Slashdot

The 'Unpatchable' Exploit That Makes Every Current Nintendo Switch Hackable

An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions."

Read more of this story at Slashdot.

Google Accused of Showing 'Total Contempt' for Android Users' Privacy

On the heels of a terse privacy debate, Google may have found another thing to worry about: its attempt to rethink the traditional texting system. From a report: Joe Westby is Amnesty International's Technology and Human Rights researcher. Recently, in response to Google's launch of a new messaging service called "Chat", Westby argued that Google, "shows total contempt for Android users' privacy." "With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications. Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers," Westby contended. Westby continued, saying: "In the wake of the recent Facebook data scandal, Google's decision is not only dangerous but also out of step with current attitudes to data privacy."

Read more of this story at Slashdot.

AI Trained on Images from Cosmological Simulations Surprisingly Successful at Classifying Real Galaxies in Hubble Images

A machine learning method which has been widely used in face recognition and other image- and speech-recognition applications, has shown promise in helping astronomers analyze images of galaxies and understand how they form and evolve. From a report: In a new study, accepted for publication in Astrophysical Journal and available online [PDF], researchers used computer simulations of galaxy formation to train a deep learning algorithm, which then proved surprisingly good at analyzing images of galaxies from the Hubble Space Telescope. The researchers used output from the simulations to generate mock images of simulated galaxies as they would look in observations by the Hubble Space Telescope. The mock images were used to train the deep learning system to recognize three key phases of galaxy evolution previously identified in the simulations. The researchers then gave the system a large set of actual Hubble images to classify. The results showed a remarkable level of consistency in the neural network's classifications of simulated and real galaxies. "We were not expecting it to be all that successful. I'm amazed at how powerful this is," said coauthor Joel Primack, professor emeritus of physics and a member of the Santa Cruz Institute for Particle Physics (SCIPP) at UC Santa Cruz. "We know the simulations have limitations, so we don't want to make too strong a claim. But we don't think this is just a lucky fluke."

Read more of this story at Slashdot.

New Attack Group Orangeworm Targets Healthcare Sector in US, Asia, and Europe: Symantec

Security researchers at Symantec say a group of hackers has been targeting firms related to health care in order to steal intellectual property. The security firm observed a hacking team, called Orangeworm, compromise the systems of pharmaceutical firms, medical-device manufacturers, health-care providers, and even IT companies working with medical organizations in the US, Europe, and Asia markets. Victims don't appear to have been chosen at random but "carefully and deliberately." You can read the full report here.

Read more of this story at Slashdot.

Google Is Testing a New Chrome UI

Catalin Cimpanu, writing for BleepingComputer: Google engineers have rolled out a new Chrome user interface (UI). Work on the new Refresh UI has been underway since last year, Bleeping Computer has learned. The new UI is in early testing stages, and only available via the Google Chrome Canary distribution, a version of the Chrome browser used as a testing playground. Users who are interested in giving the new UI a spin must install Chrome Canary, and then access chrome://flags, a section that contains various experimental options not included in Chrome's default settings section.

Read more of this story at Slashdot.

Was There a Civilization On Earth Before Humans?

Adam Frank, writing for The Atlantic: We're used to imagining extinct civilizations in terms of the sunken statues and subterranean ruins. These kinds of artifacts of previous societies are fine if you're only interested in timescales of a few thousands of years. But once you roll the clock back to tens of millions or hundreds of millions of years, things get more complicated. When it comes to direct evidence of an industrial civilization -- things like cities, factories, and roads -- the geologic record doesn't go back past what's called the Quaternary period 2.6 million years ago. For example, the oldest large-scale stretch of ancient surface lies in the Negev Desert. It's "just" 1.8 million years old -- older surfaces are mostly visible in cross section via something like a cliff face or rock cuts. Go back much farther than the Quaternary and everything has been turned over and crushed to dust. And, if we're going back this far, we're not talking about human civilizations anymore. Homo sapiens didn't make their appearance on the planet until just 300,000 years or so ago. [...] Given that all direct evidence would be long gone after many millions of years, what kinds of evidence might then still exist? The best way to answer this question is to figure out what evidence we'd leave behind if human civilization collapsed at its current stage of development. Mr. Frank, along with Gavin Schmidt, Director of the NASA Goddard Institute for Space Studies, have published their research on the subject [PDF].

