02:25 Re: U.S. DST change proposals and WWVB radio clocks

> ... I'm aware of California and Florida, for example. At least one
> Canadian province (British Columbia) is considering doing the same.

Massachusetts, too.

For some reason, states can opt out of DST, but they can't opt for
year-round DST, so if FL or MA does year round DST, they will have to do it
by moving to the AST time zone with no DST.

If the clocks don't already handle AST, they're not really fit for purpose,
since Puerto Rico and the USVI have been on AST for a century.

02:25 App notification for a stranger on my phone

My health insurance provider is the largest provider in my state. They have
an iPhone app that can provide alerts for new claims, explanations of
benefits, and other related data.

About 5 minutes ago I got a notification with wording something like this:

 “The security questions for Carmello have been updated.''

I'm not Carmello; I don't know anyone by that name.

Perhaps coincidentally (though probably not), attempts to log into the app
now fail. When I just now tried to log into the website, I got this vague
error:

 “Error - We're sorry, login isn't available at this time. Please log in
 again later.''

Will I soon be reading about a big data breach at this insurer? I won't be
surprised.

02:25 Missing Author

https://www.nytimes.com/2019/03/17/us/politics/huawei-ban.html

The Trump administration's effort to ban Huawei from overseas wireless
networks has suffered from questions over whether the Chinese telecom
company poses a threat.

02:25 Tech's Moral Void

https://www.cbc.ca/radio/ideas/tech-s-moral-void-1.5056316

02:25 Hashing to prevent spread of hate videos?

The general media has (temporarily) discovered hashing.
https://lite.cnn.io/en/article/h_f53c07f70ccd1b7fd21d53163da2c280

I predict a short run of calls for social media platforms to use it to
prevent the spread of hate videos, violent videos, revenge pr0n, etc, etc,
etc.

I've seen hashing in use for some time. Fifteen years ago it was very
popular as the increase in the number of viruses exploded. Not so long ago
Facebook tried using it in an odd, rather futile, and foolish attempt to
prevent revenge pr0n. It's been used to prevent the theft of music and
video as intellectual property for some time.

It works, a bit, but not terribly well.

The idea is to detect something you don't want spread, and then take a hash
of it. You can then search, relatively quickly, and compare that hash value
against the hash values of either existing files, or newly uploaded files
(depending upon your application).

I said "relatively" quickly. One of the people quoted in that article said
"It's exceedingly fast." It's exceedingly fast compared to more detailed
forms of analysis. But when around 10 *hours* of video are uploaded to
YouTube alone every *second* (anybody have current statistics?) ... well,
hashing does take some time, and little bits add up. And then there is the
time to compare every hash against every other hash ...

And hashing works only if nothing has been changed. After all, hash values
are used, sometimes in digital signatures or certificates, to ensure that
something hasn't changed. Again, someone in the article referred to
"'robust' hashing—a method that should be able to detect variations on
re-uploads." That's an interesting use of the word "robust." I'd think
most people in the crypto field would think of a "robust" hash as one that
would detect any changes, not one that would allow some changes and still
match. But, quite aside from the use of the word "robust," making a hash
that will accept some changes and still detect "similar" is a non-trivial
task. And such a hash function would likely take even more time to run.

It's easy to use hashes to catch direct and identical copies. But videos
can be modified in all kinds of ways. They can be edited for length, cut
into collections, processed to add comments, or even just drop a few packets
during streaming. Any or all of these events could mean that a hash value
will not match.

No, I don't think hashing will be the silver bullet people are looking for ...

