Security researchers at Ben-Gurion University in Israel have found a way to lift data from closed networks using little more than a standard computer monitor and FM radio waves. It's a pretty clever trick: researchers have created a keylogging app called AirHopper that can transmit radio frequencies by exploiting the PC's display. A companion app on an FM-equipped smartphone can decode those transmissions and record the host machine's keystrokes in real-time.
It's not the first time FM radio waves have been used to smuggle data out of an air gap network, but this method can be done without PC connected speakers and without either device being connected to an outside network. Like previous methods, it has a fairly short range (about 7 meters) and can't transmit more than a few bytes a second, but that's more than enough to nab passwords or other sensitive text data. The group has already released a short video of the exploit in action, and intends to publish a more detailed paper on the subject at Malcon 2014 later this week.
The Google X research lab has unveiled a new project: developing a pill capable of detecting cancer, imminent heart attacks, and other diseases. According to the article, "the company is fashioning nanoparticles—particles about one billionth of a meter in width—that combine a magnetic material with antibodies or proteins that can attach to and detect other molecules inside the body." When a person ingests the pill, these particles interact with the particular markers for a given disease. Since they're magnetic, they can then be guided back to a particular spot where they can be scanned to determine if any interactions took place. Google X's head of life sciences, Andrew Conrad, said, "What we are trying to do is change medicine from reactive and transactional to proactive and preventative. Nanoparticles... give you the ability to explore the body at a molecular and cellular level."
The Center for American Progress reports:
At Authentic Jobs, a job search website, employees aren't just given vacation days. They're now required to take a certain number each year.
When founder Cameron Moll first started the company, he decided to institute an unlimited vacation policy much like the one in place at larger companies like Virgin Atlantic and Netflix. "Running Authentic Jobs, I see a lot of perks come through," Moll told ThinkProgress. "One that crops up is often vacation." Moll, resistant to typical corporate culture, was looking to do things differently. An attractive vacation policy can draw talent. "It does make for a good sell with potential candidates," he said. "It just sounds awesome."
But he found he didn't like the policy. [...] no one was taking enough.
[...]This trend had negative ramifications at Authentic Jobs. "Our overall health wasn't as good as it could be," he said. He also didn't have a way to track how much time people were taking and when, so he had no way to urge people to take more.
So he decided to try something different. "What if we got rid of this policy we had in place and flipped the traditional vacation policy on its head?" he thought to himself. "Instead of focus on maximum, focus on minimums." The new policy requires employees to take off 12 holidays and 15 vacation days a year, and then they can take unlimited time above that. "We're saying you need to take off at least 27 days per year and then beyond that if you need additional time, feel free to do it," he explained.
"Right now it's only a concept, only a theory for us, we just implemented it recently," he said. "I'm really curious to see how it plays out."
You've already invested in the tin-foil hat, but now you can protect some other important bodily assets. The New York Post has an article about RadiaShield boxer briefs, which promise "to protect men's reproductive organs and maintain fertility health."
These underpants, supplied by the Belly Armor company, have a silvered layer of fabric in the crotch. They're supposed to stop electromagnetic radiation, such as that from cell phones, that could have deleterious effects on the production of sperm. The attenuation is claimed as 40 to 60 dB over a wide spectrum.
Female readers shouldn't feel left out: as the company's name suggests, it also produces a range of (non-ionising) radiation-proof belly armor for expectant mothers.
The RadiaShield fabric is "a highly conductive silver textile with the same shielding properties as a 1/4-inch thick sheet of aluminum", but without the weight, inconvenience and clanking noises of actual armor. (Enterprising Soylentils may prefer a do-it-yourself approach, utilizing aluminum cooking foil.)
Pacific Standard is running a story that raises the issue of medical costs compared to the diseases they cure.
In the article they point out that a cure for Hepatitis C (HepC) with a new battery of drugs can be had in as little as 12 weeks for a lifetime cure.
For the first time, highly effective regimens were available without interferon. Treatment courses that used to last nearly a year have now been reduced to just 12 weeks in most cases. Side effects are so low that some patients who took these medications in research studies thought they were being given a placebo. Cure rates are now in the 90 to 95 percent range—not suppression, not control, not maintenance, but the cure of hepatitis C. This is a watershed moment for the over three million Americans, and many more millions abroad, who are infected.
