2018-07-01 00:00:00 ..
2018-08-06 10:42:24 UTC
2018-08-14 11:38:03 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
Another day, another speculative execution-based attack. Data protected by Intel's SGX—data that's meant to be protected even from a malicious or hacked kernel—can be read by an attacker thanks to leaks enabled by speculative execution.
Since publication of the Spectre and Meltdown attacks in January this year, security researchers have been taking a close look at speculative execution and the implications it has for security. All high-speed processors today perform speculative execution: they assume certain things (a register will contain a particular value, a branch will go a particular way) and perform calculations on the basis of those assumptions. It's an important design feature of these chips that's essential to their performance, and it has been for 20 years.
[...] What's in store today? A new Meltdown-inspired attack on Intel's SGX, given the name Foreshadow by the researchers who found it. Two groups of researchers found the vulnerability independently: a team from KU Leuven in Belgium reported it to Intel in early January—just before Meltdown and Spectre went public—and a second team from the University of Michigan, University of Adelaide, and Technion reported it three weeks later.
SGX, standing for Software Guard eXtensions, is a new feature that Intel introduced with its Skylake processors that enables the creation of Trusted Execution Environments (TEEs). TEEs are secure environments where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). SGX is used to create what are called enclaves: secure blocks of memory containing code and data. The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted on being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from outside the enclave should be blocked.
[...] As with many of the other speculative execution issues, a large part of the fix comes in the form of microcode updates, and in this case, the microcode updates are already released and in the wild and have been for some weeks. With the updated microcode, every time the processor leaves execution of an enclave, it also flushes the level 1 cache. With no data in level 1 cache, there's no scope for the L1TF to take effect. Similarly, with the new microcode leaving, management mode flushes the level 1 cache, protecting SMM data.
Submitted via IRC for SoyCow1984
Students are suing a major college admissions test maker for allegedly selling information about their disability statuses with universities, which they say could hurt their chances at getting into schools and impact the rest of their lives.
When students register to take the ACT—a standardized test used for college admissions taken by more than a million high schoolers each year—they answer a barrage of personal questions. As part of this, they are asked to note if they have disabilities that require "special provisions from the educational institution."
The ACT, which is administered by ACT, Inc., is the only real competitor to the College Board's SAT exam. The lawsuit claims that the ACT is selling the data it gleans from those student questionnaires—connected directly to students' individual identities—to colleges, which then use it to make important decisions about admissions and financial aid.
"A lot of students and parents have no idea how these testing agencies, which are gatekeepers to college, are using very sensitive and confidential data in the college admissions process," Jesse Creed, one of the plaintiffs' lawyers, told me in a phone call. "[Colleges are] hungry for disability data, because they have limited resources, and it's expensive to educate people with disabilities."
A novel laboratory-synthesized molecule, based on natural compounds known as marinoquinolines found in marine gliding bacteria, is a strong candidate for the development of a new antimalarial drug.
In tests, the molecule proved capable of killing even the strain that resists conventional antimalarials. The molecule displays low toxicity and high selectivity, acting only on the parasite and not on other cells of the host organism.
The molecule was developed in Brazil at the Center for Research and Innovation in Biodiversity and Drug Discovery (CIBFar). The researchers tested the molecule in strains cultured in vitro as well as in mice using Plasmodium berghei, since mice are immune to infection by Plasmodium falciparum, which causes the most aggressive type of malaria.
"In mice, the number of parasites in the bloodstream (parasitemia) had fallen 62 percent by the fifth day of the test. After 30 days, all the mice given doses of the molecule were still alive," said Rafael Guido, a professor at the University of São Paulo's São Carlos Physics Institute (IFSC-USP).
Guido co-authors an article published in the Journal of Medicinal Chemistry, in which the researchers describe the molecule's inhibitory action in the blood and liver stages of the parasite's asexual cycle, which is responsible for the signs and symptoms of the disease.
[...] According to Duarte Correia, the first 50 molecules developed from marinoquinolines were tested in the FAPESP-supported study. "This work hasn't ended with this publication. We're still developing other compounds," he said.
The researchers are also characterizing the potential of this class to treat malaria caused by P. vivax, the most prevalent form in Brazil and are developing the pharmacokinetic part of the project (how drugs move through the organism).
