Skip navigation.
Home
Freedom is contagious.

News Aggregator

People Hate Canada's New 'Amber Alert' System

Slashdot - 2 hours 47 min ago
The CBC reports: When the siren-like sounds from an Amber Alert rang out on cellular phones across Ontario on Monday, it sparked a bit of a backlash against Canada's new mobile emergency alert system. The Ontario Provincial Police had issued the alert for a missing eight-year-old boy in the Thunder Bay region. (The boy has since been found safe)... On social media, people startled by the alerts complained about the number of alerts they received and that they had received separate alerts in English and French... Meanwhile, others who were located far from the incident felt that receiving the alert was pointless. "I've received two Amber Alerts today for Thunder Bay, which is 15 hours away from Toronto by car," tweeted Molly Sauter. "Congrats, you have trained me to ignore Emergency Alerts...." The CRTC ordered wireless providers to implement the system to distribute warnings of imminent safety threats such as tornadoes, floods, Amber Alerts or terrorist threats. Telecom companies had favoured an opt-out option or the ability to disable the alarm for some types of alerts. But this was rejected by the broadcasting and telecommunications regulator. Individuals concerned about receiving these alerts are left with a couple of options: they can turn off their phone -- it will not be forced on by the alert -- or mute their phone so they won't hear it. Long-time Slashdot reader knorthern knight complains that the first two alerts-- one in English, followed by one in French -- were then followed by a third (bi-lingual) alert advising recipients to ignore the previous two alerts, since the missing child had been found.

Read more of this story at Slashdot.

Did Google's Duplex Testing Break the Law?

Slashdot - 5 hours 47 min ago
An anonymous reader writes: Tech blogger John Gruber appears to have successfully identified one of the restaurants mentioned in a post on Google's AI blog that bragged about "a meal booked through a call from Duplex." Mashable then asked a restaurant employee there if Google had let him know in advance that they'd be receiving a call from their non-human personal assistant AI. "No, of course no," he replied. And "When I asked him to confirm one more time that Duplex had called...he appeared to get nervous and immediately said he needed to go. He then hung up the phone." John Gruber now asks: "How many real-world businesses has Google Duplex been calling and not identifying itself as an AI, leaving people to think they're actually speaking to another human...? And if 'Victor' is correct that Hong's Gourmet had no advance knowledge of the call, Google may have violated California law by recording the call." Friday he added that "This wouldn't send anyone to prison, but it would be a bit of an embarrassment, and would reinforce the notion that Google has a cavalier stance on privacy (and adhering to privacy laws)." The Mercury News also reports that legal experts "raised questions about how Google's possible need to record Duplex's phone conversations to improve its artificial intelligence may come in conflict with California's strict two-party consent law, where all parties involved in a private phone conversation need to agree to being recorded." For another perspective, Gizmodo's senior reviews editor reminds readers that "pretty much all tech demos are fake as hell." Speaking of Google's controversial Duplex demo, she writes that "If it didn't happen, if it is all a lie, well then I'll be totally disappointed. But I can't say I'll be surprised."

Read more of this story at Slashdot.

