Slashdot Mirror

merbs writes: Throughout the early 90s, a team of Russian astronomers and engineers were hellbent on literally turning night into day. By shining a giant mirror onto the earth from space, they figured they could bring sunlight to the depths of night, extending the workday, cutting back on lighting costs and allowing laborers to toil longer. If this sounds a bit like the plot of a Bond film, well, it's that too. The difference is that for a second there, the scientists, led by Vladimir Sergeevich Syromyatnikov, one of the most important astronautical engineers in history, actually pulled it off.

itwbennett writes: This weekend, Apple security expert Patrick Wardle will detail a vulnerability in Apple's Gatekeeper that makes it possible to bypass the anti-malware defense. This is the same vulnerability that was disclosed last April, which Apple said it patched later. Wardle was able to easily bypass Apple's fixes. He says "all Apple did was blacklist the signed apps he was abusing, but didn't fix the underlying issue, which is that, essentially, Gatekeeper functions as a guard that doesn't check" software already on the whitelist.

schwit1 writes: Police in two countries have claimed that they can read encrypted data from BlackBerry devices that are being marketed as having "military-grade security." The story originally broke when Dutch website Misdaadnieuws (Crime News) published documents from the Netherlands Forensic Institute (NFI), a Dutch law enforcement agency, stating that police were able to access deleted messages and read encrypted emails on so-called BlackBerry PGP devices. A representative from NFI confirmed that "we are capable of obtaining encrypted data from BlackBerry PGP devices," according to a report from Motherboard. On Tuesday, the Royal Canadian Mounted Police (RCMP) also told Motherboard they can crack encrypted messages on PGP BlackBerrys.

schwit1 writes: Police in two countries have claimed that they can read encrypted data from BlackBerry devices that are being marketed as having "military-grade security." The story originally broke when Dutch website Misdaadnieuws (Crime News) published documents from the Netherlands Forensic Institute (NFI), a Dutch law enforcement agency, stating that police were able to access deleted messages and read encrypted emails on so-called BlackBerry PGP devices. A representative from NFI confirmed that "we are capable of obtaining encrypted data from BlackBerry PGP devices," according to a report from Motherboard. On Tuesday, the Royal Canadian Mounted Police (RCMP) also told Motherboard they can crack encrypted messages on PGP BlackBerrys.

An anonymous reader writes: The U.S. Director of National Intelligence, James Clapper, has now joined the CIA's John Brennan in having his personal online accounts hacked. A teenage hacker known as 'Cracka' has claimed responsibility for the hack, reporting that he had infiltrated Clapper's home telephone, online accounts and his personal email, as well as his wife's Yahoo account. Cracka had managed to change the settings on Clapper's Verizon Fios account so that any calls to his home number were redirected to the Free Palestine Movement group in California.

An anonymous reader sends this report from Motherboard: Computer scientists at the University of Pennsylvania have developed an algorithmic framework for conducting targeted surveillance of individuals within social networks while protecting the privacy of untargeted digital bystanders. ... The algorithms are based on a few basic ideas. The first is that every member of a network (a graph) comes with a sequence of bits indicating their membership in a targeted group. If say, the number two bit was set in your personal privacy register, then you might be part of the “terrorist” target population. For an algorithm searching a network for targets, it doesn’t just get to ask to reveal every network member’s bits. It has a budget of sorts, where it can only reveal so many bits and no more. The algorithms work to optimize this scenario such that as many bits-of-interest are revealed as possible. It does this optimization via a notion known as a statistic of proximity (SOP), which is a quantification of how close a given graph node is to a targeted group of nodes. This is what guides the search algorithms.

derekmead writes: In order to fight what it has called one of the largest child pornography sites on the dark web, the FBI hacked over a thousand computers, according to court documents reviewed by Motherboard and interviews with legal parties involved.

Just a month after launch, a bulletin board called Playpen had nearly 60,000 member accounts. By the following year, this number had ballooned to almost 215,000, with over 117,000 total posts, and an average of 11,000 unique visitors each week. Many of those posts, according to FBI testimony, contained some of the most extreme child abuse imagery one could imagine, and others included advice on how sexual abusers could avoid detection online.

