By BeauHD from Slashdot's search-and-destroy department
An anonymous reader quotes a report from The New York Times: In weekly online posts last year, WikiLeaks released a stolen archive of secret documents about the Central Intelligence Agency's hacking operations, including software exploits designed to take over iPhones and turn smart television sets into surveillance devices. It was the largest loss of classified documents in the agency's history and a huge embarrassment for C.I.A. officials. Now, The New York Times has learned the identity of the prime suspect in the breach (Warning: source may be paywalled; alternative source): a 29-year-old former C.I.A. software engineer who had designed malware used to break into the computers of terrorism suspects and other targets.
F.B.I. agents searched the Manhattan apartment of the suspect, Joshua A. Schulte, one week after WikiLeaks released the first of the C.I.A. documents in March last year, and then stopped him from flying to Mexico on vacation, taking his passport, according to court records and family members. The search warrant application said Mr. Schulte was suspected of "distribution of national defense information," and agents told the court they had retrieved "N.S.A. and C.I.A. paperwork" in addition to a computer, tablet, phone and other electronics. But instead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with possessing child pornography, saying agents had found the material on a server he created as a business in 2009 while he was a student at the University of Texas.Read Replies (0)
By msmash from Slashdot's alien-alien-alien department
A NASA probe that explored Jupiter's moon Europa flew through a giant plume of water vapour that erupted from the icy surface and reached a hundred miles high, according to a fresh analysis of the spacecraft's data. An anonymous reader shares a The Guardian report: The discovery has cemented the view among some scientists that the Jovian moon, one of four first spotted by the Italian astronomer Galileo Galilei in 1610, is the most promising place in the solar system to hunt for alien life. If such geysers are common on Europa, NASA and European Space Agency (ESA) missions that are already in the pipeline could fly through and look for signs of life in the brine, which comes from a vast subsurface ocean containing twice as much water as all the oceans on Earth. NASA's Galileo spacecraft spent eight years in orbit around Jupiter and made its closest pass over Europa, a moon about the size of our own, on 16 December 1997. As the probe dropped beneath an altitude of 250 miles, its sensors twitched with unexpected signals that scientists were unable to explain at the time. Now, in a new study, the researchers describe how they went back to the Galileo data after grainy images beamed home from the Hubble space telescope in 2016 showed what appeared to be plumes of water blasting from Europa's surface.Read Replies (0)
By msmash from Slashdot's privacy-woes department
Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before. ZDNet: In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart. The story blew up because a former police sheriff snooped on phone location data without a warrant, according The New York Times. The sheriff has pleaded not guilty to charges of unlawful surveillance. Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said. Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.Read Replies (0)
By msmash from Slashdot's closer-look department
Last week, an app on the Ubuntu Snap Store caused a stir when it was found to be riddled with a script that is programmed to mine cryptocurrency, a phenomenon whose traces has been found in several popular application stores in the recent months. Canonical promptly pulled the app from the store, but offered little explanation at the time. On Tuesday, Ubuntu-maker addressed the matter in detail. From a report: The big question is whether or not this is really malware. Canonical also pondered this and says the following. "The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself. That perspective was indeed taken by the publisher in question here, who informed us that the goal was to monetize software published under licenses that allow it, unaware of the social or technical consequences," the company wrote in a blog post. "The publisher offered to stop doing that once contacted. Of course, it is misleading if there is no indication of the secondary purpose of the application. That's in fact why the application was taken down in the store. There are no rules against mining cryptocurrencies, but misleading users is a problem," it added. Unfortunately, Canonical concedes that it simply doesn't have the resources to review all code submitted to the Snap Store. Instead, it puts the onus on the user to do their due diligence by investigating the developer before deciding to trust them.Read Replies (0)
By BeauHD from Slashdot's can-you-hear-me-now department
An anonymous reader quotes a report from Engadget: In December of 2017, the office of U.S. Senator Richard Blumenthal sent Google's CEO a letter asking for a detailed explanation of the company's privacy practices around location services. Based on a report at Quartz, the senator's letter had 12 specific questions about how Google deals with location data. In January, Google responded to all of the issues in a lengthy letter signed by Google's VP of public policy, Susan Molinari. Now, apparently unsatisfied with the response, Senators Blumenthal and Edward J. Markey have sent a written request to the FTC to investigate Google's location services, along with "any deceptive acts and practices associated with the product."
