Trailrunner7 writes: Researchers have known for a long time that acoustic signals from keyboards can be intercepted and used to spy on users, but those attacks rely on grabbing the electronic emanation from the keyboard. New research from the University of California Irvine shows that an attacker, who has not compromised a target’s PC, can record the acoustic emanations of a victim’s keystrokes and later reconstruct the text of what he typed, simply by listening over a VoIP connection.
The researchers found that when connected to a target user on a Skype call, they could record the audio of the user’s keystrokes. With a small amount of knowledge about the victim’s typing style and the keyboard he’s using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware on the victim’s machine and simply takes advantage of the way that VoIP software acquires acoustic emanations from the machine it’s on.
An anonymous reader writes: Researchers from the State University of New York and the University of California at Riverside have developed a successful side-channel attack against the Address Space Layout Randomization (ASLR) feature of the X86 chipset architecture — an attack vector that is difficult to patch by software alone. ASLR protects the location of data stored on a computer, and mitigates against buffer overflow attacks. The attack, which is carried out on a user-level process via the Branch Target Buffer, was performed on ‘a recent version’ of Linux, but since the exploit is in hardware, it is not specific to any operating system, and is therefore a potential approach vector for hackers in Windows, Apple OS or any other system which uses this feature of the X86 chipset (that’s all of them). However no equivalent tests have been made beyond the Linux environment.
schwit1 writes: The human body begins adapting to high-elevation environments as quickly as overnight, and these biological changes can last for months — even after the person has returned to lower elevations.
For the first time ever, scientists comparing the blood of mountain hikers have observed how multiple changes affect the red blood cells' ability to retain oxygen in low-oxygen environments — and it happens within hours.
The find contradicts an assumption that’s lasted for half a century suggesting that humans in high-altitude environments start producing new red blood cells that are more capable of supplying oxygen to their muscles and organs than the average human’s blood. Link to Original Source
AmiMoJo writes: Japanese firm TENGA has released a kit for observing sperm with a smart phone. The product is aimed at men worried about infertility, offering 550x magnification to give a clear view of individual sperm.
FullBandwidth writes: MIT biological engineers have created a programming language that allows them to rapidly design complex, DNA-encoded circuits that give new functions to living cells.
Using this language, anyone can write a program for the function they want, such as detecting and responding to certain environmental conditions. They can then generate a DNA sequence that will achieve it.
"It is literally a programming language for bacteria," says Christopher Voigt, an MIT professor of biological engineering. "You use a text-based language, just like you're programming a computer. Then you take that text and you compile it and it turns it into a DNA sequence that you put into the cell, and the circuit runs inside the cell."
An anonymous reader writes: The Steam game distribution platform is suffering from a particularly bad bug right now. If you log in and try to look at your account details, you're shown the details of another user's account — seemingly picked at random. This includes, email address, last 4 digits of a phone number, whether SteamGuard (their two-factor authentication) is enabled, last the 2 digits of an associated credit card. If you play a game, Steam will show you as being logged in as somebody else while in that game. Many users are being shown pages in other languages, as they are mistaken for players in different regions. This bug follows an apparent DDoS attack that took the service down for several hours. The bug doesn't seem to allow people to purchase games using a different account. That's good, though that means most, perhaps all players, are unable to buy games on Christmas.