kenmay

Updating macOS can bring back the nasty “root” security bug

Enlarge (credit: Andrew Cunningham ) The serious and surprising root security bug in macOS High Sierra is back for some users, shortly after Apple declared it fixed. Users who had not installed macOS 10.13.1 and thus were running a prior version of the OS when they received the security update, found that installing 10.13.1 resurfaced the bug, according to a report from Wired . For these users, the security update can be installed again (in fact, it would be automatically installed at some point) after updating to the new version of the operating system. However, the bug is not fixed in that case until the user reboots the computer. Many users do not reboot their computers for days or even weeks at a time, and Apple’s support documentation did not at first inform users that they needed to reboot, so some people may have been left vulnerable without realizing it. The documentation been updated with the reboot step now. The root bug allows anyone to log in or authenticate as a system administrator on systems running macOS High Sierra by simply typing in the username “root” and leaving the password field blank, in many circumstances. It was a serious bug that drew an uncharacteristically strong apology from Apple, which said its “customers deserve better.” Read 1 remaining paragraphs | Comments

The Underground Uber Networks Driven by Russian Hackers

Joseph Cox, reporting for DailyBeat: Uber’s ride-sharing service has given birth to some of the most creative criminal scams to date, including using a GPS-spoofing app to rip off riders in Nigeria, and even ginning up fake drivers by using stolen identities. Add to those this nefariously genius operation: Cybercriminals, many working in Russia, have created their own illegitimate taxi services for other crooks by piggybacking off Uber’s ride-sharing platform, sometimes working in collaboration with corrupt drivers. Based on several Russian-language posts across a number of criminal-world sites, this is how the scam works: The scammer needs an emulator, a piece of software which allows them to run a virtual Android phone on their laptop with the Uber app, as well as a virtual private network (VPN), which routes their computer’s traffic through a server in the same city as the rider. The scammer acts, in essence, as a middleman between an Uber driver and the passenger — ordering trips through the Uber app, but relaying messages outside of it. Typically, this fraudulent dispatcher uses the messaging app Telegram to chat with the passenger, who provides pickup and destination addresses. The scammer orders the trip, and then provides the car brand, driver name, and license plate details back to the passenger through Telegram. Read more of this story at Slashdot.

Continue reading here:
The Underground Uber Networks Driven by Russian Hackers

The iPhone 8 goes up against a Samsung Galaxy S8 Plus

Before you start throwing down cash for new phones like a Grinch post heart-expansion, watch our video to directly compare more factors than just name brand and price on two of the most popular phones. The iPhone 8 and Galaxy S8 Plus are both less than $1000 (no thanks, iPhone X) but still expensive, beginning at $805 and $737, respectively. Either would make a great gift to yourself or someone else, but it all depends on what you’re going for. The iPhone 8 looks a little ho-hum in terms of standard old design, but acts zippier because of the new A11 bionic chip, which Apple claims makes it 25% faster. Alternatively, maybe you love Samsung or are just now open to one because of Apple’s no headphone jack policy. The S8 and S8 Plus have a slick design that our own phone reviewers absolutely love and its display (a dazzling 2220 x 1080) compared to Apple’s (a meh 1334 x 750) really put it at the top of the visual appearance heap. And then there’s the camera test. While on paper the smartphone’s cameras seem very similar, (Apple with a 7 megapixel front-facing camera, 12 megapixel back; Galaxy S8 Plus with 8 megapixel front-facing camera, 12 megapixel back), in practice, the selfies from the Galaxy S8 Plus seem far superior. After testing set-up, call quality, video downloading time, playback, visual appearance and cameras on each of the phones, we picked the Samsung Galaxy S8 Plus as the winner of this particular head-to-head challenge. Let us know in the comments what we should test next!

