Tag: ars

Android adware can install itself even when users explicitly reject it

(credit: Lookout) Two weeks ago, Ars reported on newly discovered Android adware that is virtually impossible to uninstall . Now, researchers have uncovered malicious apps that can get installed even when a user has expressly tapped a button rejecting the app. The hijacking happens after a user has installed a trojanized app that masquerades as an official app available in Google Play and then is made available in third-party markets. During the installation, apps from an adware family known as Shedun try to trick people into granting the app control over the Android Accessibility Service , which is designed to provide vision-impaired users alternative ways to interact with their mobile devices. Ironically enough, Shedun apps try to gain such control by displaying dialogs such as this one, which promises to help weed out intrusive advertisements. From that point on, the app has the ability to display popup ads that install highly intrusive adware. Even in cases where a user rejects the invitation to install the adware or takes no action at all, the Shedun-spawned app uses its control over the accessibility service to install the adware anyway. Read 4 remaining paragraphs | Comments

View original post here:
Android adware can install itself even when users explicitly reject it

Chicago issued $2.4 million in bogus traffic tickets from speed cameras

The Chicago Tribune reported Wednesday as part of an exhaustive investigation that as many as 110,000 “questionable” speeding tickets totalling $2.4 million have been issued in the past two years in Chicago as part of a speed-camera program designed to keep kids safe near parks and schools. …City Hall has systematically ticketed drivers near schools without the legally required evidence of a schoolchild in sight. A Tribune random-sample analysis puts the number of those questionable tickets at about 110,000. And while it was pitched by the mayor as a way to protect youngsters walking near parks and schools, the most prolific cameras in the 2-year-old “Children’s Safety Zone” initiative can be found along major roadways, where crash data show child pedestrians are least likely to be struck by speeders. The lengthy  report is worth a read. Among other things, the report found that Mayor Rahm Emanuel’s speed camera program issued 22,000 tickets for speeding near parks and another 11,000 tickets near parks that were closed for the night. What’s more, another 28,000 citations “were issued at cameras plagued by problems with warning signs that did not meet the minimum legal requirements.” And at least 62,000 tickets were given during the summer “when school activity is so limited that drivers are left to guess whether school is in session or not.” Read 2 remaining paragraphs | Comments

Read the original:
Chicago issued $2.4 million in bogus traffic tickets from speed cameras

Visual Studio now supports debugging Linux apps; Code editor now open source

The Visual Studio Code editor, now open source, editing TypeScript on OS X. (credit: Microsoft) NEW YORK—Developers can now debug apps running on Linux servers or IoT devices from the comfort of Visual Studio. Microsoft today released a preview of a Visual Studio extension that adds remote debugging using GDB of Linux software. This was one of many announcements made at Microsoft’s Connect developer event today as the company aims to give its developer platform the broadest reach it’s ever had, able to handle Android, iOS, and Linux development, alongside the more expected Azure, Office, and Windows. Visual Studio 2015 already made big strides in this direction, and Microsoft is pushing ahead to try to make Visual Studio the best development environment around. The free and cross-platform Chromium-based code editor Visual Studio Code is being open sourced today. A new build has also been published, adding an extension mechanism to the editor. There are already some 60 extensions available, including new language support (such as Go language), richer debugging, code linters, and more. Read 10 remaining paragraphs | Comments

Link:
Visual Studio now supports debugging Linux apps; Code editor now open source

