Slashdot

The Snazster writes: Dark matter remains one of the universe's greatest mysteries, with no one quite certain what it is or where it came from, even though it may comprise as much as 80% of the universe (if ignoring the still hypothetical dark energy). A recent study at John Hopkins University is now suggesting that it may be older than the Big Bang itself, which would actually help explain why our previous searches for it have failed thus far. Although this is not a new idea, this is the first time the possibility has been described with calculations that seem to support it. "Using a new, simple mathematical framework, the study shows that dark matter may have been produced before the Big Bang during an era known as the cosmic inflation when space was expanding very rapidly," reports ScienceDaily. "The rapid expansion is believed to lead to copious production of certain types of particles called scalars. So far, only one scalar particle has been discovered, the famous Higgs boson." "The new study also suggests a way to test the origin of dark matter by observing the signatures dark matter leaves on the distribution of matter in the universe," the report adds. The study has been published in the journal Physical Review Letters.

Read more of this story at Slashdot.

MoviePass reportedly resorted to extreme tactics to prevent users from taking advantage of core features, according to a new report from Business Insider. In particular, the report highlights a strategy the company used to keep users from bankrupting it, by changing account passwords to prevent ticket purchases that might cost it money it didn't have. The Verge reports: Business Insider's report looks at how Ted Farnsworth, CEO of MoviePass parent company Helios & Matheson Analytics, and MoviePass CEO Mitch Lowe, transformed the company from a little-known subscription service to a nationwide sensation. It also delves deep into the questionable business strategies and tactics the duo used to keep the company afloat, all while it hemorrhaged money by fronting subscribers the full cost of a movie ticket. MoviePass was not immediately available for comment. Business Insider's report outlined how the company took on a more adversarial stance toward power users that were costing it too much money. One employee noted, "Before Mitch came on it was, 'How do we slow down those users?' With Mitch [Lowe] it was just, 'F--- those guys.'" The company tried other tactics to actively make its service hard to use, like when it limited the ability for users to see high-profile films like Avengers: Infinity War and Mission Impossible: Fallout. Employees say Lowe demanded they change the passwords of "a small percentage of power users" ahead of those releases to prevent them from ordering tickets through the app, telling people that it was a "technical issue." The company also implemented a "trip wire," which would cut off users once the company reached a certain monetary threshold each day. Users were told "there are no more screenings at this theater today," when in reality MoviePass was disabling its services to prevent it from burning through too much cash.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: Europe's controversial privacy law, the General Data Protection Regulator -- better known as GDPR -- has been hailed by some as a solution to tech companies' pervasive data collection and tracking. What maybe no one saw coming is that GDPR can become another tool in the arsenal of enterprising and malicious social engineers, hackers, and people who want to dox and harass others. That's what Ph.D student and cybersecurity researcher James Pavur discovered when he and his fiance -- and co-author on their paper -- Casey Knerr made an unusual wager about using GDPR's right of access requests -- a mechanism that allows Europeans to ask any company about what data they have on themselves -- with the goal of extracting sensitive information. Along with his fiance Knerr, who also works in the infosec industry -- and with her full consent -- Pavur devised a clever, yet very simple experiment. He started with just Knerr's full name, a couple of email addresses, phone numbers, and any other low-hanging fruit that he could find online. In other words, "the weakest possible form of attack," as he put it in his paper. Then, he sent requests to 75 companies, and then to another 75 using the new data -- such as home addresses -- he found through the first wave of requests using an email address designed to look like that of Knerr. Thanks to these requests, Pavur was able to get his fiance's Social Security Number, date of birth, mother's maiden name, passwords, previous home addresses, travel and hotel logs, high school grades, partial credit card numbers, and whether she had ever been a user of online dating services. "Pavur and Knerr said 25 percent of companies never responded. Two thirds of companies, including online data services, responded with enough information to reveal that Pavur's fiance had an account with them. Of those who responded, 25 percent provided sensitive data without properly verifying the identity of the sender. Another 15 percent requested data that could have easily been forged, while 40 percent requested identifying information that would've been relatively hard to fake, according to the study.

Read more of this story at Slashdot.