Repo Men Scan Billions of License Plates -- For the Government

Slashdot - May 19, 2018 - 9:34pm
The Washington Post notes the billions of license plate scans coming from modern repo men "able to use big data to find targets" -- including one who drives "a beat-up Ford Crown Victoria sedan." It had four small cameras mounted on the trunk and a laptop bolted to the dash. The high-speed cameras captured every passing license plate. The computer contained a growing list of hundreds of thousands of vehicles with seriously late loans. The system could spot a repossession in an instant. Even better, it could keep tabs on a car long before the loan went bad... Repo agents are the unpopular foot soldiers in the nation's $1.2 trillion auto loan market... they are the closest most people come to a faceless, sophisticated financial system that can upend their lives... Derek Lewis works for Relentless Recovery, the largest repo company in Ohio and its busiest collector of license plate scans. Last year, the company repossessed more than 25,500 vehicles -- including tractor trailers and riding lawn mowers. Business has more than doubled since 2014, the company said. Even with the rising deployment of remote engine cutoffs and GPS locators in cars, repo agencies remain dominant. Relentless scanned 28 million license plates last year, a demonstration of its recent, heavy push into technology. It now has more than 40 camera-equipped vehicles, mostly spotter cars. Agents are finding repos they never would have a few years ago. The company's goal is to capture every plate in Ohio and use that information to reveal patterns... "It's kind of scary, but it's amazing," said Alana Ferrante, chief executive of Relentless. Repo agents are responsible for the majority of the billions of license plate scans produced nationwide. But they don't control the information. Most of that data is owned by Digital Recognition Network (DRN), a Fort Worth company that is the largest provider of license-plate-recognition systems. And DRN sells the information to insurance companies, private investigators -- even other repo agents. DRN is a sister company to Vigilant Solutions, which provides the plate scans to law enforcement, including police and U.S. Immigration and Customs Enforcement. Both companies declined to respond to questions about their operations... For repo companies, one worry is whether they are producing information that others are monetizing.

Read more of this story at Slashdot.

Ask Slashdot: Could Asimov's Three Laws of Robotics Ensure Safe AI?

Slashdot - May 19, 2018 - 7:34pm
"If science-fiction has already explored the issue of humans and intelligent robots or AI co-existing in various ways, isn't there a lot to be learned...?" asks Slashdot reader OpenSourceAllTheWay. There is much screaming lately about possible dangers to humanity posed by AI that gets smarter and smarter and more capable and might -- at some point -- even decide that humans are a problem for the planet. But some seminal science-fiction works mulled such scenarios long before even 8-bit home computers entered our lives. The original submission cites Isaac Asimov's Three Laws of Robotics from the 1950 collection I, Robot. A robot may not injure a human being or, through inaction, allow a human being to come to harm.A robot must obey the orders given it by human beings except where such orders would conflict with the First Law.A robot must protect its own existence as long as such protection does not conflict with the First or Second Laws. The original submission asks, "If you programmed an AI not to be able to break an updated and extended version of Asimov's Laws, would you not have reasonable confidence that the AI won't go crazy and start harming humans? Or are Asimov and other writers who mulled these questions 'So 20th Century' that AI builders won't even consider learning from their work?" Wolfrider (Slashdot reader #856) is an Asimov fan, and writes that "Eventually I came across an article with the critical observation that the '3 Laws' were used by Asimov to drive plot points and were not to be seriously considered as 'basics' for robot behavior. Additionally, Giskard comes up with a '4th Law' on his own and (as he is dying) passes it on to R. Daneel Olivaw." And Slashdot reader Rick Schumann argues that Asimov's Three Laws of Robotics "would only ever apply to a synthetic mind that can actually think; nothing currently being produced is capable of any such thing, therefore it does not apply..." But what are your own thoughts? Do you think Asimov's Three Laws of Robotics could ensure safe AI?

Read more of this story at Slashdot.

First Government Office in the US To Accept Bitcoin As Payment

Slashdot - May 19, 2018 - 6:34pm
Long-time Slashdot reader SonicSpike quotes the Orlando Sentinel: If cash, check or credit card seems too old-fashioned, Seminole County, Florida Tax Collector Joel Greenberg said this week his office will begin accepting bitcoin as payment for new IDs, license plates and property taxes starting next month. Greenberg said accepting bitcoin and bitcoin cash as a payment method will promote transparency and accuracy in payment. "There's no risk to the taxpayer," said Greenberg, who has often raised eyebrows since his 2016 election by moves including encouraging certain employees with concealed-weapons permits to carry a firearm openly as a security measure. "Blockchain technology is the future of the whole financial industry." A spokesperson for a neighboring county's tax collector said they had no plans to follow the move. "Frankly, I think the currency is so volatile that I donâ(TM)t think it makes sense." And an official at a nearby county said bitcoin payments were "not on our to-do list", adding that no one in the county had requested the ability to pay their taxes in bitcoin.

