New Vampire Battery Technology Draws Energy Directly From Human Body

According to a research paper published earlier this month, the supercapacitor is made up by a device called a “harvester” that operates by using the body’s heat and movements to extract electrical charges from ions found in human body fluids, such as blood, serum, or urine.

As electrodes, the harvester uses a carbon nanomaterial called graphene, layered with modified human proteins. The electrodes collect energy from the human body, relay it to the harvester, which then stores it for later use.

Because graphene sheets can be drawn in sheets as thin as a few atoms, this allows for the creation of utra-thin supercapacitors that could be used as alternatives to classic batteries.

For example, the bio-friendly supercapacitors researchers created are thinner than a human hair, and are also flexible, moving and twisting with the human body.
[…]
Researchers argue that implantable medical devices using their supercapacitor could last a lifetime, and remove the need for patients to go through operations at regular periods to replace batteries, one of the main causes of complications with implantable medical devices.

Currently, the supercapacitor looks primed to be deployed with pacemakers, but researchers hope their technology could be used with other devices that stimulate other organs, such as the brain, the stomach, or the bladder.

Source: New Battery Technology Draws Energy Directly From Human Body

Code.gov – US government open source repo

Code.gov is a platform designed to improve access to the federal government’s custom-developed software.

Source: Code.gov

The US Government is committing to open source in a big way. This is where to find it.

Netgear ‘fixes’ Nighthawk router by adding phone-home features that record your IP and MAC address

Netgear NightHawk R7000 users who ran last week’s firmware upgrade need to check their settings, because the company added a remote data collection feature to the units.

A sharp-eyed user posted the T&Cs change to Slashdot.

Netgear lumps the slurp as routine diagnostic data.

“Such data may include information regarding the router’s running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network.”

Much of this is probably benign, but posters to the Slashdot thread were concerned about IP address and MAC address being collected by the company.

The good news is that you can turn it off: the instructions are here.

Source: Netgear ‘fixes’ router by adding phone-home features that record your IP and MAC address

Arctic stronghold of world’s seeds flooded after permafrost melts

No seeds were lost but the ability of the rock vault to provide failsafe protection against all disasters is now threatened by climate change

Source: Arctic stronghold of world’s seeds flooded after permafrost melts

because global warming isn’t happening. NOT.

Lib Dems pledge to end ‘Orwellian’ snooping powers in manifesto

The Liberal Democrats have pledged to end the “Orwellian nightmare” of mass-snooping powers in the Investigatory Powers Act ahead of their manifesto launch.

They will propose to roll back state surveillance powers by ending the indiscriminate bulk collection of communications data and internet connection records.

The party also committed to fighting Conservative attempts to undermine encryption, which it warned will put people’s online security at risk.

It comes as a recent leaked draft document from the Home Office has revealed that government aims to be able to access anyone’s communications within 24 hours and to bring an end to encrypted messages under the recently passed Investigatory Powers Bill.

Under the plans, companies would be legally required to introduce a backdoor to their systems so authorities can read all correspondence if required.

Source: Lib Dems pledge to end ‘Orwellian’ snooping powers in manifesto

Finally someone who cares!

1.9 million Bell customer email addresses stolen by ‘anonymous hacker’

Bell is apologizing to its customers after 1.9 million email addresses and approximately 1,700 names and phone numbers were stolen from a company database.

The information appears to have been posted online, but the company could not confirm the leaked data was one and the same.

Bell, the country’s largest telecommunications company, attributed the incident to “an anonymous hacker,” and says it is working with the RCMP to investigate the breach.

“There is no indication that any financial, password or other sensitive personal information was accessed,” the company wrote in a statement. Bell said the incident was unrelated to the massive spike in ransomware infections that affected an estimated 200,000 computers in more than 150 countries late last week.

Source: 1.9 million Bell customer email addresses stolen by ‘anonymous hacker’

Google AI has access to 1.6m NHS patients data – without permission

The document – a data-sharing agreement between Google-owned artificial intelligence company DeepMind and the Royal Free NHS Trust – gives the clearest picture yet of what the company is doing and what sensitive data it now has access to.

The agreement gives DeepMind access to a wide range of healthcare data on the 1.6 million patients who pass through three London hospitals run by the Royal Free NHS Trust – Barnet, Chase Farm and the Royal Free – each year. This will include information about people who are HIV-positive, for instance, as well as details of drug overdoses and abortions. The agreement also includes access to patient data from the last five years.

Source: Revealed: Google AI has access to huge haul of NHS patient data | New Scientist

It goes beyond belief that this much patient data is given (sold?) to a commercial entity by the NHS without agreement from the people involved.