Verizon is refusing to waive or reduce $880 of charges accidentally ran up from someone who borrowed a mobile hotspot from a small library. "The library has an 'unlimited' data plan for the hotspots, but Verizon says it has to pay the $880 to cover less than half a gigabyte of data usage that happened across the border with Canada," reports Ars Technica. From the report: Tully Free Library in Tully, New York, a town of fewer than 3,000 people, lends out three Verizon hotspots to a rural population that has limited Internet access. The library started the hotspot-lending program with a grant from the Central New York Library Resources Council, which paid the bill for two years. Crucially, the service plan with Verizon blocked international roaming so that library borrowers wouldn't rack up unintentional charges if they happened to cross the Canadian border. But when the grant ran out, Tully Free Library had to get a new contract and service plan, and the organization began paying the bill itself. The new plan seemed to be identical to the old one, but it enabled international roaming. "They never said to us, 'Do you want international roaming blocked?'" Tully Free Library Director Annabeth Hayes told Ars. "That wasn't something that occurred to me because it was blocked before." The person who borrowed the hotspot used it while driving through Canada for a few hours to take his brother to the airport. "He was only over the border for about four hours and he said he wasn't even using the hotspot," Hayes said. "It was just on in the car and apparently it was pinging a tower so that tower was incurring all these fees." The bill from Verizon included an $880.30 charge for about 440MB of international data. "I ended up contacting their executive communications department, and the person there said she had to contact their legal team because our contract was under the government/educational department," Hayes said. "She contacted the legal team and they went back and forth and finally decided that no, we couldn't have our fee waived."

Read more of this story at Slashdot.

Finance professors at the University of Texas at Austin and Emory University found a strong correlation between adultery and workplace misconduct by corporate executives and financial advisers. "[The researchers] were able to examine customers of Ashley Madison, a dating site for married people looking to have affairs, or 'discreet encounters' as it puts it," reports Bloomberg. "That's because a computer hack in 2015 exposed the names and personal data of more than 30 million users." From the report: Researchers examined four groups of users specifically -- a total of 11,000 brokers, corporate executives, white-collar criminals and police officers. Cross-checking against public records, they found that those Ashley Madison customers generally were more than twice as likely to have violated professional codes of conduct compared with a control group, according to authors John Griffin, Samuel Kruger and Gonzalo Maturana. The results were fairly consistent across the four occupations. For example, the study found that 4.1% of individuals accused of violating securities laws by the U.S. Securities and Exchange Commission between 2010 and 2015 had paid accounts at Ashley Madison. That compared to 1% of the control population, which consisted of people with similar work histories but no misconduct charges. CEOs and CFOs who had accounts were twice as likely to have engaged in a financial misstatement or be the focus of a class action securities lawsuit between 2008 and 2014. Cheating brokers were more likely than the control group to have black marks on their records maintained by the Financial Industry Regulatory Authority. The findings are to be published next week in the Proceedings of the National Academy of Sciences.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: New research just presented at the Def Con security conference reveals how companies, startups and governments are inadvertently leaking their own files from the cloud. You may have heard of exposed S3 buckets -- those Amazon-hosted storage servers packed with customer data but often misconfigured and inadvertently set to "public" for anyone to access. But you may not have heard about exposed EBS snapshots, which poses as much, if not a greater, risk. These elastic block storage (EBS) snapshots are the "keys to the kingdom," said Ben Morris, a senior security analyst at cybersecurity firm Bishop Fox, in a call with TechCrunch ahead of his Def Con talk. EBS snapshots store all the data for cloud applications. "They have the secret keys to your applications and they have database access to your customers' information," he said. Morris built a tool using Amazon's own internal search feature to query and scrape publicly exposed EBS snapshots, then attach it, make a copy and list the contents of the volume on his system. It took him two months to build up a database of exposed data and just a few hundred dollars spent on Amazon cloud resources. Once he validates each snapshot, he deletes the data. Morris found dozens of snapshots exposed publicly in one region alone, he said, including application keys, critical user or administrative credentials, source code and more. He found several major companies, including healthcare providers and tech companies. He also found VPN configurations, which he said could allow him to tunnel into a corporate network. Morris said he did not use any credentials or sensitive data, as it would be unlawful.

Read more of this story at Slashdot.