While Google's initial response refuted many of the claims made by Quartz, and explained again and again how Google and Android handles sensitive location data, the letter to the FTC again uses the report as its main basis. The crux of the new letter appears to be this: "Google has an intimate understanding or personal lives as they watch their users seek the support of reproductive health services, engage in civic activities or attend places of religious worship," wrote the senators. All it takes to expose users to data collection, say the letter's authors, is to allow an "ambiguously described feature" once and then it is silently enabled across all signed-in devices without an expiration date.Read Replies (0)
By BeauHD from Slashdot's trouble-maker department
schwit1 quotes a report from Bloomberg: A judge scolded Facebook for misconstruing his own rulings as he ordered the company to face a high-stakes trial accusing it of violating user privacy. The social media giant has misinterpreted prior court orders by continuing to assert the "faulty proposition" that users can't win their lawsuit under an Illinois biometric privacy law without proving an "actual injury," U.S. District Judge James Donato said in a ruling Monday. Likewise, the company's argument that it's immune from having to pay a minimum of $1,000, and as much as $5,000, for each violation of the law is "not a sound proposition," he said. Under the Illinois Biometric Information Privacy Act, the damages in play at a jury trial set for July 9 in San Francisco could easily reach into the billions of dollars for the millions of users whose photos were allegedly scanned without consent. Apart from his concerns about the "troubling theme" in Facebook's legal arguments, Donato ruled a trial must go forward because there are multiple factual issues in dispute, including a sharp disagreement over how the company's photo-tagging software processes human faces.Read Replies (0)
By BeauHD from Slashdot's too-good-to-be-true department
An anonymous reader quotes a report from CNET: Notches, it seems, are the new black. Originally seen -- and often criticized -- on the Essential PH-1 and iPhone X in 2017, the trend of adding notches to Android phones has only accelerated this year as phone makers look to maximize the screen size. But the Lenovo Z5 is going the other way: It's truly all-screen, and notch-free. At least, that's according to a sketch shared last Friday by Lenovo VP Chang Cheng on Weibo, a Twitter-like platform in China. Cheng's teaser post says (according to Google Translate) that the Lenovo Z5 is the company's new flagship phone. Besides that, the post leaves it pretty vague.
All-screen phones look cool, but they challenge the manufacturer to find a place to put front cameras, sensors and other hardware. That's why we see bezels on some phones and notches on others. It's not clear what Lenovo plans to do with the front camera on the Lenovo Z5. Cheng's post claims that "four technological breakthroughs" and "18 patented technologies" were made for the phone, but doesn't go into details. One of the first smartphones to launch with an edge-to-edge display was the Xiaomi Mi Mix. It launched with next to no bezel or notch, leaving many to wonder where the earpiece would be. What Xiaomi managed to do was use what it calls "cantilever piezoelectric ceramic acoustic technology." Basically, it's a component that converts electrical energy into mechanical energy to transfer to the phone's internal metal frame, which then vibrates to create sound. It's possible the Z5 relies on a similar technology, or bone conduction technology found in many headphones and some smartphones.
< article continued at Slashdot's too-good-to-be-true department
>Read Replies (0)
By BeauHD from Slashdot's western-vs-eastern-medicine department
"According to The New York Times, the state of California is funding an experiment through The Ceres Community Project to test the influence of a healthy diet on the recovery of state Medicaid patients with long-term serious illnesses," writes Slashdot reader MonteCarloMethod. From the report: Over the next three years, researchers from the University of California, San Francisco, and Stanford will assess whether providing 1,000 patients who have congestive heart failure or Type 2 diabetes with a healthier diet and nutrition education affects hospital readmissions and referrals to long-term care, compared with 4,000 similar Medi-Cal patients who don't get the food.
