Security

Cyber Firms Warn on Suspected Russian Plan To Attack Ukraine (reuters.com) 69

Jim Finkle, reporting for Reuters: Cisco Systems on Wednesday warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with highly sophisticated malicious software, possibly in preparation for another massive cyber attack on Ukraine. Cisco's Talos cyber intelligence unit said it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, because the hacking software shares code with malware used in previous cyber attacks that the U.S. government has attributed to Moscow. Cisco said the malware could be used for espionage, to interfere with internet communications or launch destructive attacks on Ukraine, which has previously blamed Russia for massive hacks that took out parts of its energy grid and shuttered factories. Head of Ukraine's cyber police said on Wednesday that the agency is aware of new large malware campaign, and that it is working to protect Ukraine against possible new cyber threat.
Data Storage

Scientists Transfer Memory Between Snails (scientificamerican.com) 92

An anonymous reader quotes a report from Scientific American: UCLA neuroscientists reported Monday that they have transferred a memory from one animal to another via injections of RNA, a startling result that challenges the widely held view of where and how memories are stored in the brain. The finding from the lab of David Glanzman hints at the potential for new RNA-based treatments to one day restore lost memories and, if correct, could shake up the field of memory and learning. The researchers extracted RNA from the nervous systems of snails that had been shocked and injected the material into unshocked snails. RNA's primary role is to serve as a messenger inside cells, carrying protein-making instructions from its cousin DNA. But when this RNA was injected, these naive snails withdrew their siphons for extended periods of time after a soft touch. Control snails that received injections of RNA from snails that had not received shocks did not withdraw their siphons for as long.

Glanzman's group went further, showing that Aplysia sensory neurons in Petri dishes were more excitable, as they tend to be after being shocked, if they were exposed to RNA from shocked snails. Exposure to RNA from snails that had never been shocked did not cause the cells to become more excitable. The results, said Glanzman, suggest that memories may be stored within the nucleus of neurons, where RNA is synthesized and can act on DNA to turn genes on and off. He said he thought memory storage involved these epigenetic changes -- changes in the activity of genes and not in the DNA sequences that make up those genes -- that are mediated by RNA. This view challenges the widely held notion that memories are stored by enhancing synaptic connections between neurons. Rather, Glanzman sees synaptic changes that occur during memory formation as flowing from the information that the RNA is carrying.
The study has been published in the journal eNeuro.
Security

RedDawn Android Malware Is Harvesting Personal Data of North Korean Defectors (theinquirer.net) 21

According to security company McAfee, North Korea uploaded three spying apps to the Google Play Store in January that contained hidden functions designed to steal personal photos, contact lists, text messages, and device information from the phones they were installed on. "Two of the apps purported to be security utilities, while a third provided information about food ingredients," reports The Inquirer. All three of the apps were part of a campaign dubbed "RedDawn" and targeted primarily North Korean defectors. From the report: The apps were promoted to particular targets via Facebook, McAfee claims. However, it adds that the malware was not the work of the well-known Lazarus Group, but another North Korean hacking outfit that has been dubbed Sun Team. The apps were called Food Ingredients Info, Fast AppLock and AppLockFree. "Food Ingredients Info and Fast AppLock secretly steal device information and receive commands and additional executable (.dex) files from a cloud control server. We believe that these apps are multi-staged, with several components."

"AppLockFree is part of the reconnaissance stage, we believe, setting the foundation for the next stage unlike the other two apps. The malwares were spread to friends, asking them to install the apps and offer feedback via a Facebook account with a fake profile promoted Food Ingredients Info," according to McAfee security researcher Jaewon Min. "After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including additional plug-in dex files; this is a similar tactic to earlier Sun Team attacks. From these cloud storage sites, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs. Furthermore, the email addresses of the new malware's developer are identical to the earlier email addresses associated with the Sun Team."

Government

Cops Will Soon ID You Via Your Roof Rack (arstechnica.com) 98

An anonymous reader quotes a report from Ars Technica: On Tuesday, one of the largest license plate reader (LPR) manufacturers, ELSAG, announced a major upgrade to "allow investigators to search by color, seven body types, 34 makes, and nine visual descriptors in addition to the standard plate number, location, and time." Such a vast expansion of the tech now means that evading such scans will be even more difficult.

