An anonymous reader shares an excerpt from an Ars Technica report: Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks. The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave. SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with. SGX has been designed for this particular threat model: the enclave is trusted and contains something sensitive, but everything else (the application, the operating system, and even the hypervisor) is potentially hostile. While there have been attacks on this threat model (for example, improperly written SGX enclaves can be vulnerable to timing attacks or Meltdown-style attacks), it appears to be robust as long as certain best practices are followed.

Read more of this story at Slashdot.

An anonymous reader shares a report: A bitcoin scaling solution called the lightning network may soon come to Square's Cash App for mobile payments. Twitter and Square CEO Jack Dorsey, an investor in the bitcoin-oriented startup Lightning Labs, recently announced during an interview with podcaster Stephan Livera that there are plans to integrate the scaling technology with Square's mobile app. "It's not an 'if,' it's more of a 'when,' and how do we make sure that we're getting the speed that we need and the efficiency," Dorsey told Livera, adding: "We don't think it stops at buying and selling [bitcoin]. We do want to help make happen the currency aspect."

Read more of this story at Slashdot.

Hackers have breached the severs of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers' data in the process. From a report: The attack took place yesterday, February 11, and was detected after the company's site and webmail client went down without notice. "At this time, the attacker has formatted all the disks on every server," the company said yesterday. "Every VM is lost. Every file server is lost, every backup server is lost. This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy," VFEmail said. The company's staff is now working to recover user emails, but as things stand right now, all data for US customers appears to have been deleted for good and gone into /dev/null.

Read more of this story at Slashdot.

With the presidential and legislative elections just days away, political watchers and voters fear spike in violence.

Russia, China, North Korea and Iran developing technologies to counter US' galactic dominance, Pentagon report says.

Opposition calls for aid to be allowed in as Maduro accuses US of 'distorting situation to justify intervention'.

Video game publisher Ubisoft is working with Mozilla to develop an AI coding assistant called Clever-Commit, head of Ubisoft La Forge Yves Jacquier announced during DICE Summit 2019 on Tuesday. From a report: Clever-Commit reportedly helps programmers evaluate whether or not a code change will introduce a new bug by learning from past bugs and fixes. The prototype, called Commit-Assistant, was tested using data collected during game development, Ubisoft said, and it's already contributing to some major AAA titles. The publisher is also working on integrating it into other brands. "Working with Mozilla on Clever-Commit allows us to support other programming languages and increase the overall performances of the technology. Using this tech in our games and Firefox will allow developers to be more productive as they can spend more time creating the next feature rather than fixing bugs. Ultimately, this will allow us to create even better experiences for our gamers and increase the frequency of our game updates," said Mathieu Nayrolles, technical architect, data scientist, and member of the Technological Group at Ubisoft Montreal.

Read more of this story at Slashdot.

Poll: If you work in the news industry, here's a question. In hindsight, would it have been better to ignore Craig's List in the 90s, or should at least some of you competed?

Medium is doing something much like what I've been advocating news orgs do, only from the other direction. Medium is a "level playing field" platform where anyone can post and they're mixing in professional stuff.

However, Medium hasn't been clear about the professional stuff and they should be. There are cases of paid-for pieces that appear to be free submissions. They're buying endorsements without being clear that's they're paid-for. The writers should insist, it doesn't look good for them either.

Reader McGruber writes: The Washington Post has an amusing story about phone scammer Keniel A. Thomas, who made the mistake of calling William H. Webster. Thomas told 90-year-old Webster that he had won $72 million and a new Mercedes Benz in the Mega Millions lottery, but that he needed to send $50,000 in taxes and fees to get his money. Thomas also told Webster he'd done his research on the top winner. "You're a great man," the scammer cajoled. "You was a judge, you was an attorney, you was a basketball player, you were in the U.S. Navy, homeland security. I know everything about you. I even seen your photograph, and I seen your precious wife." Thomas's research didn't turn up everything. He didn't learn that the man he was calling was the former director of the FBI and the CIA, the only person ever to hold both jobs. And he didn't know that Webster would call him back the next day with the FBI listening in. Thomas was arrested in late 2017, after he landed in New York on a flight from Jamaica. He pleaded guilty in October and faced a prison term of 33 to 41 months under federal sentencing guidelines. But with Webster and his wife in the courtroom, Chief U.S. District Judge Beryl Howell on Friday added another 2 years to Thomas's sentence, giving him nearly six years to serve. Howell said that the scam qualified as "organized criminal activity" and that Thomas posed "a threat to a family member of the victim."

Read more of this story at Slashdot.

On Central Europe tour, top US diplomat says Moscow and Beijing seeking to erode sovereignty, freedom in the region.

Organisers of 2017 secession referendum go on trial in Madrid in what their supporters are calling a 'show trial'.

King Salman says his country 'permanently stands by Palestine and its people's right to an independent state'.

A Beijing-based online education start-up has developed an artificial intelligence-powered maths app that can check children's arithmetic problems through the simple snap of a photo. Based on the image and its internal database, the app automatically checks whether the answers are right or wrong. From a report: Known as Xiaoyuan Kousuan, the free app launched by the Tencent Holdings-backed online education firm Yuanfudao, has gained increasing popularity in China since its launch a year ago and claims to have checked an average of 70 million arithmetic problems per day, saving users around 40,000 hours of time in total. Yuanfudao is also trying to build the country's biggest education-related database generated from the everyday experiences of real students. Using this, the six-year-old company -- which has a long line of big-name investors including Warburg Pincus, IDG Capital and Matrix Partners China -- aims to reinvent how children are taught in China. "By checking nearly 100 million problems every day, we have developed a deep understanding of the kind of mistakes students make when facing certain problems," said Li Xin, co-founder of Yuanfudao -- which means "ape tutor" in Chinese -- in a recent interview. "The data gathered through the app can serve as a pillar for us to provide better online education courses."

Read more of this story at Slashdot.