02:25 A slew of CEOs charged in alleged college entrance cheating scam

A slew of CEOs charged in alleged college entrance cheating scam
https://www.cnbc.com/2019/03/12/a-slew-of-ceos-are-charged-in-alleged-college-entrance-cheating-scam.html

FBI accuses wealthy parents, including celebrities, in college-entrance
bribery scheme
https://www.washingtonpost.com/world/national-security/fbi-accuses-wealthy-parents-including-celebrities-in-college-entrance-bribery-scheme/2019/03/12/d91c9942-44d1-11e9-8aab-95b8d80a1e4f_story.html

College admissions bribery scheme affidavit
https://games-cdn.washingtonpost.com/notes/prod/default/documents/d216435e-e073-41f6-b6fa-33ed835d053d/note/1310d5d4-ef15-4ea9-ad35-5edaac10cbb5.pdf

College Admissions Scandal: Actresses, Business Leaders and Other Wealthy Parents Charged
https://www.nytimes.com/2019/03/12/us/college-admissions-cheating-scandal.html

>From 'master coach' to a bribery probe: A college consultant who went off the rails
https://www.washingtonpost.com/local/education/from-master-coach-to-a-bribery-probe-a-college-consultant-who-went-off-the-rails/2019/03/12/3e3a6bfe-4501-11e9-aaf8-4512a6fe3439_story.html

Why the College-Admissions Scandal Is So Absurd
For the parents charged in a new FBI investigation, crime was a cheaper and
simpler way to get their kids into elite schools than the typical advantages
wealthy applicants receive.
https://www.theatlantic.com/education/archive/2019/03/college-admissions-scandal-fbi-targets-wealthy-parents/584695/

Kids Are the Victims of the Elite-College Obsession: Too many families are
focusing on college prep, molding the student to fit a school.
https://www.theatlantic.com/ideas/archive/2019/03/college-bribe-scandal-shows-elite-college-obsession/584719/

 [Also:
https://www.cnn.com/2019/03/12/us/college-admissions-scheme-how-it-worked/index.html
 College scam mastermind Photoshopped students' faces onto athletes:
 prosecutors (NY Post):
https://nypost.com/2019/03/12/college-scam-mastermind-photoshopped-students-faces-onto-athletes/
 PGN]

02:25 "Security Holes Found in Big Brand Car Alarms"

Dan Simmons, BBC News, 8 Mar 2019, via ACM TechNews; Friday, March 15, 2019

Security researchers in the U.K. have found vulnerabilities in three popular
smart car alarm apps, making vehicles susceptible to theft or hijacking. The
apps--from the companies Clifford, Viper, and Pandora--control alarms in 3
million vehicles. For example, Pandora Alarms, which had hyped its system as
"unhackable," was found to permit users to reset passwords for any account,
enabling hackers to activate car alarms, unlock vehicle doors, and start
engines. The researchers also determined Clifford's app had a bug that
allowed them to use a legitimate account to access other users' profiles,
then alter the passwords for those accounts and take control. Viper and
Clifford parent firm Directed has corrected the bug, while Pandora also said
it has upgraded security. Alan Woodward at the University of Surrey said it
was "disappointing" that relatively simple vulnerabilities had been
introduced by security companies.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-1ed98x21ae50x069377&

02:25 Women face greater threat from job automation than men: Study

https://www.straitstimes.com/world/united-states/women-face-greater-threat-from-job-automation-than-men-study

"Women across the economic spectrum are more vulnerable than men to losing
their jobs to technology, according to a study released on Wednesday (March
13) by the Institute for Women's Policy Research.

"Among the positions with more than a 90 per cent chance of becoming
automated were administrative assistant, office clerk, bookkeeper and
cashier, all fields dominated by women.

"We're already seeing some of that with tasks being replaced by computers,"
said Ms Chandra Childers, the study director and a senior researcher at the
IWPR."

Risk: Gender inequality intensified by technology.

02:25 Companies are leaking sensitive files via Box accounts

Catalin Cimpanu for Zero Day | 11 Mar 2019
Companies are leaking sensitive files via Box accounts
Leaks discovered at Apple, the Discovery Channel, Herbalife,
Schneider Electric, and even Box itself.

https://www.zdnet.com/article/companies-are-leaking-sensitive-files-via-box-accounts/

Companies that use Box.com as a cloud-based file hosting and sharing system
might be accidentally exposing internal files, sensitive documents, or
proprietary technology.

The problem lies with Box.com account owners who don't set a default access
level of "People in your company" for file/folder sharing links, leaving all
newly created links accessible to the public.