But after Playpen was seized, it wasn't immediately closed down, unlike previous dark web sites that have been shuttered by law enforcement. Instead, the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency's term for a hacking tool.

derekmead writes: In order to fight what it has called one of the largest child pornography sites on the dark web, the FBI hacked over a thousand computers, according to court documents reviewed by Motherboard and interviews with legal parties involved.

Just a month after launch, a bulletin board called Playpen had nearly 60,000 member accounts. By the following year, this number had ballooned to almost 215,000, with over 117,000 total posts, and an average of 11,000 unique visitors each week. Many of those posts, according to FBI testimony, contained some of the most extreme child abuse imagery one could imagine, and others included advice on how sexual abusers could avoid detection online.

But after Playpen was seized, it wasn't immediately closed down, unlike previous dark web sites that have been shuttered by law enforcement. Instead, the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency's term for a hacking tool.

An anonymous reader writes: There were a lot of stories told about the future in 2015. More than usual, maybe. Big budget blockbusters, hefty, idea-rich novels, and epic, dystopian video games—there was complex, stirring speculative fiction dripping from every media faucet we've got. And it spoke volumes about our anxieties about the present. In 2015, those anxieties are, apparently, concern the rise of science denial, climate change, total collapse.

An anonymous reader writes with this Vice article about the power of crowds when it comes to solving complex problems. "Forget artificial intelligence: The key to solving the world's most complex problems could be human-machine collaboration. That's the rallying cry of researchers who penned an editorial in the journal Science championing "human computation"—systems that combine the talents of computers and humans. The authors claim these systems could ultimately tackle issues such as climate change and geopolitical conflict, all without the existential risks posed by true AI and the technological singularity.

Authors Pietro Michelucci and Janis Dickinson imagine a system that would provide a technical framework for ideas to be shared, analyzed, and revised until the best bubble to the top; Michelucci envisages it as a 'dynamic Wikipedia.' The idea would be to develop our understanding of real-world issues online, and test potential solutions in this computational space, then applying new knowledge back in the real world so as to actually effect some change. 'Imagine something like the game SimCity, but a thousand times more detailed, and then link in real-time sensors attached to the internet,' said Michelucci. 'The more faithful that model of the real world becomes, the more accurate it would be for testing out solutions and predicting outcomes.'"

Motherboard takes a look at the ongoing leak from a deep well in Southern California, and the engineering challenges that mean it won't be stopped for a while. From Motherboard's report: An enormous amount of harmful methane gas is currently erupting from an energy facility in Aliso Canyon, California, at a startling rate of 110,000 pounds per hour. The gas, which carries with it the stench of rotting eggs, has led to the evacuation 1,700 homes so far. Many residents have already filed lawsuits against the company that owns the facility, the Southern California Gas Company. ... Part of the problem in stopping the leak lies in the base of the well, which sits 8,000 feet underground. Pumping fluids down into the will, usually the normal recourse, just isn't working, said [copmany spokesperson Anne] Silva. Workers have been "unable to establish a stable enough column of fluid to keep the force of gas coming up from the reservoir." The company is now constructing a relief well that will connect to the leaking well, and hopefully provide a way to reduce pressure so the leak can be plugged. As the article notes, methane is an especially noxious gas in a figurative as well as literal sense; while it spends less time in the atmosphere than does CO2, it is more effective at trapping heat.

Press2ToContinue writes: Apple's Lightning cable cartel be damned: Switzerland is moving forward with a plan for a single, universal phone charger across the country, standardizing phone chargers across the board. While the exact standard hasn't been mentioned yet, it wouldn't be hard to guess the standard: Micro USB, used across phone platforms, most especially Android, which has a gigantic chunk of the cell phone market worldwide.

The likely loser? Apple, which has relied on proprietary chargers since introducing the iPhone in 2007. While many companies have tried releasing generic cables, Apple often relies on DRM software to ensure that it's an Apple certified cable, charging $19 a piece for the Lightning charger used by the iPhone 5 and 6 and similar models.

What do you think -- are government-mandated standards for chargers a good idea? Despite the success of the standard household 3-prong electrical plug, doesn't this hamper progress? China seems to have done most of the work on the wall-circuit side of the equation,several years ago. But as to the "standard" 3-prong plug, any particular plug type is only as universal as the sockets and voltages they supply.

