Peder

Gary Larson has released new comics for the The Far Side, the first strips since January 1995. Larson does however caution that this is "not a resurrection of The Far Side daily cartoons." He adds: "I'm just exploring, experimenting, and trying stuff." The Verge reports: The first of the new comics features bears, aliens, and taxidermy (all staples of The Far Side). The style is comfortably familiar, with two large exceptions: instead of watercolor, the new comics are done in digital brushstrokes that make the images feel more volumetric and vibrant than the original full-color cartoons. Also, the penned outlines, which exist in both the watercolor and black-and-white original comics, are almost entirely gone. The end result is images that evoke the feel of the old comics but are somehow a little less cartoony. The characters and elements all feel unified in the scene together. Both the style changes and the comic's return are due to the fact that Larson is now using a digital tablet. After years of frustration dealing with clogged pens and dried-up markers, Larson decided to give going digital a chance. "I was stunned at all the tools the thing offered, all the creative potential it contained. I simply had no idea how far these things had evolved," Larson writes in an opening letter for New Stuff, the title for his new works. "Perhaps fittingly, the first thing I drew was a caveman."

Read more of this story at Slashdot.

Oracle's Java magazine is celebrating the 25th anniversary of the programming language with a list of the 25 greatest Java apps ever written: From space exploration to genomics, from reverse compilers to robotic controllers, Java is at the heart of today's world. Here are a few of the countless Java apps that stand out from the crowd. The story of Java began in 1991, at a time when Sun Microsystems sought to extend their lead in the computer workstation market into the burgeoning personal electronics market. Little did anyone know that the programming language Sun was about to create would democratize computing, inspire a worldwide community, and become the platform for an enduring software development ecosystem of languages, runtime platforms, SDKs, open source projects, and lots and lots of tools. After a few years of secret development led by James Gosling, Sun released the landmark "write once, run anywhere" Java platform in 1995, refocusing it beyond its original design for interactive television to applications for the burgeoning World Wide Web. By the turn of the century, Java was animating everything from smartcards to space vehicles. Today, millions of developers program in Java. Although Java continues to evolve at an ever-faster pace, on the occasion of the platform's 25th anniversary, Java Magazine decided to take a look back at how Java molded our planet. What follows is a list of the 25 most ingenious and influential Java apps ever written, from Wikipedia Search to the US National Security Agency's Ghidra. The scope of these applications runs the gamut: space exploration, video games, machine learning, genomics, automotive, cybersecurity, and more. The list includes Eclipse, Minecraft, the Maestro Mars Rover controller, and "VisibleTesla," the open source app created by an automobile enthusiast to monitor and control his Tesla Model S.

Read more of this story at Slashdot.

In the summer of 2016, researchers at a digital rights organization and a cybersecurity firm announced they had caught one of the rarest fish in the cybersecurity ocean -- an in the wild attack against an iPhone, using unknown vulnerabilities inside Apple's vaunted operating system. Since then, only a handful of similar attacks have been caught and publicly disclosed. Now, a small startup said it has caught another one. From a report: ZecOps, a company based in San Francisco, announced on Wednesday that a few of its customers were targeted with two zero-day exploits for iOS last year. Apple will patch the vulnerability underlying these attacks on an upcoming release of iOS 13. "We concluded with high confidence that it was exploited in the wild," Zuk Avraham, the founder of ZecOps, told Motherboard. "One of [the vulnerabilities] we clearly showed that it can be triggered remotely, the other one requires an additional vulnerability to trigger it remotely." "These vulnerabilities," ZecOps researchers wrote in a report they published Wednesday, "are widely exploited in the wild in targeted attacks by an advanced threat operator(s) to target VIPs, executive management across multiple industries, individuals from Fortune 2000 companies, as well as smaller organizations such as MSSPs." One of the two vulnerabilities, according to Avraham, is what's known as a remote zero-click. This kind of attack is dangerous because it can be used by an attacker against anyone on the internet, and the target gets infected without any interaction -- hence the zero-click definition. Vulnerabilities or exploits called zero-days are bugs in software or hardware that are unknown to their manufacturers and can be used to hack targets. They can be particularly effective attacks because they use flaws that are not patched yet, meaning there's no code deployed to specifically defend against them.