More:
The iPhone 8 goes up against a Samsung Galaxy S8 Plus

Spectacular photos of an active volcano in Bali

You may have heard that Mount Agung, an active volcano in the Indonesian island of Bali, started erupting Saturday . It just so happens that my friend Kyle Kesterson is currently traveling there. He’s staying in Ubud, about two hours away from the volcano. On Wednesday, he shared his experience of getting to and witnessing the eruption, alongside some really stunning photos: While I appreciate the concern for my safety as messages have been pouring in about Mt Agung’s current eruptions the last few days, FEAR is the common underlying theme. Those who know me, know that even the slightest whiff of fear must be faced head on and transformed into excitement. So at 2am, my fearless friend Valeria and I found a bold and curious taxi driver to drive us 2.5hrs in the direction of Mt. Agun, cameras in hand. As we pulled up around 4:30am, we saw the glow from the magma lighting up the slow billowing ash entering the atmosphere. Underneath it, our entire horizon was made up of the ghostly shape of this restless, commanding, all powerful giant. We sat, stunned in the deepest sense of awe, underneath the clearest Milky Way and longest shooting stars I’ve ever witnessed. Instantly, I was small. Weak. Absolutely nothing against the formidable nature of nature. Nothing, but a spectator and participant in this collision of living energy. Fear would have kept me tucked warmly in my sheets with the illusion that I was safe to begin with. But stepping through it, with complete reverence and heightened to the situation and ready to act, I am forever changed and more alive. Later, he wrote , Up until now, the news has been overly sensationalized with how they are reporting on Mt Agung’s activity. Life right at the base of the volcano was calm, people carrying on with their daily duties. No panic. No hysteria. It was surprisingly calm. However as of yesterday, rocks and debris have started to fall from the sky in the surrounding villages, starting to make the threat very real. Now people are starting to truly be displaced. There are a couple effective organizations helping with this process. Please join me in sharing a few dollars to help these people. photos by Kyle Kesterson , used with permission Previously: Artist Kyle Kesterson draws the faces he sees in things

View article:
Spectacular photos of an active volcano in Bali

New York’s rat population has genetically diverged into "uptown" and "downtown" subspecies

Matthew Combs, a Fordham University Louis Calder Center Biological Field Station grad student worked with colleagues from Fordham and the Providence College Department of Biology to sequence the genomes of brown rats in Manhattan, and made a surprising discovery: the geography of rats has a genetic correlation, so a geneticist can tell where a rat was born and raised by analyzing its DNA. (more…)

Chicago seeks a high-speed O’Hare link, Boring Company to propose 125mph “Loop”

Enlarge / An artist’s rendering of an electric skate. (credit: The Boring Company ) On Wednesday, the city of Chicago opened a Request for Qualifications (RFQ) for an express train that would take passengers from the city’s O’Hare airport to downtown. The system would have to be completely privately funded—Chicago says no taxpayer money would be used for it. Elon Musk’s Boring Company—a tunneling company that the SpaceX and Tesla CEO started last year—will respond to the request. Musk hopes to get to the second round when bidding will take place. On Wednesday evening, he tweeted that his company “will compete to fund, build & operate a high-speed Loop connecting Chicago O’Hare Airport to downtown.” Musk’s reference to a “Loop” is explained more clearly on The Boring Company’s FAQ page : “Loop is a high-speed underground public transportation system in which passengers are transported on autonomous electric skates traveling at 125-150 miles per hour. Electric skates will carry between 8 and 16 passengers (mass transit), or a single passenger vehicle.” Unlike Musk’s idea for a Hyperloop, a Loop won’t draw a vacuum. “For shorter routes, there is no technical need to eliminate air friction,” The Boring Company states. Read 6 remaining paragraphs | Comments

Read the article:
Chicago seeks a high-speed O’Hare link, Boring Company to propose 125mph “Loop”

Apple’s High Sierra security patch affected Mac file sharing

Apple’s latest update for macOS High Sierra hasn’t gone well. As revealed earlier this week, the update included a bug that made it pretty easy for anyone to gain admin rights to your Mac — an obvious privacy concern. Apple rolled out a patch for the issue, but it seems that’s not without its problems either, as some users are now unable to authenticate or connect to file shares on their Macs. Fortunately, there’s a simple fix. As Apple Insider reports: 1. Open the Terminal app, in the Utilities folder of the Applications folder. 2. Type sudo /usr/libexec/configureLocalKDC and hit Return. 3. Enter your administrator password and press Return. 4. Quit the Terminal app. Done. The number of people affected by the new security update’s flaw is unknown. Apple jumped on the case relatively quickly when the initial problems became clear, but whether or not they’ll release yet another update for this latest issue is unknown. Source: Apple Insider