 [What about having a warning message such as 'Warning: The default access
 has not been set to "People in your company". This is dangerous as
 outsiders could access information that should remain private.? Do you
 wish to change this?' [Yes] [Why Not?]]

If the organization also allows users to customize the link with vanity URLs
instead of using random characters, then the links of these files can be
guessed using dictionary attacks.

 [Risk: Calling it a "vanity" URL. Being able to specify a URL is useful
 for mnemonic reasons. Is someone going to think the reason for specifying
 the name is vanity?]

This is what Adversis did last year. The company says it scanned Box.com for
accounts belonging to large companies and attempted to guess vanity URLs of
files or folders that employees shared in the past.

Its efforts weren't in vain. In a report published today, Adversis said it
found a trove of highly sensitive data such as:
 [the usual sort of stuff: were you really expecting something else?]

Most of these file leaks have been fixed, and Box notified all customers
last September of the dangers of using incorrect access permissions for
Box.com share links.

"We provide admins tools to run various reports on open links across their
enterprise, as well as to disable open and custom URLs for their
enterprise," a Box spokesperson told us via email. "Admins can also ensure
that 'People in the Company' is the default setting for all shared links to
limit the potential for a user to set a [file] as public inadvertently."

 [What about making such a scan being the default action?]

02:25 When your IoT goes dark: Why every device must be open source and multicloud

Earlier this month, owners of the Jibo personal social robot—a servomotor
animated smart speaker with a friendly circular display "face" that
underwent $73 million of venture capital funding—saw their product's
cloud services go dark after the company had its assets sold to SQN Ventures
Partners in late 2018.

The robot, aware of its impending demise, alerted owners with a sad farewell
message:

 “While it's not great news, the servers out there that let me do what I
 do are going to be turned off soon. I want to say I've really enjoyed our
 time together. Thank you very, very much for having me around. Maybe
 someday, when robots are way more advanced than today, and everyone has
 them in their homes, you can tell yours that I said hello. I wonder if
 they'll be able to do this.''

What Jibo, no `Daisy'? So disappointing.

https://www.zdnet.com/article/when-your-iot-goes-dark-why-every-device-must-be-open-source-and-multicloud/

02:25 World of hurt: GoDaddy, Apple, and Google misissue >1M certificates

https://arstechnica.com/information-technology/2019/03/godaddy-apple-and-google-goof-results-in-1-million-misissued-certificates/

02:25 Toyota patents system to dispense tear gas on car thieves

The website autoblog says:

 The patent includes a system that will release tear gas into the car. The
 noxious gas is piped in when the vehicle detects an illegitimate engine
 start.

https://www.autoblog.com/2019/03/11/toyota-patent-tear-gas-anti-theft/

What could possibly go wrong?

02:25 Cancer Patients Are Getting Robotic Surgery; there's no evidence it's better

https://www.nytimes.com/2019/03/11/health/robotic-surgery-cancer.html

This essay compares surgical outcomes of traditional v. minimally invasive
(robotic-assist) surgery for cervical cancer. It also discusses use of
robotic-assist surgery for off-label purposes.

Between 01/01/2017 and 02/28/2019, the FDA's MAUDE (Manufacturer and User
Facility Device Experience) database reports the following events: 29
deaths, 72 injuries, 306 malfunctions, and 10 other attributed to Brand
Name: da vinci, Manufacturer: intuitive, and product code: nay (System,
Surgical, Computer Controlled Instrument).

https://seer.cancer.gov/statfacts/html/cervix.html estimates 13,240
cases of cervical cancer and 4170 deaths from the disease in 2018.

I cannot find a definitive reference for the total number of field deployed
Da Vinci units, nor a total count of surgeries between 01JAN2017 and
28FEB2019. These figures are probably closely guarded by Intuitive Surgical,
the Da Vinci's manufacturer.

Risk: Patient outcome, including death.