Read more of this story at Slashdot.

Researchers have discovered that plants make airborne sounds when stressed, which they say "could open up a new field of precision agriculture where farmers listen for water-starved crops," reports New Scientist. From the report: Itzhak Khait and his colleagues at Tel Aviv University in Israel found that tomato and tobacco plants made sounds at frequencies humans cannot hear when stressed by a lack of water or when their stem is cut. Microphones placed 10 centimeters from the plants picked up sounds in the ultrasonic range of 20 to 100 kilohertz, which the team says insects and some mammals would be capable of hearing and responding to from as far as 5 meters away. A moth may decide against laying eggs on a plant that sounds water-stressed, the researchers suggest. Plants could even hear that other plants are short of water and react accordingly, they speculate. On average, drought-stressed tomato plants made 35 sounds an hour, while tobacco plants made 11. When plant stems were cut, tomato plants made an average of 25 sounds in the following hour, and tobacco plants 15. Unstressed plants produced fewer than one sound per hour, on average. It is even possible to distinguish between the sounds to know what the stress is. The researchers trained a machine-learning model to discriminate between the plants' sounds and the wind, rain and other noises of the greenhouse, correctly identifying in most cases whether the stress was caused by dryness or a cut, based on the sound's intensity and frequency. Water-hungry tobacco appears to make louder sounds than cut tobacco, for example. The study, which has not yet been published in a journal, can be found here.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: After years of inexplicably getting drunk without drinking alcohol, having mood swings and bouts of aggression, landing a DWI charge on the way to work one morning, and suffering a head injury in a drunken fall, an otherwise healthy 46-year-old North Carolina man finally got confirmation of having alcohol-fermenting yeasts overrunning his innards, getting him sloshed any time he ate carbohydrate-laden meals. Through the years, medical professionals and police officers refused to believe he hadn't been drinking. They assumed the man was lying to hide an alcohol problem. Meanwhile, he went to an untold number of psychiatrists, internists, neurologists, and gastroenterologists searching for answers. Those answers only came after he sought help from a support group online and then contacted a group of researchers at Richmond University Medical Center in Staten Island, New York. By then, it was September of 2017 -- more than seven years after his saga began. The New York researchers finally confirmed that he had a rarely diagnosed condition called "auto-brewery syndrome." From there, the researchers started him on powerful anti-fungal medications to try to clear the boozy germs from his system. But he relapsed just weeks later after sneaking some forbidden pizza and soda. The researchers tried again, giving him an even stronger round of anti-fungal drugs, this time through a tube directly into his veins (central catheter). By February of 2018, tests indicated he was free of the fermenting fungi. He went back to eating his normal diet and passed his daily breathalyzer tests. He has stayed that way since, the researchers report.

Read more of this story at Slashdot.

"Online marketplace eBay has revealed how it boosted performance of a demanding web app by 50x using WebAssembly," reports TechRepublic: The "astonishing" speed-up after switching from a JavaScript-based to a largely WebAssembly-based web app was detailed by the eBay engineering team, who say the performance boost helped make it possible to build a highly-accurate barcode scanner as a web app... a feature it offers in its Android and iOS apps to allow sellers to scan items they are auctioning. "WebAssembly was different. It has tremendous potential, we just did not have the right use case. Well, that changed recently," write the eBay software engineering team. One of the advantages of WebAssembly (Wasm) is that it offers code portability for a variety of languages, allowing developers to take code they've written for other platforms and compile to WebAssembly so it can run in major web browsers. Consequently eBay was able to take the existing version of its barcode scanner written in C++ and compile that to Wasm using Emscripten, adopting the Docker and Node.js-based approach outlined here. After a few minor teething problems, the eBay team were able to run the barcode scanner in the browser, using a Worker thread and JavaScript glue code. The Wasm-based scanner was able to process images of the barcode at 50 Frames per Second (FPS), compared to about 1FPS in an earlier JavaScript-based scanner eBay had tested, a speed-up the team described as "astonishing". Unfortunately, the Wasm code only successfully completed scans 60% of the time, because it wasn't using the inbuilt APIs available for the C++ code to either autofocus or provide user tap focus for the center of the scanned object. eBay's team ultimately ended up implementing three separate worker threads running the Wasm code, the open-source barcode reader ZBar, and their original JavaScript-based scanner code. "The winning response (i.e. the first one to send a valid barcode) is sent to the main thread, and all workers are terminated... With three threads racing against each other, the success rate was indeed close to 100%."