Read more of this story at Slashdot.

IBM Warns Quantum Computing Will Break Encryption

Slashdot - May 19, 2018 - 5:34pm
Long-time Slashdot reader CrtxReavr shares a report from ZDNet: Quantum computers will be able to instantly break the encryption of sensitive data protected by today's strongest security, warns the head of IBM Research. This could happen in a little more than five years because of advances in quantum computer technologies. "Anyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of encryption now," said Arvind Krishna, director of IBM Research... Quantum computers can solve some types of problems near-instantaneously compared with billions of years of processing using conventional computers... Advances in novel materials and in low-temperature physics have led to many breakthroughs in the quantum computing field in recent years, and large commercial quantum computer systems will soon be viable and available within five years... In addition to solving tough computing problems, quantum computers could save huge amounts of energy, as server farms proliferate and applications such as bitcoin grow in their compute needs. Each computation takes just a few watts, yet it could take several server farms to accomplish if it were run on conventional systems. The original submission raises another possibility. "What I wonder is, if encryption can be 'instantly broken,' does this also mean that remaining crypto-coins can be instantly discovered?"

Read more of this story at Slashdot.

40 Cellphone-Tracking Devices Discovered Throughout Washington

Slashdot - May 19, 2018 - 4:34pm
The investigative news "I-Team" of a local TV station in Washington D.C. drove around with "a leading mobile security expert" -- and discovered dozens of StingRay devices mimicking cellphone towers to track phone and intercept calls in Maryland, Northern Virginia, and Washington, D.C. An anonymous reader quotes their report: The I-Team found them in high-profile areas like outside the Trump International Hotel on Pennsylvania Avenue and while driving across the 14th Street bridge into Crystal City... The I-Team's test phones detected 40 potential locations where the spy devices could be operating, while driving around for just a few hours. "I suppose if you spent more time you'd find even more," said D.C. Councilwoman Mary Cheh. "I have bad news for the public: Our privacy isn't what it once was..." The good news is about half the devices the I-Team found were likely law enforcement investigating crimes or our government using the devices defensively to identify certain cellphone numbers as they approach important locations, said Aaron Turner, a leading mobile security expert... The I-Team got picked up [by StingRay devices] twice off of International Drive, right near the Chinese and Israeli embassies, then got another two hits along Massachusetts Avenue near Romania and Turkey... The phones appeared to remain connected to a fake tower the longest, right near the Russian Embassy. StringRay devices are also being used in at least 25 states by police departments, according to the ACLU. The devices were authorized by the FCC back in 2011 for "federal, state, local public safety and law enforcement officials only" (and requiring coordination with the FBI). But back in April the Associated Press reported that "For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages... More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware."

Read more of this story at Slashdot.

Anti-GMO Activists Slow Scientists Breeding a CO2-Reducing Superplant

Slashdot - May 19, 2018 - 3:34pm
The Bulletin of Atomic Scientists calls it "a plant that could save civilization, if we let it." Slashdot reader meckdevil writes: A "super chickpea plant" now in development could remove huge amounts of excess atmospheric carbon dioxide and fix it in the soil, greatly diminishing the impacts of climate change (not to mention producing large amounts of tasty hummus). But fear of anti-GMO activists has so far deterred her from using the CRISPR gene-editing tool to speed work on the plant. The effort is led by Joanne Chory, director of the Plant Molecular and Cellular Biology laboratory at the Salk Institute for Biological Sciences -- who according to the article will make much slower progress without CRISPR. "Even with advanced breeding techniques, Chory estimates that developing a super plant in this fashion would take around 10 years..." "She estimates that if 5 percent of the world's cropland, approximately the total area of Egypt, were devoted to such super plants, they could capture about 50 percent of current global carbon dioxide emissions."