Refer to earlier comp.risks contributions on Da Vinci and robotic surgery.
http://catless.ncl.ac.uk/Risks/22/36#subj5.1
http://catless.ncl.ac.uk/Risks/26/06#subj4.1
http://catless.ncl.ac.uk/Risks/30/89#subj13.1

02:25 How Artificial Intelligence Could Transform Medicine

https://www.nytimes.com/2019/03/11/well/live/how-artificial-intelligence-could-transform-medicine.html

In Deep Medicine," Dr. Eric Topol looks at the ways that A.I. could improve
health care, and where it might stumble.

02:25 American Airlines takes jets out of service, cancels flights due to overhead-bin problem

https://www.cnbc.com/2019/03/07/american-airlines-overhead-bins-leads-to-flight-cancelations.html

02:25 Boeing promised pilots a 737 software fix last year, but they're still waiting

https://www.nytimes.com/2019/03/14/business/boeing-737-software-update.html

Comprehensive avionics software qualification of operational flight plans --
that stuff blown into PROMs or CPLDs—requires exceptional organizational
maturity to achieve.

One life-cycle maturity indicator resides in collaterals: test plans, test
results, qualification wall-clock duration, and top-10 defect escapes. These
data points can indicate production defect escape suppression effectiveness.

Few, if any, businesses willingly publish this content. Correlate it across
industrial competition and against mitre.org CVEs to enable and guide
consumer purchase decisions. Open source "eyes" help to identify code
defects before publication. Shouldn't commercial-grade mission critical
software stacks rely on an equivalent inspection mechanism to suppress
production defect escape potential? IP protection is important, but so are
the life-critical nature of the product, brand resilience, and the end-user.

In Boeing's case, there appears to be a maturity gap. Repair deployment
delay is one, and deficient transition/training of new capabilities is
another, especially in light the emphasis to "reduce deployment and airline
operational costs."

Risk: Change management maturity deficiency and opaque industrial operations
conceal defective product.

 [Earlier items:
https://www.seattletimes.com/business/boeing-aerospace/pressure-on-boeing-grows-as-europe-grounds-the-737-max/
https://www.wsj.com/articles/boeing-tries-to-limit-the-fallout-11552523380
https://theaircurrent.com/aviation-safety/the-world-pulls-the-andon-cord-on-the-737-max/
https://www.nytimes.com/interactive/2019/03/13/world/boeing-737-crash-investigation.html

Later items:
 The Aerospace Newcomer Whose Data Helped Make the Difference on Grounding
 the 737 MAX
http://www.wsj.com/articles/aerospace-upstart-changes-how-planes-are-tracked-11552590711
 Also, *The Seattle Times* today (18Mar2019) has some outstanding reporting:
https://www.seattletimes.com/business/boeing-aerospace/failed-certification-faa-missed-safety-issues-in-the-737-max-system-implicated-in-the-lion-air-crash/

 PGN]

02:25 The Rapid Decline Of The Natural World Is A Crisis Even Bigger Than Climate Change

*A three-year UN-backed study from the Intergovernmental Science-Policy
Platform On Biodiversity and Ecosystem Services has grim implications for
the future of humanity.*

EXCERPT:

Nature is in freefall and the planet's support systems are so stretched
that we face widespread species extinctions and mass human migration unless
urgent action is taken. That's the warning hundreds of scientists are
preparing to give, and it's stark.

The last year has seen a slew of brutal and terrifying warnings about the
threat climate change poses to life. Far less talked about but just as
dangerous, if not more so, is the rapid decline of the natural world. The
felling of forests, the over-exploitation of seas and soils, and the
pollution of air and water are together driving the living world to the
brink, according to a huge three-year, U.N.-backed landmark study to be
published in May.

The study from the Intergovernmental Science-Policy Platform On
Biodiversity and Ecosystem Services (IPBES), expected to run to over 8,000
pages, is being compiled by more than 500 experts in 50 countries. It is
the greatest attempt yet to assess the state of life on Earth and will show
how tens of thousands of species are at high risk of extinction, how
countries are using nature at a rate that far exceeds its ability to renew
itself, and how nature's ability to contribute food and fresh water to a
growing human population is being compromised in every region on earth.