Read more of this story at Slashdot.

In a report published Thursday, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors. From a report: The collective, calling itself "Fxmsp," is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims. Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that his company notified "the potential victim entities" of the breach through partner organizations; it also provided the details to US law enforcement. In March, Fxmsp offered the data "through a private conversation," Boguslavskiy said. "However, they claimed that their proxy sellers will announce the sale on forums."

Read more of this story at Slashdot.

A flaw in Huawei Matebook laptops, found by Microsoft researchers, could have been used to take control of machines. From a report: The "sophisticated flaw" had probably been introduced at the manufacturing stage, one expert told BBC News. Huawei is under increasing scrutiny around the world over how closely it is tied to the Chinese government. The company, which denies any collusion with Beijing, corrected the flaw after it was notified about it in January. Prof Alan Woodward, a computer security expert based at Surrey University, told BBC News the flaw had the hallmarks of a "backdoor" created by the US's National Security Agency to spy on the computers of targets. That tool was leaked online and has been used by a wide variety of hackers, including those who are state-sponsored and criminal gangs. "It was introduced at the manufacture stage but the path by which it came to be there is unknown and the fact that it looks like an exploit that is linked to the NSA doesn't mean anything," Prof Woodward said.

Read more of this story at Slashdot.

Adiantum is a new form of encryption that we built specifically to run on phones and smart devices that don’t have the specialized hardware to use current methods to encrypt locally stored data efficiently. Adiantum is designed to run efficiently without that specialized hardware. This will make the next generation of devices more secure than their predecessors, and allow the next billion people coming online for the first time to do so safely. Adiantum will help secure our connected world by allowing everything from smart watches to internet-connected medical devices to encrypt sensitive data. (For more details about the ins and outs of Adiantum, check out the security blog.) Encryption should be available on every single Android phone, not just the high-end, expensive models only the lucky few in the world can afford. Good move.

Linuz Henze, a credible researcher, has revealed an exploit that in a single button press can reveal the passwords in a Mac's keychain. From a report: Keychain is where macOS stores most of the passwords used on the machine, ranging from iMessage private encryption keys to certificates, secured notes, Wi-Fi, and other Apple hardware passwords, app passwords, and web passwords. A pre-installed app called Keychain Access enables users to view the entire list of stored items, unlocking each one individually by repeatedly entering the system password, but Henze's KeySteal exploit grabs everything with a single press of a "Show me your secrets" button. While the demo is run on a 2014 MacBook Pro without Apple's latest security chips, Henze says that it works "without root or administrator privileges and without password prompts, of course." It appears to work on the Mac's login and system keychains, but not iCloud's keychain. Generally, white hat security researchers publicly reveal flaws like this only after informing the company and giving it ample time to fix the issues. But Henze is refusing to assist Apple because it doesn't offer paid bug bounties for macOS.

Read more of this story at Slashdot.

Around 70 percent of all the vulnerabilities in Microsoft products addressed through a security update each year are memory safety issues; a Microsoft engineer revealed last week at a security conference. From a report: Memory safety is a term used by software and security engineers to describe applications that access the operating system's memory in a way that doesn't cause errors. Memory safety bugs happen when software, accidentally or intentionally, accesses system memory in a way that exceeds its allocated size and memory addresses. Users who often read vulnerability reports come across terms over and over again. Terms like buffer overflow, race condition, page fault, null pointer, stack exhaustion, heap exhaustion/corruption, use after free, or double free -- all describe memory safety vulnerabilities. Speaking at the BlueHat security conference in Israel last week, Microsoft security engineer Matt Miller said that over the last 12 years, around 70 percent of all Microsoft patches were fixes for memory safety bugs.