Read more of this story at Slashdot.

EU Opens Competition Probe Into Apple's Bid For Music App Shazam

EU antitrust regulators opened an investigation on Monday into Apple's bid for British music discovery app Shazam, concerned the deal might give the iPhone maker an unfair advantage in poaching users from its rivals. From a report: Apple announced the deal in December to help it better compete with industry leader Spotify. Shazam lets users identify songs by pointing a smartphone at the audio source. The European Commission said it was concerned about Apple's access to data on Shazam's users who use competing music streaming services in Europe.

Read more of this story at Slashdot.

Hacking a Satellite is Surprisingly Easy

Caroline Haskins, writing for The Outline: Hundreds of multi-ton liabilities -- soaring faster than the speed of sound, miles above the surface of the earth -- are operating on Windows-95. They're satellites, responsible for everything from GPS positioning, to taking weather measurements, to carrying cell signals, to providing television and internet. For the countries that own these satellites, they're invaluable resources. Even though they're old, it's more expensive to take satellites down than it is to just leave them up. So they stay up. Unfortunately, these outdated systems makes old satellites prime targets for cyber attacks. [...] A malicious actor could fake their IP address, which gives information about a user's computer and its location. This person could then get access to the satellite's computer system, and manipulate where the satellite goes or what it does. Alternatively, an actor could jam the satellite's radio transmissions with earth, essentially disabling it. The cost of such an attack could be huge. If a satellite doesn't work, life-saving GPS or online information could be withheld to people on earth when they need it most. What's worse, if part of a satellite -- or an entire satellite -- is knocked out of its orbit from an attack, the debris could create a domino effect and cause extreme damage to other satellites.

Read more of this story at Slashdot.

MIT Researchers Developed a 'System For Dream Control'

dmoberhaus writes: Researchers at MIT Media Lab have adapted a centuries' old technique for inducing hypnagogia for the 21st century. Known as Dormio, this system is able to extend and manipulate the period users spend in a transitional state of consciousness between wakefulness and sleep known as hypnagogia. This state is characterized by vivid hallucinations and microdreams, and as the MIT researchers demonstrated, the contents of these microdreams can be manipulated with the system and subsequently result in heightened creativity when the user awakes. Motherboard got the exclusive details on the system.

Read more of this story at Slashdot.

Amazon Has a Top-Secret Plan to Build Home Robots

After making smart speakers a household product (at least to some), Amazon seems to have found its next big consumer product: robots. Amazon is building smart robots that are equipped with cameras that let them drive around homes, Bloomberg reported Monday. These robots could launch as soon as next year. From the report: Codenamed "Vesta," after the Roman goddess of the hearth, home and family, the project is overseen by Gregg Zehr, who runs Amazon's Lab126 hardware research and development division based in Sunnyvale, California. Lab126 is responsible for Amazon devices such as the Echo speakers, Fire TV set-top-boxes, Fire tablets and the ill-fated Fire Phone. The Vesta project originated a few years ago, but this year Amazon began to aggressively ramp up hiring. There are dozens of listings on the Lab 126 Jobs page for openings like "Software Engineer, Robotics" and "Principle Sensors Engineer." People briefed on the plan say the company hopes to begin seeding the robots in employees' homes by the end of this year, and potentially with consumers as early as 2019, though the timeline could change, and Amazon hardware projects are sometimes killed during gestation.

Read more of this story at Slashdot.

The Last Known Person Born in the 19th Century Dies in Japan at 117

Jason Kottke: As of 2015, only two women born in the 1800s and two others born in 1900 (the last year of the 19th century) were still alive. In the next two years, three of those women passed away, including Jamaican Violet Brown, the last living subject of Queen Victoria, who reigned over the British Empire starting in 1837. Last week Nabi Tajima, the last known survivor of the 19th century, died in Japan at age 117.

