Krebs Warns Source Code Leaked From Massive IoT Botnet Attack

Slashdot - Sun, 02/10/2016 - 8:41pm
Remember that historically massive denial-of-service attack last month against security researcher Brian Krebs? The source code's just been leaked, Krebs reports, "virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices." An anonymous Slashdot reader quotes KrebsOnSecurity: The malware, dubbed "Mirai," spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords. Infected systems can be cleaned up by simply rebooting them -- thus wiping the malicious code from memory. But experts say there is so much constant scanning going on for vulnerable systems that vulnerable IoT devices can be re-infected within minutes of a reboot. Only changing the default password protects them from rapidly being reinfected on reboot... The user who leaked the source code says "there's lots of eyes looking at IOT now... I usually pull max 380K bots from telnet alone. However, after the Krebs DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300K bots, and dropping"... Now that the source code has been released online for that 620-Gbps attack, Krebs predicts "there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems." He points out that 5.5 million new things get connected to the internet each day, according to Gartner. And they're also predicting that 6.4 billion things will be connected to the internet by the end of the year -- reaching 20.8 billion over the next four years.

Read more of this story at Slashdot.

Categories: Science

French Banks Offer Credit Card Numbers That Change Every Hour

Slashdot - Sun, 02/10/2016 - 7:34pm
Slashdot reader schwit1 quotes The Memo: What if the numbers on your card changed every hour so that, even if a fraudster copied them, they'd quickly be out of date? That's exactly what two French banks are starting to do with their new high-tech ebank cards... The three digits on the back of this card will change, every hour, for three years. And after they change, the previous three digits are essentially worthless, and that's a huge blow for criminals... As most fraud happens a few hours or days after your card details are actually taken, this would leave criminals essentially with a bunch of useless numbers. It's just like credit cards you have now -- other than the tiny digital screen that's embedded into the back of the card.

Read more of this story at Slashdot.

Categories: Science

As ICANN Gains Full Oversight Of Domain Name System, Some Wonder If It Means the US Has Given Away The Internet

Slashdot - Sun, 02/10/2016 - 6:34pm
The U.S. has given up its remaining control over the Internet. The formal handover, which took effect on Saturday, followed a last-ditch attempt by a group of Republicans to block the move. They had argued that the US concession would open the door for authoritarian governments get control of the network of networks, leading to greater censorship. From a BBC report:A judge in Texas has put the kibosh on a last-minute legal attempt to block the controversial decision for the US to give up control of one of the key systems that powers the internet. It's a move being breathlessly described by some as the US "giving up the internet" to the likes of China, Russia and the Middle East. For starters, while they can take the credit for inventing the underlying technology, the US never "had the internet" to begin with. Nobody did. It's a, duh, network. Decentralised. That's what makes it so powerful. But there are bits of internet infrastructure that some people and governments do have control over, and that's what this row is all about. One of them is the DNS - Domain Name System. This is the system for looking after web addresses. Thanks to the DNS, when you type bbc.com, you're taken to the correct servers for the BBC website. It saves you the grief of having to remember a string of numbers. That pairing of names and numbers is kept in one great big master file, the land registry of the web. The only organisation that can make changes is Icann, the Internet Corporation for Assigned Names and Numbers. As of Saturday 1 October 2016, Icann will no longer be under US government oversight.

Read more of this story at Slashdot.

Categories: Science

Scientists Identify Another Source of Dangerous Greenhouse Gases: Reservoirs

Slashdot - Sun, 02/10/2016 - 5:34pm
A team of researchers from Canada, Holland, China, the U.S. and Brazil "found that greenhouse gas emissions from man-made reservoirs were likely equal to the equivalent of one gigaton of carbon dioxide being released into the atmosphere every year...a little less than one-sixth of the United State's greenhouse gas emissions." An anonymous Slashdot reader quotes Popular Science: A reservoir is usually created by damming a river, overflowing the banks and flooding the surrounding area, creating a man-made lake...the perfect conditions for microbes to generate greenhouse gases like carbon dioxide and methane (a gas that is about 25 times more potent than carbon dioxide)... "When reservoirs are first flooded there's organic matter in the soil and vegetation that can be converted by microbes into methane and carbon dioxide," John Harrison, a co-author of the paper, tells Popular Science. "Also, reservoirs because they are in line in rivers, they receive a lot of organic matter and organic sediment from upstream that can fuel the production of methane, carbon dioxide and nitrous oxide." Harrison says that reservoirs also tend to occur in areas where fertilizers are used on the surrounding land. Runoff from those fertilizers into bodies of water can cause algal blooms that can also produce more methane and carbon dioxide. If the world's reservoirs were a country, they'd be #8 on a list of polluters -- right behind Brazil, China, the EU and the U.S.

