managerialslime writes: University of Illinois at Chicago researchers have developed a way to mimic plants’ ability to convert carbon dioxide into fuel, a way to decrease the amounts of harmful gas in the atmosphere and produce clean energy. The artificial leaf essentially recycles carbon dioxide. And it’s powered entirely by the sun, mimicking the real photosynthesis process.
pacopico writes: Only a handful of countries have their very own Internet with their own e-mail systems, search engines and social networks. Russia has such an Internet, and it's wonderfully weird, creepy and innovative. Bloomberg Businessweek sent a reporter to Moscow and Siberia to produce a documentary on the rise of the Russian Internet and the current state of the country's technology industry. The show turns up some odd technology like FindFace, which lets anyone snap a picture of a stranger and then find them instantly on social networks, and Group-IB, which is the leading hunter of Russian-speaking hackers. There's also a visit to Akademgorodok, which is sort of like a Russian version of Silicon Valley only in Siberia. Given that Russia's technical influence is in the news, this documentary is timely if nothing else.
jimjasongo writes: Why does the Tor network get funded by sources like US government? TOR enables the users to use dark web, which is the major source of crime on the internet, so why does so many sources fund tor, when it poses a threat to people
Coisiche writes: Seems that all the US companies that said any encryption backdoors would undermine global competitiveness, when such a thing was recently mooted there, can now find out if they were correct or not by watching the UK. Meanwhile various TLA agencies will be wondering if it could be as easily slipped into law in their jurisdiction.
The malware campaign is known as Gooligan, and it’s a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that’s not the main concern for victims.
The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users’ Google credentials.Although the malware has full remote access to infected devices, it doesn’t appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.
Futurepower(R) writes: I see plenty of evidence that banks don't manage their web sites well.
When I check my balance at Ally Bank, the NoScript and Ghostery
Firefox add-ons tell me that 11 other sites* would be contacted if I
didn't have protection.
See the sites below.
say that Barclays U.S. Bank has no legal responsibility or liability
for anything it says on its web site. Quoting: "... THE BANK DOES NOT
WARRANT THAT: (i) THE SITE OR THE SITE CONTENT IS CORRECT, ACCURATE,
RELIABLE OR COMPLETE..." If you can't depend on what the web site says,
how can you feel comfortable that you know enough about the bank to want
to be a customer?
I talked with a representative at CapitalOne 360 Bank
when I discovered that now there is no way to send a secure message to
(My wife has an account.) The secure messaging only allows receiving
messages from the bank. If you have a question, you have to call and
talk with someone, and you have no
way of proving what you were told. The CapitalOne 360 Bank
representative said that there were too many incoming messages for the
staff to answer, so
incoming messages were recently deactivated.
Customers are not allowed to keep the incoming messages from the bank;
they are deleted after 90 days.
I have plenty of other stories
like that. In my experience, top managers often have little knowledge of
technology, and often seem not to want any knowledge.
So, which is the best-managed U.S. bank?
What are your stories about banks?
*Here are the web sites linked when I check my balance at Ally Bank. Advertising:
Adobe Audience Manager, Advertising.com, DoubleClick Floodlight,
DoubleClick Spotlight, Google Dynamic Remarketing, MediaMath, and RUN. Site Analytics: Omniture (Adobe Analytics) and Qualtrics. Other web sites:
Demdex.net and Omtrdc.net. When I tried to visit the Omtrdc.net web site, I got a Firefox
message: "Your connection is not secure. The owner of omtrdc.net has
configured their website improperly. To protect your information from
being stolen, Firefox has not connected to this website."
An anonymous reader writes: Netflix opts all customers into its UI beta-testing program by default (though you can opt out at any time). One iteration the company is experimenting with at the moment features a number of innovations, including a revised and more informative playback environment, a 10-second 'wind-back' feature similar to functionality in Amazon Prime — and an intentional inability to remember where you paused playback, with one operative explaining ‘[This] UI makes you go back to the start of the show so this way in case you missed any part of the movie/show you can watch it again with no troubles.’
cold fjord writes: State level marijuana legalization efforts across the US have been gaining traction driven by the folk wisdom that marijuana is both a harmless recreational drug and a useful medical treatment for many aliments. However some cracks have appeared in that story with indications that marijuana use is associated with the development of mental disorders and the long term blunting of the brain's reward system of dopamine levels. A new study has found that marijuana appears to have a widespread effect on blood flow in the brain: "Published in the Journal of Alzheimer's Disease, researchers using single photon emission computed tomography (SPECT), a sophisticated imaging study that evaluates blood flow and activity patterns, demonstrated abnormally low blood flow in virtually every area of the brain studies in nearly 1,000 marijuana users compared to healthy controls, including areas known to be affected by Alzheimer's pathology such as the hippocampus. . . . According to Daniel Amen, M.D.,... "Our research demonstrates that marijuana can have significant negative effects on brain function. The media has given the general impression that marijuana is a safe recreational drug, this research directly challenges that notion. In another new study just released, researchers showed that marijuana use tripled the risk of psychosis. Caution is clearly in order.""