In March the National Security Agency released an internal malware research tool for free to the public, a first for the secretive agency. Six months later, by most indications, the release is an even bigger event than the NSA thought. From a report: Some aspects of researching malware have long required expensive software. The release of Ghidra, the NSA tool, has profoundly changed the field, opening it up to students, part-timers and hobbyists who otherwise couldn't afford to participate. It's been a good six months for Ghidra. The software has been downloaded more than 500,000 times from GitHub. "We had a bet on how many downloads it would be," Brian Knighton, senior researcher at the NSA, told Axios. "We were off by quite a factor." Ghidra also netted the NSA two nominations for "Pwnie" awards at the typically NSA-adverse DEF CON hacker conference this week. The NSA was also pleasantly surprised with the number of outside developers modifying code and creating new features for the now open-source program. The toolkit is popular enough that the NSA now offers touring classes on Ghidra for colleges and universities.

Read more of this story at Slashdot.

Residents of two northern Russian cities are stocking up on iodine that is used to reduce the effects of radiation exposure after a mysterious accident on a nearby military testing site, regional media reported. Reuters: The Ministry of Defence has given few details of the accident, saying only that two people were killed and six injured by the explosion of a liquid-propelled rocket engine at a test site in Russia's north. Although the ministry initially said no harmful chemicals were released into the atmosphere and radiation levels were unchanged, authorities in the nearby city of Severodvinsk reported what they described as a brief spike in radiation. No official explanation has been given for why such an accident would cause radiation to spike. "Everyone has been calling asking about iodine all day," one pharmacy was quoted as saying by 29.Ru, a media outlet that covers the Arkhangelsk area. It said the run on iodine had occurred in the northern port cities of Arkhangelsk and Severodvinsk and that several pharmacies had run out. Severodvinsk is the site of a shipyard that builds nuclear-powered submarines.

Read more of this story at Slashdot.

An anonymous reader shares a report: Sudden shrieks of radio waves from deep space keep slamming into radio telescopes on Earth, spattering those instruments' detectors with confusing data. And now, astronomers are using artificial intelligence to pinpoint the source of the shrieks, in the hope of explaining what's sending them to Earth from -- researchers suspect -- billions of light-years across space. Usually, these weird, unexplained signals are detected only after the fact, when astronomers notice out-of-place spikes in their data -- sometimes years after the incident. The signals have complex, mysterious structures, patterns of peaks and valleys in radio waves that play out in just milliseconds. That's not the sort of signal astronomers expect to come from a simple explosion, or any other one of the standard events known to scatter spikes of electromagnetic energy across space. Astronomers call these strange signals fast radio bursts (FRBs). Ever since the first one was uncovered in 2007, using data recorded in 2001, there's been an ongoing effort to pin down their source. But FRBs arrive at random times and places, and existing human technology and observation methods aren't well-primed to spot these signals. Now, in a paper published in the journal Monthly Notices of the Royal Astronomical Society, a team of astronomers wrote that they managed to detect five FRBs in real time using a single radio telescope. Wael Farah, a doctoral student at Swinburne University of Technology in Melbourne, Australia, developed a machine-learning system that recognized the signatures of FRBs as they arrived at the University of Sydney's Molonglo Radio Observatory, near Canberra.

Read more of this story at Slashdot.

A draft executive order from the White House could put the Federal Communications Commission in charge of shaping how Facebook, Twitter and other large tech companies curate what appears on their websites, CNN reported Friday, citing multiple people familiar with the matter. From the report: The draft order, a summary of which was obtained by CNN, calls for the FCC to develop new regulations clarifying how and when the law protects social media websites when they decide to remove or suppress content on their platforms. Although still in its early stages and subject to change, the Trump administration's draft order also calls for the Federal Trade Commission to take those new policies into account when it investigates or files lawsuits against misbehaving companies. If put into effect, the order would reflect a significant escalation by President Trump in his frequent attacks against social media companies over an alleged but unproven systemic bias against conservatives by technology platforms. And it could lead to a significant reinterpretation of a law that, its authors have insisted, was meant to give tech companies broad freedom to handle content as they see fit.

Read more of this story at Slashdot.

Hundreds of schoolchildren have been drafted in to make Amazon's Alexa devices in China as part of a controversial and often illegal attempt to meet production targets, documents seen by the Guardian reveal. From a report: Interviews with workers and leaked documents from Amazon's supplier Foxconn show that many of the children have been required to work nights and overtime to produce the smart-speaker devices, in breach of Chinese labour laws. According to the documents, the teenagers -- drafted in from schools and technical colleges in and around the central southern city of Hengyang -- are classified as "interns," and their teachers are paid by the factory to accompany them. Teachers are asked to encourage uncooperative pupils to accept overtime work on top of regular shifts. Some of the pupils making Amazon's Alexa-enabled Echo and Echo Dot devices along with Kindles have been required to work for more than two months to supplement staffing levels at the factory during peak production periods, researchers found. More than 1,000 pupils are employed, aged from 16 to 18.