Read more of this story at Slashdot.

Categories: Science

Apple Loses Patent Retrial To VirnetX, Owes $302.4 Million

Slashdot - Sun, 02/10/2016 - 4:34pm
Slashdot reader chasm22 quotes Reuters: A federal jury in Texas on Friday night ordered Apple Inc to pay more than $302 million in damages for using VirnetX Holding Corp's patented internet security technology without permission in features including its FaceTime video conferencing application. The verdict came in a new trial in Tyler, Texas that had been ordered by the judge in the case, Robert Schroeder, who last August threw out VirnetX's $625.6 million win over Apple from a previous trial because he said jurors in that case may have been confused... A jury in 2012 awarded $368.2 million in damages, but the U.S. Court of Appeals for the Federal Circuit in Washington, D.C., partly overturned that verdict, saying there were problems with how the trial judge instructed jurors on calculating damages. On remand, VirnetX's two suits were combined, and in February, a jury returned with an even bigger verdict, $625.6 million, one of the highest ever in a U.S. patent case... However, Schroeder later voided the result, saying that the repeated references to the earlier case could have confused jurors and were unfair to Apple... Apple will also have to contend with the trial in a second lawsuit VirnetX filed against Apple over newer versions of Apple security features, as well as its iMessage application. The article points out that "Many patent cases are handled in the Texas court, which has a reputation for awarding favorable verdicts to plaintiffs alleging infringement."

Read more of this story at Slashdot.

Categories: Science

Microsoft Could Bring Windows Hello To Android, iPhone

Slashdot - Sun, 02/10/2016 - 3:33pm
Microsoft may have plans to bring Windows Hello, one of the headline features of Microsoft's current operating system, to Android and iOS. Windows Hello is a feature that lets people unlock their PC with fingerprint, face, or iris. Paul Thurrott reports: With Windows 10 version 1607, Microsoft has expanded the Windows Hello authentication technologies to include support for companion devices. That we knew. But those companion devices, surprisingly, will include both Android and iPhone handsets. The question is whether those solutions will ever be made available to consumers.[...] On a Ignite 2016 session called Expand Windows Hello Family to companion devices and browser, Microsoft outlined some ideas around this. "When you think about a user and the kind of devices they carry with them," Microsoft senior program manager lead Anoosh Saboori said during the session, "they normally have the phone in their pocket, they [might] have some kind of wearable on their arm, some of them might have the security fobs given to them by their company, and many of us carry a badge with us that is used to gain access to different physical locations. We wanted to leverage these devices as a way to knowing the user."

Read more of this story at Slashdot.

Categories: Science

With HDDs On The Ropes, Samsung Predicts SSD Price Collisions As NVMe Takes Over

Slashdot - Sun, 02/10/2016 - 2:34pm
At its Global SSD Summit, Samsung shared its vision of the current state of SSD market and also outlined the future trends. The company noted that SSDs are steadily displacing HDDs in more applications, but NVMe is shaping up to be the dark horse that may put the venerable HDD to rest. From an article on Tom's Hardware: Samsung loves Google, and not just because it probably buys plenty of its SSDs. Samsung outlined its rather intense focus on Google Analytics for marketing purposes last year, and this year it pointed out that recent Google searches for "SSD upgrades" outweighed searches for "CPU upgrades." The historical trend indicates that this wasn't always the case (of course), but with 40 million searches for SSD upgrades this year, it is clear that SSDs are on the move. Performance stagnation in the CPU market is probably to blame here, as well, and we routinely advise readers to spend their hard-earned dollars on GPU and SSD upgrades before the CPU. The cellphone industry has long served as the prime example of an explosive growth market; it grew 19.1% in the last five years alone. SSDs, by contrast, grew 54%, and the steady downward pricing slope is a key factor. The all-important price-per-GB fell from $1.17 in 2012 to a mere $0.36 in 2016 (69% reduction). This is an average value, you can find SSDs for even less on the retail market. The SSD market grew 6x (to 130,000,000) from 2012 to 2016. Samsung's NAND shipments benefit from both the smartphone and SSD industries, and the company presented a chart that highlighted the changing NAND shipment mix. A higher percentage of flash heads into the SSD and Mobile segments every year as the percentage of UFD (USB Flash Drive), cards, and "others" decline.

