By msmash from Slashdot's closer-look department
schwit1 shares a report: Researchers have used a neural network to generate artificial fingerprints that work as a "master key" for biometric identification systems and prove fake fingerprints can be created. According to a paper [PDF] presented at a security conference in Los Angeles, the artificially generated fingerprints, dubbed "DeepMasterPrints" by the researchers from New York University, were able to imitate more than one in five fingerprints in a biometric system that should only have an error rate of one in a thousand.
The researchers, led by NYU's Philip Bontrager, say that "the underlying method is likely to have broad applications in fingerprint security as well as fingerprint synthesis." As with much security research, demonstrating flaws in existing authentication systems is considered to be an important part of developing more secure replacements in the future. In order to work, the DeepMasterPrints take advantage of two properties of fingerprint-based authentication systems. The first is that, for ergonomic reasons, most fingerprint readers do not read the entire finger at once, instead imaging whichever part of the finger touches the scanner.Read Replies (0)
By msmash from Slashdot's closer-look department
schwit1 shares a report: Every F-35 squadron, no matter the country, has a 13-server ALIS package that is connected to the worldwide ALIS network. Individual jets send logistical data back to their nation's Central Point of Entry, which then passes it on to Lockheed's central server hub in Fort Worth, Texas. In fact, ALIS sends back so much data that some countries are worried it could give away too much information about their F-35 operations. Another networking system is the Joint Reprogramming Enterprise, or JRE. The JRE maintains a shared library of potential adversary sensors and weapon systems that is distributed to the worldwide F-35 fleet. For example, the JRE will seek out and share information on enemy radar and electronic warfare signals so that individual air forces will not have to track down the information themselves. This allows countries with the F-35 to tailor the mission around anticipated threats -- and fly one step ahead of them.
Although the networks have serious cybersecurity protections, they will undoubtedly be targets for hackers in times of peace, and war. Hackers might try to bring down the networks entirely, snarling the worldwide logistics system and even endangering the ability of individual aircraft to get much-needed spare parts. Alternately, it might be possible to compromise the integrity of the ALIS data -- by, say, reporting a worldwide shortage of F-35 engines. Hackers could conceivably introduce bad data in the JRE that could compromise the safety of a mission, shortening the range of a weapon system so that a pilot thinks she is safely outside the engagement zone when she is most certainly not. Even the F-35 simulators that train pilots could conceivably leak data to an adversary. Flight simulators are programmed to mirror flying a real aircraft as much as possible, so data retrieved from a simulator will closely follow the data from a real F-35.Read Replies (0)
By msmash from Slashdot's new-hardware-news department
Raspberry Pi has introduced a new version of one of its most popular models just in time to stuff your stocking: the Model A+. And this time around, it's even more attractive. From a report: The Raspberry Pi 3 Model A+ costs $25, $5 more than the previous generation, but has a lot more going for it. Just like the top-of-the-line Model B+, the new Model A+ has a 1.4GHz 64-bit quad-core processor, and you'll also get dual-band Wi-Fi (2.4GHz + 5 GHz), a feature that was missing from the previous A+. And you'll have to use it, since the A+ doesn't have an Ethernet port. It does, however, have Bluetooth 4.2 on board. For $10 less than the $35 Model B+, you'll also only get a single USB port (versus four on the B+) as well as 512MB of RAM (versus 1GB on the B+). But otherwise, the devices are identical, with a full-size HDMI port, CSI camera port, DSI display port, stereo output and composite video port, and a micro SD port. The Raspberry Pi 3 Model A+ isn't the cheapest Pi model available -- the Zero costs $5 and the Zero W costs just $10 -- but it rounds out the options nicely. The new model is available now through Raspberry Pi retailers.Read Replies (0)
By msmash from Slashdot's up,-up,-and-away department