Nature underpins all economies with the `free' services it provides in the
form of clean water, air and the pollination of all major human food crops
by bees and insects. In the Americas, this is said to total more than $24
trillion a year. The pollination of crops globally by bees and other animals
alone is worth up to $577 billion.

The final report will be handed to world leaders not just to help
politicians, businesses and the public become more aware of the trends
shaping life on Earth, but also to show them how to better protect nature.

“High-level political attention on the environment has been focused largely
on climate change because energy policy is central to economic growth. But
biodiversity is just as important for the future of earth as climate
change,'' said Sir Robert Watson, overall chair of the study, in a telephone
interview from Washington, D.C.

“We are at a crossroads. The historic and current degradation and
destruction of nature undermine human well-being for current and countless
future generations,'' added the British-born atmospheric scientist who has
led programs at NASA and was a science adviser in the Clinton
administration. “Land degradation, biodiversity loss and climate change are
three different faces of the same central challenge: the increasingly
dangerous impact of our choices on the health of our natural environment.''

Around the world, land is being deforested, cleared and destroyed with
catastrophic implications for wildlife and people. Forests are being felled
across Malaysia, Indonesia and West Africa to give the world the palm oil we
need for snacks and cosmetics. Huge swaths of Brazilian rainforest are being
cleared to make way for soy plantations and cattle farms, and to feed the
timber industry, a situation likely to accelerate under new leader Jair
Bolsonaro, a right-wing populist.

Industrial farming is to blame for much of the loss of nature, said Mark
Rounsevell, professor of land use change at the Karlsruhe Institute of
Technology in Germany, who co-chaired the European section of the IPBES
study. “The food system is the root of the problem. The cost of ecological
degradation is not considered in the price we pay for food, yet we are still
subsidizing fisheries and agriculture.''

This destruction wrought by farming threatens the foundations of our food
system. A February report from the U.N. warned that the loss of soil,
plants, trees and pollinators such as birds, bats and bees undermines the
world's ability to produce food.

An obsession with economic growth as well as spiraling human populations is
also driving this destruction, particularly in the Americas where GDP is
expected to nearly double by 2050 and the population is expected to increase
20 percent to 1.2 billion over the same period. [...]

https://www.huffpost.com/entry/nature-destruction-climate-change-world-biodiversity_n_5c49e78ce4b06ba6d3bb2d44

[Why is this item included in the ACM Forum on Risks to the Public in
Computers and Related Systems? Because climate change can affect almost
every related system, one way or another. End of story. And perhaps the
end of the planet, as well. PGN]

01:43 Google Seeking To Promote Rivals To Stave Off EU Antitrust Action
Google is trying to boost price comparison rivals such as Kelkoo in an effort to appease European Union antitrust regulators and ward off fresh fines following a $2.7 billion penalty nearly two years ago. "The European Commission said Alphabet unit Google had used its search engine market power to unfairly promote its own comparison shopping service," reports Reuters. From the report: The company subsequently offered to allow price-comparison rivals to bid for advertising space at the top of a search page, giving them the chance to compete on equal terms. But competitors said the measure failed to create a level playing field. Earlier this month, Google introduced a new link on its search results which aims to drive more traffic to price comparison rivals. British competitor Kelkoo said on its blog that it was one of several companies selected to try out the new link which will initially be available in Germany, France and the Netherlands. EU antitrust enforcers could levy fines up to 5 percent of Google's average daily worldwide turnover if it fails to comply with the 2017 order.