An anonymous reader points out Vice's rather dark view of the state of Internet freedom, the author of which posits that "one fact about the internet is quickly becoming clear this year: Americans' freedom to access the open internet is rapidly dissolving." As evidence, the writer points out negative trends in broadband adoption, legal moves to weaken encryption, industry consolidation that means fewer competitors in some areas, increasing use of data caps, and increasing reliance by many (especially poorer) Americans on mobile phones as their only internet-connected devices. (On the other hand, it's worth pointing out that there are now free encryption-centric apps for voice and text communication that give ordinary people privacy options, and both unlocked phones and inexpensive data plans are far closer to the American norm than they were a few years ago.)

Press2ToContinue writes with this profile of Anatoli Brouchkov, a scientist who isn't afraid to take an extremely hands-on approach to science. Vice reports: "Anatoli Brouchkov is a soft-spoken guy with silver hair, and when he lets out a reserved chuckle, his eyes light up like he was belly laughing. If you met him on the street, you'd never guess that he once injected himself with a 3.5 million-year-old strain of bacteria, just to see what would happen. According to Brouchkov, Bacillus F has a mechanism that has enabled it to survive for so long beneath the ice, and that the same mechanism could be used to extend human life, too—perhaps, one day, forever. In tests, Brouchkov says the bacteria allowed female mice to reproduce at ages far older than typical mice. Fruit flies, he told the Siberian Times, also experienced a 'positive impact' from exposure to the bacteria."

tedlistens writes: Generations of physics teachers, textbooks, and articles have taught that the spectacular collapse of the Tacoma Narrows Bridge, 75 years ago, in November 1940, was caused by resonance. But this explanation is inaccurate, and despite the fact that the collapse is not a mystery—that the bridge, in a sense, twisted itself apart—the fallacy continues to spread. Not only that: according to a new study by Don Olson and colleagues at Texas State University and East Carolina University, parts of the famous footage that immortalized it are misleading too. According to the most complete recent research, he and his co-authors write, "the failure of the bridge was related to a wind-driven amplification of the torsional oscillation that, unlike a resonance, increases monotonically with increasing wind speed." Each time the deck of the bridge twisted now, it sought to return to its original position (inertial forces). And as it did so, twisting back with a matching speed and direction (elastic forces), the wind and the vortices caught it each time, pushing the deck just a little bit more in that direction (aerodynamic forces). With each twist and each twist back, the size of the twisting slightly increased.

Josiah Zayner, a research fellow at NASA Ames Research Center, is running an Indiegogo campaign to make DIY gene editing kits that use the CRISPR technique to modify DNA. The campaign has already exceeded its goal, and he points out an article at Motherboard noting the controversy surrounding cheap, DIY genetic modification. Quoting:The kits won't going to allow people to genetically modify humans, but Zayner is still getting some heat for the project. One medical doctor emailed him with "grave concerns" about putting the technology in the hands of lay people. "Reprogramming bacteria or fungi could have serious ramifications, such as inadvertent or intended multi-drug resistance, faster multiplication, toxin production, and persisting potency when aerosolized," the doctor wrote. ... There is no legal framework surrounding this at-home work, unless it results in a product to be distributed, said Todd Kuiken, a senior program associate with the Synthetic Biology Project at the Woodrow Wilson International Center for Scholars. "Who actually uses kits like these and what they are using them for will determine if any of these products they make would be regulated or not," he said.

sarahnaomi writes with this excerpt from Motherboard: Brace yourself, because your favorite social media platform might get turned on its head: Twitter is experimenting with a new way of sorting your timeline that breaks with the reverse-chronological format it has used since its inception. Certain users have already been selected for testing, and a Twitter search for "timeline out of order" revealed a lot of confused Tweeters. A Twitter spokesperson confirmed via email that this is "an experiment. We're continuing to explore ways to surface the best content for people using Twitter." Presumably, Twitter is working with algorithms similar to the ones Facebook uses to order items on your News Feed. I curse the name of Zuckerberg each time I realize that my view of Facebook has been switched from "Most Recent" to "Top Stories" -- Top Stories according to whom?