SpaceX won permission to deploy more than 7,000 satellites, far more than all operating spacecraft currently aloft, from U.S. regulators who also moved to reduce a growing risk from space debris as skies grow more crowded. From a report: Space Exploration Technologies has two test satellites aloft, and it earlier won permission for a separate set of 4,425 satellites -- which like the 7,518 satellites authorized Thursday are designed to provide broadband communications. It has said it plans to begin launches next year. Space companies riding innovations that include smaller and cheaper satellites -- with some just 4 inches long and weighing only 3 pounds -- are planning fleets that will fly fast and low, offering communications now commonly handled by larger, more expensive satellites. Right now there are fewer than 2,000 operating satellites, and the planned additional space traffic demands vigilance, Federal Communications Commission Chairman Ajit Pai said before the agency voted Thursday on a variety of space-related matters including SpaceX's application, debris rules, and other space matters.Read Replies (0)
By msmash from Slashdot's new-avenues department
A sensor that can spot the wind direction from miles away will let DARPA's surveillance balloons hover at the very edge of space in one spot indefinitely. An anonymous reader writes: DARPA, the US military's research arm, is currently testing a wind sensor that could allow devices in its Adaptable Lighter-Than-Air (ALTA) balloon program to spot wind speed and direction from a great distance and then make the necessary adjustments to stay in one spot. DARPA has been working on ALTA for some time, but its existence was only revealed in September. "By flying higher we hope to take advantage of a larger range of winds," says ALTA project manager Alex Walan. ALTA will operate even higher than Loon at 75,000 to 90,000 feet (22,900 to 27,400 meters or 14 to 17 miles), where the winds are less predictable. That shouldn't be a problem if the balloon can see exactly where the favorable winds are.
The wind sensor, called Strat-OAWL (short for "stratospheric optical autocovariance wind lidar"), is a new version of one originally designed for NASA satellites. Made by Ball Aerospace, OAWL shines pulses of laser light into the air. A small fraction of the beam is reflected back, and the reflected laser light is gathered by a telescope. The wavelength of the reflected light is changed slightly depending on how fast the air it bounced back from is moving, a change known as doppler shift. By analyzing this shift, OAWL can determine the speed and direction of the wind. Unlike other wind sensors, OAWL looks in two directions at once, giving a better indication of wind speed and direction.Read Replies (0)
By msmash from Slashdot's elephant-in-the-room department
What do Heartbleed, WannaCry, and million dollar iPhone bugs have in common? From a report: One bug affects iPhones, another affects Windows, and the third affects servers running Linux. At first glance these might seem unrelated, but in reality all three were made possible because the software that was being exploited was written in programming languages which allow a category of errors called "memory unsafety." By allowing these types of vulnerabilities, languages such as C and C++ have facilitated a nearly unending stream of critical computer security vulnerabilities for years.
Imagine you had a program with a list of 10 numbers. What should happen if you asked the list for its 11th element? Most of us would say an error of some sort should occur, and in a memory safe programming language (for example, Python or Java) that's what would happen. In a memory unsafe programming language, it'll look at wherever in memory the 11th element would be (if it existed) and try to access it. Sometimes this will result in a crash, but in many cases you get whatever happens to be at that location in memory, even if that portion of memory has nothing to do with our list. This type of vulnerability is called a "buffer-overflow," and it's one of the most common types of memory unsafety vulnerabilities. HeartBleed, which impacted 17 percent of the secure web servers on the internet, was a buffer-overflow exploit, letting you read 60 kilobytes past the end of a list, including passwords and other users' data.Read Replies (0)
By msmash from Slashdot's closer-look department
An anonymous reader shares a report: Podcasting has offered advertisers a new means of reaching demographically targeted consumers. Many podcasts feature extended endorsements, read by the host, that often include a discount code for a product or service. For listeners accustomed to a separation between advertising and editorial, the blurring of lines can be disconcerting (or embarrassing, such as when podcast hosts like Joe Rogan and Tim Ferriss expound on how much they enjoy wearing Me Undies). For advertisers that have spent heavily on podcasts, like the omnipresent Casper and Blue Apron, the effectiveness of such campaigns can be measured in increased sales. A representative for Blue Apron, which has launched its own branded podcast, "Why We Eat What We Eat," in addition to advertising on hundreds of shows, told me, "We view podcasts less as an advertising channel and more as a content channel to win new customers and engage existing customers."
