Lock-Screen Bypass Bug Quietly Patched In Handsets Slashdotby BeauHD on security at January 1, 1970, 1:00 am (cached at November 17, 2018, 11:34 am)

secwatcher shares a report from Threatpost: A design flaw affecting all in-display fingerprint sensors -- that left over a half-dozen cellphone models vulnerable to a trivial lock-screen bypass attack -- has been quietly patched. The flaw was tied to a bug in the popular in-display fingerprint reader technology used for user authentication. In-display fingerprint reader technology is widely considered an up-and-coming feature to be used in a number of flagship model phones introduced in 2019 by top OEM phone makers, according to Tencent's Xuanwu Lab which is credited for first identifying the flaw earlier this year. Impacted are all phones tested in the first half of 2018 that had in-display fingerprint sensors. That includes current models of Huawei Technologies' Porsche Design Mate RS and Mate 20 Pro model phones. Researchers said that many more cellphone manufacturers are impacted by the issue. The most popular phone in the U.S. that is impacted by this vulnerability is the OnePlus 6T. "[A]ll an attacker needs to carry out the attack is an opaque reflective material such as aluminum foil," reports Threatpost. "By placing the reflective material over a residual fingerprint on the phone's display the capacitance fingerprint imaging mechanism can be tricked into authenticating a fingerprint."

Read more of this story at Slashdot.

Democrat Stacey Abrams quits race, vows to sue Georgia state AL JAZEERA ENGLISH (AJE)(cached at November 17, 2018, 9:30 am)

Stacey Abrams quits race for governor of Georgia, accusing rival Republican Brian Kemp of voter suppression.
NASA Decommissions the Kepler Space Telescope Slashdotby BeauHD on nasa at January 1, 1970, 1:00 am (cached at November 17, 2018, 8:35 am)

Late last month, NASA announced that it would be retiring the Kepler space telescope after nearly ten years of service -- double its initial mission life. Now, as Space.com reports, the planet-hunting telescope has been officially decommissioned, "beaming 'goodnight' commands to the sun-orbiting observatory." From the report: "Kepler's team disabled the safety modes that could inadvertently turn systems back on, and severed communications by shutting down the transmitters," NASA officials wrote in a statement today (Nov. 16). "Because the spacecraft is slowly spinning, the Kepler team had to carefully time the commands so that instructions would reach the spacecraft during periods of viable communication." The final commands were sent from Kepler's operations center at the University of Colorado Boulder's Laboratory for Atmospheric and Space Physics, NASA officials said. The commands got to the spacecraft via NASA's Deep Space Network, the system of big radio dishes the space agency uses to keep in touch with its far-flung probes.

Read more of this story at Slashdot.

Comic for November 16, 2018 Dilbert Daily Strip(cached at November 17, 2018, 7:31 am)

Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.
North California fire: Death toll at 71, more than 1,000 missing AL JAZEERA ENGLISH (AJE)(cached at November 17, 2018, 6:30 am)

More than 450 searchers in Paradise continue search for human remains in the deadliest wildfire in state history.
Venezuelan rape-survivor-turned-lawyer finally gets justice AL JAZEERA ENGLISH (AJE)(cached at November 17, 2018, 5:30 am)

Inter-American Court on Human Rights finds Venezuela responsible for 2001 torture of Linda Loaiza Lopez Soto.
There Is No Link Between Insomnia and Early Death, Study Finds Slashdotby BeauHD on java at January 1, 1970, 1:00 am (cached at November 17, 2018, 5:04 am)

A new report published in the journal Science Direct says there is no link between insomnia and early death. The researchers reportedly "reviewed 17 studies, which covered close to 37 million people, to compile their results," the BBC notes. From the report: This new report goes against what the NHS says, which claims that as well as putting people at risk of obesity, heart disease and type 2 diabetes, that insomnia shortens life expectancy. The NHS recommends things like exercising to tire yourself out during the day and cutting down on caffeine. It also says smoking, eating too much or drinking alcohol late at night can stop you from sleeping well. Other recommendations include writing a list of things that are playing on your mind and trying to get to bed at a similar time every night. "There was no difference in the odds of mortality for those individuals with symptoms of insomnia when compared to those without symptoms," the study says. "This finding was echoed in the assessment of the rate of mortality in those with and without symptoms of insomnia using the outcomes of multivariate models, with the most complete adjustment for potential confounders, as reported by the individual studies included in this meta-analysis. Additional analyses revealed a tendency for an increased risk of mortality associated with hypnotic use."