Read more of this story

01:43 NVIDIA's Ray Tracing Tech Will Soon Run On Older GTX Cards
NVIDIA's older GeForce GTX 10-series cards will be getting the company's new ray-tracing tech in April. The technology, which is currently only available on its new RTX cards, "will work on GPUs from the 1060 and up, albeit with some serious caveats," reports Engadget. "Some games like Battlefield V will run just fine and deliver better visuals, but other games, like the freshly released Metro Exodus, will run at just 18 fps at 1440p -- obviously an unplayable frame-rate." From the report: What games you'll be able to play with ray-tracing tech (also known as DXR) on NVIDIA GTX cards depends entirely on how it's implemented. In Battlefield V, for instance, the tech is only used for things like reflections. On top of that, you can dial down the strength of the effect so that it consumes less computing horsepower. Metro Exodus, on the other hand, uses ray tracing to create highly realistic "global illumination" effects, simulating lighting from the real world. It's the first game that really showed the potential of RTX cards and actually generated some excitement about the tech. However, because it's so computationally intensive, GTX cards (which don't have the RTX tensor cores) will be effectively be too slow to run it. NVIDIA explained that when it was first developing the next gen RTX tech, it found chips using Pascal tech would be "monster" sized and consume up to 650 watts. That's because the older cards lack both the integer cores and tensor cores found on the RTX cards. They get particularly stuck on ray-tracing, running about four times slower than the RTX cards on Metro Exodus. Since Metro Exodus is so heavily ray-traced, the RTX cards run it three times quicker than older GTX 10-series cards. However, that falls to two times for Shadow of the Tomb Raider, and 1.6 times for Battlefield V, because both of those games use ray tracing less. The latest GTX 1660 and 1660 Ti GPUs, which don't have RT but do have integer cores, will run ray-traced games moderately better than last-gen 10-series GPUs. NVIDIA also announced that Unity and Unreal Engine now support ray-tracing, allowing developers to implement the tech into their games. Developers can use NVIDIA's new set of tools called GameWorks RTX to achieve this. "It includes the RTX Denoiser SDK that enables real-time ray-tracing through techniques that reduce the required ray count and number of samples per pixel," adds Engadget. "It will support ray-traced effects like area light shadows, glossy reflections, ambient occlusion and diffuse global illumination (the latter is used in Metro Exodus). Suffice to say, all of those things will make game look a lot prettier."

Read more of this story

00:13 Uber Used Secret Spyware To Try To Crush Australian Startup GoCatch
Uber used a secret spyware program, codenamed Surfcam, to steal drivers from an Australian competitor with the aim of putting that company out of business. The startup was backed by high-profile investors including billionaire James Packer and hedge fund manager Alex Turnbull. ABC News reports: GoCatch was a major competitor to Uber when the U.S. company launched in Australia in 2012. At the time, both companies were offering a new way to book taxis and hire cars using a smartphone app. Surfcam was developed in Uber Australia's head office in Sydney in 2015. A former senior Uber employee has told Four Corners that the idea behind the use of the Surfcam spyware was to starve GoCatch of drivers. "Surfcam when used in Australia was able to put fledgling Australian competitors onto the ropes," the former employee with direct knowledge of the program said on the condition of anonymity. "Surfcam allowed Uber Australia to see in real time all of the competitor cars online and to scrape data such as the driver's name, car registration, and so on." It allowed Uber to directly approach the GoCatch drivers and lure them to work for Uber. "GoCatch would lose customers due to poaching of its drivers draining their supply. With fewer and fewer drivers, GoCatch would eventually fold," the former Uber employee said. GoCatch's co-founder and chief executive, Andrew Campbell, said Uber's tactics damaged the company. He said: "The fact that Uber used hacking technologies to steal our data and our drivers is appalling. It had a massive impact on our business. It sets a really dangerous precedent for the Australian economy and Australian businesses as well. It tells every multinational company to come to Australia and follow the same practice. As an Australian small business, a technology start-up business based in Australia that's improving efficiency and service levels in the taxi industry, to have a company come to Australia and get away with that type of behavior is ... it's disgusting." A senior Uber source has confirmed the existence of Surfcam, saying it was developed by a staff member in the Sydney head office who modified off-the-shelf data scraping software. "They said the Sydney employee did it under his own authority, and that once Uber discovered this, they requested he stop," the report says.