Podcast advertising remains a relatively new science. Producers and advertisers can instantly tabulate how many times a show has been downloaded, but it's harder to ascertain how many people have listened to the whole thing. A commercial marketplace puts pressure on podcasters to create content that can attract millions of listeners, which does not necessarily make for the strongest, or most subtle, content. Linsky, with some frustration, noted that it doesn't matter much to an advertiser if a podcast takes an hour to record or months to report; all that matters is whether it attracts a lot of listeners. New ways of monetizing podcasts are being explored, including a paid-subscription model; apps such as Stitcher Premium offer ad-free listening and bonus episodes.Read Replies (0)
By msmash from Slashdot's emerging-markets department
YouTube is about to crown a new king. T-Series, one of India's largest record labels, will become the most-subscribed channel on the world's most popular video site in the next couple weeks. At the beginning of the year, the company had 30 million fans, fewer than half of the following for No. 1 PewDiePie, the Swedish video-game geek and jokester whose real name is Felix Kjellberg. From a report: The company's ascent has shocked the tight-knit community of online personalities, prompting some to rally behind PewDiePie and delay T-Series' ascent. While claiming the most subscribers on YouTube is largely a symbolic achievement, and the company already has the most monthly views, the end of PewDiePie's five-year reign is a watershed moment that reflects important changes as internet use gets more global.
More than half of the 10 most popular channels on YouTube in terms of monthly views are from outside the U.S., and many of them belong to professional media companies. YouTube's previous champions have been young, male amateurs like the video blogger Ray William Johnson and comedy duo Smosh. But after years as a mostly Western site for pranks and cat clips, the Google-owned company has lured most of the world's largest media giants to the site, blurring the line between professional and amateur. Further reading: Who Rules YouTube? Swift? Bieber? Nope. It's T-Series, a Record Label in India.Read Replies (0)
By msmash from Slashdot's your-rights-be-damned department
The "fatherland card," already used by the government to track voting, worries many in Venezuela and beyond. From a report: In April 2008, former Venezuelan President Hugo Chavez dispatched Justice Ministry officials to visit counterparts in the Chinese technology hub of Shenzhen. Their mission, according to a member of the Venezuela delegation, was to learn the workings of China's national identity card program. Chavez, a decade into his self-styled socialist revolution, wanted help to provide ID credentials to the millions of Venezuelans who still lacked basic documentation needed for tasks like voting or opening a bank account. Once in Shenzhen, though, the Venezuelans realized a card could do far more than just identify the recipient.
There, at the headquarters of Chinese telecom giant ZTE Corp, they learned how China, using smart cards, was developing a system that would help Beijing track social, political and economic behavior. Using vast databases to store information gathered with the card's use, a government could monitor everything from a citizen's personal finances to medical history and voting activity. "What we saw in China changed everything," said the member of the Venezuelan delegation, technical advisor Anthony Daquin. His initial amazement, he said, gradually turned to fear that such a system could lead to abuses of privacy by Venezuela's government. "They were looking to have citizen control."
< article continued at Slashdot's your-rights-be-damned department
>Read Replies (0)
By msmash from Slashdot's how-about-that department
Futurepower(R) shares a report: A lot of people don't use computers. Most of them aren't in charge of a nation's cybersecurity. But one is. Japanese lawmakers were aghast on Wednesday when Yoshitaka Sakurada, 68, the minister who heads the government's cybersecurity office, said during questioning in Parliament that he had no need for the devices, and appeared confused when asked basic technology questions. "I have been independently running my own business since I was 25 years old," he said. When computer use is necessary, he said, "I order my employees or secretaries" to do it. [Editor's note: the link may be paywalled; alternative source.] "I don't type on a computer," he added.
