News & Updates

Enlarge / Fear is the mind killer. (credit: LaLumiere Lab, University of Iowa)

Place cells in the hippocampus are known to encode memories associated with a specific location. However, the precise role that these cells play in location-based memory retrieval is somewhat unclear. A recent study using rats was published in Nature Neuroscience, and it finds that these cells can be active even when a rat is near a location associated with a fear memory. This result shows that place cells may play a role in avoidance behavior without requiring that an animal be in the place it’s trying to avoid.

In this study, the researchers used an IRB-approved fear-conditioning protocol in which rats were conditioned to be afraid of a specific part of a long linear cage. When they walked over to that area, they received a small electric shock. The researchers knew that the mice learned to be afraid of the shock zone of the cages because, when they were placed in the cages, they avoided the shock zone, but wandered freely in the other parts of the space.

After the rats were conditioned to be afraid of the shock zone, the researchers lesioned the part of the hippocampus (called the dorsal CA1) associated with this fear memory in some of the rats. These lesioned rats no longer showed fear of the shock zone, which demonstrated that the place-fear-linked memories were encoded in the neurons of this one specific brain region.

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / The Aurora lights in action. (credit: Terry Dunn)

I have to admit that I’m lagging behind with lighting technology at my house. As someone who hasn’t yet even finished replacing my incandescent and compact fluorescent bulbs with LEDs, smart lighting and the concept of “lights as art” has never entered my mind. Of course, I divulged none of this when I accepted an offer to review the $200 Nanoleaf Aurora—a modern, Wi-Fi-controlled, artsy LED-light set. And I’m glad I spent the time getting to know the system. As it turns out, you don’t have to be a cutting-edge smart home guru to appreciate good connected lighting.

About the Aurora

Nanoleaf’s Aurora system is built around a number of linked LED light panels. Each panel is an equilateral triangle measuring about 9-3/4” (250mm) per side, with a thickness of 5/16” (8mm). An outer lens does a super job of diffusing the light from the LED sources within. This results in each panel appearing as a single, homogenous, glowing light source. The system can produce more than 16 million different colors.

Your initial options for creativity relate to how you join multiple panels together. Sockets molded into the midpoint of each side can accept panel connectors the size of postage stamps. These connectors bridge the panels electrically and mechanically, and you can bind the triangles in any orientation that you want. A straight line, pyramid, squiggle—you can snap the panels together in whatever shapes you want. The “Smarter Kit” that I reviewed provides nine triangles, but the included power supply can support up to 30. Additional panels can be purchased in packs of three for $60.

Read 14 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Raspberry Pi Foundation

The newest member of the Raspberry Pi product line costs just $10 plus tax and includes Wi-Fi and Bluetooth capability.

The “Raspberry Pi Zero W” is an updated version of the Raspberry Pi Zero. While it lacks some niceties, like Ethernet and full-sized USB-A ports, it’s smaller than the flagship Pi and a fraction of the cost. The original Raspberry Pi Zero was released in November 2015 at a price of just $5/£4. The new Pi Zero W is almost identical to the original, but doubles the price to $10 and adds a wireless chip that supports 802.11b/g/n Wi-Fi (2.4GHz-only) and Bluetooth 4.0.

Read 7 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

A flaw in ESET Endpoint Antivirus is exploitable to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks.

According to the security advisory published by Google Security Team’s Jason Geffner and Jan Bee on Seclists, it is possible to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. The attackers can get root-level remote code execution on a Mac by intercepting the ESET antivirus package’s connection to company backend servers. The attack is possible due to the presence of a buffer overflow vulnerability in the XML library tracked as CVE-2016-0718.

“Vulnerable versions of ESET Endpoint Antivirus 6 are statically linked with an outdated XML parsing library and do not perform proper server authentication, allowing for remote unauthenticated attackers to perform arbitrary code execution as root on vulnerable clients.” reads the advisory.

