat. Cancer cells also require sugars to grow. But their glucose intake is a lot higher than that of healthy cells, as is the rate at which they ferment that glucose into lactic acid.
This is known as the Warburg effect, and it may, scientists have hypothesised, have something to do with cancer's rapid growth rate. But it's hard to determine whether the Warburg effect is a symptom or a cause of cancer.
It's been proposed that the growth of cancer cells may be stymied by starving them of sugar, but the problem with that is there's currently no method of cutting off the supply to cancer cells while keeping it open to normal cells.
This is why the biological mechanism behind the increased glucose metabolism is important. It may hold the key to starving cancer cells while keeping healthy cells functioning. We're not there yet, but this research brings us a critical step closer.
phantomfive writes: Researchers were able to track, and use GPS data from the ad network to track a user to their actual location, and trace movements through town. The paper asks: "can third-parties use the purchasing of ads to extract private information about individuals? We find that the answer is yes. For example, in a case study with an archetypal advertising network, we find that — for $1000 USD — we can track the location of individuals who are using apps served by that advertising network."
BrianFagioli writes: The Galaxy-maker further says, "Linux on Galaxy is made even more powerful because it is DeX-enabled, giving developers the ability to create content on a large screen, powered only by their mobile device. This represents a significant step forward for software developers, who can now set up a fully functional development environment with all the advantages of a desktop setting that is accessible anytime, anywhere. Samsung Linux on Galaxy is still a work in progress."
Here's the deal, folks — there aren't many details on what "Linux on Galaxy" exactly is. Since Galaxy phones use ARM processors, will it be running ARM-compiled distros, or will it emulate x86_64? Maybe the desktop Linux distro will just be a virtual machine running on a server remotely. After all, that is how Samsung makes Windows "run" on DeX today. For now, we don't even know which distros will be supported, although Ubuntu is likely.
An anonymous reader writes: The abundance of flying insects has plunged by three-quarters over the past 25 years, according to a new study that has shocked scientists. Insects are an integral part of life on Earth as both pollinators and prey for other wildlife and it was known that some species such as butterflies were declining. But the newly revealed scale of the losses to all insects has prompted warnings that the world is “on course for ecological Armageddon," with profound impacts on human society. The new data was gathered in nature reserves across Germany but has implications for all landscapes dominated by agriculture, the researchers said. The cause of the huge decline is as yet unclear, although the destruction of wild areas and widespread use of pesticides are the most likely factors and climate change may play a role. The scientists were able to rule out weather and changes to landscape in the reserves as causes, but data on pesticide levels has not been collected. The research, published in the journal Plos One, is based on the work of dozens of amateur entomologists across Germany who began using strictly standardized ways of collecting insects in 1989.
glowend writes: FTA: "Now show Newton an Apple. Pull out an iPhone from your pocket, and turn it on so that the screen is glowing and full of icons, and hand it to him. Newton, who revealed how white light is made from components of different-colored light by pulling apart sunlight with a prism and then putting it back together, would no doubt be surprised at such a small object producing such vivid colors in the darkness of the chapel. Now play a movie of an English country scene, and then some church music that he would have heard. And then show him a Web page with the 500-plus pages of his personally annotated copy of his masterpiece Principia, teaching him how to use the pinch gesture to zoom in on details.
Could Newton begin to explain how this small device did all that? Although he invented calculus and explained both optics and gravity, he was never able to sort out chemistry from alchemy. So I think he would be flummoxed, and unable to come up with even the barest coherent outline of what this device was. It would be no different to him from an embodiment of the occult — something that was of great interest to him. It would be indistinguishable from magic. And remember, Newton was a really smart dude."
Researchers José Croca and Paulo Castro from the Centre for Philosophy of Sciences of the University of Lisbon in Portugal suggest that not only could pilot wave theory explain the mysterious behavior of the EM drive, it could help to make it even more powerful.
Applying a pilot wave theory to NASA's EM drive frustum [or cone] could explain its thrust without involving any external action applied to the system, as Newton's third law would require.
Currently, the majority of physicists subscribe to the Copenhagen interpretation of quantum mechanics, which states that particles do not have defined locations until they are observed.