Read more of this story

00:13 House Democrats Plan April Vote On Net Neutrality Bill
House Majority Leader Steny Hoyer announced that the House will hold a vote next month on the Democrats' bill to reinstate the Obama-era net neutrality rules. "Hoyer said in a letter to colleagues that the House will consider the Save the Internet Act during the week of April 8," reports The Hill. From the report: The Republican-led Federal Communications Commission (FCC) voted along party lines in 2017 to repeal the popular regulations prohibiting internet service providers from blocking or throttling websites, or from creating internet fast lanes. Democrats and consumer groups are fighting the repeal with a legal challenge in federal court and have pushed net neutrality regulations at the state level. While Republicans have floated their own bills to replace the rules, many oppose the Save the Internet Act because it reinstates the provision in the 2015 order that designates broadband providers as common carriers, opening them up to tougher regulation and oversight from the FCC. Though it enjoys widespread support among Democrats, the legislation may have a hard time getting through the GOP-held Senate. The "Save the Internet Act" was introduced earlier this month by Speaker Nancy Pelosi and other House and Senate Democrats.

Read more of this story

22:43 NVIDIA's $99 Jetson Nano is an AI Computer for DIY Enthusiasts
Sophisticated AI generally isn't an option for homebrew devices when the mini computers can rarely handle much more than the basics. NVIDIA thinks it can do better -- it's unveiling an entry-level AI computer, the Jetson Nano, that's aimed at "developers, makers and enthusiasts." From a report: NVIDIA claims that the Nano's 128-core Maxwell-based GPU and quad-core ARM A57 processor can deliver 472 gigaflops of processing power for neural networks, high-res sensors and other robotics features while still consuming a miserly 5W. On the surface, at least, it could hit the sweet spot if you're looking to build your own robot or smart speaker. The kit can run Linux out of the box, and supports a raft of AI frameworks (including, of course, NVIDIA's own). It comes equipped with 4GB of RAM, gigabit Ethernet and the I/O you'd need for cameras and other attachments.

Read more of this story

22:43 Education and Science Giant Elsevier Left Users' Passwords Exposed Online
The world's largest scientific publisher, Elsevier, left a server open to the public internet, exposing user email addresses and passwords. "The impacted users include people from universities and educational institutions from across the world," reports Motherboard. "It's not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials." From the report: "Most users are .edu [educational institute] accounts, either students or teachers," Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. "They could be using the same password for their emails, iCloud, etc." Motherboard verified the data exposure by asking Hussein to reset his own password to a specific phrase provided by Motherboard before hand. A few minutes later, the plain text password appeared on the exposed server. Elsevier secured the server after Motherboard approached the company for comment. Hussein also provided Elsevier with details of the security issue. An Elsevier spokesperson told Motherboard in an emailed statement that "The issue has been remedied. We are still investigating how this happened, but it appears that a server was misconfigured due to human error. We have no indication that any data on the server has been misused. As a precautionary measure, we will also be informing our data protection authority, providing notice to individuals and taking appropriate steps to reset accounts."

Read more of this story

22:43 New Mirai Malware Variant Targets Signage TVs and Presentation Systems
An anonymous reader quotes a report from ZDNet: Security researchers have spotted a new variant of the Mirai IoT malware in the wild targeting two new classes of devices -- smart signage TVs and wireless presentation systems. This new strain is being used by a new IoT botnet that security researchers from Palo Alto Networks have spotted earlier this year. The botnet's author(s) appears to have invested quite a lot of their time in upgrading older versions of the Mirai malware with new exploits. Palo Alto Networks researchers say this new Mirai botnet uses 27 exploits, 11 of which are new to Mirai altogether, to break into smart IoT devices and networking equipment. Furthermore, the botnet operator has also expanded Mirai's built-in list of default credentials, that the malware is using to break into devices that use default passwords. Four new username and password combos have been added to Mirai's considerable list of default creds, researchers said in a report published earlier today. The purpose and modus operandi of this new Mirai botnet are the same as all the previous botnets. Infected devices scan the internet for other IoT devices with exposed Telnet ports and use the default credentials (from their internal lists) to break in and take over these new devices. The infected bots also scan the internet for specific device types and then attempt to use one of the 27 exploits to take over unpatched systems. The new Mirai botnet is specifically targeting LG Supersign signage TVs and WePresent WiPG-1000 wireless presentation systems.

Read more of this story