Asked by a lawmaker if nuclear power plants allowed the use of USB drives, a common technology widely considered to be a security risk, Mr. Sakurada did not seem to understand what they were. "I don't know details well," he said. "So how about having an expert answer your question if necessary, how's that?" The comments were immediately criticized. "I can't believe that a person who never used a computer is in charge of cybersecurity measures," said Masato Imai, an opposition lawmaker.Read Replies (0)
By BeauHD from Slashdot's executive-order department
A new report from the New York Times sheds some light on what happened inside Facebook last year as the company was fighting numerous scandals, including Russian interference and the Cambridge Analytica scandal in March. In addition to reportedly hiring a public relations firm to write dozens of articles critical of rivals Google and Apple, the social media company ordered Facebook executives to use Android phones, after Apple CEO Tim Cook criticized the company in an MSNBC interview for being a service that traffics "in your personal life." According to the report, the order came from Facebook CEO Mark Zuckerberg. The Verge reports: In those comments made back in March, Cook dismissed a question asking him what he would do if he were in Zuckerberg's shoes dealing with the fallout from the Cambridge Analytica scandal by saying, "I wouldn't be in this situation." Zuckerberg soon after retorted in an interview with Recode that he found Cook's comments to be "extremely glib," and that "I think it's important that we don't all get Stockholm syndrome and let the companies that work hard to charge you more convince you that they actually care more about you. Because that sounds ridiculous to me." While it's not clear how Cook's aggressive comments directly provoked Zuckerberg into issuing his Android-only order, it's still a rational decision to make Americans use Android. Android is the dominant operating system in many regions outside of the U.S., including South America, Europe, Russia, South Asia, and parts of the Middle East.Read Replies (0)
By BeauHD from Slashdot's heads-up department
< article continued at Slashdot's heads-up department
>Read Replies (0)
By BeauHD from Slashdot's lost-and-found department
An anonymous reader quotes a report from Gizmodo: An unusually large asteroid crater measuring 19 miles wide has been discovered under a continental ice sheet in Greenland. Roughly the size of Paris, it's now among the 25 biggest asteroid craters on Earth. An iron-rich asteroid measuring nearly a kilometer wide (0.6 miles) struck Greenland's ice-covered surface at some point between 3 million and 12,000 years ago, according to a new study published today in Science Advances. The impact would've flung horrific amounts of water vapor and debris into the atmosphere, while sending torrents of meltwater into the North Atlantic -- events that likely triggered global cooling (a phenomenon sometimes referred to as a nuclear or volcanic winter). Over time, however, the gaping hole was obscured by a 1,000-meter-tall (3,200-foot) layer of ice, where it remained hidden for thousands of years. Remarkably, the crater was discovered quite by chance -- and it's now the first large crater to be discovered beneath a continental ice sheet.Read Replies (0)
By BeauHD from Slashdot's public-service-announcement department
A new study has found that more than half of the top free mobile VPN returned by Play Store and App Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy. "Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal. ZDNet reports: The researcher says he analyzed the top 20 free VPN apps that appear in searches for VPN apps on the Google and Apple mobile app stores, for both the US and UK locales. He says that 17 of the 30 apps he analyzed (10 apps appeared on both stores) had formal links to China, either being a legally registered Chinese entity or by having Chinese ownership, based on business registration and shareholder information Migliano shared with ZDNet.
By BeauHD from Slashdot's return-to-sender department
Mark Zuckerberg is "not able" to attend a joint disinformation hearing in London, Facebook says. "In a letter to the UK's Digital, Culture, Media and Sport Committee, the company declined to say why Zuckerberg couldn't attend, but said it remains 'happy to cooperate' with the inquiry," reports CNET. "The letter also laid out some of the efforts Facebook has made over the last year in areas like fighting fake news and striving for transparency in political ads." From the report: Damian Collins, chair of the committee, is leading the charge and noted that the social network's response is "hugely disappointing." "The fact that he has continually declined to give evidence, not just to my committee, but now to an unprecedented international grand committee, makes him look like he's got something to hide," he said in an emailed statement."
Facebook declined the initial invitation from the British and Canadian politicians in October, prompting them to send another with additional signatures from their Argentinian, Australian and Irish counterparts. This came after Zuckerberg turned down a spring invitation to give evidence to the UK Parliament about Facebook's role in the Cambridge Analytica data scandal, since he'd already answered questions from the European Union's Parliament and the U.S. Congress.Read Replies (0)