By msmash from Slashdot's please-pick-us department
Louise Matsakis, reporting for Motherboard: Amazon announced earlier this month that it was looking to build a second headquarters outside Seattle, where more than 40,000 of the company's more than 380,000 employees currently work. The tech giant is searching for a locale with at least a million people, a diverse population, and excellent schools, among other qualifications. It gave municipalities six weeks -- until October 19 -- to submit a proposal to be chosen. Local governments in more than 100 American and Canadian cities, including places like San Diego, Chicago, Dallas, and Detroit, quickly scrambled to outline why they should be home to Amazon's new corporate office, which is expected to employ up to 50,000 workers. The mayor of Washington D.C., Muriel Bowser, even made a scripted video for Amazon explaining why the capital should be picked. It featured an Echo, Amazon's smart speaker. But experts who have studied Amazon's business practices say having one of the most tax-allergic corporations in the world come to your hometown might not actually be a good thing.Read Replies (0)
By BeauHD from Slashdot's heads-up department
An anonymous reader quotes a report from The Verge: A demonstration video posted by Positive Technologies (and first reported by Forbes) shows how easy it is to hack into a bitcoin wallet by intercepting text messages in transit. The group targeted a Coinbase account protected by two-factor authentication, which was registered to a Gmail account also protected by two-factor. By exploiting known flaws in the cell network, the group was able to intercept all text messages sent to the number for a set period of time. That was enough to reset the password to the Gmail account and then take control of the Coinbase wallet. All the group needed was the name, surname and phone number of the targeted Bitcoin user. These were security researchers rather than criminals, so they didn't actually steal anyone's bitcoin, although that would have been an easy step to take. At a glance, this looks like a Coinbase vulnerability, but the real weakness is in the cellular system itself. Positive Technologies was able to hijack the text messages using its own research tool, which exploits weaknesses in the cellular network to intercept text messages in transit. Known as the SS7 network, that network is shared by every telecom to manage calls and texts between phone numbers. There are a number of known SS7 vulnerabilities, and while access to the SS7 network is theoretically restricted to telecom companies, hijacking services are frequently available on criminal marketplaces. The report notes of several ways you can protect yourself from this sort of attack: "On some services, you can revoke the option for SMS two-factor and account recovery entirely, which you should do as soon as you've got a more secure app-based method established. Google, for instance, will let you manage two-factor and account recovery here and here; just set up Authenticator or a recovery code, then go to the SMS option for each and click 'Remove Phone.'"Read Replies (0)
By BeauHD from Slashdot's caught-red-handed department
Researchers caught the bacteria Mycoplasma hyorhinis hiding out among cancer cells, thwarting chemotherapy drugs intended to treat the tumors they reside in. The findings have been published this week in Science. Ars Technica reports: Drug resistance among cancers is a "foremost challenge," according to the study's authors, led by Ravid Straussman at the Weizmann Institute of Science. Yet the new data suggest that certain types of drug-resistant cancers could be defeated with a simple dollop of antibiotics alongside a chemotherapy regimen. Dr. Straussman and his colleagues got a hunch to look for the bacteria after noticing that, when they grew certain types of human cancer cells together in lab, the cells all became more resistant to a chemotherapy drug called gemcitabine. This is a drug used to treat pancreatic, lung, breast, and bladder cancers and is often sold under the brand name Gemzar. The researchers suspected that some of the cells may secrete a drug-busting molecule. So they tried filtering the cell cultures to see if they could catch it. Instead, they found that the cell cultures lost their resistance after their liquid broth passed through a pretty large filter -- 0.45 micrometers. This would catch large particles -- like bacteria -- but not small molecules, as the researchers were expecting.