The California study will build on more modest and less rigorous earlier research. A study in Philadelphia by the Metropolitan Area Neighborhood Nutrition Alliance retroactively compared health insurance claims for 65 chronically ill Medicaid patients who received six months' of medically tailored meals with a control group. The patients who got the food racked up about $12,000 less a month in medical expenses. Another small study by researchers at U.C.S.F. tracked patients with H.I.V. and Type 2 diabetes who got special meals for six months to see if it would positively affect their health. The researchers found they were less depressed, less likely to make trade-offs between food and health care, and more likely to stick with their medications.Read Replies (0)
By BeauHD from Slashdot's not-my-cup-of-tea department
With Google recently rolling out a big revamp of Gmail to mixed reviews, we would like to know which email client you prefer. Are you a firm believe in the "inbox zero" idea -- that is, the approach to email management aimed at keeping the inbox empty, or almost empty, at all times? If you're looking for inspiration, Ars Technica recently published an article highlighting several different email clients used by the editors of the site: Are you the sort of person who needs to read and file every email they get? Or do you delight in seeing an email client icon proudly warning of hundreds or even thousands of unread items? For some, keeping one's email inbox with no unread items is more than just a good idea: it's a way of life, indicating control over the 21st century and its notion of productivity. For others, it's a manifestation of an obsessively compulsive mind. The two camps, and the mindsets behind them, have been a frequent topic of conversation here in the Ars Orbiting HQ. And rather than just argue with each other on Slack, we decided to collate our thoughts about the whole "inbox zero" idea and how, for those who adhere to it, that happens. Some of the clients floated by the editors include: Webmail, Airmail 3, Readdle's Spark, Edison Mail, Sparrow, Inbox by Gmail, and MailSpring.Read Replies (0)
By BeauHD from Slashdot's first-of-its-kind department
hackingbear writes from a report via Xinhua: Chinese scientists demonstrated the first two-dimensional quantum walks of single photons in real spatial space, which may provide a powerful platform to boost analog quantum computing. Scientists at Shanghai Jiaotong University reported in a paper published in the journal Science Advances a three-dimensional photonic chip with a scale up to 49x49 nodes, by using a technique called femtosecond direct writing. Universal quantum computers, under develop by IBM, Google, Alibaba and other American and Chinese rivals, are far from being feasible before error correction and full connections between the increasing numbers of qubits could be realized. In contrast, analog quantum computers, or quantum simulators, can be built in a straightforward way to solve practical problems directly without error correction, and potentially be able to beat the computational power of classical computers in the near future.Read Replies (0)
By BeauHD from Slashdot's epic-fail department
An anonymous reader quotes a report from Wired: The ubiquitous email encryption schemes PGP and S/MIME are vulnerable to attack, according to a group of German and Belgian researchers who posted their findings on Monday. The weakness could allow a hacker to expose plaintext versions of encrypted messages -- a nightmare scenario for users who rely on encrypted email to protect their privacy, security, and safety. The weakness, dubbed eFail, emerges when an attacker who has already managed to intercept your encrypted emails manipulates how the message will process its HTML elements, like images and multimedia styling. When the recipient gets the altered message and their email client -- like Outlook or Apple Mail -- decrypts it, the email program will also load the external multimedia components through the maliciously altered channel, allowing the attacker to grab the plaintext of the message.
The eFail attack requires hackers to have a high level of access in the first place that, in itself, is difficult to achieve. They need to already be able to intercept encrypted messages, before they begin waylaying messages to alter them. PGP is a classic end-to-end encryption scheme that has been a go-to for secure consumer email since the late 1990s because of the free, open-source standard known as OpenPGP. But the whole point of doing the extra work to keep data encrypted from the time it leaves the sender to the time it displays for the receiver is to reduce the risk of access attacks -- even if someone can tap into your encrypted messages, the data will still be unreadable. eFail is an example of these secondary protections failing.Read Replies (0)