"Using advanced computer vision software, ELSAG ALPR data can now be processed to include the vehicle's make, type -- sedan, SUV, hatchback, pickup, minivan, van, box truck -- and general color -- red, blue, green, white and yellow," ELSAG continued. "The solution actively recognizes the 34 most-common vehicle brands on US roads." Plus, the company says, the software is now able to visually identity things like a "roof rack, spare tire, bumper sticker, or a ride-sharing company decal."

Power

Tesla Unveils New Large Powerpack Project For Grid Balancing In Europe (electrek.co) 99

Tesla has unveiled a new large Powerpack energy storage project to be used as a virtual power plant for grid balancing in Europe. It consists of 140 Powerpacks and several Tesla inverters for a total power output of 18.2 MW. Electrek reports: Tesla partnered with Restore, a demand response aggregator, to build the system and offer balancing services to European transmission system operators. Instead of using gas generators and steam turbines kicking to compensate for losses of power on the grid, Tesla's batteries are charged when there's excess power and then discharge when there's a need for more power.

Restore UK Vice President Louis Burford told The Energyst that they are bundling their assets like batteries as a "synthetic pool": "By creating synthetic pools or portfolios, you reduce the technical requirements on individual assets that otherwise would not be able to participate [in certain balancing services]. By doing so you create value where it does not ordinarily exist. That is only achievable through synthetic portfolios."
For those interested, Tesla has released promo video on YouTube about the project.
Crime

Suspect Identified In CIA 'Vault 7' Leak (nytimes.com) 106

An anonymous reader quotes a report from The New York Times: In weekly online posts last year, WikiLeaks released a stolen archive of secret documents about the Central Intelligence Agency's hacking operations, including software exploits designed to take over iPhones and turn smart television sets into surveillance devices. It was the largest loss of classified documents in the agency's history and a huge embarrassment for C.I.A. officials. Now, The New York Times has learned the identity of the prime suspect in the breach (Warning: source may be paywalled; alternative source): a 29-year-old former C.I.A. software engineer who had designed malware used to break into the computers of terrorism suspects and other targets.

F.B.I. agents searched the Manhattan apartment of the suspect, Joshua A. Schulte, one week after WikiLeaks released the first of the C.I.A. documents in March last year, and then stopped him from flying to Mexico on vacation, taking his passport, according to court records and family members. The search warrant application said Mr. Schulte was suspected of "distribution of national defense information," and agents told the court they had retrieved "N.S.A. and C.I.A. paperwork" in addition to a computer, tablet, phone and other electronics. But instead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with possessing child pornography, saying agents had found the material on a server he created as a business in 2009 while he was a student at the University of Texas.

Google

Google Will Make Its Paid Storage Plans Cheaper (theverge.com) 69

An anonymous reader shares a report:Google is rolling out new changes to its storage plans that include a new, low-cost storage plan and half off the price of its 2TB storage option, the company announced today. It's also converting all Google Drive paid storage plans to Google One, perhaps in part because you'll now have one-tap access to Google's live customer service.

Google One will get a new $2.99 a month option that gets you 200GB of storage. The 2TB plan, which usually costs $19.99 per month, will now cost $9.99 a month. Finally, the 1TB plan that costs $9.99 a month is getting removed. The other plans for 10, 20, or 30TB won't see any changes.

Power

Days After A Fiery Crash, a Tesla's Battery Keeps Reigniting (mercurynews.com) 302

An anonymous reader quotes the Mercury News Six days after a fiery crash on Highway 101 involving a Tesla Model X took the life of a 38-year-old San Mateo man, the car's high-voltage lithium-ion battery re-ignited while sitting in a tow yard, according to the Mountain View Fire Department... The battery reignited twice in the storage yard within a day of the accident and again six days later on March 29. Two weeks later, in an effort to avoid more fires, the NTSB and Tesla performed a battery draw down to fully de-energize it...

On the company website, Tesla wrote "the reason this crash was so severe is that the crash attenuator, a highway safety barrier which is designed to reduce the impact into a concrete lane divider, had either been removed or crushed in a prior accident without being replaced. We have never seen this level of damage to a Model X in any other crash"... Tesla also reported that the vehicle's autopilot function was active at the time of the crash...