Read more of this story at Slashdot.

An anonymous reader shares a report: The global economy is probably in recession, with most cyclical indicators showing business activity is flat or falling. Recessions become obvious only once they are well established given the lagging nature of most economic data. And end-of-cycle recessions are usually impossible to distinguish from mid-cycle slowdowns until well after the slowdown has started. The arrival of a recession is always controversial at the time and usually missed by most forecasters, as the leading business-cycle economist Victor Zarnowitz noted. Policymakers are reluctant to announce a recession for fear of harming consumer and business confidence and worsening the downturn ("Business cycles: theory, history, indicators and forecasting," Zarnowitz, 1992). But almost all the main economic and industrial indicators that provide a reliable guide to the business cycle confirm the economy has already slowed severely.

Read more of this story at Slashdot.

Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications -- including Apple's FaceID. But there is a catch. Doing so requires the victim to be out cold. From a report: Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim's FaceID and log into their phone simply by putting a pair of modified glasses on their face. By merely placing tape carefully over the lenses of a pair glasses and placing them on the victim's face the researchers demonstrated how they could bypass Apple's FaceID in a specific scenario. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up. To launch the attack, researchers with Tencent tapped into a feature behind biometrics called "liveness" detection, which is part of the biometric authentication process that sifts through "real" versus "fake" features on people. It works by detecting background noise, response distortion or focus blur. One such biometrics tool that utilizes liveness detection is FaceID, which is designed and utilized by Apple for the iPhone and iPad Pro. "With the leakage of biometric data and the enhancement of AI fraud ability, liveness detection has become the Achilles' heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture," researchers said during the Black Hat USA 2019 session.

Read more of this story at Slashdot.

Goldman Sachs is casting a wide net for customers of its new credit card with Apple, approving some subprime borrowers for the product. CNBC: The bank, which is in charge of deciding who gets the Apple Card, is accepting some applications from users with less-than-stellar credit scores, according to people with knowledge of the matter. Goldman began to make the card available to some Apple customers this week ahead of a broader rollout later this month. From the start, Apple wanted its bank partner to create a technology platform that would approve as many of its 100 million-plus U.S. iPhone users as possible, within the bounds of regulations and responsible lending, according to the people. That's in line with the tech giant's desire to provide a good user experience for its customers.

Read more of this story at Slashdot.

Robocall-blocking apps promise to rid your life of spoofed and spam phone calls. But are they as trustworthy as they claim to be? From a report: One security researcher said many of these apps can violate your privacy as soon as they are opened. Dan Hastings, a senior security consultant cybersecurity firm NCC Group, analyzed some of the most popular robocall-blocking apps -- including TrapCall, Truecaller, and Hiya -- and found egregious privacy violations. [...] Many of these apps, said Hastings, send user or device data to third-party data analytics companies -- often to monetize your information -- without your explicit consent, instead burying the details in their privacy policies. One app, TrapCall, sent users' phone numbers to a third-party analytics firm, AppsFlyer, without telling users -- either in the app nor in the privacy policy. He also found Truecaller and Hiya uploaded device data -- device type, model and software version, among other things -- before a user could accept their privacy policies.

Read more of this story at Slashdot.

An anonymous reader shares a report: For all its indignities, air travel is also surprisingly democratic -- people of all stripes and shades crammed together into a small metal tube and lofted into the sky. Some of them have service animals, some of which are a hair more exotic than a vested dog. This has caused some spirited debates. But on Thursday, the U.S. Department of Transportation issued its final guidance on the subject and added miniature horses to the list of service animals that can fly in any cabin. You may have some questions. Yes, miniature horses make great -- if rare -- service animals for those with emotional and physical disabilities. Standing 2-3 feet tall, weighing around 100 pounds, and often living 35 years or longer, they're not unlike large dogs in their comforting presence and ability to perform complex tasks. And yes, airlines have historically balked at the idea of seating a horse in Economy Plus. The DoT's statement notes that air carriers "have asked us to declare that a wide variety of species (e.g., birds...and animals with hooves or horns) constitute 'unusual service animals' that may be categorically banned." But with trained miniature horses officially recognized in the Americans with Disabilities Act as legitimate service animals, the agency has decided they must be able to fly. The declaration isn't a law per se, but it indicates that they'll punish U.S. airlines that violate it.