Read more of this story at Slashdot.

In what appears to be a first on the cyber-espionage scene, a nation-state-backed hacking group has used a Google Chrome extension to infect victims and steal passwords and cookies from their browsers. From a report: This is the first time an APT (Advanced Persistent Threat -- an industry term for nation-state hacking groups) has been seen (ab)using a Chrome extension, albeit it's not the first time one has used a browser extension, as the Russian-linked Turla APT previously used a Firefox add-on in 2015. According to a report that's going to be published later today by the ASERT team at Netscout reveals the details of a spear-phishing campaign that's been pushing a malicious Chrome extension since at least May 2018. Hackers used spear-phishing emails to lure victims on websites copied from legitimate academic organizations. These phishing sites, now down, showed a benign PDF document but prevented users from viewing it, redirecting victims to the official Chrome Web Store page to install a (now removed) Chrome extension named Auto Font Manager.

Read more of this story at Slashdot.

Intel on Tuesday disclosed three more possible flaws in some of its microprocessors that can be exploited to gain access to certain data from computer memory. From a report: Its commonly used Core and Xeon processors were among the products that were affected, the company said. "We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," the company said in a blog post. Intel also released updates to address the issue and said new updates coupled those released earlier in the year will reduce the risk for users, including personal computer clients and data centres. In January, the company came under scrutiny after security researchers disclosed flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM.

Read more of this story at Slashdot.

When major smartphone manufacturers talk about growth, they generally target three different markets: China, which is the biggest; the United States, which is highly influential and profitable; and the rest. India will soon rise from the latter pile, but until it does, Europe might be the most interesting battleground for the respective companies dominating the US and Chinese spheres. Until very recently, Western Europe looked a lot like the United States, with Samsung commanding more than a third of the market, Apple in a close second spot, and minnows picking up the scraps. But IDC's latest data, as provided to The Verge, shows China's Huawei enjoying a meteoric rise since the start of 2017. Yes, the same Huawei that the US government advises its citizens to avoid.

Huawei is marketing quite aggressively over here, but I still haven't seen any of their phones in the wild. It's exclusively Samsung and Apple, so far.

Ostracus shares a report from Computerworld, written by Steven J. Vaughan-Nichols: Microsoft is getting ready to replace Windows 10 with the Microsoft Managed Desktop. This will be a "desktop-as-a-service" (DaaS) offering. Instead of owning Windows, you'll "rent" it by the month. Microsoft Managed Desktop is a new take. It avoids the latency problem of the older Windows DaaS offerings by keeping the bulk of the operating system on your PC. But you'll no longer be in charge of your Windows PC. Instead, it will be automatically provisioned and patched for you by Microsoft. Maybe you'll be OK with that. Microsoft has been getting away from the old-style desktop model for years now. Just look at Office. Microsoft would much rather have you rent Office via Office 365 than buy Microsoft Office and use it for years. Microsoft Managed Desktop is the first move to replacing "your" desktop with a rented desktop. By 2021, I expect the Managed Desktop to be to traditional Windows what Office 365 is to Office today: the wave of the future. Or maybe tsunami, depending on your perspective. I'm not happy with this development. I'm old enough to remember the PC revolution. We went from depending on mainframes and Unix boxes for computing power to having the real power on our desktops. It was liberating. Now Microsoft, which helped lead that revolution, is trying to return us to that old, centralized control model.

Read more of this story at Slashdot.

The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system. This release brings stability improvements, hundreds of bug fixes, and many new features.

Major changes are a rework of the USB stack and the addition of USB 3.0 support and Spectre and Meltdown mitigations.