We're starting this celebration of teaching with Socrates, the superstar teacher of the ancient world. He was sentenced to death more than 2,400 years ago for "impiety" and "corrupting" the minds of the youth of Athens.
But Socrates' ideas helped form the foundation of Western philosophy and the scientific method of inquiry. And his question-and-dialogue-based teaching style lives on in many classrooms as the Socratic method.
Most of us have been influenced by our teachers, and some of them may have even been great ones even if, unlike Socrates, they toiled in anonymity. So, I ask this question: Who were (or are) your greatest teachers, why, and what did you learn from them that made them so great?
Techcrunch.com are reporting that MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC has been hacked. The data breach involves the theft of email addresses.
CurrentC are working hard to bring their own mobile payment solution to the market and recently made a number of retail chains turn off their contactless (NFC) card readers to prevent people paying with the competing Google Wallet and Apple Pay.
Are proprietary solutions becoming the new norm? Previously, all TVs could display all channels being broadcast and either cash or standard, mainstream credit cards were universally accepted but the new direction seems to be a plethora of incompatible technologies for the benefit of the vendor instead of the customer.
On June 27, a new lava flow emerged from Hawaii's Kilauea Volcano, flowing to the northeast at a rate varying from 2 meters per hour up to 15 meters per hour. In the months since, the "June 27 breakout" lava flow has crossed more than 12 miles and now threatens the small town of Pahoa. The molten rock has already claimed acres of forest, several roads, and small farm buildings, and buried the Pahoa Cemetery. Dozens of Pahoa residents have been evacuated ahead of the slow-moving disaster, as state and federal officials work to protect what they can and plan for the worst. If the flow continues as projected, dozens more houses and businesses are threatened, and a large section of Pahoa may be cut off from the rest of the island if the flow remains active and reaches the sea.
The news is old, but The Atlantic's photo essay provides many spectacular images, courtesy of the US Geological Survey's Hawaiian Volcano Observatory.
In 2007, the FBI wrote a fake news story about bomb threats in Thurston County, Washington, and then sent out e-mail links "in the style of the Seattle Times."
The details have now been published by that very same newspaper, which today carries a story including outraged quotes from a Seattle Times editor. The FBI put an Associated Press byline on the fake news story, which was about the bomb threats in Thurston County that they were investigating.
“We are outraged that the FBI, with the apparent assistance of the US Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times editor Kathy Best. "Not only does that cross a line, it erases it."
The information comes from documents about the 2007 FBI operation, which were acquired via a Freedom of Information Act request and published by the Electronic Frontier Foundation in 2011. It wasn't until yesterday that ACLU Technologist Christopher Soghoian noted The Seattle Times/AP reference and published it on Twitter. That spurred the newspaper to express its outrage and get FBI response.
Nicolas Niarchos has a profile of 2600 in The New Yorker that is well worth reading. Some excerpts:
2600—named for the frequency that allowed early hackers and “phreakers” to gain control of land-line phones—is the photocopier to Snowden’s microprocessor. Its articles aren’t pasted up on a flashy Web site but, rather, come out in print. The magazine—which started as a three-page leaflet sent out in the mail, and became a digest-sized publication in the late nineteen-eighties—just celebrated its thirtieth anniversary. It still arrives with the turning of the seasons, in brown envelopes just a bit smaller than a 401k mailer.
“There’s been now, by any stretch of the imagination, three generations of hackers who have read 2600 magazine,” Jason Scott, a historian and Web archivist who recently reorganized a set of 2600’s legal files, said. Referring to Goldstein, whose real name is Eric Corley, he continued: “Eric really believes in the power of print, words on paper. It’s obvious for him that his heart is in the paper.”
2600 provides an important forum for hackers to discuss the most pressing issues of the day—whether it be surveillance, Internet freedom, or the security of the nation’s nuclear weapons—while sharing new code in languages like Python and C.* For example, the most recent issue of the magazine addresses how the hacking community can approach Snowden’s disclosures. After lampooning one of the leaked N.S.A. PowerPoint slides (“whoever wrote this clearly didn’t know that there are no zombies in ‘1984’ ”) and discussing how U.S. government is eroding civil rights, the piece points out the contradictions that everyone in the hacking community currently faces. “Hackers are the ones who reveal the inconvenient truths, point out security holes, and offer solutions,” it concludes. “And this is why hackers are the enemy in a world where surveillance and the status quo are the keys to power.”