Several readers sent word that French newspaper Le Monde got its hands on documents showing the French government is debating two new pieces of legislation that are unfriendly to internet users. The first would ban people from sharing Wi-Fi connections during a state of emergency. "This comes from a police opinion included in the document: the reason being that it is apparently difficult to track individuals who use public Wi-Fi networks." The second would forbid the use of Tor within France's borders. "The main problem with such a ban on Tor is that it wouldn't achieve a whole lot. Would-be terrorists could still access Tor from outside the country, and if they did manage to access Tor from within France I doubt they're concerned about being arrested for illegal use of the network."

merbs writes: Anote Tong, the president of low-lying Kiribati, has spent nearly a decade trying to save his people from rising sea levels. There's a good chance he will not succeed. This is how he leads a nation that will likely not exist in 100 years. Motherboard reports: "Kiribati’s fate provides a rare glimpse of the future world under climate change. The tiny island nation is the canary in our global coal mine, and it will bear the brunt of climate change more intensely and much sooner than nearly anywhere else. 'We cannot keep doing what we are doing,' Tong said. 'Because we may be on the front line today, but other countries, other societies, other communities will be next.'"

An anonymous reader writes: The VTech hack just got a little worse. Reports say that in addition to the 4.8 million records with parents' names, home addresses, passwords and the identities of 227k kids, the hackers also have hundreds of gigabytes worth of pictures and chat logs belonging to children. ZDNet reports: "Tens of thousands of pictures — many blank or duplicates — were thought to have been taken from from Kid Connect, an app that allows parents to use a smartphone app to talk to their children through a VTech tablet. Motherboard was able to verify a portion of the images, and the chat logs, which date as far back as late-2014. Details about the intrusion are not fully known yet. The hacker, who for now remains nameless, told Motherboard that the Hong Kong-based company 'left other sensitive data exposed on its servers.'"

New submitter lorenzofb writes: A hacker broke into the site of the popular toy company VTech and was able to easily get 4.8 million credentials, and 227k kids' identities using SQL injection. The company didn't find out about the breach until Motherboard told them. According to Have I Been Pwned, this is the fourth largest consumer data breach ever. "[Security specialist Troy Hunt] said that VTech doesn't use SSL web encryption anywhere, and transmits data such as passwords completely unprotected. ... Hunt also found that the company's websites "leak extensive data" from their databases and APIs—so much that an attacker could get a lot of data about the parents or kids just by taking advantage of these flaws."

An anonymous reader writes: Rolling Stone reports that an unusual new trend is popping up around the offices of Silicon Valley companies: taking tiny doses of LSD or other psychedelic drugs to increase productivity. "A microdose is about a tenth of the normal dose – around 10 micrograms of LSD, or 0.2-0.5 grams of mushrooms." According to the article, the average user is a 20-something looking to improve their creativity and problem-solving skills. Some users report that the LSD alleviates other problems, like anxiety or cluster headaches. That said, it's important to note that such benefits are not supported by scientific research — yet.

Jason Koebler writes: Motherboard sent a reporter to the Electronics Reuse Convention in New Orleans to investigate the important but threatened world of smartphone and electronics repair. As manufacturers start using proprietary screws, offer phone lease programs and use copyright law to threaten repair professionals, the right-to-repair is under more threat than ever. "That Apple and other electronics manufacturers don't sell repair parts to consumers or write service manuals for them isn't just annoying, it's an environmental disaster, [iFixit CEO Kyle Wiens] says. Recent shifts to proprietary screws, the ever-present threat of legal action under a trainwreck of a copyright law, and an antagonistic relationship with third-party repair shops shows that the anti-repair culture at major manufacturers isn't based on negligence or naiveté, it's malicious."

An anonymous reader writes: A surge in ransomware campaigns is expected to hit the medical sector in 2016, according to a recent report published by forecasters at Forrester Research. The paper 'Predictions 2016: Cybersecuirty Swings To Prevention' suggests that the primary hacking trend of the coming year will be "ransomware for a medical device or wearable," arguing that cybercriminals would only have to make mall modifications to current malware to create a feasible attack. Pacemakers and other vital health devices would become prime targets, with attackers toying with their stability and potentially threatening the victim with their own life should the ransom demands not be met.