Troy Hunt, web security expert and creator of the website Have I Been Pwned (HIBP), wrote a blog post announcing his partnerships with Firefox and 1Password. For those unfamiliar with the site, Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised. The service is especially handy now that data breaches are becoming a daily occurrence. Hunt writes: Last November, there was much press about Mozilla integrating HIBP into Firefox. I was a bit surprised at the time as it was nothing more than their Breach Alerts feature which simply highlighted if the site being visited had previously been in a data breach (it draws this from the freely accessible breach API on HIBP). But the press picked up on some signals which indicated that in the long term, we had bigger plans than that and the whole thing got a heap of very positive attention. I ended up fielding a heap of media calls just on that one little feature - people loved the idea of HIBP in Firefox, even in a very simple form. As it turns out, we had much bigger plans and that's what I'm sharing here today. Over the coming weeks, Mozilla will begin trialling integration between HIBP and Firefox to make breach data searchable via a new tool called "Firefox Monitor." Here's what Hunt has to say about 1Password: As of now, you can search HIBP from directly within 1Password via the Watchtower feature in the web version of the product. This helps Watchtower become "mission control" for accounts and introduces the "Breach Report" feature. If you're a 1Password user you can use this feature right now, just head on over to the 1Password login page.

Read more of this story at Slashdot.

Slashdot reader ttsiod is an embedded software engineer at the European Space Agency, and shares this story about his quest to "dominate" his new tablet: Just like it's predecessor, I wanted to run a Debian chroot inside it -- that would allow me to apt-get install and run things like Privoxy, SSH SOCKS/VPN tunnels, Flask mini-servers, etc; and in general allow me to stay in control. But there was no open-source way to do this... and I could never trust "one-click roots" that communicate with servers in China... It took me weeks to reverse engineer my tablet -- and finally succeed in becoming root. The journey was quite interesting, and included both hardware and software tinkering. I learned a lot while doing it -- and wanted to share the experience with my fellow Slashdotters... He writes that "I trust Debian. Far more than I trust the Android ecosystem," and describes everything from how he probed the boot process and created his own boot image to hunting for a way "to tell SELinux to get off my lawn".

Read more of this story at Slashdot.

BrianFagioli writes: While there is no proof that anything nefarious is afoot, it does feel like maybe the Windows-maker is hijacking the Linux movement a bit by serving distros in its store. I hope there is no "embrace, extend, and extinguish" shenanigans going on. Just yesterday, we reported that Kali Linux was in the Microsoft Store for Windows 10. That was big news, but it was not particularly significant in the grand scheme, as Kali is not very well known. Today, there is some undeniably huge news -- Debian is joining SUSE, Ubuntu, and Kali in the Microsoft Store. Should the Linux community be worried? My concern lately is that Microsoft could eventually try to make the concept of running a Linux distro natively a thing of the past. Whether or not that is the company's intention is unknown. The Windows maker gives no reason to suspect evil plans, other than past negative comments about Linux and open source. For instance, former Microsoft CEO Steve Ballmer once called Linux "cancer" -- seriously.

Read more of this story at Slashdot.

Two independent Israeli researchers found a way for an attacker to bypass the lock protection on Windows machines and install malware by using voice commands directed at Cortana, the multi-language, voice-commanded virtual assistant that comes embedded in Windows 10 desktop and mobile operating systems. From a report: Tal Be'ery and Amichai Shulman found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use https -- that is, a web address that does not encrypt traffic between a user's machine and the website. The attacker's malicious network adapter then intercepts the web session to send the computer to a malicious site instead, where malware downloads to the machine, all while the computer owner believes his or her machine is protected.

Read more of this story at Slashdot.

wiredmikey quotes SecurityWeek: Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks... On Wednesday, antivirus testing firm AV-TEST told SecurityWeek that it has obtained 139 samples from various sources, including researchers, testers and antivirus companies... Fortinet, which also analyzed many of the samples, confirmed that a majority of them were based on available proof of concept code. Andreas Marx, CEO of AV-TEST, believes different groups are working on the PoC exploits to determine if they can be used for some purpose. "Most likely, malicious purposes at some point," he said.