Read more of this story at Slashdot.

The Music Industry Had a Fantastic 2017, Driven by Streaming Revenues

An anonymous reader shares a report: Global recorded music revenues soared by $1.4 billion in 2017 largely due to the increased adoption of music streaming services among consumers, reports the Music Industry Blog. Global recorded music revenues reached $17.4 billion in 2017, putting it just a hair below 2008's $17.7 billion in revenues. That means that most of the decline in recorded music revenues over the past 10 years has now been reversed. Streaming was the largest driver of that growth, accounting for 43% of all revenues. In 2017 streaming revenues surged by 39%, topping out at $7.4 billion.

Read more of this story at Slashdot.

Microsoft Developers Hid a Secret Puzzle in Windows Backgrounds as They Knew Images Would Leak

An anonymous reader shares a report: Microsoft developers working on Windows 8 created a puzzle and embedded it in the wallpapers used for internal builds of the operating system. The team knew that the images would leak out to the public -- and probably the internal builds of Windows -- so they decided to have some fun with it. Over the course of numerous builds, the puzzle was developed -- but only one person ever solved it! Over the weekend, Jensen Harris -- a former group program manager of Microsoft Office and Microsoft director leading the team working on the redesign of Windows 8 -- took to Twitter to come clean about the secret puzzle. He explained that it was common for internal test builds of Windows to have wallpapers that were not intended for public release, but said that messages tended to be included to discourage leaking: "Traditionally, these wallpapers included text embedded in them threatening to throw people in jail if they leaked the build, blah blah, substantial penalty for early withdrawal, not all coins go up in value (some go down!), etc. etc. We wanted to try a more elegant tact. So early in Windows 8, we created a wallpaper that was a combination of the text the lawyers wanted us to use with an attempt to appeal to people's better nature...thus the "shhh... let's not leak our hard work" series of wallpapers was born."

Read more of this story at Slashdot.

Are Widescreen Laptops Dumb?

"After years of phones, laptops, tablets, and TV screens converging on 16:9 as the 'right' display shape -- allowing video playback without distracting black bars -- smartphones have disturbed the universality recently by moving to even more elongated formats like 18:9, 19:9, or even 19.5:9 in the iPhone X's case," writes Amelia Holowaty Krales via The Verge. "That's prompted me to consider where else the default widescreen proportions might be a poor fit, and I've realized that laptops are the worst offenders." Krales makes the case for why a 16:9 screen of 13 to 15 inches in size is a poor fit: Practically every interface in Apple's macOS, Microsoft's Windows, and on the web is designed by stacking user controls in a vertical hierarchy. At the top of every MacBook, there's a menu bar. At the bottom, by default, is the Dock for launching your most-used apps. On Windows, you have the taskbar serving a similar purpose -- and though it may be moved around the screen like Apple's Dock, it's most commonly kept as a sliver traversing the bottom of the display. Every window in these operating systems has chrome -- the extra buttons and indicator bars that allow you to close, reshape, or move a window around -- and the components of that chrome are usually attached at the top and bottom. Look at your favorite website (hopefully this one) on the internet, and you'll again see a vertical structure. As if all that wasn't enough, there's also the matter of tabs. Tabs are a couple of decades old now, and, like much of the rest of the desktop and web environment, they were initially thought up in an age where the predominant computer displays were close to square with a 4:3 aspect ratio. That's to say, most computer screens were the shape of an iPad when many of today's most common interface and design elements were being developed. As much of a chrome minimalist as I try to be, I still can't extricate myself from needing a menu bar in my OS and tab and address bars inside my browser. I'm still learning to live without a bookmarks bar. With all of these horizontal bars invading our vertical space, a 16:9 screen quickly starts to feel cramped, especially at the typical laptop size. You wind up spending more time scrolling through content than engaging with it. What is your preferred aspect ratio for a laptop? Do you prefer Microsoft and Google's machines that have a squarer 3:2 aspect ratio, or Apple's MacBook Pro that has a 16:10 display?