An anonymous reader writes with this history of SQL injection attacks. From the Motherboard article: "SQL injection (SQLi) is where hackers typically enter malicious commands into forms on a website to make it churn out juicy bits of data. It's been used to steal the personal details of World Health Organization employees, grab data from the Wall Street Journal, and hit the sites of US federal agencies. 'It's the most easy way to hack,' the pseudonymous hacker w0rm, who was responsible for the Wall Street Journal hack, told Motherboard. The attack took only a 'few hours.' But, for all its simplicity, as well as its effectiveness at siphoning the digital innards of corporations and governments alike, SQLi is relatively easy to defend against. So why, in 2015, is SQLi still leading to some of the biggest breaches around?"

schwit1 writes: In the wake of the tragic events in Paris last week encryption has continued to be a useful bogeyman for those with a voracious appetite for surveillance expansion. Like clockwork, numerous reports were quickly circulated suggesting that the terrorists used incredibly sophisticated encryption techniques, despite no evidence by investigators that this was the case. These reports varied in the amount of hallucination involved, the New York Times even having to pull one such report offline. Other claims the attackers had used encrypted Playstation 4 communications also wound up being bunk.

merbs writes: In Papua New Guinea, one well-financed, first-mover company is about to pioneer deep sea mining. And that will mean dispatching a fleet of giant remote-operated robotic miners 5,000 feet below the surface to harvest the riches scattered across ocean floor. These mammoth underwater vehicles look like they've been hauled off the set of a sci-fi film—think Avatar meets The Abyss. And they'll be dredging up copper, gold, and other valuable minerals, far beneath the gaze of human eyes.

theodp writes: Teaching U.S. K-12 kids their programming fundamentals in past Hours of Code were an IF-fy Bill Gates and a LOOP-y Mark Zuckerberg. Interestingly, the new signature tutorial — Star Wars: Building a Galaxy with Code — created by Lucasfilm and Code.org ("in a locked room with no windows") for this December's Hour of Code, eschews both IF statements and loops. The new learn-to-code tutorial instead elects to show students "events" after they've gone through the usual move-up-down-left-right drills. With the NY Times and National Center for Women & Information Technology recently warning against putting Star Wars in the CS classroom ("Attracting more female high school students to computer science classes might be as easy as tossing out the Star Wars posters," claimed an Aug. 29th NCWIT Facebook post), the theme of the new tutorial seems an odd choice for Code.org, whose stated mission includes "increasing [CS] participation by women." But if Star Wars is, as some suggest, more aimed at boys, perhaps Code.org has something up its sleeve for girls (a la last year's Disney Princesses) with another as yet unannounced signature tutorial that it teased would be "just as HUGE" as the Star Wars one. Any guesses on what that might be?

OakDragon writes: Microsoft has tamped down the earth on XP's grave, steered Internet Explorer toward the nursing home, and is trying to convince everyone Windows 10 is a bright up-and-comer. But in the Paris airport of Orly, a system called DECOR — which helps air traffic controllers relay weather information to pilots — is running on Windows 3.1. That program suffered a glitch recently that grounded planes for some time. The airport actually runs on a variety of old systems, including Windows XP and UNIX. Maintenance is a problem. There are only three people in Paris that work on DECOR issues, and one of them is retiring soon. Hardware is also an issue. "Sometimes we have to go rummaging on eBay to replace certain parts," said Fiacre. "In any case, these machines were not designed to keep working for more than 20 years."

merbs writes: Early next year, DARPA will begin testing a 132-foot unmanned submarine-hunting ocean drone in San Diego. Slapped with the cumbersome title of Anti-Submarine Warfare Continuous Trail Unmanned Vessel (ACTUV), it's designed to do exactly that: track stealth submarines from the surface, quietly and autonomously. "The 132-foot-long, 140-ton ACTUV is being built by Leidos at the Vigor Shipyard [formerly Oregon Iron Works] in Clackamas, Ore. The vessel is about 90 percent complete. The hardware of the systems is complete, with software being engineered presently." Using one of these drones would cost "about $15,000 to $20,000 per day, compared with a destroyer that costs about $700,000 per day to operate."

sarahnaomi writes: Ransomware, the devilish family of malware that locks down a victim's files until he or she coughs up a hefty bounty, may soon be coming to Mac. Last week, a Brazilian security researcher produced a proof-of-concept for what appears to be the first ransomware to target Mac operating systems (Mac OS X). On Monday, cybersecurity company Symantec verified the researcher's findings. "Mabouia is the first case of file-based crypto ransomware for OS X, albeit a proof-of-concept," Symantec wrote in a blog post. "It's simple code, I did it in two days," [said] the creator of the malware.