Read more of this story at Slashdot.

Should The Media Cover Tesla Accidents?

Slashdot - May 19, 2018 - 2:34pm
Long-time Slashdot reader rufey writes: Last weekend a Tesla vehicle was involved in a crash near Salt Lake City Utah while its Autopilot feature was enabled. The Tesla, a Model S, crashed into the rear end of a fire department utility truck, which was stopped at a red light, at an estimated speed of 60 MPH. "The car appeared not to brake before impact, police said. The driver, whom police have not named, was taken to a hospital with a broken foot," according to the Associated Press. "The driver of the fire truck suffered whiplash and was not taken to a hospital." Elon Musk tweeted about the accident: It's super messed up that a Tesla crash resulting in a broken ankle is front page news and the ~40,000 people who died in US auto accidents alone in past year get almost no coverage. What's actually amazing about this accident is that a Model S hit a fire truck at 60mph and the driver only broke an ankle. An impact at that speed usually results in severe injury or death. The Associated Press defended their news coverage Friday, arguing that the facts show that "not all Tesla crashes end the same way." They also fact-check Elon Musk's claim that "probability of fatality is much lower in a Tesla," reporting that it's impossible to verify since Tesla won't release the number of miles driven by their cars or the number of fatalities. "There have been at least three already this year and a check of 2016 NHTSA fatal crash data -- the most recent year available -- shows five deaths in Tesla vehicles." Slashdot reader Reygle argues the real issue is with the drivers in the Autopilot cars. "Someone unwilling to pay attention to the road shouldn't be allowed anywhere near that road ever again."

Read more of this story at Slashdot.

Astronomers Discovered the Fastest-Growing Black Hole Ever Seen

Slashdot - May 19, 2018 - 1:34pm
Long-time Slashdot reader Yhcrana shares "some good old fashioned astronomy news." Astronomers have discovered "a black hole 20 billion times the mass of the sun eating the equivalent of a star every two days," reports the New York Times. The black hole is growing so rapidly, said Christian Wolf, of the Australian National University, who led the team that found it in the depths of time, "that it is probably 10,000 times brighter than the galaxy it lives in." So bright, that it is dazzling our view and we can't see the galaxy itself. He and his colleagues announced the discovery in a paper to be published in the Publications of the Astronomical Society of Australia... The blaze from material swirling around this newly observed drainpipe into eternity -- known officially as SMSS J215728.21-360215.1 -- is as luminous as 700 trillion suns, according to Wolf and his collaborators. If it were at the center of our own galaxy, the Milky Way, it would be 10 times brighter than the moon and bathe the Earth in so many X-rays that life would be impossible. Luckily it's not anywhere nearby. It is in fact 12 billion light years away, which means it took that long for its light to reach us, so we are glimpsing this cataclysm as it appeared at the dawn of time, only 2 billion years after the Big Bang, when stars and galaxies were furiously forming.

Read more of this story at Slashdot.

Rebuilding the PDP-11/70 with a Raspberry Pi

Slashdot - May 19, 2018 - 12:34pm
"You could look at this as a smallish PDP-11/70, built with modern parts," Oscar Vermeulen writes on his site. "Or alternatively, and equally valid, as a fancy front panel case for a Raspberry Pi." Long-time Slashdot reader cptnapalm writes: Oscar Vermeulen's PiDP-11 front panel, modeling a PDP-11/70 in all its colorful glory, has been released to beta testers. This is Mr. Vermeulen's second DEC front panel; his PiDP-8 was released a few years ago. The PiDP-11 panel is designed to work with a Raspberry Pi running simh or, possibly, a FPGA implementation of the Digital Equipment Corporation PDP-11... In addition to the front panel with its switches and blinkenlights, also included is a prototyping area for the possibility of adding new hardware... UNIX and later BSD were developed on the PDP-11, including both the creation of the C language, the pipe concept and the text editor vi.