Single course of antibiotics can mess up the gut microbiome for a year

(credit: Global Panorama/Flickr ) In a battle against an infection, antibiotics can bring victory over enemy germs. Yet that war-winning aid can come with significant collateral damage; microbial allies and innocents are killed off, too. Such casualties may be unavoidable in some cases, but a lot of people take antibiotics when they’re not necessary or appropriate. And the toll of antibiotics on a healthy microbiome can, in some places, be serious, a new study suggests. In two randomized, placebo-controlled trials of healthy people, a single course of oral antibiotics altered the composition and diversity of the gut microbiome for months, and in some cases up to a year. Such shifts could clear the way for pathogens, including the deadly Clostridium difficile . Those community changes can also alter microbiome activities, including interacting with the immune system and helping with digestion. Overall, the data, published Tuesday in the journal mBio , suggests that antibiotics may have more side effects than previously thought—at least in the gut. In the mouth, on the other hand, researchers found that microbial communities fared much better, rebounding in weeks after antibiotic treatments. The finding raises the question of why the oral microbiome is less disturbed by drugs. It could simply be because of the way that antibiotics, taken orally, circulate through the body. Or, it could imply that oral microbiomes are innately more resilient, a quality that would be useful to replicate in microbial communities all over the body. Read 6 remaining paragraphs | Comments

Read the original post:
Single course of antibiotics can mess up the gut microbiome for a year

$635 poop pills cure deadly gastrointestinal infection

(credit: Ana C./ Flickr ) The country’s first stool bank , OpenBiome, is now selling capsules of fecal matter to treat life-threatening Clostridium difficile , or C. diff, infections. The $635 pill-based therapy, a type of fecal transplant, is highly effective against the difficult-to-treat gastrointestinal infection, according to results of a pilot study. A single dose, which includes a whopping 30 pills, cured 70 percent of patients. A second dose bumped the success rate up to 94 percent. The treatment, currently being sold only to doctors, may offer an easier alternative to other effective fecal transplant routes, namely  colonoscopies, nasal tubes, and enemas . Scientists have known for years that fecal transplants in general are highly effective against C. diff infections, which can be extremely difficult to cure. The infection can cause severe, recurring diarrhea. It can be resistant to antibiotic treatments, and sometimes it turns deadly. In the US, C. diff causes more than 450,000 infections a year, leading to about 15,000 deaths . Read 3 remaining paragraphs | Comments

More:
$635 poop pills cure deadly gastrointestinal infection

Microsoft considers blocking SHA-1 certificates after cost of collisions slashed

Microsoft may phase out support for TLS certificates that use the SHA-1 hashing algorithm as early as June 2016 . The decision comes in the wake of recent calculations that suggest generating collisions is quicker and cheaper than previously anticipated. SHA-1 is a hash algorithm, used to derive a 128-bit value from an arbitrary input. Its intent is for collisions—different inputs that hash to the same 128-bit value—to be hard to generate. As compute power has steadily grown over the years, it becomes quicker and cheaper to generate collisions. It was previously projected by Bruce Schneier , based on the observed growth of compute power, that creating SHA-1 collisions would be within reach of criminals by 2018 at a cost of about $173,000. On this basis, Microsoft intended to cease supporting the use of new SSL/TLS certificates using SHA-1 on January 1, 2016 and all SHA-1 SSL/TLS certificates on January 1, 2017. The new cost and performance estimates, however, suggest that the cost is both drastically lower—$75,000 to $120,000—and that the compute resources are immediately available through cloud services such as Amazon EC2. This has given browser vendors little option but to reconsider the previous 2017 timetable for retiring support of SHA-1. Read 2 remaining paragraphs | Comments

Visit link:
Microsoft considers blocking SHA-1 certificates after cost of collisions slashed

First-of-its-kind gene-edited cells treat baby’s leukemia

(credit: Sharon Lees/Great Ormond Street Hospital ) With genetic tweaks and snips, researchers created cancer-busting immune cells that, so far, seem to have wiped out a life-threatening form of leukemia in a one-year-old girl. The new cells are one-size-fits-all, beating out earlier cell-based cancer therapies that required custom engineering of each patient’s own immune cells. If proven effective in more trials, the new, generic cells could offer an easy, off-the-shelf treatment for life-threatening forms of leukemia. “It is something we’ve been waiting for,”  said Stephan Grupp, a professor of pediatrics at the University of Pennsylvania, who was not involved with the research. Previous methods requiring engineering cells, specifically T cells, from every single patient could be slow, costly, and impossible in some patients with low T cell counts. “The innovation here is gene-editing T cells so that one person’s T cells could be given to another even if they are not a donor match,” he said in a statement. Read 5 remaining paragraphs | Comments