Pilot wave theory, on the other hand, suggests that particles do have precise positions at all times, but in order for this to be the case, the world must also be strange in other ways – which is why many physicists have dismissed the idea.
It’s a well designed page (except for the now usual atrocious low contrast Google text font) with lots of good information about this program. It really is a significant increase in security that ordinary users can choose to activate, and yes, it’s free (except for the cost of purchasing the required physical security keys, which are available from a variety of vendors).
But back to that question. Should you actually sign up for APP?
ctilsie242 writes: Many years ago, it was said that we would have a "cyber 9/11", a security event so drastic that it fundamentally would change how companies and people thought about security. However, this has not happened yet (mainly because the bad guys know that this would get organizations to shut their barn doors, stopping the gravy train.)
With the perception that security has no financial returns, coupled with the opinion that "nobody can stop the hackers, so why even bother", what can actually be done to get businesses to have an actual focus on security. The only "security" I see is mainly protection from "jailbreaking", so legal owners of a product can't use or upgrade their devices. True security from other attack vectors are all but ignored.
In fact, I have seen some development environments where someone doing -anything- about security would likely get the developer fired because it took time away from coding features dictated by marketing. I've seen environments where all code ran as root or System just because if the devs gave thought to any permission model at all, they would be tossed, and replaced by other devs who didn't care to "waste" their time on stuff like that.
One idea would be something similar to Underwriters Labs, except would grade products, perhaps with expanded standards above the "pass/fail" mark, such as Europe's "Sold Secure", or the "insurance lock" certification (which means that a security device is good enough for insurance companies to insure stuff secured by it.)
There are always calls for regulation, but with regulatory capture being at a high point, and previous regulations having few teeth, this may not be a real solution in the US. Is our main hope the new data privacy laws being enacted in Europe, China, and Russia which actually have heavy fines, as well as criminal prosecutions (i.e. execs going to jail)?
This especially applies to IoT devices where it is in their financial interest to make un-upgradable devices, forcing people to toss their 1.0 lightbulbs and buy 1.0.1 lightbulbs to fix a security issue, as opposed to making them secure in the first place, or having an upgrade mechanism.
Is there something that can actually be done about the general disinterest by companies to make secure products, or is this just the way life is now?
EndlessNameless writes: If you like fair play, you might not like future Activision games. They will cross the line to encourage microtransactions---specifically matching players to both encourage and reward purchase.
Rewarding the purchase, in particular, is an explicit and egregious elimination of any claim to fair play: "For example, if the player purchased a particular weapon, the microtransaction engine may match the player in a gameplay session in which the particular weapon is highly effective, giving the player an impression that the particular weapon was a good purchase. This may encourage the player to make future purchases to achieve similar gameplay results."
schwit1 writes: The stereotype of a tortured genius may have a basis in reality after a new study found that people with higher IQs are more at risk of developing mental illness.
A team of US researchers surveyed 3,715 members of American Mensa with an IQ higher than 130. An “average IQ score” or “normal IQ score” can be defined as a score between 85 and 115.
The team asked the Mensa members to report whether they had been diagnoses with mental illnesses, including autism spectrum disorder (ASD) and attention deficit hyperactivity disorder (ADHD).
They were also asked to report mood and anxiety disorders, or whether the suspected they suffered from any mental illnesses that had yet to be diagnosed, as well as physiological diseases, like food allergies and asthma.
After comparing this with the statistical national average for each illness they found that those in the Mensa community had considerably higher rates of varying disorders.
schwit1 writes: YouTube has suspended the video account of popular Chinese dissident Guo Wengui amid a mounting pressure from the Beijing government to silence one of its critics.
According to a person familiar with the action, YouTube issued what the company calls a "strike" against Guo, who since the beginning of the year has created an online sensation by posting lengthy videos in which he reveals details of corruption by senior Chinese officials.
The suspension involves a 90-day block on any new live-stream postings of videos and was the result of a complaint made against a recent Guo video for alleged harassment.
The identity of the person or institution who issued the complaint could not be learned.
The video in question has been removed and no details were available on what prompted the action.