Bloke charged under UK terror law for refusing to cough up passwords without cause

British police have charged a man under antiterror laws after he refused to hand over his phone and laptop passwords.

Muhammad Rabbani, international director of CAGE, was arrested at Heathrow in November after declining to unlock his devices, claiming they contained confidential testimony describing torture in Afghanistan as well as information on high-ranking officials. CAGE positions itself as a non-profit organization that represents and supports families affected by the West’s TWAT (aka The War Against Terror).

On Wednesday this week, he was charged under Schedule 7 of the Terrorism Act 2000: specifically, he is accused of obstructing or hampering an investigation by refusing to cough up his login details.

“On 20 November 2016, at Heathrow Airport, he did willfully obstruct, or sought to frustrate, an examination or search under Schedule 7 of the Terrorism Act 2000, contrary to paragraph 18(1)(c) of that Schedule,” London’s Metropolitan Police alleged. “He is due to appear in Westminster Magistrates’ Court on 20 June.”

If found guilty, Rabbani could face up to three months in prison and a fine of £2,500 (US$3,242). He has said he will fight the case and is hopeful of winning. He claims he has been stopped under Schedule 7 about 20 times and has always refused to hand over his passwords. However, it appears that the Met is now ready to test this case in court, so formal charges have been brought.
[…]
What makes Schedule 7 rather tricksy is that no evidence is required to pull someone over for questioning under the law. Usually, Brit officers must have at least reasonable suspicion of a crime before collaring a suspect, but under these antiterror rules, they can hold and quiz people for up to nine hours with no evidence at all.

Source: Bloke charged under UK terror law for refusing to cough up passwords

Welcome to the Brexit concentration camp

Banking association calls for end of ‘screen-scraping’

The European Banking Federation (EBF) has asked the EU Commission to support a ban on “screen scraping”.

Screen-scraping services, seen as a first-generation direct access technology, allow third parties to access bank accounts on a client’s behalf using the client’s access credentials.

The Revised Directive on Payment Services (PSD2) introduces a general security upgrade for third-party access to a client’s data.

Earlier this month, 65 European fintech firms made their opposition to this known, stating in a manifesto (PDF) that “[T]he only functioning technology used for bank-independent [payment initiation services] and [account information services] must not be foreclosed.”

Privacy of client data, cybersecurity and innovation are all at risk if European Banking Authority (EBA) standards are dismissed and screen scraping continues, the EBF argues.

The proposal requires banks to opt for either creating a “dedicated interface” that lets third parties access bank accounts on behalf of clients, or to upgrade their client interface. The EBF wants to see PSD2 delivered within the framework of (EBA) standards and the end of screen-scraping.

The European Commission appears to be willing to go against the EBA advice and allow screen-scraping to continue.

Source: Banking association calls for end of ‘screen-scraping’

Then there is some ridiculous analogy to putting a diesel engine on an aircraft. Having to recode your fintech software to PSD2 – which may be incomplete and missing important functionality – is expensive and thus weeds out the crop of fintech companies. In my experience it’s usually better for customers to have large amounts of competing products than to be locked into a mono- or duopoly.

Real-Time User-Guided Image Colorization with Learned Deep Priors within minutes

We train on a million images, with simulated user inputs. To guide the user towards efficient input selection, the system recommends likely colors based on the input image and current user inputs. The colorization is performed in a single feed-forward pass, enabling real-time use. Even with randomly simulated user inputs, we show that the proposed system helps novice users quickly create realistic colorizations, and show large improvements in colorization quality with just a minute of use.

Source: Real-Time User-Guided Image Colorization with Learned Deep Priors. In SIGGRAPH, 2017.

Tesla factory workers reveal pain, injury and stress: ‘Everything feels like the future but us’

Ambulances have been called more than 100 times since 2014 for workers experiencing fainting spells, dizziness, seizures, abnormal breathing and chest pains, according to incident reports obtained by the Guardian. Hundreds more were called for injuries and other medical issues.
[…]
However, some Tesla workers argue the company’s treatment of injured workers discourages them from reporting their injuries. If workers are assigned to “light duty” work because of an injury, they are paid a lower wage as well as supplemental benefits from workers’ compensation insurance, a practice that Tesla said was in line with other employers and California law. Tesla said some injured employees are also able to undertake “modified work” on regular pay.

“I went from making $22 an hour to $10 an hour,” said a production worker, who injured his back twice while working at Tesla. “It kind of forces people to go back to work.”