An anonymous reader writes with news that the UK’s Government Communications Headquarters (GCHQ), and its top police counterpart, the National Crime Agency have formed a new unit to take on online crime. Motherboard reports: "'An NCA and GCHQ co-located Joint Operations Cell (JOC) opens officially today,' an NCA press release published Friday reads. 'The unit brings together officers from the two agencies to focus initially on tackling online child sexual exploitation.' This unit has been in the works for some time. Back at the end of 2014, UK Prime Minister David Cameron announced the plan for its formation at We Protect Children Online Global Summit. At the time, he said that 'The so-called "dark-net" is increasingly used by paedophiles to view sickening images. I want them to hear loud and clear: we are shining a light on the web's darkest corners; if you are thinking of offending, there will be nowhere for you to hide.' At the summit, it was said that GCHQ's technical skills would be its contribution to the unit. But the JOC won't just focus on child pornography cases. GCHQ Director Robert Hannigan said in the recent release that, on top of child exploitation, 'The Joint Operations Cell will increase our ability to identify and stop serious criminals."

citadrianne writes: New antibiotics are generated naturally over time by bacteria, as weapons in their ongoing chemical warfare against other microbes. Predicting where and when they can be found relies mostly on good fortune and following a hunch. Scientist Brian Murphy's hunch is that the bacteria which live on freshwater sponges could be a hive of new chemicals. "We don’t know a huge amount about these species," he said. "But the only way to find out if there’s anything there is by actually diving down there and carving them off with a knife." But even if these sponges yield the antibiotics of the future, there are seemingly endless roadblocks that prevent us from actually using them to cure disease. "We've discovered six antibiotics in the recent past," Professor William Fenical said. "Of those, three to four have serious potential as far as we know, including anthramycin. But we have no way to develop them. There are no companies in the United States that care. They're happy to sell existing antibiotics, but they're not interested in researching and developing new ones."

merbs writes: The vast majority of websites you visit are sending your data to third-party sources, usually without your permission or knowledge. That's not exactly breaking news, but the sheer scale and ubiquity of that leakage might be. Tim Libert, a privacy researcher, has published new peer-reviewed research that sought to quantify all the "privacy compromising mechanisms" on the one million most popular websites worldwide. His conclusion? "Findings indicate that nearly 9 in 10 websites leak user data to parties of which the user is likely unaware."

citadrianne writes: Jay Radcliffe is a security researcher with diabetes. In 2011, he gave a talk at Black Hat, showing how his personal insulin pump could be hacked—with potentially deadly consequences. As a result of his 2011 presentation, he worked with the Department of Homeland Security and the Food and Drug Administration to address security vulnerabilities in insulin pumps. "The specific technical details of that research have never been published in order to protect patients using those devices," he wrote in his testimony to the Librarian of Congress and the U.S. Copyright Office. Every three years, the Librarian of Congress puts a whole bunch of people through a twisted bureaucratic process called DMCA (Digital Millennium Copyright Act) rulemaking. Technically speaking, DMCA rulemaking doesn't make things illegal or legal per se, but many people—like Jay Radcliffe—look to the rulemaking for a green light to do their work.

derekmead writes: A national security think tank just ran a two-day war game designed to explore the different ways that drones could be used for tactical and strategic effect in a conflict. The participants engaged in 12 different scenarios and "debated the efficacy of using drones as airborne improvised explosive devices, or as a way to harass an adversary’s air force."