Read more of this story at Slashdot.

Categories: Science

Google Tells Home Audio Vendors To Ditch Competing Smart Assistants If They Want To Use Google Cast: Variety

Slashdot - Sun, 02/10/2016 - 1:34pm
Google is telling its home audio vendors that they won't be allowed to add support for smart assistants by rivals such as Amazon's Alexa if they want to continue to use Google Cast, according to Variety. The Mountain View-based company reportedly conducted a meeting in June with 50 of the biggest names of home audio to discuss the plan. The publication adds that Google's talks with OEMs were at least partially successful, with many of those companies planning to unveil their Google Cast-powered smart speakers as soon as next year. From the report:"Google Cast has become a Trojan horse," said one of the attendees, who wasn't authorized to speak on the record with Variety. Google's overtures to consumer electronics makers come at a time of upheaval for many home audio brands. Premium stereo equipment makers, in particular, have seen their sales diminished in recent years by both changing listening habits and a rapid evolution of technology. The move to streaming audio led music fans to massively embrace headphones and cheap Bluetooth speakers. Then Sonos came along and established itself as the market leader for premium Wifi-connected speakers. And finally, Amazon surprised everyone with the Echo, a device that redefined what a speaker does, thanks to smart voice control that can be used to request songs, news headlines, the weather, and even to order a pizza or an Uber.Weirdly enough, Google, Amazon, Facebook, IBM, and Microsoft announced a partnership this week to conduct research and promoting best practices on AI.

Read more of this story at Slashdot.

Categories: Science

Rosetta's Final Snapshots of Comet 67P Assembled | Video

Space.com - Sun, 02/10/2016 - 12:39pm
The Rosetta mission came to a close on Sept. 30, 2016 and the European Space Agency probe was sending imagery back to Earth until its final moments. Twelve of those images are compiled here.
Categories: Science

Are Flawed Languages Creating Bad Software?

Slashdot - Sun, 02/10/2016 - 11:34am
"Most software, even critical system software, is insecure Swiss cheese held together with duct tape, bubble wrap, and bobby pins..." writes TechCrunch. An anonymous reader quotes their article: Everything is terrible because the fundamental tools we use are, still, so flawed that when used they inevitably craft terrible things... Almost all software has been bug-ridden and insecure for so long that we have grown to think that this is the natural state of code. This learned helplessness is not correct. Everything does not have to be terrible... Vast experience has shown us that it is unrealistic to expect programmers to write secure code in memory-unsafe languages...as an industry, let's at least set a trajectory. Let's move towards writing system code in better languages, first of all -- this should improve security and speed. Let's move towards formal specifications and verification of mission-critical code. Their article calls for LangSec testing, and applauds the use of languages like Go and Rust over memory-unsafe languages like C. "Itâ(TM)s not just systemd, not just Linux, not just software; the whole industry is at fault."

Read more of this story at Slashdot.

Categories: Science

BlackBerry’s Not Going to Disappear

Wired News - Sun, 02/10/2016 - 10:24am
BlackBerry's not going anywhere. In fact, it'll be more places than it ever was before. The post BlackBerry's Not Going to Disappear appeared first on WIRED.
Categories: Science

4K HDR Televisions for Every Budget, From $500 to $130K

Wired News - Sun, 02/10/2016 - 10:15am
Here's what various piles of money will get into your living room. The post 4K HDR Televisions for Every Budget, From $500 to $130K appeared first on WIRED.
Categories: Science

Synapse-like memristor-based electronic device detects brain spikes in real time

Kurzweil AI - Sat, 01/10/2016 - 3:34am

Memristor chip (credit: University of Southampton)

A bio-inspired electronic device called a memristor could allow for real-time processing of neuronal signals (spiking events), new research led by the University of Southampton has demonstrated.