Source: Tesla factory workers reveal pain, injury and stress: ‘Everything feels like the future but us’ | Technology | The Guardian

Uber Doesn’t Want You to See This Document About Its Vast Data Surveillance System

The ever-expanding operations of Uber are defined by two interlocking and zealously guarded sets of information: the things the world-dominating ride-hailing company knows about you, and the things it doesn’t want you to know about it. Both kinds of secrets have been in play in the Superior Court of California in San Francisco, as Ward Spangenberg, a former forensic investigator for Uber, has pursued a wrongful-termination lawsuit against the company.

Source: Uber Doesn’t Want You to See This Document About Its Vast Data Surveillance System

It’s a good rundown on the Uber stories and privacy invasions that have been happening recently.

Font sharing site DaFont has been hacked, exposing 699,464 accounts

A popular font sharing site DaFont.com has been hacked, exposing the site’s entire database of user accounts.Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his nameA popular font sharing site DaFont.com has been hacked, exposing the site’s entire database of user accounts.

Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his name.

The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site’s main database also contains the site’s forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site’s forums.

The hacker told ZDNet that he carried out his attack after he saw that others had also purportedly stolen the site’s database.

“I heard the database was getting traded around so I decided to dump it myself — like I always do,” the hacker told me. Asked about his motivations, he said it was “mainly just for the challenge [and] training my pentest skills.” He told me that he exploited a union-based SQL injection vulnerability in the site’s software, a flaw he said was “easy to find.

Source: Font sharing site DaFont has been hacked, exposing thousands of accounts | ZDNet

And why is it not mandatory to show what encryption scheme will be used to store your account details?!

Ubuntu: Guest session processes are not confined in 16.10

Processes launched under a lightdm guest session are not confined by the /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10, Ubuntu 17.04, and Ubuntu Artful (current dev release). The processes are unconfined.

The simple test case is to log into a guest session, launch a terminal with ctrl-alt-t, and run the following command:

$ cat /proc/self/attr/current

Expected output, as seen in Ubuntu 16.04 LTS, is:

/usr/lib/lightdm/lightdm-guest-session (enforce)

Running the command inside of an Ubuntu 16.10 and newer guest session results in:

unconfined

Source: Bug #1663157 “Guest session processes are not confined in 16.10 …” : Bugs : lightdm package : Ubuntu

World’s thinnest hologram paves path to new 3D world – RMIT University

Now a pioneering team led by RMIT University’s Distinguished Professor Min Gu has designed a nano-hologram that is simple to make, can be seen without 3D goggles and is 1000 times thinner than a human hair.

“Conventional computer-generated holograms are too big for electronic devices but our ultrathin hologram overcomes those size barriers,” Gu said.

“Our nano-hologram is also fabricated using a simple and fast direct laser writing system, which makes our design suitable for large-scale uses and mass manufacture.

“Integrating holography into everyday electronics would make screen size irrelevant – a pop-up 3D hologram can display a wealth of data that doesn’t neatly fit on a phone or watch.
[…]
Dr Zengji Yue, who co-authored the paper with BIT’s Gaolei Xue, said: “The next stage for this research will be developing a rigid thin film that could be laid onto an LCD screen to enable 3D holographic display.

“This involves shrinking our nano-hologram’s pixel size, making it at least 10 times smaller.

“But beyond that, we are looking to create flexible and elastic thin films that could be used on a whole range of surfaces, opening up the horizons of holographic applications.”

Source: World’s thinnest hologram paves path to new 3D world – RMIT University

Wells Fargo fake accounts scandal appears far bigger than previously thought, attorneys say, may have opened 3.5 million accounts without customer consent

AN FRANCISCO — Wells Fargo may have opened as many as 3.5 million bogus bank accounts without its customers’ permission, attorneys for customers suing the bank have alleged in a court filing, suggesting the bank may have created far more fake accounts than previously indicated.

The plaintiffs’ new estimate of bogus bank accounts is about 1.4 million, or 67 percent, higher than the original estimate — disclosed last year as part of a settlement with regulators — that up to 2.1 million accounts were opened without customers’ permission.

In estimating the higher number of fake accounts, the plaintiffs’ attorneys examined a much longer time period than regulators and the bank had previously addressed, they said in court documents. The attorneys covered a period from 2002 to 2017, rather than the previously scrutinized five-year stretch from 2011 to some time in 2016 in which the bank acknowledged setting up unauthorized accounts. Scrutiny of bank employees’ activity during that five-year period led to the settlement last September, which required the bank to pay $185 million in fines.