"If the pharmokinetic properties, especially solubility, absorption, distribution, metabolism and excretion, aren't adequate, the compound can build up in the organism and become toxic to the patient, making it inappropriate for treatment. After completing this step, we plan to perform preclinical and clinical trials," Guido said.
Anna Caroline Campos Aguiar et al, Discovery of Marinoquinolines as Potent and Fast-Acting Plasmodium falciparum Inhibitors with in Vivo Activity, Journal of Medicinal Chemistry (2018). DOI: 10.1021/acs.jmedchem.8b00143 Read more at: https://phys.org/news/2018-08-highly-effective-molecule-malaria.html#jCp
A team of scientists from the Faculty of Physics and Sternberg State Astronomical Institute, MSU, leading an international collaboration with members from Europe, Chile, the U.S. and Australia discovered a supermassive black hole in the center of the Fornax galaxy. The results of the research were published in Monthly Notices of the Royal Astronomical Society journal.
Fornax UCD3 is a part of a Fornax galaxy cluster and belongs to a very rare and unusual class of galaxies, ultracompact dwarfs. The mass of such dwarf galaxies reaches several dozen millions of solar masses, and the radius does not typically exceed 300 light years. This ratio between mass and size makes UCDs the densest stellar systems in the universe.
"We have discovered a supermassive black hole in the center of Fornax UCD3. The black hole mass is 3.5 million that of the sun, similar to the central black hole in our own Milky Way," explained Anton Afanasiev, the first author of the article, a student of the department of the Faculty of Physics, MSU.
[...] The black hole discovered by the authors is the fourth ever to be found in UCDs and corresponds to 4 percent of the total galaxy mass. In average galaxies, this ratio is considerably lower (about 0.3 percent). Though there are few known examples, the existence of massive black holes in UCDs is a strong argument for the tidal origin of such galaxies. According to this hypothesis, an average-sized galaxy passed a bigger and more massive one at a certain stage of its evolution, and as a result of the influence of tidal forces, lost the majority of its stars. The remaining compact nucleus has become what we know as an ultracompact dwarf.
"To be able to say with complete assurance that this hypothesis is correct, we need to discover more supermassive black holes in UCDs. This is one of the prospects of this work.
Moreover, a similar methodology may be applied to more massive and less dense compact elliptical galaxies. In one of our next works, we will study the population of central black holes in objects of this kind," concluded the scientist.
Australia's promised “not-a-backdoor” crypto-busting bill is out and the government has kept its word - it doesn't want a backdoor, just the keys to your front one.
The draft of The Assistance and Access Bill 2018 calls for anyone using or selling communications services in Australia will be subject to police orders for access to private data.
That includes all vendors of computers, phones, apps, social media and cloud services in the Lucky Country, and anyone within national borders using them. These data-tapping orders will be enforced with fines of up to AU$10m (US$7.3m) for companies or $50,000 ($36,368) for individuals
The draft legislation also wants five years in prison for anyone who reveals a data-slurping investigation is going on. And while there's no explicit encryption backdoor requirements in the 110 page draft bill, our first look suggests there doesn't need to be.
[This is likely only going to be for the Safari browser. - Ed]
[...] PK-4 is a collaboration between the European Space Agency and the Russian State Space Corporation "Roscosmos" to investigate complex plasmas. Complex or dusty plasmas contain electrons, ions and neutral gas, as well as microparticles such as dust grains. The microparticles become highly charged in the plasma and interact strongly with each other, which can lead to liquid or even crystalline behavior within the complex plasma. The most important property of such a system is that investigations of physical phenomena can be performed on the individual (micro-) particle level allowing new insights into fluid and solid-state physics.
[...] In the experiment, a microparticle cloud drifted in a plasma with a constant direct current and formed self-excited wave patterns. After that, the discharge polarity was reversed. Although the field strength was nearly identical for both discharge polarities, the wave patterns exhibited bifurcations: A new wave crest formed between the two old crests in the head of the microparticle cloud.
"The most interesting finding was the velocity of these waves strongly depends on the electric field, which is exciting the waves," said Mikhail Pustylnik, an author on the paper. "We expect to encounter these types of waves in astrophysical situations where you might have dust -- in a cometary tail, for example."
"Many plasma processes are also used in the semiconductor industry," Pustylnik said. Dust poses big challenges for the semiconductor industry because particles may damage a silicon wafer during manufacturing. Starting this fall, the researchers are planning additional experiments that will vary the range of electric fields by switching the polarity of the discharge.