The National Transportation Safety Board is investigating the Highway 101 crash and three other accidents also involving Teslas, including a fiery 2014 Model S crash Tuesday in Florida that killed two teenagers. Also under investigation: A Model S crashed into a fire truck near Culver City in January, and the driver reportedly said Autopilot was engaged at the time. And it is looking into a battery fire of a Model X that drove into a home's garage in Lake Forest in August.

Two hours after that story was published, a Tesla smashed into a Starbucks in Los Gatos, California.
IBM

IBM Bans Staff From Using Removable Storage Devices (theregister.co.uk) 167

An anonymous reader shares a report: In an advisory to employees, IBM global chief Information security officer Shamla Naidoo said the company "is expanding the practise of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive)." The advisory stated some pockets of IBM have had this policy for a while, but "over the next few weeks we are implementing this policy worldwide." Big Blue's doing this because "the possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimised." IBMers are advised to use Big Blue's preferred sync 'n' share service to move data around.
Data Storage

Engineers Devise a Technique To Fight Counterfeit or Recycled Smartphone Memory (ieee.org) 52

Flash is designed to last a decade or more of use. A lot of the gadgets that rely on it, however, are not. Shady recyclers have spotted opportunity in that mismatch, stripping out used chips and selling them as new. But fret not, there is something that can be done to address the issue. From a report: Engineers at the University of Alabama have come up with a straightforward electronic examination that can tell if a flash chip is new or recycled, even if that chip has only seen 5 percent or less of its life. And the technique is so straightforward that a smartphone app could run it on its own memory. [...] A flash memory cell is like an ordinary transistor, it has a source and a drain and a channel through which current flows under the control of voltage on the gate electrode. The difference is that the gate is split into several layers -- the control gate, the blocking oxide, the floating gate, and the tunneling oxide.

[...] Voltage on the control gate causes electrons to tunnel through that bottom oxide and get stuck inside the floating gate. This charge or its absence is the stored bit. It alters how much voltage you need to turn the transistor on in a way that you can easily measure. Erasing the bit is done by reversing the voltage and driving the charge out of the floating gate. Ray and his team took advantage of the rather high voltages -- about plus or minus 20 volts -- needed to program and erase flash. The more you program and erase a cell, the more defects will accumulate in the oxide, he explains.

Bitcoin

Telegram's Billion-Dollar ICO Has Become a Mess (amazon.com) 34

Jon Russell and Mike Butcher from TechCrunch report of the mess that is Telegram's billion-dollar initial coin offering (ICO): Telegram's ICO was supposed to be a record-breaker to develop a platform that brings the decentralized internet to life. Instead, it has become a mess with the tightly controlled fundraising process in disarray as early backers sell their tokens for handsome returns. The company recently canceled the public sale piece of its ICO, the Wall Street Journal reported this week, after it raised $1.7 billion from private sale investors, according to SEC filings. But the issues date back further.

Telegram's grand vision is to build the TON (Telegram Open Network), a blockchain-based platform that extends its messaging app, which counts 200 million active users, into a range of services that include payments, file storage, censorship-proof browsing and decentralized apps hosted on the platform. According to the original whitepaper, the plan was to raise $1.2 billion using both invite-only private investors and an open sale to the public. Telegram later extended the raise to $1.7 billion before it canceled the public sale altogether. That's almost certainly because it had already raised enough money to develop TON without the risk of running into the SEC's ongoing ICO probe by soliciting money from the public. The result is that the ordinary people can't buy Telegram's Gram crypto token until it is released on exchanges. There's currently no timeline for that. But, with massive demand for the messaging app and deep discounts for early backers, a secondary market for buying and selling tokens early has emerged -- with huge returns already realized by some.