The research could lead to using multi-electrode array implants for detecting spikes in the brain’s electrical signals from more than 1,000 recording channels to help treat neurological conditions, without requiring expensive, high-bandwidth, bulky systems for processing data. The research could lead to future autonomous, fully implantable neuroprosthetic devices.

Schematic illustration of a solid-state titanium-oxide memristive device and atomic force microscopic (AFM) image a portion of a 32 × 32 crossbar array of memristors (credit: Isha Gupta/Nature Communications)

A memristors is an electronic component that limits or regulates the flow of electrical current in a circuit, can remember the amount of charge that was flowing through it, and retain that data, even when the power is turned off. The researchers used an array of memristors.

The research team designed a new nanoscale device they called a “memristive integrating sensor” (MIS) based on a memristors and associated electronic circuits for detecting spikes.*

Acting like synapses in the brain, the MIS was able to encode and compress (up to 200 times) neuronal spiking activity recorded by multi-electrode arrays. Besides addressing the bandwidth constraints, this approach was also very power-efficient; the power needed per recording channel was up to 100 times less when compared to current best practice.

The research was published in the open-access journal Nature Communications.

The Prodromakis Group at the University of Southampton collaborated among others with Leon Chua (a Diamond Jubilee Visiting Academic at the University of Southampton), who theoretically predicted the existence of memristors in 1971.

This interdisciplinary work was supported by an FP7 project (the European Union’s Research and Innovation funding) and brought together engineers from the Nanoelectronics and Nanotechnology Group at the University of Southampton with biologists from the University of Padova and the Max Planck Institute, Germany, using the state-of-art facilities of the Southampton Nanofabrication Centre.

* The paper explains that signals from an array of neural electrodes are fed into the MIS system as a series of voltage-time samples. “The MIS begins by pre-amplifying the incoming signal to voltage levels suitable for operating the memristor sitting at the core of the MIS and then proceeding to apply the pre-amplified signals to the memristor in real-time. The memristor’s resistive state is assessed periodically and when a significant change in comparison to the previous state is detected, the system registers a spiking event.”

Abstract of Real-time encoding and compression of neuronal spikes by metal-oxide memristors

Advanced brain-chip interfaces with numerous recording sites bear great potential for investigation of neuroprosthetic applications. The bottleneck towards achieving an efficient bio-electronic link is the real-time processing of neuronal signals, which imposes excessive requirements on bandwidth, energy and computation capacity. Here we present a unique concept where the intrinsic properties of memristive devices are exploited to compress information on neural spikes in real-time. We demonstrate that the inherent voltage thresholds of metal-oxide memristors can be used for discriminating recorded spiking events from background activity and without resorting to computationally heavy off-line processing. We prove that information on spike amplitude and frequency can be transduced and stored in single devices as non-volatile resistive state transitions. Finally, we show that a memristive device array allows for efficient data compression of signals recorded by a multi-electrode array, demonstrating the technology’s potential for building scalable, yet energy-efficient on-node processors for brain-chip interfaces.

Categories: Science

How to send secure passwords through your body instead of air

Kurzweil AI - Fri, 30/09/2016 - 5:42am

Potential applications for on-body transmissions include securely sending information to door locks, glucose sensors, or other wearable medical devices. (credit: Vikram Iyer, University of Washington)

University of Washington computer scientists and electrical engineers have devised a way to send secure passwords through the human body, using benign, low-frequency transmissions already generated by fingerprint sensors and touchpads on consumer devices.

“Let’s say I want to open a door using an electronic smart lock,” said Merhdad Hessar, a UW electrical engineering doctoral student and co-lead author of a paper presented in September at the 2016 Association for Computing Machinery’s International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2016) in Germany. “I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air.”

Secure on-body transmissions

These “on-body” transmissions offer a more secure way to transmit authenticating information between devices that touch parts of your body — such as a wearable medical device — and a phone or device that confirms your identity by asking you to type in a password.

The technology could also be useful for secure key transmissions to medical devices which seek to confirm someone’s identity before sending or sharing data, such as glucose monitors or insulin pumps.