Read more of this story at Slashdot.

'I Asked Apple for All My Data. Here's What Was Sent Back'

Slashdot - May 19, 2018 - 11:34am
"I asked Apple to give me all the data it's collected on me since I first became a customer in 2010," writes the security editor for ZDNet, "with the purchase of my first iPhone." That was nearly a decade ago. As most tech companies have grown in size, they began collecting more and more data on users and customers -- even on non-users and non-customers... Apple took a little over a week to send me all the data it's collected on me, amounting to almost two dozen Excel spreadsheets at just 5MB in total -- roughly the equivalent of a high-quality photo snapped on my iPhone. Facebook, Google, and Twitter all took a few minutes to an hour to send me all the data they store on me -- ranging from a few hundred megabytes to a couple of gigabytes in size... The zip file contained mostly Excel spreadsheets, packed with information that Apple stores about me. None of the files contained content information -- like text messages and photos -- but they do contain metadata, like when and who I messaged or called on FaceTime. Apple says that any data information it collects on you is yours to have if you want it, but as of yet, it doesn't turn over your content which is largely stored on your slew of Apple devices. That's set to change later this year... And, of the data it collects to power Siri, Maps, and News, it does so anonymously -- Apple can't attribute that data to the device owner... One spreadsheet -- handily -- contained explanations for all the data fields, which we've uploaded here... [T]here's really not much to it. As insightful as it was, Apple's treasure trove of my personal data is a drop in the ocean to what social networks or search giants have on me, because Apple is primarily a hardware maker and not ad-driven, like Facebook and Google, which use your data to pitch you ads. CNET explains how to request your own data from Apple.

Read more of this story at Slashdot.

Can This New Treatment Stop the Common Cold?

Slashdot - May 19, 2018 - 10:34am
"Researchers may have identified a compound that can stop some of the most common cold viruses, the rhinovirus, in its tracks, according to a new report published in the journal Nature." An anonymous reader quotes Fortune: The scientists' work is early-stage. But the mechanism it uses to tackle colds is striking. Developed at the Imperial College London, the molecule targets a protein in human cells that cold viruses use in order to replicate and conquer. By targeting this specific pathway, the compound could theoretically be used to thwart most viruses (and since it focuses on human proteins, it may not cause the virus to mutate its way away from danger)... "The common cold is an inconvenience for most of us, but can cause serious complications in people with conditions like asthma and [chronic lung disease]," said lead researcher Ed Tate in a statement. "A drug like this could be extremely beneficial if given early in infection, and we are working on making a version that could be inhaled, so that it gets to the lungs quickly."

Read more of this story at Slashdot.

Floating Pacific Island Is In the Works With Its Own Government, Cryptocurrency

Slashdot - May 19, 2018 - 9:00am
An anonymous reader quotes a report from CNBC: Nathalie Mezza-Garcia is a political scientist turned "seavangelesse" -- her term for an evangelist in favor of living off the grid -- and on the ocean. Mezza-Garcia spoke with CNBC's Matthew Taylor about what she sees as the trouble with governments, and why she believes tech startups should head to Tahiti. This seavangelesse is a researcher for the Blue Frontiers and Seasteading Institute's highly-anticipated Floating Island Project. The project is a pilot program in partnership with the government of French Polynesia, which will see 300 homes built on an island that runs under its own governance, using a cryptocurrency called Varyon. "Once we can see how this first island works, we will have a proof of concept to plan for islands to house climate refugees," she said. The project is funded through philanthropic donations via the Seasteading Institute and Blue Frontiers, which sells tokens of the cryptocurrency Varyon. The pilot island is expected to be completed by 2022 and cost up to $50 million. As well as offering a home for the displaced, the self-contained islands are designed to function as business centers that are beyond the influence of government regulation.