Source: Wells Fargo fake accounts scandal appears far bigger than previously thought, attorneys say

What a world we live in – and the banks were too big to fail? Too corrupt to, I think.

Huge Trove of Confidential Medical Records Discovered on Unsecured Server Accessible to Anyone

At least tens of thousands, if not millions of medical records of New York patients were until recently readily accessible online to just about anyone who knew how to look.

Patient demographic information, social security numbers, records of medical diagnoses and treatments, along with a plethora of other highly-sensitive records were left completely undefended by a medical IT company based in Louisville, Kentucky. The files, which belong to at least tens of thousands of patients, originate from Bronx-Lebanon Hospital Center in New York.

In a statement provided to Gizmodo—and published by NBC News Wednesday night—Bronx Lebanon said that a server containing its patients’ data had been the “target of an unauthorized hack by a third party,” attributing that assessment to the hospital’s vendor, iHealth Solutions. The hospital added that iHealth had taken immediate steps to protect the data, and that both parties were “cooperating fully with law enforcement agents.” iHealth Solutions did not respond to request for comment.

However, according to Kromtech Security Center, a German security software development firm, the leak was not the result of a malicious hacker infiltrating the Bronx Lebanon server. Instead, the firm’s analysis showed that the data was left unprotected on a backup storage device, without a password, accessible to anyone online. It also appears likely that the data was not protected by an active firewall, exposing an untold number of patients to crimes such identity theft and blackmail.
[…]
In March, Kromtech reported that more than 400,000 audio recordings of telemarketing calls had been exposed online, including many in which customers provided sensitive information, such as credit card details. A month before, the researchers helped secure the personal data of nearly 25,000 California sheet metal workers. Before that, it was a Missouri sheriff’s office, which had inadvertently leaked audio recordings of police informants of victims involved in crimes as serious as child molestation.

Source: Huge Trove of Confidential Medical Records Discovered on Unsecured Server Accessible to Anyone

Secure rsync, people!

For now, GNU GPL is an enforceable contract, says US federal judge • The Register

A question mark over whether the GNU GPL – the widely used free-software license – is enforceable as a contract may have been resolved by a US federal judge.

In a California district court, Judge Jacqueline Scott Corley refused [PDF] to accept what has been an uncomfortable legal precedent for the past decade. She ruled that the GNU General Public License – the GNU GPL – is an enforceable legal contract even though it is not actually signed.

Source: For now, GNU GPL is an enforceable contract, says US federal judge • The Register

‘Accidental Hero’ Finds Kill Switch To Stop Wana Decrypt0r Ransomware

“An ‘accidental hero’ has halted the global spread of the WannaCry ransomware that has wreaked havoc on organizations…” writes The Guardian. An anonymous reader quotes their report:
A cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and implemented a “kill switch” in the malicious software that was based on a cyber-weapon stolen from the NSA. The kill switch was hardcoded into the malware in case the creator wanted to stop it from spreading. This involved a very long nonsensical domain name that the malware makes a request to — just as if it was looking up any website — and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. Of course, this relies on the creator of the malware registering the specific domain. In this case, the creator failed to do this. And @malwaretechblog did early Friday morning (Pacific Time), stopping the rapid proliferation of the ransomware.

You can read their first-person account of the discovery here, which insists that registering the domain “was not a whim. My job is to look for ways we can track and potentially stop botnets…” Friday they also tweeted a map from the New York Times showing that registering that domain provided more time for U.S. sites to patch their systems. And Friday night they added “IP addresses from our [DNS] sinkhole have been sent to FBI and ShadowServer so affected organizations should get a notification soon. Patch ASAP.”

UPDATE: Slashdot reader Lauren Weinstein says some antivirus services (and firewalls incorporating their rules) are mistakenly blocking that site as a ‘bad domain’, which allows the malware to continue spreading. “Your systems MUST be able to access the domain above if this malware blocking trigger is to be effective, according to the current reports that I’m receiving!”

slashdot

Keylogger Found in Audio Driver of HP Laptops

The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user’s keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.

Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today.
Keylogger found in preinstalled audio driver

According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier.

This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).

This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file “monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys.”

This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at:

C:\users\public\MicTray.log

Audio driver also exposes keystrokes in real-time via local API

If the file doesn’t exist or a registry key containing this file’s path does not exist or was corrupted, the audio driver will pass all keystrokes to a local API, named the OutputDebugString API.

Source: Keylogger Found in Audio Driver of HP Laptops

Cloudflare goes berserk on next-gen patent troll Blackbird, vows to utterly destroy it using prior-art bounties

Rather than a corporation that hires outside lawyers to pursue infringement claims, Blackbird is a small law firm strapped to a war chest of patents. It is an all-in-one form-filling, claim-filing robot. It has no extra baggage and no expensive legal bills to pay, making it a rather lean and mean machine.