Another item from Def Con 26, which ended the other day, an 11-year-old was easily able to change tallies on real electronic voting equipment within minutes. These machines are designed not to leave any evidence when tampering happens so it was useful that there were many witnesses present for her demo.
Election hackers [sic] have spent years trying to bring attention to flaws in election equipment. But with the world finally watching at DEFCON, the world's largest hacker conference, they have a new struggle: pointing out flaws without causing the public to doubt that their vote will count.
This weekend saw the 26th annual DEFCON gathering. It was the second time the convention had featured a Voting Village, where organizers set up decommissioned election equipment and watch hackers [sic] find creative and alarming ways to break in. Last year, conference attendees found new vulnerabilities for all five voting machines and a single e-poll book of registered voters over the course of the weekend, catching the attention of both senators introducing legislation and the general public. This year's Voting Village was bigger in every way, with equipment ranging from voting machines to tabulators to smart card readers, all currently in use in the US.
In a room set aside for kid hackers [sic], an 11-year-old girl hacked a replica of the Florida secretary of state's website within 10 minutes — and changed the results.
Earlier on SN:
Georgia Defends Voting System Despite 243-Percent Turnout in One Precinct
South Carolina's 13k Electronic Voting Machines Vulnerable, Unreliable
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
Submitted via IRC for SoyCow1984
Despite two lost legal battles in the US, domain name seizures, and millions of dollars in damage claims, Sci-Hub continues to offer unauthorized access to academic papers. The site's founder says that she would rather operate legally, but copyright gets in the way. Sci-Hub is not the problem she argues, it's a solution, something many academics appear to agree with.
Sci-Hub has often been referred to as "The Pirate Bay of Science," but that description really sells the site short.
While both sites are helping the public to access copyrighted content without permission, Sci-Hub has also become a crucial tool that arguably helps the progress of science.
The site allows researchers to bypass expensive paywalls so they can read articles written by their fellow colleagues. The information in these 'pirated' articles is then used to provide the foundation for future research.
What the site does is illegal, according to the law, but Sci-Hub is praised by thousands of researchers and academics around the world. In particular, those who don't have direct access to the expensive journals but aspire to excel in their academic field.
It is well established that stress can alter the activation pattern of our genes. Stress also triggers epigenetic mechanisms which modulate how DNA, the carrier of genetic information, is read. The genetic information on the DNA is in the next step ‘translated’ into RNA, which is the blueprint of proteins. In a groundbreaking study, scientists at the Max Planck Institute of Psychiatry (MPI) have shown for the first time that stress can also cause similar “epigenetic” changes on the RNA level. The research results were recently published in the internationally renowned journal Neuron.
It was recently rediscovered that RNA can be modified by chemical tags in a similar way to the epigenetic modifications seen on DNA. Messenger RNA (mRNA) is made up of four molecular building blocks: adenosine, cytidine, guanosine and uridine, which can be modified by the attachment of chemical tag. These tags or RNA modifications provide a sophisticated extra layer of gene regulation.
A modification of mRNA, which occurs post-transcriptionally is methylation of adenosine and the most abundant is N6-methyladenosine (m6A). Although m6A was first described in 1974, recent technological advances were necessary before more detailed analyses of the epitranscriptome could be carried out.
[...] Alon Chen, Director at the Institute and head of the project explains: “Increasing evidence suggests that the fine-tuning seen with mRNA methylation may underlie the etiology of psychiatric disorders. We think that elucidating the role of mRNA methylation in regulating brain function will help us to better understand psychiatric disorders.”
At 10.30 a.m. on Tuesday morning the High-Altitude and Long-Range Research Aircraft (HALO) left the German Aerospace Center Airbase in Oberpfaffenhofen, and took off to the Cape Verde Islands.
This marked the official beginning of the Chemistry of the Atmosphere Field Experiment in Africa (CAFE-Africa)—a mission coordinated by the Atmospheric Chemistry Department of the Max Planck Institute for Chemistry (MPIC) in Mainz.
The objective of the research mission is to study the influence of the massive biomass burning emissions from Africa on the atmospheric composition and oxidation capacity over the tropical and subtropical Atlantic Ocean. It is expected that these emissions combine with the strongly increasing urban-industrial pollution and with desert dust from the Sahara and may thus change chemically and physically.