Read more of this story at Slashdot.

FM Radio Faces UK Government Switch-Off As Digital Listening Passes 50 Percent Milestone

Slashdot - May 19, 2018 - 6:00am
The Amazon Echo and other smart speakers have helped push the audience for digital radio past that of FM and AM in the UK for the first time. According to Radio Joint Audience Research (RAJAR), digital listening has reached a new record share of 50.9%, up from 47.2% a year ago. This milestone will trigger a government review into whether the analog FM radio signal should be switched off altogether. iNews reports: The BBC said it would be "premature" to switch off the FM signal. It could cut off drivers with analogue car radios and disenfranchise older wireless listeners. Margot James, Digital minister, welcomed "an important milestone for radio." She confirmed that the Government will "work closely with all partners -- the BBC, commercial radio, (transmitter business) Arqiva, car manufacturers and listeners" before committing to a timetable for analogue switch-off. James Purnell, BBC Director of Radio and Education, said: "We're fully committed to digital, and growing its audiences, but, along with other broadcasters, we've already said that it would be premature to switch off FM." Mr Purnell said that BBC podcast listening was up a third across all audiences since the same time last year, accounting now for 40,000 hours a week. But younger audiences have not inherited the habit of listening to "live" radio, even on digital.

Read more of this story at Slashdot.

FCC Investigating LocationSmart Over Phone-Tracking Flaw

Slashdot - May 19, 2018 - 3:00am
The FCC has opened an investigation into LocationSmart, a company that is buying your real-time location data from four of the largest U.S. carriers in the United States. The investigation comes a day after a security researcher from Carnegie Mellon University exposed a vulnerability on LocationSmart's website. CNET reports: The bug has prompted an investigation from the FCC, the agency said on Friday. An FCC spokesman said LocationSmart's case was being handled by its Enforcement Bureau. Since The New York Times revealed that Securus, an inmate call tracking service, had offered the same tracking service last week, Sen. Ron Wyden, a Democrat from Oregon, called for the FCC and major wireless carriers to investigate these companies. On Friday, Wyden praised the investigation, but requested the FCC to expand its look beyond LocationSmart. "The negligent attitude toward Americans' security and privacy by wireless carriers and intermediaries puts every American at risk," Wyden said. "I urge the FCC expand the scope of this investigation, and to more broadly probe the practice of third parties buying real-time location data on Americans." He is also calling for FCC Chairman Ajit Pai to recuse himself from the investigation, because Pai was a former attorney for Securus.

Read more of this story at Slashdot.

Google Removes 'Don't Be Evil' Clause From Its Code of Conduct

Slashdot - May 19, 2018 - 12:15am
Kate Conger, reporting for Gizmodo: Google's unofficial motto has long been the simple phrase "don't be evil." But that's over, according to the code of conduct that Google distributes to its employees. The phrase was removed sometime in late April or early May, archives hosted by the Wayback Machine show. "Don't be evil" has been part of the company's corporate code of conduct since 2000. When Google was reorganized under a new parent company, Alphabet, in 2015, Alphabet assumed a slightly adjusted version of the motto, "do the right thing." However, Google retained its original "don't be evil" language until the past several weeks. The phrase has been deeply incorporated into Google's company culture -- so much so that a version of the phrase has served as the wifi password on the shuttles that Google uses to ferry its employees to its Mountain View headquarters, sources told Gizmodo.

Read more of this story at Slashdot.

In Virtual Reality, How Much Body Do You Need?