“In the past, patent trolls had to hire lawyers and law firms,” Prince said. “These guys do away with it entirely and have the owner be a law firm themselves.”

Because Blackbird is owned by the attorneys who pursue its cases, Prince explained, they are able to file lawsuits without having to worry about lawyer fees. This, he said, allows them to scoop up patents on the cheap and fire off multiple “lottery ticket” infringement claims for nothing more than the court filing fees. It allows for a machine-gun attack on companies, with patent infringement claims the bullets.

“This is a unique case. They pose an amplified risk to innovative companies everywhere,” Prince said. “You can see by the volume of the lawsuits they filed, they have optimized patent trolling to a level that can inflict maximum damage.”

Now, instead of just fighting to invalidate the single patent in their case, Cloudflare is backing a campaign to have all of Blackbird’s patent holdings – roughly 70 of them – declared invalid for future litigation.

To achieve this, Cloudflare has ring-fenced $50,000 in bounties for prior-art proof to challenge Blackbird’s holdings. Of that prize pot, $20,000 will pay those who find prior art on the ‘335 patent, and $30,000 for other patents.

In addition, Prince says Cloudflare plans to file with the state bar associations in Illinois and Massachusetts, where Blackbird’s principal attorneys reside, alleging that by owning the patents they litigate, Blackbird lawyers are committing clear ethical violations

Source: Cloudflare goes berserk on next-gen patent troll, vows to utterly destroy it using prior-art bounties

DEATH TO PATENTS!

Avast blocks the entire internet – again

“Non tech savvy users will have issues reporting or getting the problem fixed,” he explained. “To regain web access you have to disable Web Shield or disable Avast or uninstall Avast. To fix the issue you have to do a clean install of the latest version of software.”

It’s unclear how widespread the problem is. Avast’s PR reps have acknowledged our requests for comment but are yet to supply a substantive response.

All HTTP requests are blocked from all applications including Windows Update. “TCP connections are established but no HTTP request is sent,” according to Michael S.

Source: Avast blocks the entire internet – again

Another IoT botnet has been found feasting on 120k vulnerable IP cameras

Persirai targets more than a thousand different internet protocol camera models. Researchers at Trend Micro warn that 120,000 web-connected cameras are vulnerable to the malware.

Consumers would, in most cases, be unaware that their devices are even exposed to the internet much less at risk of compromise. Hackers are using a known but seldom patched vulnerability to hack the cameras.

Source: Another IoT botnet has been found feasting on vulnerable IP cameras

Macron defeats Russian hackers and puts leakers at a disadvantage

Emmanuel Macron’s digital team responded to cyberattacks with a “cyber-blurring” strategy that involved fake email accounts loaded with false documents.
[…]
“We created false accounts, with false content, as traps. We did this massively, to create the obligation for them to verify, to determine whether it was a real account,” Mr. Mahjoubi said. “I don’t think we prevented them. We just slowed them down,” he said. “Even if it made them lose one minute, we’re happy,” he said.
[…]
But he did note that in the mishmash that constituted the Friday dump, there were some authentic documents, some phony documents of the hackers’ own manufacture, some stolen documents from various companies, and some false emails created by the campaign.

Source: Hackers Came, but the French Were Prepared

What this does – which is more important – is it puts the onus on the leakers / hackers to verify the contents of their data, which is a big deal, as this is hard to do and time consuming. As soon as any doubt is seeded on the authenticity on even one of the documents in a leaked trove, the whole of the trove massively loses value.

Well this is awkward. As Microsoft was bragging about Office at Build, Office 365 went down

TITSUP: Total Inability To Stand Up Products

Loads of people reported that, at around 1245 PT, access to the service went out. Microsoft confirmed shortly after it was having problems, and said it was looking into the matter. Subscribers in New York, Denver, Texas, and Portland, in the US, were, for example, unable to access the service.

We are investigating a problem affecting access to Office 365, and we will post an update as soon as we have more info.
— Office 365 Status (@Office365Status) May 10, 2017

Monitoring site Downdetector was crammed with reports of outages from both coasts of the US and major cities as users reported the cloud-connected Office service to be inaccessible.
[…]
we notice they tweeted that as of 1338 PT, sign-in issues are being resolved

Source: Well this is awkward. As Microsoft was bragging about Office at Build, Office 365 went down

The problem with the Cloud

 
Skip to toolbar