Read more of this story at Slashdot.

A New Senate Bill Would Hit Robocallers With Up To a $10,000 Fine For Every Call Slashdotby BeauHD on cellphones at January 1, 1970, 1:00 am (cached at November 17, 2018, 3:35 am)

Massachusetts Democratic Senator Ed Markey and South Dakota Republican Senator John Thune have introduced a bill on Friday that aims to ramp up the penalties on illegal robocalls and stop scammers from sending them. Gizmodo reports: The Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, raises the penalty for robocalls from $1,500 per call to up to $10,000 per call, and allows the Federal Communications Commission (FCC) to take action on illegal robocalls up to three years after the calls are placed, instead of a year. The Act also aims to push the FCC to work along with the Consumer Financial Protection Bureau, Department of Justice, Department of Homeland Security, Federal Trade Commission (FTC), and other agencies to provide information to Congress about advancements in hindering robocall and prosecuting scammers. Perhaps most importantly for us highly annoyed Americans, the bill would also force phone service providers to use call authentication that filters out illegitimate calls before they go through to consumers.

Read more of this story at Slashdot.

Mid-Range Google 'Pixel 3 Lite' Leaks With Snapdragon 670, Headphone Jack Slashdotby BeauHD on android at January 1, 1970, 1:00 am (cached at November 17, 2018, 3:09 am)

The first alleged images of the rumored "budget" Pixel 3 have been leaked. The Pixel 3 Lite, as it is being called, looks very similar to the Pixel 3, although it features a plastic build construction, slower processor, and a headphone jack. 9to5Google reports: Just like the standard Pixel 3, there's a display that's roughly 5.56-inches in size, but this time it's an IPS LCD panel at 2220x1080 rather than an OLED panel. Obviously, there's also no notch to be seen on this alleged Pixel 3 Lite. There's a single front-facing camera as well as one speaker above that display, relatively thick bezels on the top and bottom, and a speaker along the bottom of the device as well. Perhaps most interesting when it comes to the hardware, though, is that there's a headphone jack on the top of the phone. That's certainly unexpected since the Pixel 2 dropped the jack and Google hasn't looked back since. Tests from Rozetked reveal some of the specifications running this device as well. That includes a Snapdragon 670 chipset, 4GB of RAM, and 32GB of storage. Previous reports have pointed to a Snapdragon 710. Battery capacity on this device is also reported at 2915 mAh and there's a USB-C port along the bottom. It is rumored to include the same 12MP and 8MP cameras found in the standard Pixel 3 and Pixel 3 XL, which will be a huge selling point for the affordable phone market. The price is expected to be around $400-500.

Read more of this story at Slashdot.

CIA concludes Saudi crown prince ordered Khashoggi murder: report AL JAZEERA ENGLISH (AJE)(cached at November 17, 2018, 2:30 am)

Washington Post and AP report US intelligence officials concluded Mohammed bin Salman ordered killing of Jamal Khashoggi
Cheaper, Disc-Free Xbox One Coming Next Year, Report Says Slashdotby BeauHD on xbox at January 1, 1970, 1:00 am (cached at November 17, 2018, 2:05 am)

An anonymous reader quotes a report from Ars Technica: Microsoft is planning to release a disc-free version of the Xbox One as early as next spring, according to an unsourced report from author Brad Sams of Thurrott.com (who has been reliable with early Xbox-related information in the past). The report suggests the disc-free version of the system would not replace the existing Xbox One hardware, and it would instead represent "the lowest possible price for the Xbox One S console." Sams says that price could come in at $199 "or lower," a significant reduction from the system's current $299 starting price (but not as compelling compared to $199 deals for the Xbox One and PS4 planned for Black Friday this year). Buyers will also be able to add a subscription to the Xbox Games Pass program for as little as $1, according to Sams. For players who already have games on disc, Sams says Microsoft will offer a "disc to digital" program in association with participating publishers. Players will be able to take their discs into participating retailers (including Microsoft Stores) and trade them in for a "digital entitlement" that can be applied to their Xbox Live account.

Read more of this story at Slashdot.