Read more of this story at Slashdot.

After months of conflicting statements from Huawei executives, the Chinese networking giant on Friday officially unveiled HarmonyOS, the much-anticipated microkernel-based, distributed operating system that it has developed to power smartphones, laptops, and smart home devices as the company attempts to reduce its reliance on American firms. From a report: HarmonyOS will be made available for deployment in smart screen products such as TV, smart watches, and in-vehicle infotainment systems later this year, said Richard Yu, CEO of the Huawei consumer division at company's developer conference. In next three years, Huawei, the world's second largest smartphone vendor, will look to bring HarmonyOS to more devices including smartphones, he said. Yu said, without offering any proofs, that HarmonyOS is "more powerful and secure than Android." He said HarmonyOS' IPC performance is five times that of Google's Fuchsia. The top executive also claimed that HarmonyOS' microkernel has "one-thousandth the amount of code in the Linux kernel. The company said it intends to continue to use Android moving forward, but HarmonyOS is officially its back-up plan if things go south. "We will prioritize Android for smartphones, but if we can't use Android, we will be able to install HarmonyOS quickly," Yu said.

Read more of this story at Slashdot.

Walmart is removing displays and signs of violent video games in its stores in the wake of two deadly shootings at its locations in Texas and Mississippi in recent weeks. From a report: "We've taken this action out of respect for the incidents of the past week, and this action does not reflect a long-term change in our video game assortment," Walmart spokeswoman Tara House said. Further reading: Violent Video Games Don't Cause Mass Shootings, Study Says; and Dear Walmart C.E.O.: You Have the Power to Curb Gun Violence. Do It. (Op-ed).

Read more of this story at Slashdot.

An anonymous reader quotes a report from CBC.ca: U.S.-based Chase Bank is forgiving all outstanding debt owed by users of its two Canadian credit cards: the Amazon.ca Rewards Visa and the Marriott Rewards Premier Visa. The bank retired both cards last year and said it's wiping out cardholders' debt to complete its exit from the Canadian credit card market. After 13 years in the Canadian market, Chase decided to fold its two Visa cards in March 2018. The bank -- which is part of global financial services firm JPMorgan Chase & Co. -- wouldn't say how many Canadians had signed up for the cards or how much debt was outstanding. Credit card rewards expert Patrick Sojka said Chase likely concluded that debt forgiveness was ultimately cheaper than continuing to collect credit card payments in Canada. But he's stumped as to why the bank didn't instead opt to sell the debt to a third-party debt collector, which would allow Chase to recoup some cash. Chase spokesperson Maria Martinez said in an email to CBC News: "Ultimately, we felt it was a better decision for all parties, particularly our customers."

Read more of this story at Slashdot.

Samsung axed the headphone jack from its newest Galaxy Note 10 and Note 10 Plus smartphones, removing a key feature that the company mocked Apple for removing in its iPhones. Samsung declined to mention the fact at yesterday's Note 10 event, and now they are attempting to hide its past advertisements. Android Authority reports: Over the past few years, there have been multiple high-profile Samsung ads that heavily criticized Apple's iPhone design limitations, specifically towards the removal of the headphone jack and the notched display on the iPhone X and XS. These ads are no longer on Samsung's official United States YouTube channel and appear to be erased from other official sources as well. One of the more prominent series of ads -- known as "Ingenius" -- center on an actor portraying an Apple employee as he tries to convince skeptical smartphone buyers to buy an iPhone. The customers all seem confused as they want certain things from the phone that it simply can't do, including headphone jacks, microSD card slots, and notch-less displays. Another prominent Samsung ad was called "Growing Up." The ad shows a young man going through various iterations of the iPhone over the years, getting increasingly frustrated with the limitations of each one. A memorable scene in the ad shows him using his iPhone with a giant dongle attached to it so he can use his wired headphones and charge the device at the same time. This ad also no longer appears on Samsung's official U.S. channel.

Read more of this story at Slashdot.