An anonymous reader writes: Engineers in San Francisco have tunneled underground to try and understand the sinking of the 58-story Millennium Tower. Now comes an analysis from space. The European Space Agency has released detailed data from satellite imagery that shows the skyscraper in San Francisco's financial district is continuing to sink at a steady rate — and perhaps faster than previously known. The luxury high-rise that opened its doors in 2009 has been dubbed the Leaning Tower of San Francisco. It has sunk about 16 inches into landfill and is tilting several inches to the northwest. Engineers have estimated the building is sinking at a rate of about 1-inch per year. The Sentinel-1 twin satellites show almost double that rate based on data collected from April 2015 to September 2016. The satellite data shows the Millennium Tower sunk 40 to 45 millimeters — or 1.6 to 1.8 inches — over a recent one-year period and almost double that amount — 70 to 75 mm (2.6 to 2.9 inches) — over its 17-month observation period, said Petar Marinkovic, founder and chief scientist of PPO Labs which analyzed the satellite's radar imagery for the ESA along with Norway-based research institute Norut. The Sentinel-1 study is not focused on the Millennium Tower but is part of a larger mission by the European Space Agency tracking urban ground movement around the world, and particularly subsidence "hotspots" in Europe, said Pierre Potin, Sentinel-1 mission manager for the ESA. The ESA decided to conduct regular observations of the San Francisco Bay Area, including the Hayward Fault, since it is prone to tectonic movement and earthquakes, said Potin, who is based in Italy. Data from the satellite, which is orbiting about 400 miles (700 kilometers) from the earth's surface, was recorded every 24 days. The building's developer, Millennium Partners, insists the building is safe for occupancy and could withstand an earthquake.
mspohr writes: The Guardian has a news article about a recently published article proposing a way to test the theory that the speed of light was infinite at the birth of the universe: "The newborn universe may have glowed with light beams moving much faster than they do today, according to a theory that overturns Einstein’s century-old claim that the speed of light is a constant.
João Magueijo, of Imperial College London, and Niayesh Afshordi, of the University of Waterloo in Canada, propose that light tore along at infinite speed at the birth of the universe when the temperature of the cosmos was a staggering ten thousand trillion trillion celsius." "Magueijo and Afshordi came up with their theory to explain why the cosmos looks much the same over vast distances. To be so uniform, light rays must have reached every corner of the cosmos, otherwise some regions would be cooler and more dense than others. But even moving at 1bn km/h, light was not travelling fast enough to spread so far and even out the universe’s temperature differences."
chicksdaddy writes: An online attack that took an estimated 900,000 Deutsche Telekom broadband routers offline in Germany was the work of the Mirai botnet, a global network of infected cameras, printers, digital video recorders and other Internet of Things devices. But the attacks go well beyond Germany and the true number of vulnerable devices that could be targeted is much larger – numbering in the millions, according to new analysis by the firm Flashpoint. (https://www.flashpoint-intel.com/new-mirai-variant-involved-latest-deutsche-telekom-outage/)
On Monday, Deutsche Telekom acknowledged (https://www.telekom.com/de/medien/details/13-fragen-zu-angriff-auf-router-445088) that broadband routers it operates were knocked offline by a large scale attack that attempted to infect broadband routers with malicious software. Deutsche Telekom said that around 4 percent of its customers were affected by the attack – around 900,000 routers. But DT customers were not the only target. Flashpoint said it has observed infected devices operating from the United Kingdom, Brazil, Turkey, Iran, Chile, Ireland, Thailand, Australia, Argentina and Italy, as well as Germany.
In contrast to earlier rounds of Mirai infections, which relied on brute force (or “dictionary”) attacks that guessed default administrator usernames and passwords, the latest attacks attempted to exploit a known vulnerability in a remote maintenance interface. Attacks were launched using the TR-064 and TR-069 protocols which are common for managing so-called “customer premises equipment” (or CPE) in wide area network environments, DT said. Deutsche Telekom said it is working with manufacturers on firmware updates to address the vulnerability and is rolling them out to customers as they become available. The TR- protocols are what telecommunications firms and others use to remotely manage broadband routers in homes and businesses, said Zak Wikholm, a security research developer at Flashpoint, The Security Ledger reported. (https://securityledger.com/2016/11/report-millions-and-millions-of-devices-vulnerable-in-latest-mirai-attacks/)
While the exact number of infected devices isn’t known, Flashpoint estimates the global population of infected devices to be “five million” endpoints. The total number of vulnerable devices is much, much larger, though. Some estimates put the total number of devices with port 7547 open at around 41 million, Wikholm told Security Ledger. However, only a fraction of those allow parties other than Internet Service Providers to access those devices. That may be around five million devices globally, he said, though the exact number is unknown.
Even that smaller number could spell disaster. Denial of service attacks in recent months that reached upwards of 700 Gigabits per second of traffic were launched from Mirai botnets with only 100,000 to 200,000 infected hosts. Wikholm said object of the attacks appears to be to build large botnets that can be used “as a commercial service.”
An anonymous reader writes: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident—which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.
An anonymous reader writes: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds.
The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months.
managerialslime writes: In India, "this year, solar energy prices in the country dropped to around parity with coal for the first time ever, hitting 4.34 rupees (about 6 US cents) a kilowatt-hour (kWh), while coal tariffs range usually range in between 3–5 rupees/kWh (about 5–8 US cents)." At this rate, solar should be cheaper than coal within 12 to 18 months.