Power

California To Become First US State Mandating Solar On New Homes (ocregister.com) 305

OCRegister reports that "The California Energy Commission is scheduled to vote Wednesday, May 9, on new energy standards mandating most new homes have solar panels starting in 2020." From the report: Just 15 percent to 20 percent of new single-family homes built include solar, according to Bob Raymer, technical director for the California Building Industry Association. The proposed new rules would deviate slightly from another much-heralded objective: Requiring all new homes be "net-zero," meaning they would produce enough solar power to offset all electricity and natural gas consumed over the course of a year. New thinking has made that goal obsolete, state officials say. True "zero-net-energy" homes still rely on the electric power grid at night, they explained, a time when more generating plants come online using fossil fuels to generate power. In addition to widespread adoption of solar power, the new provisions include a push to increase battery storage and increase reliance on electricity over natural gas.
Data Storage

How Reliable Are 10TB and 12TB Hard Drives? Backblaze Publishes Q1 2018 Hard Drive Reliability (zdnet.com) 123

Wolfrider writes: Backblaze's hard drive report for the first quarter 2018 makes very interesting reading for anyone who is interested in hard drive performance and reliability. As of March 31, 2018, the company had 100,110 hard drives working for it, made up of 1,922 boot drives and 98,188 data drives, ranging from 3TB WDC WD30EFRX drives all the way up to 10TB and 12TB Seagate ST10000NM0086 and ST12000NM0007 drives, along with 10 Samsung 850 EVO SSDs. [...] The overall Annualized Failure Rate (AFR) for Q1 sat at just 1.2 percent, well below the Q4 2017 AFR of 1.65 percent. Some drives had an AFR of 0 percent (in other words, no drives failed during the period), while the 4TB Seagate ST4000DM000 had the highest AFR of 2.3 percent (out of 30,941 drives the company had in service, 178 failed during the Q1 period).
China

Chinese Government Admits Collection of Deleted WeChat Messages (techcrunch.com) 39

The South China Morning Post reported over the weekend that Chinese authorities have the capability of retrieving deleted messages from the WeChat app. The newspaper noted that an anti-corruption commission in Hefei province posted Saturday to social media that it has "retrieved a series of deleted WeChat conversations from a subject" as part of an investigation. TechCrunch reports: The post was deleted Sunday, but not before many had seen it and understood the ramifications. Tencent, which operates the WeChat service used by nearly a billion people (including myself), explained in a statement that "WeChat does not store any chat histories -- they are only stored on users' phones and computers." The technical details of this storage were not disclosed, but it seems clear from the commission's post that they are accessible in some way to interested authorities, as many have suspected for years. The app does, of course, comply with other government requirements, such as censoring certain topics.
Operating Systems

Ubuntu 18.04 Focuses On Security and AI Improvements (sdtimes.com) 89

Canonical has announced the release of its open-source Linux operating system, Ubuntu 18.04, which features security, multi-cloud, containers, and AI improvements. From a report: "Multi-cloud operations are the new normal," said Mark Shuttleworth, CEO of Canonical and founder of Ubuntu, in a statement. "Boot-time and performance-optimized images of Ubuntu 18.04 LTS on every major public cloud make it the fastest and most efficient OS for cloud computing, especially for storage and compute intensive tasks like machine learning." On-premises and on-cloud AI development within Ubuntu will be improved by the integration of Kubeflow and a range of CI/CD tools into Canonical Kubernetes. Kubeflow is a machine learning library built on Kubernetes.
Microsoft

Microsoft Plans Version of Windows 10 For Devices With Limited Storage (engadget.com) 142

An anonymous reader shares a report: A smaller, more pared down version of Windows 10 was spotted in the latest Redstone 5 preview build. Microsoft is calling it Windows 10 Lean and it's 2GB smaller in size than standard editions of Windows 10 once installed. Missing from this version are the Registry Editor, Internet Explorer, wallpaper, Microsoft Management Console and drivers for CD and DVD drives, and Windows Central notes that the lighter Windows 10 might be designed to ensure tablets and laptops with little internal storage can install Windows 10 feature updates. Additionally, the Redstone 5 preview also features phone-related APIs that support functions like dialing, blocking withheld numbers, video calling, Bluetooth headset support and speakerphone mode, stoking those persistent Andromeda rumors.
Security

Hackers Built a 'Master Key' For Millions of Hotel Rooms (zdnet.com) 126

An anonymous reader writes: Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building. The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms -- as well as garages and storage units. These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel -- such as their room -- and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out.