Physicists Made An Unprecedented 53 Qubit Quantum Simulator

Two teams of researchers have published papers [1, 2] in the journal Nature detailing how they were able to create unprecedented quantum simulators consisting of over 50 qubits. The University of Maryland team and National Institute of Standards and Technology team — the two teams behind one of the two new papers — were able to create a quantum simulator with 53 qubits. Motherboard reports: Quantum simulators are a special type of quantum computer that uses qubits to simulate complex interactions between particles. Qubits are the informational medium of quantum computers, analogous to a bit in an ordinary computer. Yet rather than existing as a 1 or 0, as is the case in a conventional bit, a qubit can exist in some superposition of both of these states at the same time. For the Maryland experiment, each of the qubits was a laser cooled ytterbium ion. Each ion had the same electrical charge, so they repelled one another when placed in close proximity. The system created by Monroe and his colleagues used an electric field to force the repelled ions into neat rows. At this point, lasers are used to manipulate all the ytterbium qubits into the same initial state. Then another set of lasers is used to manipulate the qubits so that they act like atomic magnets, where each ion has a north and south pole. The qubits either orient themselves with their neighboring ions to form a ferromagnet, where their magnetic fields are aligned, or at random. By changing the strength of the laser beams that are manipulating the qubits, the researchers are able to program them to a desired state (in terms of magnetic alignment). According to Zhexuan Gong, a physicist at the University of Maryland, the 53 qubits can be used to simulate over a quadrillion different magnetic configurations of the qubits, a number that doubles with each additional qubit added to the array. As these types of quantum simulators keep adding more qubits into the mix, they will be able to simulate ever more complex atomic interactions that are far beyond the capabilities of conventional supercomputers and usher in a new era of physics research. Another team from Harvard and Maryland also released a paper today in which it demonstrated a quantum simulator using 51 qubits. Read more of this story at Slashdot.

See more here:
Physicists Made An Unprecedented 53 Qubit Quantum Simulator

DNA Analysis Finds That Yetis Are Actually Bears

schwit1 shares a report from Popular Science: University of Buffalo biologist Charlotte Lindqvist and her international team in Pakistan and Singapore provided the first strong evidence that presumed yetis are actually bears. They published their results in the Proceedings of the Royal Society B on Tuesday. Icon Film secured nine samples that purported to be genuine yeti artifacts, and Lindqvist gathered 15 samples from known bear populations. By sequencing mitochondria from all these sources, she and her fellow researchers were able to determine that all but one of the yeti artifacts actually came from local bears. That last sample was from a dog. They also figured out that Himalayan brown bears split off from the rest of the regional bear population several thousand years ago, which is why they’re so genetically distinct from most other brown bears. Living in geographic isolation for so long has separated them from other Asian brown bears, and even from their relatives on the nearby Tibetan plateau. They even look different. But prior to Lindqvist’s work, it wasn’t clear just how long Himalayan bears had been on their own. Researchers will need higher-quality samples to figure out the whole picture, but even this small step is major for a species that’s hardly been studied. Read more of this story at Slashdot.

See original article:
DNA Analysis Finds That Yetis Are Actually Bears

Websites use your CPU to mine cryptocurrency even when you close your browser

Researchers have discovered a new technique that lets hackers and unscrupulous websites perform in-browser, drive-by cryptomining even after a user has closed the window for the offending site. Over the past month or two, drive-by cryptomining has emerged as a way to generate the cryptocurrency known as Monero. Hackers harness the electricity and CPU resources of millions of unsuspecting people as they visit hacked or deceitful websites. One researcher recently documented 2,500 sites actively running cryptomining code in visitors’ browsers , a figure that, over time, could generate significant revenue. Until now, however, the covert mining has come with a major disadvantage for the attacker or website operator: the mining stops as soon as the visitor leaves the page or closes the page window. Now, researchers from anti-malware provider Malwarebytes have identified a technique that allows the leaching to continue even after a user has closed the browser window. It works by opening a pop-under window that fits behind the Microsoft Windows taskbar and hides behind the clock. The window remains open indefinitely until a user takes special actions to close it. During that time, it continues to run code that generates Monero on behalf of the person controlling the Website. Read 4 remaining paragraphs | Comments

Original post:
Websites use your CPU to mine cryptocurrency even when you close your browser

Tech Today w/ Ken May

Author: kenmay