Read more of this story at Slashdot.

BrianFagioli writes: While Microsoft has long been viewed as an enemy of the Linux community -- and it still is by some -- the company has actually transformed into an open source champion. One of Microsoft's biggest Linux contributions, however, is Skype -- the wildly popular communication software. By offering that program to desktop Linux users, Microsoft enables them to easily communicate with friends and family that aren't on Linux, thanks to its cross-platform support. Today, Microsoft further embraces Linux by releasing Skype as a Snap. This comes after two other very popular apps became available in Snap form -- Spotify and Slack. "Skype is used by millions of users globally to make free video and voice calls, send files, video and instant messages and to share both special occasions and everyday moments with the people who matter most. Skype has turned to snaps to ensure its users on Linux, are automatically delivered to its latest versionupon release. And with snaps' roll-back feature, whereby applications can revert back to the previous working version in the event of a bug, Skype's developers can ensure a seamless user experience," says Canonical.

Read more of this story at Slashdot.

Catalin Cimpanu, writing for BleepingComputer: Attackers can use sound waves to interfere with a hard drive's normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations. The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD's data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect. Because hard drives store vasts amounts of information inside small areas of each platter, they are programmed to stop all read/write operations during the time a platter vibrates so to avoid scratching storage disks and permanently damaging an HDD. Last week, scientists from the Princeton and Purdue universities published new research into the topic, expanding on the previous findings with the results of additional practical tests. The research team used a specially crafted test rig to blast audio waves at a hard drive from different angles, recording results to determine the sound frequency, attack time, distance from the hard drive, and sound wave angle at which the HDD stopped working.

Read more of this story at Slashdot.

Quartz has published a video on YouTube about two entrepreneurs who have figured out how to heat their homes for free by mining bitcoin. The "miner" -- that is, the machine mining the bitcoins -- warms up liquid that is then transferred to the underfloor heating system. The cottage has two miners, which bring in about $430 per month from processing bitcoin transactions -- all while keeping the 20 square meter space warm.

Read more of this story at Slashdot.

Andy Greenberg, writing for Wired:At today's Ekoparty security conference, security firm Duo plans to present research on how it delved into the guts of tens of thousands of computers to measure the real-world state of Apple's so-called extensible firmware interface, or EFI. This is the firmware that runs before your PC's operating system boots and has the potential to corrupt practically everything else that happens on your machine. Duo found that even Macs with perfectly updated operating systems often have much older EFI code, due to either Apple's neglecting to push out EFI updates to those machines or failing to warn users when their firmware update hits a technical glitch and silently fails. For certain models of Apple laptops and desktop computers, close to a third or half of machines have EFI versions that haven't kept pace with their operating system system updates. And for many models, Apple hasn't released new firmware updates at all, leaving a subset of Apple machines vulnerable to known years-old EFI attacks that could gain deep and persistent control of a victim's machine.

Read more of this story at Slashdot.

Researchers caught the bacteria Mycoplasma hyorhinis hiding out among cancer cells, thwarting chemotherapy drugs intended to treat the tumors they reside in. The findings have been published this week in Science. Ars Technica reports: Drug resistance among cancers is a "foremost challenge," according to the study's authors, led by Ravid Straussman at the Weizmann Institute of Science. Yet the new data suggest that certain types of drug-resistant cancers could be defeated with a simple dollop of antibiotics alongside a chemotherapy regimen. Dr. Straussman and his colleagues got a hunch to look for the bacteria after noticing that, when they grew certain types of human cancer cells together in lab, the cells all became more resistant to a chemotherapy drug called gemcitabine. This is a drug used to treat pancreatic, lung, breast, and bladder cancers and is often sold under the brand name Gemzar. The researchers suspected that some of the cells may secrete a drug-busting molecule. So they tried filtering the cell cultures to see if they could catch it. Instead, they found that the cell cultures lost their resistance after their liquid broth passed through a pretty large filter -- 0.45 micrometers. This would catch large particles -- like bacteria -- but not small molecules, as the researchers were expecting. Looking closer, the researchers noticed that some of their cancer cells were contaminated with M. hyorhinis. And these bacteria could metabolize gemcitabine, rendering the drug useless. When the researchers transplanted treatable cancer cells into the flanks of mice -- some with and some without M. hyorhinis -- the bacteria-toting tumors were resistant to gemcitabine treatment.