The mission will be conducted out of Sal on the Cape Verde Islands and will continue until September 7th, 2018. During these five weeks the HALO research aircraft will fly along the coast and over several countries in Africa to collect unique data, needed for the understanding of long-distance pollution transport over the Atlantic and further areas downwind.
If certain signaling cascades are misregulated, diseases like cancer, obesity and diabetes may occur. A mechanism recently discovered by scientists at the Leibniz- Forschungsinstitut für Molekulare Pharmakologie (FMP) in Berlin and at the University of Geneva has a crucial influence on such signaling cascades and may be an important key for the future development of therapies against these diseases. The results of the study have just been published in the prestigious scientific journal 'Molecular Cell'.
Cell growth and cell differentiation as well as the release and efficacy of hormones such as insulin depend on the presence of lipids. Lipids are small molecules resembling fat. They are the building blocks of cell membranes, and they also serve as molecular switches in signaling cascades.
Such cascades play a crucial role in the control of cell growth and division as well as in differentiation processes such as the formation of new blood vessels referred to as angiogenesis. If signaling cascades are disturbed, diseases such as cancer or metabolic disorders such as obesity and diabetes can occur. The ability to influence the enzymes involved in the biosynthesis of signaling lipids in cells could thus serve as a starting point for the treatment of these diseases.
Google appears to be working on dual-boot support for Chromebooks. XDA-Developers has discovered that Google has been working to support an "alt OS mode" for its Pixelbook laptop for months now. Dubbed "Campfire," an obvious nod to Apple's own Boot Camp feature, Google's dual-boot is rumored to support Windows 10 on Chromebooks.
XDA-Developers claims Google is attempting to pass Microsoft's hardware certification for Windows 10 to allow its Pixelbook to officially run the alternative operating system. References to Microsoft's Windows Hardware Certification Kit have appeared in development builds of Chrome OS, and Google's Campfire work might extend to other new Chromebooks in the future.
Dual-boot support is said to be arriving on the Pixelbook soon, as Google engineers are pushing through multiple changes for Chrome OS to support the new feature.
That makes Google's recent attack ad a little funnier.
Submitted via IRC for SoyCow1984
Vice President Mike Pence laid out plans for the US Space Force on Thursday, calling out an advanced type of satellite, GPS III, that is apparently resistant to tampering. According to Bloomberg, however, this specific orbital machinery has been delayed for the last four years, and the launch date has slipped yet again.
Bloomberg reports that the launch, originally scheduled for April of this year and delayed to October, will now happen in December. The Air Force confirmed to the site that the delay will accommodate "qualification testing" and a validation of SpaceX's Falcon 9 Block 5, the rocket that will boost the satellite into orbit.
Federal Communications Commission Chairman Ajit Pai acknowledged Monday that the FCC lied about its public comment system being taken down by a DDoS attack during the net neutrality repeal proceeding.
Pai blamed the spreading of false information on employees hired by the Obama administration and said that he isn't to blame because he "inherited... a culture" from "the prior Administration" that led to the spreading of false information. Pai wrote:
I am deeply disappointed that the FCC's former Chief Information Officer [David Bray], who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people. This is completely unacceptable. I'm also disappointed that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn't feel comfortable communicating their concerns to me or my office."
Pai's admission came in a statement yesterday. "It has become clear that in addition to a flawed comment system, we inherited from the prior Administration a culture in which many members of the Commission's career IT staff were hesitant to express disagreement with the Commission's former CIO in front of FCC management," he also said.
Also at The Verge:
The toughest condemnation of Pai's actions came from Fight for the Future, a net neutrality advocacy organization, which called for Pai to step down. "Ajit Pai should resign. These new revelations from the FCC's internal investigation are a smoking gun," the group said in a statement. "They clearly show that the FCC chairman knew months ago that there had never been a cyber attack on the FCC's comment system, but did nothing, allowing the false narrative to spread in a cynical attempt to downplay the overwhelming opposition to his attack on net neutrality."
Previously: John Oliver Leads Net Neutrality Defenders to Crash FCC Website. Again.
Senator Blasts FCC for Refusing to Provide DDoS Analysis
FCC Says its Specific Plan to Stop DDoS Attacks Must Remain Secret