The research team tested the technique on iPhone and other fingerprint sensors, as well as Lenovo laptop trackpads and the Adafruit capacitive touchpad. In tests with ten different subjects, they were able to generate usable on-body transmissions on people of different heights, weights and body types. The system also worked when subjects were in motion, including while they walked and moved their arms.

The researchers showed that it works in different postures like standing, sitting and sleeping, and they can get a strong signal throughout your body, with receivers on any part of the body.

Reverse-engineering and repurposing smartphone sensors

The research team from the UW’s Networks and Mobile Systems Lab systematically analyzed smartphone sensors to understand which of them generates low-frequency transmissions below 30 megahertz (which travel well through the human body but don’t propagate over the air).

The researchers found that fingerprint sensors and touchpads generate signals in the 2 to 10 megahertz range and employ capacitive coupling to sense where your finger is in space and to identify the ridges and valleys that form unique fingerprint patterns.

Normally, sensors use these signals to receive input about your finger. But the UW engineers devised a way to use these signals as output that corresponds to data contained in a password or access code. When entered on a smartphone, data that authenticates your identity can travel securely through your body to a receiver embedded in a device that needs to confirm who you are.

Their process employs a sequence of finger scans to encode and transmit data. Performing a finger scan correlates to a 1-bit of digital data and not performing the scan correlates to a 0-bit. The team achieved bit rates of 50 bits per second on laptop touchpads and 25 bits per second with fingerprint sensors — fast enough to send a simple password or numerical code through the body and to a receiver within seconds.

This represents only a first step, the researchers say. Data can be transmitted through the body even faster if fingerprint sensor manufacturers provide more access to their software.

The research was funded by the Intel Science and Technology Center for Pervasive Computing, a Google faculty award and the National Science Foundation.

For more information, contact the research team at onbody@cs.washington.edu.

Abstract of Enabling on-body transmissions with commodity devices

We show for the first time that commodity devices can be used to generate wireless data transmissions that are confined to the human body. Specifically, we show that commodity input devices such as fingerprint sensors and touchpads can be used to transmit information to only wireless receivers that are in contact with the body. We characterize the propagation of the resulting transmissions across the whole body and run experiments with ten subjects to demonstrate that our approach generalizes across different body types and postures. We also evaluate our communication system in the presence of interference from other wearable devices such as smartwatches and nearby metallic surfaces. Finally, by modulating the operations of these input devices, we demonstrate bit rates of up to 50 bits per second over the human body.

Categories: Science

Graphene crowd-surfs on a lipid monolayer

Kurzweil AI - Fri, 30/09/2016 - 4:26am

Model of graphene on a lipid monolayer (credit: Universiteit Leiden)

“Crowd-surfing” on a smooth, supportive lipid monolayer, graphene could provide a versatile new platform for biosensors and drug delivery systems, researchers at Leiden University in The Netherlands have discovered.

Graphene is typically supported or sandwiched with other two-dimensional materials to promote higher mobility, ensure consistent electrical performance, and prevent environmental contamination. But combining graphene with soft, dynamic, molecular self-assembled lipid monolayers could provide a versatile platform for applications such as biosensors and drug delivery systems.

In research results published (open access) in a cover story in the journal Nanoscale on September 28, the authors note that the lipids (surprisingly) also improve graphene’s electrical conductivity. That could allow for measuring the electrical signals of graphene in the body for detecting acidity or the presence of certain proteins, for example. This research was funded by the European Research Council, the Netherlands Organization for Scientific Research, and the Swiss National Science Foundation. Abstract of Graphene-stabilized lipid monolayer heterostructures: a novel biomembrane superstructure

Chemically defined and electronically benign interfaces are attractive substrates for graphene and other two-dimensional materials. Here, we introduce lipid monolayers as an alternative, structurally ordered, and chemically versatile support for graphene. Deposition of graphene on the lipids resulted in a more ordered monolayer than regions without graphene. The lipids also offered graphene a more uniform and smoother support, reducing graphene hysteresis loop and the average value of the charge neutrality point under applied voltages. Our approach promises to be effective towards measuring experimentally biochemical phenomena within lipid monolayers and bilayers.

Categories: Science