It turns out these key cards aren't as secure as first thought. F-Secure's Tomi Tuominen and Timo Hirvonen, who carried out the work, said they could create a master key 'basically out of thin air.' Any key card will do. Even old and expired, or discarded keys retain enough residual data to be used in the attack. Using a handheld device running custom software, the researchers can steal data off of a key card -- either using wireless radio-frequency identification (RFID) or the magnetic stripe. That device then manipulates the stolen key data, which identifies the hotel, to produce an access token with the highest level of privileges, effectively serving as a master key to every room in the building.

Windows

E-Waste Innovator Will Go To Jail For Making Windows Restore Disks That Only Worked With Valid Licenses (gizmodo.com) 426

An anonymous reader quotes a report from The Washington Post: California man Eric Lundgren, an electronic waste entrepreneur who produced tens of thousands of Windows restore disks intended to extend the lifespan of aging computers, lost a federal appeals court case in Miami after it ruled "he had infringed Microsoft's products to the tune of $700,000," the Washington Post reported on Tuesday. Per the Post, the appeals court ruled Lundgren's original sentence of 15 months in prison and a $50,000 fine would stay, despite the software being freely available online and only compatible with valid Windows licenses: "The appeals court upheld a federal district judge's ruling that the disks made by Eric Lundgren to restore Microsoft operating systems had a value of $25 apiece, even though they could be downloaded free and could be used only on computers with a valid Microsoft license. The U.S. Court of Appeals for the 11th Circuit initially granted Lundgren an emergency stay of his prison sentence, shortly before he was to surrender, but then affirmed his original 15-month sentence and $50,000 fine without hearing oral argument in a ruling issued April 11." All told, the court valued 28,000 restore disks he produced at $700,000, despite testimony from software expert Glenn Weadock that they were worth essentially zero.
Data Storage

Samsung Announces 970 PRO and 970 EVO NVMe SSDs (anandtech.com) 51

hyperclocker shares a report from AnandTech: Samsung has announced the third generation of their high-end consumer NVMe SSDs. The new 970 PRO and 970 EVO M.2 NVMe SSDs use a newer controller and Samsung's latest 64-layer 3D NAND flash memory. The outgoing 960 PRO and 960 EVO were first announced in September 2016 and shipped that fall, so they have had a fairly long run as Samsung's flagship consumer SSDs. Compared to its predecessor, the 970 EVO promises a small improvement in sequential read speed, and a more substantial boost to sequential write speed for all but the smallest 250GB model. Peak random access performance is also substantially improved, but again the 250GB model gets left out, and is actually rated as slower than the 960 EVO 250GB. The warranty on the EVO has been extended from three years to five years, and the write endurance ratings have been increased by 50% to retain almost the same drive writes per day rating.

The 970 PRO's performance specs aren't too different from the 970 EVO. Many of the ratings are the same, and the ones that differ are mostly better by just 3-11% for the PRO. There are just two major exceptions to this. First, the PRO doesn't rely on SLC write caching so it can maintain its write speed far longer than the EVO. Second, the rated write endurance of the 970 PRO is twice that of the EVO, going from just over 0.3 Drive Writes Per Day to 0.6 DWPD. Neither of these are an important factor for ordinary consumer use cases, but they help the 970 PRO retain some shine as a premium product.

Businesses

SmugMug Buys Flickr, Vows To Revitalize the Photo Service (usatoday.com) 61

On Friday, Silicon Valley photo-sharing and storage company SmugMug announced it had acquired Flickr, the photo-sharing site created in 2004 by Ludicorp and acquired in 2005 by Yahoo. SmugMug CEO Don MacAskill told USA TODAY he's committed to revitalizing the faded social networking site, which hosted photos and videos long before it became trendy. Flickr will reportedly continue to operate separately, and SmugMug and Flickr accounts will "remain separate and independent for the foreseeable future." From the report: He declined to disclose the terms of the deal, which closed this week. "Flickr is an amazing community, full of some of the world's most passionate photographers. It's a fantastic product and a beloved brand, supplying tens of billions of photos to hundreds of millions of people around the world," MacAskill said. "Flickr has survived through thick-and-thin and is core to the entire fabric of the Internet." The surprise deal ends months of uncertainty for Flickr, whose fate had been up in the air since last year when Yahoo was bought by Verizon for $4.5 billion and joined with AOL in Verizon's Oath subsidiary.

Slashdot Top Deals