The summit sought to address whether shooting down a drone might escalate tensions between countries or whether drones changed the character of a conflict by giving actors capabilities they didn't have before. As more and more state and non-state actors acquire drones, the war game illustrated how drones could be used in creative ways to further political or military objectives (PDF).

citadrianne writes with news that security startup Zerodium has just paid a group of hackers $1 million for finding a remote jailbreak of an iPhone running iOS 9. Vice reports: "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities. The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple's mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants app with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message. This essentially meant that a participant needed to find a series, or a chain, of unknown zero-day bugs."

An anonymous reader writes: On Tuesday, Slashdot users learned that a man in Alabama sold a lunar rover prototype for scrap metal. We now learn that the junkyard owner has saved this important piece of scientific history. The man claims that, upon receiving the prototype at his scrap facility, he set it aside because he knew exactly what it was.

Jason Koebler writes: An Alabama man allowed an Apollo-era lunar rover prototype to rot in his backyard before ultimately selling it to a junkyard for scrap metal last year, according to documents acquired from NASA as part of a Freedom of Information Act request. NASA spent much of 2014 attempting to acquire the priceless artifact for display in a museum, but it was ultimately destroyed before the agency could recover it.

derekmead writes: The Federal Communications Commission voted Thursday to crack down on exorbitant prison phone rates, in a landmark victory for criminal justice reform advocates who have long criticized what they call abusive and predatory practices by phone companies. The new FCC rules cap the cost of prison phone calls at 11 cents a minute for debit or prepaid calls in state and federal prisons, and reduce the cost of most inmate calls from $2.96 to $1.65 for a 15-minute in-state call, and from $3.15 to $1.65 for a 15-minute long distance call. The new policy also cracks down on excessive service fees and so-called "flat-rate calling," in which inmates are charged a flat rate for a call up to 15 minutes regardless of the actual call duration.

New submitter lesincompetent writes: Security researchers have found severe flaws in the encryption methods used in certain hard drives from Western Digital. Quoting the abstract should be enough to show how dire the situation is: "We will describe the security model of these devices and show several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials." The paper by Alendal, Kison and modg is available here in PDF format.

citadrianne writes with an excerpt from Motherboard about some of the factors behind the long-decried security problems that surround medical hardware, and that will only become more pressing as some long-term treatments become both more portable (in the form of drug pumps, muscle stimulators, etc), more connected to sensors and controllers, and more dependent on software. There is a growing body of research that shows just how defenseless many critical medical devices are to cyberattack. Research over the last couple of years has revealed that hundreds of medical devices use hard-coded passwords. Other devices use default admin passwords, then warn hospitals in the documentation not to change them. A big part of the problem is there are no regulations requiring medical devices to meet minimum cybersecurity standards before going to market. The FDA has issued formal guidelines, but these guidelines "do not establish legally enforceable responsibilities." "In theory you could sell a bunch of medical devices without ever having gone through a security review," the well-known independent medical device security researcher Billy Rios told Motherboard.

sarahnaomi writes: An entomologist has decided to use eBay to auction off the naming rights for a newly-discovered species of moth. When a new species is discovered, the honor of naming it goes to whoever found it. However, Eric H. Metzler, an entomologist from the Wedge Entomological Foundation, decided to ask Western National Parks Association—who funded some of his research—to start an online auction and take the proceeds. “It’s getting harder and harder to get funding to do this research because it’s not seen as a priority in the way it used to be, even though it’s fundamental to our understanding of biodiversity,” says Paolo Viscardi, a curator at University College London’s Grant Museum. “Any mechanism where you can raise more funds to continue your work is taken—so I guess [auctioning of the naming rights] is another way to fund your research.”

citadrianne writes: Deep beneath the Antarctic ice sheet, sensors buried in a billion tons of ice—a cubic kilometer of frozen H2O—are searching for neutrinos. "We collect...one neutrino from the atmosphere every ~10 minutes that we sort of care about, and one neutrino per month that comes from an astrophysical sources that we care about a very great deal," researcher Nathan Whitehorn said. "Each particle interaction takes about 4 microseconds, so we have to sift through data to find the 50 microseconds a year of data we actually care about." Computing facilities manager Gonzalo Merino added, "If the filtered data from the Pole amounts to ~36TB/year, the processed data amounts to near 100TB/year." Because IceCube can't see satellites in geosynchronous orbit from the pole, internet coverage only lasts for six hours a day, Whitehorn explained. The raw data is stored on tape at the pole, and a 400-core cluster makes a first pass at the data to cut it down to around 100GB/day. A 4000-CPU dedicated local cluster crunches the numbers. Their storage system has to handle typical loads of "1-5GB/sec of sustained transfer levels, with thousands of connections in parallel," Merino explained.

derekmead writes: A coalition of 260 cybersecurity experts is taking advantage of a Federal Communications Commission (FCC) public comment period to push for open source Wi-Fi router firmware.