Read more of this story at Slashdot.

Net Neutrality Is Over Monday, But Experts Say ISPs Will Wait To Screw Us

An anonymous reader quotes a report from Inverse: Parts of the Federal Communication Commission's repeal of net neutrality is slated to take effect on April 23, causing worry among internet users who fear the worst from their internet service providers. However, many experts believe there won't be immediate changes come Monday, but that ISPs will wait until users aren't paying attention to make their move. "Don't expect any changes right out of the gate," Dary Merckens, CTO of Gunner Technology, tells Inverse. Merckens specializes in JavaScript development for government and business, and sees why ISPs would want to lay low for a while before enacting real changes. "It would be a PR nightmare for ISPs if they introduced sweeping changes immediately after the repeal of net neutrality," he says. While parts of the FCC's new plan will go into effect on Monday, the majority of the order still doesn't have a date for when it will be official. Specific rules that modify data collection requirements still have to be approved by the Office of Management and Budget, and the earliest that can happen is on April 27. Tech experts and consumer policy advocates don't expect changes to happen right away, as ISPs will likely avoid any large-scale changes in order to convince policymakers that the net neutrality repeal was no big deal after all.

Read more of this story at Slashdot.

Who Has More of Your Personal Data Than Facebook? Try Google

Facebook may be in the hot seat right now for its collection of personal data without our knowledge or explicit consent, but as The Wall Street Journal points out, "Google is a far bigger threat by many measures: the volume of information it gathers, the reach of its tracking and the time people spend on its sites and apps." From the report (alternative source): It's likely that Google has shadow profiles (data the company gathers on people without accounts) on as at least as many people as Facebook does, says Chandler Givens, CEO of TrackOff, which develops software to fight identity theft. Google allows everyone, whether they have a Google account or not, to opt out of its ad targeting, though, like Facebook, it continues to gather your data. Google Analytics is far and away the web's most dominant analytics platform. Used on the sites of about half of the biggest companies in the U.S., it has a total reach of 30 million to 50 million sites. Google Analytics tracks you whether or not you are logged in. Meanwhile, the billion-plus people who have Google accounts are tracked in even more ways. In 2016, Google changed its terms of service, allowing it to merge its massive trove of tracking and advertising data with the personally identifiable information from our Google accounts. Google uses, among other things, our browsing and search history, apps we've installed, demographics like age and gender and, from its own analytics and other sources, where we've shopped in the real world. Google says it doesn't use information from "sensitive categories" such as race, religion, sexual orientation or health. Because it relies on cross-device tracking, it can spot logged-in users no matter which device they're on. Google fuels even more data harvesting through its dominant ad marketplaces. There are up to 4,000 data brokers in the U.S., and collectively they know everything about us we might otherwise prefer they didn't -- whether we're pregnant, divorced or trying to lose weight. Google works with some of these brokers directly but the company says it vets them to prevent targeting based on sensitive information. Google also is the biggest enabler of data harvesting, through the world's two billion active Android mobile devices.

Read more of this story at Slashdot.

'Drupalgeddon2' Touches Off Arms Race To Mass-Exploit Powerful Web Servers

Researchers with Netlab 360 warn that attackers are mass-exploiting "Drupalgeddon2," the name of an extremely critical vulnerability Drupal maintainers patched in late March. The exploit allows them to take control of powerful website servers. Ars Technica reports: Formally indexed as CVE- 2018-7600, Drupalgeddon2 makes it easy for anyone on the Internet to take complete control of vulnerable servers simply by accessing a URL and injecting publicly available exploit code. Exploits allow attackers to run code of their choice without having to have an account of any type on a vulnerable website. The remote-code vulnerability harkens back to a 2014 Drupal vulnerability that also made it easy to commandeer vulnerable servers. Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can." China-based Netlab 360, meanwhile, said at least three competing attack groups are exploiting the vulnerability. The most active group, Netlab 360 researchers said in a blog post published Friday, is using it to install multiple malicious payloads, including cryptocurrency miners and software for performing distributed denial-of-service attacks on other domains. The group, dubbed Muhstik after a keyword that pops up in its code, relies on 11 separate command-and-control domains and IP addresses, presumably for redundancy in the event one gets taken down.