Slashdot - May 18, 2018 - 11:30pm
An anonymous reader quotes a report from The New York Times: Will it soon be possible to simulate the feeling of a spirit not attached to any particular physical form using virtual or augmented reality? If so, a good place to start would be to figure out the minimal amount of body we need to feel a sense of self, especially in digital environments where more and more people may find themselves for work or play. It might be as little as a pair of hands and feet, report Dr. Michiteru Kitazaki and a Ph.D. student, Ryota Kondo. In a paper published Tuesday in Scientific Reports, they showed that animating virtual hands and feet alone is enough to make people feel their sense of body drift toward an invisible avatar (Warning: source may be paywalled; alternative source). Their work fits into a corpus of research on illusory body ownership, which has challenged understandings of perception and contributed to therapies like treating pain for amputees who experience phantom limb. Using an Oculus Rift virtual reality headset and a motion sensor, Dr. Kitazaki's team performed a series of experiments in which volunteers watched disembodied hands and feet move two meters in front of them in a virtual room. In one experiment, when the hands and feet mirrored the participants' own movements, people reported feeling as if the space between the appendages were their own bodies. In another experiment, the scientists induced illusory ownership of an invisible body, then blacked out the headset display, effectively blindfolding the subjects. The researchers then pulled them a random distance back and asked them to return to their original position, still virtually blindfolded. Consistently, the participants overshot their starting point, suggesting that their sense of body had drifted or "projected" forward, toward the transparent avatar.

Read more of this story at Slashdot.

New Spectre Attack Can Reveal Firmware Secrets

Slashdot - May 18, 2018 - 9:30pm
Yuriy Bulygin, the former head of Intel's advanced threat team, has published research showing that the Spectre CPU flaws can be used to break into the highly privileged CPU mode on Intel x86 systems known as System Management Mode (SMM). ZDNet reports: Bulygin, who has launched security firm Eclypsium, has modified Spectre variant 1 with kernel privileges to attack a host system's firmware and expose code in SMM, a secure portion of BIOS or UEFI firmware. SMM resides in SMRAM, a protected region of physical memory that should only be accessible by BIOS firmware and not the operating system kernel, hypervisors or security software. SMM handles especially disruptive interrupts and is accessible through the SMM runtime of the firmware, knows as System Management Interrupt (SMI) handlers. "Because SMM generally has privileged access to physical memory, including memory isolated from operating systems, our research demonstrates that Spectre-based attacks can reveal other secrets in memory (eg, hypervisor, operating system, or application)," Bulygin explains. To expose code in SMM, Bulygin modified a publicly available proof-of-concept Spectre 1 exploit running with kernel-level privileges to bypass Intel's System Management Range Register (SMRR), a set or range registers that protect SMM memory. "These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," he notes.

Read more of this story at Slashdot.

RedDawn Android Malware Is Harvesting Personal Data of North Korean Defectors

Slashdot - May 18, 2018 - 8:50pm
According to security company McAfee, North Korea uploaded three spying apps to the Google Play Store in January that contained hidden functions designed to steal personal photos, contact lists, text messages, and device information from the phones they were installed on. "Two of the apps purported to be security utilities, while a third provided information about food ingredients," reports The Inquirer. All three of the apps were part of a campaign dubbed "RedDawn" and targeted primarily North Korean defectors. From the report: The apps were promoted to particular targets via Facebook, McAfee claims. However, it adds that the malware was not the work of the well-known Lazarus Group, but another North Korean hacking outfit that has been dubbed Sun Team. The apps were called Food Ingredients Info, Fast AppLock and AppLockFree. "Food Ingredients Info and Fast AppLock secretly steal device information and receive commands and additional executable (.dex) files from a cloud control server. We believe that these apps are multi-staged, with several components." "AppLockFree is part of the reconnaissance stage, we believe, setting the foundation for the next stage unlike the other two apps. The malwares were spread to friends, asking them to install the apps and offer feedback via a Facebook account with a fake profile promoted Food Ingredients Info," according to McAfee security researcher Jaewon Min. "After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including additional plug-in dex files; this is a similar tactic to earlier Sun Team attacks. From these cloud storage sites, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs. Furthermore, the email addresses of the new malware's developer are identical to the earlier email addresses associated with the Sun Team."

Read more of this story at Slashdot.

Syndicate content