Looking closer, the researchers noticed that some of their cancer cells were contaminated with M. hyorhinis. And these bacteria could metabolize gemcitabine, rendering the drug useless. When the researchers transplanted treatable cancer cells into the flanks of mice -- some with and some without M. hyorhinis -- the bacteria-toting tumors were resistant to gemcitabine treatment.Read Replies (0)
By BeauHD from Slashdot's deep-breath department
An anonymous reader quotes a report from Phys.Org: Emissions from diesel cars rigged to appear eco-friendly may be responsible for 5,000 air pollution deaths per year in Europe alone, according to a study published on Monday. The numbers are in line with previous assessments of deaths due to the so-called "Dieselgate" scandal, which erupted when carmaker Volkswagen admitted in 2015 to cheating on vehicle emissions tests. Many other carmakers have since fallen under suspicion. The researchers from Norway, Austria, Sweden and the Netherlands calculated that about 10,000 deaths in Europe per year can be attributed to small particle pollution from light duty diesel vehicles (LDDVs). Almost half of these would have been avoided if emissions of nitrogen oxides (NOx) from diesel cars on the road had matched levels measured in the lab. If diesel cars emitted as little NOx as petrol ones, almost 4,000 of the 5,000 premature deaths would have been avoided, said the authors. The countries with the heaviest burden are Italy, Germany, and France, the team added, "resulting from their large populations and high share of diesel cars in their national fleets." Touted as less polluting, the share of diesel cars in Europe rose fast compared to petrol since the 1990s, and now comprise about half the fleet. There are more than 100 million diesel cars in Europe today, twice as many as in the rest of the world together, said the study authors. Diesel engines emit less planet-warming carbon dioxide than petrol ones, but significantly more NOx. The study has been published in the journal Environmental Research Letters.Read Replies (0)
By BeauHD from Slashdot's easy-as-1-2-3 department
sciencehabit shares a report from Science Magazine: The Equifax breach is reason for concern, of course, but if a hacker wants to access your online data by simply guessing your password, you're probably toast in less than an hour. Now, there's more bad news: Scientists have harnessed the power of artificial intelligence (AI) to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles. Researchers at Stevens Institute of Technology in Hoboken, New Jersey, started with a so-called generative adversarial network, or GAN, which comprises two artificial neural networks. A "generator" attempts to produce artificial outputs (like images) that resemble real examples (actual photos), while a "discriminator" tries to detect real from fake. They help refine each other until the generator becomes a skilled counterfeiter. The Stevens team created a GAN it called PassGAN and compared it with two versions of hashCat and one version of John the Ripper. The scientists fed each tool tens of millions of leaked passwords from a gaming site called RockYou, and asked them to generate hundreds of millions of new passwords on their own. Then they counted how many of these new passwords matched a set of leaked passwords from LinkedIn, as a measure of how successful they'd be at cracking them. On its own, PassGAN generated 12% of the passwords in the LinkedIn set, whereas its three competitors generated between 6% and 23%. But the best performance came from combining PassGAN and hashCat. Together, they were able to crack 27% of passwords in the LinkedIn set, the researchers reported this month in a draft paper posted on arXiv. Even failed passwords from PassGAN seemed pretty realistic: saddracula, santazone, coolarse18.Read Replies (0)
By BeauHD from Slashdot's earlier-than-expected department
Bloomberg is reporting that Equifax, the credit reporting company that recently reported a cybersecurity incident impacting roughly 143 million U.S. consumers, learned about a breach of its computer systems in March -- almost five months before the date it has publicly disclosed. The company said the March breach was unrelated to the recent hack involving millions of U.S. consumers, but one of the people familiar with the situation said the breaches involve the same intruders. From the report: Equifax hired the security firm Mandiant on both occasions and may have believed it had the initial breach under control, only to have to bring the investigators back when it detected suspicious activity again on July 29, two of the people said. Equifax's hiring of Mandiant the first time was unrelated to the July 29 incident, the company spokesperson said. The revelation of a March breach will complicate the company's efforts to explain a series of unusual stock sales by Equifax executives. If it's shown that those executives did so with the knowledge that either or both breaches could damage the company, they could be vulnerable to charges of insider trading. The U.S. Justice Department has opened a criminal investigation into the stock sales, according to people familiar with the probe.
In early March, they said, Equifax began notifying a small number of outsiders and banking customers that it had suffered a breach and was bringing in a security firm to help investigate. The company's outside counsel, Atlanta-based law firm King & Spalding, first engaged Mandiant at about that time. While it's not clear how long the Mandiant and Equifax security teams conducted that probe, one person said there are indications it began to wrap up in May. Equifax has yet to disclose that March breach to the public.Read Replies (0)