linkedin – Page 168

Second Chinese Firm In a Week Found Hiding a Backdoor In Android Firmware

An anonymous reader quotes Bleeping Computer: Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target’s phone with root privileges. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoor in the firmware of Chinese firm Shanghai Adups Technology Co. Ltd.. This time around, the problem affected Android firmware created by another Chinese company named Ragentek Group. It apparently affects more than 55 low-end/burner phones from BLU, Infinix Mobility, DOOGEE, LEAGOO, IKU Mobile, Beeline, and XOLO. According to the article, the binary performing the insecure updates “also includes code to hide its presence from the Android OS, along with two other binaries and their processes… Without SSL protection, this OTA system is an open backdoor for anyone looking to take control of it.” Even worse, three domains were hard-coded into the binaries, two of which were unregistered, according to the researchers. “If an adversary had noticed this, and registered these two domains, they would’ve instantly had access to perform arbitrary attacks on almost 3, 000, 000 devices without the need to perform a Man-in-the-Middle attack.” Read more of this story at Slashdot.

Final NASA Eagleworks Paper Confirms Promising EM Drive Results

An anonymous reader quotes a report from Hacked: Earlier this month Hacked reported that a draft version of the much expected EmDrive paper by the NASA Eagleworks team, had been leaked. Now, the final version of the paper has been published. The NASA Eagleworks paper, titled “Measurement of Impulsive Thrust from a Closed Radio-Frequency Cavity in Vacuum, ” has been published online as an open access “article in advance” in the American Institute of Aeronautics and Astronautics (AIAA)’s Journal of Propulsion and Power, a prestigious peer-reviewed journal. The paper will appear in the December print issue of the journal. The final version of the paper is very similar to the leaked draft. In particular, the NASA scientists confirm the promising experimental results: “Thrust data from forward, reverse, and null suggested that the system was consistently performing at 1.2 +/- 0.1 mNkW, which was very close to the average impulsive performance measured in air. A number of error sources were considered and discussed.” The scientists add that, though the test campaign was not focused on optimizing performance and was more an exercise in existence proof, it is still useful to put the observed thrust-to-power figure of 1.2 mN/kW in context. “[For] missions with very large delta-v requirements, having a propellant consumption rate of zero could offset the higher power requirements. The 1.2 mN/kW performance parameter is over two orders of magnitude higher than other forms of ‘zero propellant’ propulsion, such as light sails, laser propulsion, and photon rockets having thrust-to-power levels in the 3.33–6.67 uN/kW (or 0.0033–0.0067 mN/kW) range.” In other words, a modest thrust without having to carry fuel can be better, especially for long-distance space missions, than a higher thrust at the cost of having to carry bulky and heavy propellant reserves, and the EmDrive performs much better than the other “zero propellant” propulsion systems studied to date. Read more of this story at Slashdot.

More:
Final NASA Eagleworks Paper Confirms Promising EM Drive Results

Intel Lays Roadmap For 100-Fold AI Performance Boost With Nervana and Knights

MojoKid writes: Intel is laying out its roadmap to advance artificial intelligence performance across the board. Nervana Systems, a company that Intel acquired just a few months ago, will play a pivotal role in the company’s efforts to make waves in an industry dominated by GPU-based solutions. Intel’s Nervana chips incorporate technology (which involves a fully-optimized software and hardware stack) that is specially tasked with reducing the amount of time required to train deep-learning models. Nervana hardware will initially be available as an add-in card that plugs into a PCIe slot, which is the quickest way for Intel to get this technology to customers. The first Nervana silicon, codenamed Lake Crest, will make its way to select Intel customers in H1 2017. Intel is also talking about Knights Mill, which is the next generation of the Xeon Phi processor family. The company claims that Knights Mill will deliver a 4x increase in deep learning performance compared to existing Xeon Phi processors and the combined solution with Nervana will offer orders of magnitude gains in deep learning performance. “We expect the Intel Nervana platform to produce breakthrough performance and dramatic reductions in the time to train complex neural networks, ” said Diane Bryant, Executive VP of Intel’s Data Center Group. “We expect Nervana’s technologies to produce a breakthrough 100-fold increase in performance in the next three years to train complex neural networks, enabling data scientists to solve their biggest AI challenges faster, ” added Intel CEO Brian Krzanich. Read more of this story at Slashdot.

Read the article:
Intel Lays Roadmap For 100-Fold AI Performance Boost With Nervana and Knights

Police Raid Pirate Site, Seize 60 Servers Following MPAA Complaint

An anonymous reader quotes a report from TorrentFreak: When it comes to shutting down pirate sites, few groups have a longer history than the Motion Picture Association of America. The Hollywood organization has dozens of pirate scalps under its belt and today is able to claim another. Serving more than a million users every day, FS.to was one of Ukraine’s largest pirate sites. Ranked the country’s 21st most popular site overall, the movie-focused platform attracted the attention of the MPAA and local rights holders alike. That has resulted in one of the biggest raids ever seen in the country. According to the cyber crime division of Ukraine’s national police, an operation shut down the platform Monday following a complaint from Hollywood. The authorities say that 19 people suspected of running the site via a network of local and offshore companies were arrested. The operation to shut the site appears to have been significant. Raids took place at the offices and homes of the suspects, plus datacenters where equipment running the site was installed. Thus far around 60 servers have been seized from a range of local ISPs but the operation is still ongoing so the tally could increase. Local sources indicate that the authorities have linked local Internet company Ferazko Holding Inc. with FS since it owns several of the site’s domains including FS.to, BRB.to and FS.ua. Read more of this story at Slashdot.