The cybersecurity experts asked the FCC on Wednesday to require router makers to open-source their firmware, or the basic software that controls its core functionality, as a condition for it being licensed for use in the US. The request comes amid a wider debate on how the FCC should ensure that Wi-Fi routers' wireless signals don't "go outside stated regulatory rules" and cause harmful interference to other devices like cordless phones, radar, and satellite dishes.

derekmead writes: In this excerpt from the recently published The Red Web, Andrei Soldatov and Irina Borogan describe how the Kremlin has been trying to rewrite the rules for the internet to make it "secure" as it is understood by Russia's secret services. "Vladimir Putin was certain that all things in the world—including the internet—existed with a hierarchical, vertical structure. He was also certain that the internet must have someone controlling it at the top. He viewed the United States with suspicion, thinking the Americans ruled the web and that it was a CIA project. Putin wanted to end that supremacy. Just as he attempted to change the rules inside Russia, so too did he attempt to change them for the world. The goal was to make other countries, especially the United States, accept Russia's right to control the internet within its borders, to censor or suppress it completely if the information circulated online in any way threatened Putin's hold on power."

An anonymous reader writes with this Vice profile of Robert Vicino, founder and CEO of survival prep company The Vivos Group. For a prepaid $35,000 entry fee, you may take shelter in one of his luxury bomb shelters when civilization collapses. "Those who make it their business to equip themselves for a civilization-ending mega-disaster—a.k.a. 'preppers'—are sometimes stereotyped as wild-eyed tinfoil hat wearers who live outside of society, but Robert Vicino caters to survivalists whose fears are backed up by money. The San Diego businessman is gunning to be the vanguard of a multibillion-dollar industry. If we're to follow the entrepreneur's logic, the rich don't live on the same scale as ordinary people in today's society—why should that change after the end of the world?"

An anonymous reader writes: A Russian man that calls himself "Alister Maclin" has been disrupting the Bitcoin network for over a week, creating duplicate transactions, and annoying users. According to Bitcoin experts, the attack was not dangerous and is the equivalent of "spam" on the Bitcoin blockchain servers, known in the industry as a "malleability attack," creating duplicate transactions, but not affecting Bitcoin funds. Maclin recently gave an interview to Vice.

Mickeycaskill writes: Jimmy Wales has said government leaders are "too late" to ban encryption which authorities say is thwarting attempts to protect the public from terrorism and other threats. The Wikipedia founder said any attempt would be "a moronic, very stupid thing to do" and predicted all major web traffic would be encrypted soon. Wikipedia itself has moved towards SSL encryption so all of its users' browsing habits cannot be spied on by intelligence agencies or governments. Indeed, he said the efforts by the likes of the NSA and GCHQ to spy on individuals have actually made it harder to implement mass-surveillance programs because of the public backlash against Edward Snowden's revelations and increased awareness of privacy. Wales also reiterated that his site would never co-operate with the Chinese government on the censorship of Wikipedia. "We've taken a strong stand that access to knowledge is a principle human right," he said. derekmead writes with news that Michael Hayden, the former head of the CIA and the NSA, thinks the US government should stop railing against encryption and should support strong crypto rather than asking for backdoors. The US is "better served by stronger encryption, rather than baking in weaker encryption," he said during a panel on Tuesday.

merbs writes: If all goes according to plan, the world's first private lunar mission will be launched just two years from now. SpaceIL, an Israeli nonprofit, has secured a launch contract with Spaceflight Industries, and will aim to land a rover on the moon in the second half of 2017. It's the first such launch contract to be verified by the $30 million Google Lunar XPrize competition. Another group called Moon Express has signed a deal with New Zealand-based company, Rocket Lab, to launch and put a lander on the lunar surface 2017.