In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick. Only instead of a mistress, they’re sharing their love letters with data-stealing malware buried deep on a victim’s computer.
Here’s how the attack worked in the case Shape observed: The hacker first set up an anonymous Gmail account, then infected a computer on the target’s network with malware. (Shape declined to name the victim of the attack.) After gaining control of the target machine, the hacker opened their anonymous Gmail account on the victim’s computer in an invisible instance of Internet Explorer—IE allows itself to be run by Windows programs so that they can seamlessly query web pages for information, so the user has no idea a web page is even open on the computer.
With the Gmail drafts folder open and hidden, the malware is programmed to use a Python script to retrieve commands and code that the hacker enters into that draft field. The malware responds with its own acknowledgments in Gmail draft form, along with the target data it’s programmed to exfiltrate from the victim’s network. All the communication is encoded to prevent it being spotted by intrusion detection or data-leak prevention. The use of a reputable web service instead of the usual IRC or HTTP protocols that hackers typically use to command their malware also helps keep the hack hidden.
wget prior to 1.16 allows for a web server to write arbitrary files on the client side when performing a recursive get using ftp.
Redhat's bug is here: https://bugzilla.redhat.com/show_bug.cgi?id=1139181 and notes:
It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP.
There is a workaround:
This issue can be mitigated by ensuring that all invocations of wget in the mirror mode also specify --retr-symlinks command line option. Doing so is equivalent to applying the upstream commit linked in comment 14, which changes the default for the retr-symlinks options from off/no to on/yes, preventing creation of symbolic links locally.
In addition to changing arguments in all scripts or programs that invoke wget, it is possible to enabled[sic] retr-symlinks option via wget configuration file - either global /etc/wgetrc, or user specific ~/.wgetrc - by adding the following line:
Federal officials on Tuesday sued AT&T, the nation’s second-largest cellular carrier, for allegedly deceiving millions of customers by selling them supposedly “unlimited” data plans that the company later “throttled” by slowing Internet speeds when customers surfed the Web too much.
The Federal Trade Commission said the practice, used by AT&T since 2011, resulted in slower speeds for customers on at least 25 million occasions – in some cases cutting user Internet speeds by 90 percent, to the point where they resembled dial-up services of old. The 3.5 million affected customers experienced these slowdowns an average of 12 days each month, said the FTC, which received thousands of complaints about the practice.
See also Ars Technica's coverage: US sues AT&T, alleges severe throttling of unlimited data customers which notes that customers were throttled by as much as 90% once they reached 3GB or 5GB of data.
Imagine a world where fast food workers can pay their rent and utility bills plus buy their children food and clothes. Well, you don't have to imagine it because such a place exists. It's called Denmark.
A New York Times article on Tuesday (paywalled) chronicled the life of a Danish fast food worker named Hampus Elofsson, who works 40 hours a week at a Burger King in Copenhagen, and makes enough not only to pay his bills, but to save some money and enjoy a night out with friends. His wage: $20 per hour. Yep, you read that right. The base wage in Denmark is close to two and a half times what American fast food workers make.
Elofsson's pay is the kind of wage that Anthony Moore, a shift manager in Tampa, Florida can only dream about. [Moore] earns $9 an hour for his low-level management job, or about $300 per week, and like half of America's fast food workers, he relies on some form of public assistance to make up the difference between that wage and barely eking out a living.
[...] What Danish fast food workers have that their American counterparts do not is a powerful union and fast food franchise owners who are willing to make a little less of a profit...though they still do make a profit.
I also found his discussion of the "recovery" of the USA economy (between the segment on the GM bailout and the one on "US" megacorps evading taxes) to be especially worthwhile. His weekly webcasts are also available for about half the bandwidth and storage space from KPFA's archive.
A supply rocket carrying cargo and experiments to the ISS exploded shortly after liftoff. NASA and Orbital Sciences (the company operating the rocket) have not released any information about what may have caused the incident, pending further investigation.
The mission was unmanned, and all personnel are safe and accounted for. The extent of the damage to the launch facility has not yet been determined.
Phil Plait, author of the Bad Astronomy blog speculates that the 60s-70s era refurbished Russian engines the vehicle used will come under heavy scrutiny.