Visit site:
Police Raid Pirate Site, Seize 60 Servers Following MPAA Complaint

Hack Exposes 412 Million Accounts on AdultFriendFinder Sites

“Almost every account password was cracked, thanks to the company’s poor security practices, ” reports ZDNet — even for “deleted” accounts. An anonymous reader quotes their article: The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the “world’s largest sex and swinger community [and] also includes over 15 million “deleted” accounts that weren’t purged from the databases. On top of that, 62 million accounts from Cams.com, and 7 million from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company. The data accounts for two decades’ worth of data from the company’s largest sites, according to breach notification LeakedSource, which obtained the data… The three largest site’s SQL databases included usernames, email addresses, and the date of the last visit, and passwords, which were either stored in plaintext or scrambled with the SHA-1 hash function, which by modern standards isn’t cryptographically as secure as newer algorithms. The attack apparently coincides with the discovery of “a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server. ” Ironically, Friend Finder Networks doesn’t even own Penthouse.com anymore. They sold the site to a new owner last February. Read more of this story at Slashdot.

View post:
Hack Exposes 412 Million Accounts on AdultFriendFinder Sites

Alibaba Posts $1 Billion in Sales in 5 Minutes on Singles’ Day

Alibaba Group posted $1 billion (6.81 billion yuan) of sales within the first five minutes of its Singles’ Day sales, a 24-hour event that may offer clues on the health of the Chinese economy and its largest online retailer. From a report on Bloomberg:Investors are keeping a close eye on the annual Nov. 11 spending blitz that dwarfs Black Friday and Cyber Monday in the U.S., to see if Alibaba can reprise the 60 percent leap in transactions to 91.2 billion yuan it managed last year. The e-commerce giant again turned up the star-wattage for 2016, enlisting Hollywood actress Scarlett Johansson, sports celebrity David Beckham, basketball legend Kobe Bryant and pop-rock band One Republic to headline a pre-sale gala and drum up international attention. Pioneered by Alibaba in 2009 and since replicated by rivals including JD.com Inc., Singles’ Day has become somewhat of a barometer of Chinese consumer sentiment. Read more of this story at Slashdot.

See the original article here:
Alibaba Posts $1 Billion in Sales in 5 Minutes on Singles’ Day

DDoS Attack Halts Heating in Finland Amidst Winter

A Distributed Denial of Service (DDoS) attack halted heating distribution at least in two properties in the city of Lappeenranta, located in Eastern Finland. In both of these events, the attacks disabled the computers that were controlling heating in the buildings. An anonymous reader writes: Both of the buildings were managed by Valtia, the company which is in charge of managing the buildings overall operation and maintenance. According to Valtia CEO, Simo Ruonela, in both cases the systems that controlled the central heating and warm water circulation were disabled. In the city of Lappeenranta, there were at least two buildings whose systems were knocked down by the network attack. According to Rounela, the attack in Eastern Finland lasted from late October to Thursday — the 3rd of November. The systems that were attacked tried to respond to the attack by rebooting the main control circuit. This was repeated over and over so that heating was never working. Read more of this story at Slashdot.

View the original here:
DDoS Attack Halts Heating in Finland Amidst Winter

Researchers Create An Undetectable Rootkit That Targets Industrial Equipment

An anonymous reader quotes Bleeping Computer: “Two researchers presenting at the Black Hat Europe security conference in London revealed a method of infecting industrial equipment with an undetectable rootkit component that can wreak havoc and disrupt the normal operations of critical infrastructure all over the world. The attack targets PLCs (Programmable Logic Controllers), devices that sit between normal computers that run industrial monitoring software and the actual industrial equipment, such as motors, valves, sensors, breakers, alarms, and others.” Researchers say they packed their attack as a loadable kernel module [PDF], which makes it both undetectable and reboot persistent. The attack goes after PLC pin configurations, meaning the PLC won’t be able to tell which are the actual input and output pins, allowing the attacker full-control to make up bogus sensor data, send fake commands, or block legitimate ones. The researchers acknowledge that the attack is extremely complicated, but the article argues it would still be of interest to a state-sponsored actor. Read more of this story at Slashdot.

Read the original post:
Researchers Create An Undetectable Rootkit That Targets Industrial Equipment

First Color Images Produced By an Electron Microscope

Slashdot reader sciencehabit quotes Science magazine: Imagine spending your whole life seeing the world in black and white, and then seeing a vase of roses in full color for the first time. That’s kind of what it was like for the scientists who have taken the first multicolor images of cells using an electron microscope. Electron microscopes can magnify an object up to 10 million times, allowing researchers to peer into the inner workings of, say, a cell or a fly’s eye, but until now they’ve only been able to see in black and white. The new advance — 15 years in the making — uses three different kinds of rare earth metals called lanthanides…layered one-by-one over cells on a microscope slide. The microscope detects when each metal loses electrons and records each unique loss as an artificial color. Read more of this story at Slashdot.

See the article here:
First Color Images Produced By an Electron Microscope

A New Process Turns Sewage Into Crude Oil

Big Hairy Ian shares this report from New Atlas: The U.S. Department of Energy’s Pacific Northwest National Laboratory has found a way to potentially produce 30 million barrels of biocrude oil per year from the 34 billion gallons of raw sewage that Americans create every day… [T]he raw sewage is placed in a reactor that’s basically a tube pressurized to 3, 000 pounds per square inch and heated to 660 degrees Fahrenheit, which mimics the same geological process that turned prehistoric organic matter into crude oil by breaking it down into simple compounds, only…it takes minutes instead of epochs… The end product is very similar to fossil crude oil with a bit of oxygen and water mixed in and can be refined like crude oil using conventional fractionating plants. After six years of development, they’ve licensed the process for a $6 million pilot plant that’s expected to launch in 2018. Read more of this story at Slashdot.

See the original article here:
A New Process Turns Sewage Into Crude Oil

Ken May

Tag: linkedin