Read more of this story at Slashdot.

Adam Nossiter, David E. Sanger, and Nicole Perlroth, reporting for the New York Times: Everyone saw the hackers coming. The National Security Agency in Washington picked up the signs. So did Emmanuel Macron's bare-bones technology team. And mindful of what happened in the American presidential campaign, the team created dozens of false email accounts, complete with phony documents, to confuse the attackers (Editor's note: the link could be paywalled; alternative source). The Russians, for their part, were rushed and a bit sloppy, leaving a trail of evidence that was not enough to prove for certain they were working for the government of President Vladimir V. Putin but which strongly suggested they were part of his broader "information warfare" campaign. The story told by American officials, cyberexperts and Mr. Macron's own campaign aides of how a hacking attack intended to disrupt the most consequential election in France in decades ended up a dud was a useful reminder that as effective as cyberattacks can be in disabling Iranian nuclear plants, or Ukrainian power grids, they are no silver bullet. The kind of information warfare favored by Russia can be defeated by early warning and rapid exposure.

Read more of this story at Slashdot.

An anonymous reader writes from a report via Bleeping Computer: Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month, on April 10. The attack, which the company claimed was a "malicious hacking event," was the work of BrickerBot, an IoT malware family that bricks unsecured IoT and networking devices. "BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity." The crook, going by Janit0r, tried to pin some of the blame on Mirai, but all the clues point to BrickerBot, as Sierra Tel had to replace bricked modems altogether, or ask customers to bring in their modems at their offices to have them reset and reinstalled. Mirai brought down over 900,000 Deutsche Telekom modems last year, but that outage was fixed within hours with a firmware update. All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.

Read more of this story at Slashdot.

Motherboard carries a report that with equipment valued at about $3,000, a group of Israeli researchers have been able to extract cryptographic keys from a laptop that is not only separated by a physical wall, but protected by an air gap. This, they say, "is the first time such an approach has been used specifically against elliptic curve cryptography running on a PC." From the article: The method is a so-called side-channel attack: an attack that doesn't tackle an encryption implementation head on, such as through brute force or by exploiting a weakness in the underlying algorithm, but through some other means. In this case, the attack relies on the electromagnetic outputs of the laptop that are emitted during the decryption process, which can then be used to work out the target's key. Specifically, the researchers obtained the private key from a laptop running GnuPG, a popular implementation of OpenPGP. (The developers of GnuPG have since released countermeasures to the method. Tromer said that the changes make GnuPG âoemore resistant to side-channel attack since the sequence of high-level arithmetic operations does not depend on the secret key.â)

Read more of this story at Slashdot.

Andrey_Karpov writes: Svyatoslav Razmyslov from PVS-Studio Team published an article on the check of the FreeBSD kernel. PVS-Studio developers are known for analyzing various projects to show the abilities of their product, and do some advertisement, of course. Perhaps, this is one of the most acceptable and useful ways of promoting a proprietary application. They have already checked more than 200 projects and detected 9355 bugs. At least that's the number of bugs in the error base of their company. So now it was FreeBSD kernel's turn. The source code was taken from GitHub 'master' branch. Svyatoslav states that PVS-Studio detected more than 1000 suspicious code fragments that are most likely bugs or inaccurate code. He described 40 of them in the article. The list of warnings was given to the FreeBSD developer team and they have already started editing the code. A couple of words for programmers who are still not familiar with PVS-Studio. PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++ and C#. It performs static code analysis and generates a report that helps a programmer find and fix the errors in the code. You can see a more detailed description of the tool on the company website and download a trial version.

Read more of this story at Slashdot.