Read more of this story at Slashdot.

UK Teen Who Hacked CIA Director Sentenced To 2 Years In Prison

An anonymous reader quotes a report from Gizmodo: A British teenager who gained notoriety for hacking a number of high profile United States government employees including former CIA director John Brennan and former director of intelligence James Clapper was sentenced Friday to two years in prison. Eighteen-year-old Kane Gamble pleaded guilty to 10 separate charges, including eight counts of "performing a function with intent to secure unauthorized access" and two counts of "unauthorized modification of computer material," the Guardian reported. Gamble, otherwise known by his online alias Cracka, was 15 at the time that he started his hacking campaigns. The alleged leader of a hacking group known as Crackas With Attitude (CWA), Gamble made it a point to target members of the U.S. government. The young hacker's group managed to successfully gain access to ex-CIA director John Brennan's AOL email account. The group hacked a number of accounts belonging to former Director of National Intelligence James Clapper, including his personal email, his wife's email, and his phone and internet provider account. The hackers allegedly made it so every call to Clapper's home phone would get forwarded to the Free Palestine Movement.

Read more of this story at Slashdot.

Tesla Batteries Retain Over 90 Percent Charging Power After 160,000 Miles, Survey Finds

According to a survey of over 350 Tesla owners, Tesla batteries retain over 90 percent of their charging power after 160,000 miles. The EVs dropped only 5 percent of their capacity after 50,000 miles, but lose it at a much slower rate after that. Most Tesla vehicles will have over 90 percent of their charging power after around 185,000 miles, and 80 percent capacity after 500,000. Engadget reports: Tesla has no battery degradation warranty on its Model S and X luxury EVs, but guarantees that the Model 3 will retain 70 percent battery capacity after 120,000 miles (long-range battery) and 100,000 miles (shorter-range battery). That's a bit more generous than the one Nissan offers on the Leaf (66 percent over 100,000 miles) for instance. According to the survey data, Tesla will easily be able to meet this mark.

Read more of this story at Slashdot.

Pornhub Hasn't Been Actively Enforcing Its Deepfake Ban

Pornhub said in February that it was banning AI-generated deepfake videos, but BuzzFeed News found that it's not doing a very good job at enforcing that policy. The media company found more than 70 deepfake videos -- depicting graphic fake sex scenes with Emma Watson, Scarlett Johanson, and other celebrities -- were easily searchable from the site's homepage using the search term "deepfake." From the report: Shortly after the ban in February, Mashable reported that there were dozens of deepfake videos still on the site. Pornhub removed those videos after the report, but a few months later, BuzzFeed News easily found more than 70 deepfake videos using the search term "deepfake" on the site's homepage. Nearly all the videos -- which included graphic and fake depictions of celebrities like Katy Perry, Scarlett Johansson, Daisy Ridley, and Jennifer Lawrence -- had the word "deepfake" prominently mentioned in the title of the video and many of the names of the videos' uploaders contained the word "deepfake." Similarly, a search for "fake deep" returned over 30 of the nonconsensual celebrity videos. Most of the videos surfaced by BuzzFeed News had view counts in the hundreds of thousands -- one video featuring the face of actor Emma Watson garnered over 1 million views. Some accounts posting deepfake videos appeared to have been active for as long as two months and have racked up over 3 million video views. "Content that is flagged on Pornhub that directly violates our Terms of Service is removed as soon as we are made aware of it; this includes non-consensual content," Pornhub said in a statement. "To further ensure the safety of all our fans, we officially took a hard stance against revenge porn, which we believe is a form of sexual assault, and introduced a submission form for the easy removal of non-consensual content." The company also provided a link where users can report any "material that is distributed without the consent of the individuals involved."

Read more of this story at Slashdot.

Pages