MiSafes' Child-Tracking Smartwatches Are 'Easy To Hack' Slashdotby BeauHD on security at January 1, 1970, 1:00 am (cached at November 17, 2018, 1:34 am)

The location-tracking "MiSafe" smartwatch may not be as safe as the name proclaims. According to security researchers from Pen Test Partners, the watches are easy to hack as they do not encrypt the data they use or secure each child's account. The researchers found that they could track children's movements, surreptitiously listen in to their activities and make spoof calls to the watches that appeared to be from parents. The BBC reports: The MiSafes watch was first released in 2015. It uses a global positioning system (GPS) sensor and a 2G mobile data connection to let parents see where their child is, via a smartphone app. In addition, parents can create a "safe zone" and receive an alert if the child leaves the area. The adult can also listen in to what their offspring is doing at any time and trigger two-way calls. Pen Test Partner's Ken Munro and Alan Monie learned of the product's existence when a friend bought one for his son earlier this year. Out of curiosity, they probed its security measures and found that easy-to-find PC software could be used to mimic the app's communications. This software could be used to change the assigned ID number, which was all it took to get access to others' accounts. This made it possible to see personal information used to register the product, including: a photo of the child; their name, gender and date of birth; their height and weight; the parents' phone numbers; and the phone number assigned to the watch's Sim card.

Read more of this story at Slashdot.

Google Cloud Executive Who Sought Pentagon Contract Steps Down Slashdotby BeauHD on cloud at January 1, 1970, 1:00 am (cached at November 17, 2018, 1:05 am)

Diane Greene, whose pursuit of Pentagon contracts for artificial intelligence technology sparked a worker uprising at Google, is stepping down as chief executive of the company's cloud computing business (Warning: source may be paywalled; alternative source). "Ms. Greene said she would stay on as chief executive until January. She will be replaced by Thomas Kurian, who oversaw product development at Oracle until his resignation in October. Ms. Greene will remain a board director at Google's parent company, Alphabet," reports The New York Times. From the report: The change in leadership caps a turbulent three years for Ms. Greene, who was brought on to expand Google's cloud computing business. Google Cloud has struggled to make major inroads in persuading corporate customers to use its computing infrastructure over alternatives like Amazon's A.W.S. and Microsoft's Azure. In a blog post published by the company, Ms. Greene said she had initially told friends and family that she was planning to run Google Cloud for only two years but stayed for three. Ms. Greene, a widely respected technologist and entrepreneur, said that after leaving Google Cloud, she planned to help female founders of companies by investing in and mentoring them. Ms. Greene joined Google in 2015 when it acquired Bebop, a start-up she had founded, for $380 million. Ms. Greene defended Google's pursuit of a Defense Department contract for the Maven program, which uses AI to interpret video images and could be used to improve the targeting of drone strikes. In March, she said it was a small contract worth "only" $9 million and that the technology would be used for nonlethal purposes.

Read more of this story at Slashdot.

Trump Signs Bill That Creates the Cybersecurity and Infrastructure Security Agency Slashdotby BeauHD on usa at January 1, 1970, 1:00 am (cached at November 17, 2018, 12:04 am)

An anonymous reader quotes a report from ZDNet: U.S. President Donald Trump signed today a bill into law, approving the creation of the Cybersecurity and Infrastructure Security Agency (CISA). The bill, known as the CISA Act, reorganizes and rebrands the National Protection and Programs Directorate (NPPD), a program inside the Department of Homeland Security (DHS), as CISA, a standalone federal agency in charge of overseeing civilian and federal cybersecurity programs. The NPPD, which was first established in 2007, has already been handling almost all of the DHS' cyber-related issues and projects. As part of the DHS, the NPPD was the government entity in charge of physical and cyber-security of federal networks and critical infrastructure, and oversaw the Federal Protective Service (FPS), the Office of Biometric Identity Management (OBIM), the Office of Cyber and Infrastructure Analysis (OCIA), the Office of Cybersecurity & Communications (OC&C), and the Office of Infrastructure Protection (OIP). As CISA, the agency's prerogatives will remain the same, and nothing is expected to change in day-to-day operations, but as a federal agency, CISA will now benefit from an increased budget and more authority in imposing its directives. "Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation's critical infrastructure and cyber platforms," said NPPD Under Secretary Christopher Krebs. "The changes will also improve the Department's ability to engage with industry and government stakeholders and recruit top cybersecurity talent."

Read more of this story at Slashdot.