Continued here:
First-of-its-kind gene-edited cells treat baby’s leukemia

Google engineer leaves scathing reviews of dodgy USB Type-C cables on Amazon

(credit: Andrew Cunningham) One particularly conscientious Google engineer, Benson Leung, is currently on an unusual mission: he’s slowly working his way through a bunch of USB Type C cables and adaptors stocked by Amazon, to check whether they are actually up-to-spec and capable of charging his Chromebook Pixel. First things first: of the ten USB Type C products that Leung has reviewed, only three of them were fully specs-compliant and capable of charging his Pixel. The three good cables (Belkin, iOrange-E, Frieq) were invariably more expensive (about £15/$20) than the seven duff ones (£6/$10). Obviously there may be some cheap cables that do fulfil the full USB Type C specification, but Leung hasn’t found one yet. One of the offending micro-USB-to-Type-C adaptors that lacks the necessary hardware to comply with the Type C 1.1 spec. The USB Type C 1.1 specification allows for power delivery of up to 3A, which is enough juice to charge a laptop like the Chromebook Pixel. Previous USB specs, though, only allowed for power delivery of between 900mA and 1.5A. According to Leung, the problem is mostly related to how the cables deal with going from older Type A or Micro/Mini connectors to the new Type C connector. Read 7 remaining paragraphs | Comments

See the original article here:
Google engineer leaves scathing reviews of dodgy USB Type-C cables on Amazon

MPAA shuts down major torrent sites, including Popcorn Time

The site that provides much of the content for illegal movies shown on the “Popcorn Time” app,  PopcornTime.io, has been shut down after the Motion Picture Association of America won court orders in Canada and New Zealand. “Popcorn Time and YTS are illegal platforms that exist for one clear reason: to distribute stolen copies of the latest motion pictures and television shows without compensating the people who worked so hard to make them,” said MPAA Chairman Sen. Chris Dodd in a statement (PDF) . According to the piracy news site TorrentFreak, YTS stopped functioning  in mid-October. Now the MPAA has taken credit for that and the PopcornTime.io shutdown. MPAA sued three “key Canadian operators” of PopcornTime.io on October 9 in Federal Court in Canada. PopcornTime.io was said by its operators to be the “official” PopcornTime fork. On October 16, the MPAA’s member studios obtained an injunction ordering the site to shut down. Read 3 remaining paragraphs | Comments

Originally posted here:
MPAA shuts down major torrent sites, including Popcorn Time

vBulletin password hack fuels fears of serious Internet-wide 0-day attacks

Enlarge (credit: Coldzer0) Developers of the vBulletin software package for website forums released a security patch Monday night, just hours after reports surfaced that a hack on the developers’ site leaked password data and other sensitive information belonging to almost 480,000 subscribers. vBulletin officials have put in place a mandatory password reset for all users after discovering it was subjected to a hack attack. They went on to warn that the attacker “may have accessed customer IDs and encrypted passwords on our system.” A separate post on the vBulletin site makes reference to a security patch for versions 5.1.4 through 5.1.9 of the vBulletin Connect software package. Noticeably missing from either link is an explicit warning that there is a critical vulnerability in vBulletin that has already been actively exploited and puts thousands of sites at risk until they install the patch. Ars asked vBulletin officials to clarify the reports and to confirm or disconfirm the speculation they have generated, but so far the request has gone unanswered. This post contains inferences and information from alternative sources that has yet to be explicitly confirmed. Read 4 remaining paragraphs | Comments

Read more here:
vBulletin password hack fuels fears of serious Internet-wide 0-day attacks