According to the experts, the attack is possible because the esets_daemon uses an old version of POCO’s XML parser library that is affected by the buffer overflow vulnerability.

ESET Endpoint Antivirus flaw

The researchers discovered that the flawed library also handles license activation with a request to the following static address:

https://edf.eset.com/edf.

When the ESET Endpoint Antivirus tries to activate the license, the esets_daemon sends a request to the above address, but it doesn’t validate the web server’s certificate opening the door to a man-in-the-middle attack.

An attacker can intercept the request and send to the ESET Endpoint Antivirus a self-signed HTTPS certificate, then the esets_daemon service
parses the response as an XML document.

In this phase, the attacker can pass a specifically XML document that can trigger the CVE-2016-0718 to achieve arbitrary code execution
as root.

“When ESET Endpoint Antivirus tries to activate its license, esets_daemon sends a request to https://edf.eset.com/edf. The esets_daemon service does not validate the web server’s certificate, so a man-in-the-middle can intercept the request and respond using a self-signed HTTPS certificate.” reads the security advisory. “The esets_daemon service parses the response as an XML document, thereby allowing the attacker to supply malformed content and exploit CVE-2016-0718 to achieve arbitrary code execution as root.”

The security duo has also published the Proof of Concept code to exploit the attack.

ESET has promptly fixed the issue in ESET Endpoint Antivirus version  6.4.168.0.

Update your system as soon as possible.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – CVE-2016-0718, ESET Endpoint Antivirus)

The post A flaw in ESET Endpoint Antivirus allows to hack Apple Macs, patch it now appeared first on Security Affairs.

Source: Security affairs

A Boeing employee inadvertently leaked the personal information of 36,000 co-workers late last year, the aerospace giant is notifying them the incident.

The aerospace giant Boeing notifies 36,000 employees following an accidental data leak. A company employee inadvertently leaked the personal information of his co-workers late last year, the man sent by email a company spreadsheet to his spouse who didn’t work at the company.

The file shared by the man contained sensitive, personally identifiable information of 36,000 Boeing employees, including names, places of birth, BEMSID, or employee ID numbers, and accounting department codes.

The data leak was publicly disclosed earlier February after the Boeing’s Deputy Chief Privacy Officer Marie Olson notified the security breach to the Attorney General for the state of Washington Bob Ferguson.

Boeing

According to Olson, the spreadsheet also included “hidden columns” containing social security numbers and dates of birth.

According to the breach notification, the incident occurred on Nov. 21, 2016, it was discovered on Jan. 9, but Boeing notified the security breach starting from Feb. 8.

In response to the breach, Boeing has destroyed copies of the spreadsheet from both the Boeing employee’s computer and his spouse’s PC.

“Both the employee and his spouse have confirmed to us that they have not distributed or used any of the information,” reads the Boeing breach notification.

Boeing experts don’t believe the data have been used inappropriately, anyway, it is offering employees two years access to a free identity theft protection service.

In order to avoid similar incidents in the near future, the company plans to require additional training to its employees on how to manage sensitive data and it to implement additional controls to sensitive information.

Unfortunately, this isn’t the first time that the company suffered similar incidents, in several cases, laptops containing sensitive data were stolen. In December 2006, thieves have stolen a laptop containing data related to 382,000 employees.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – cyber security, data leak)

The post Boeing notified 36,000 employees following an accidental data leak appeared first on Security Affairs.

Source: Security affairs

A Boeing employee inadvertently leaked the personal information of 36,000 co-workers late last year, the aerospace giant is notifying them the incident.

The aerospace giant Boeing notifies 36,000 employees following an accidental data leak. A company employee inadvertently leaked the personal information of his co-workers late last year, the man sent by email a company spreadsheet to his spouse who didn’t work at the company.

The file shared by the man contained sensitive, personally identifiable information of 36,000 Boeing employees, including names, places of birth, BEMSID, or employee ID numbers, and accounting department codes.

The data leak was publicly disclosed earlier February after the Boeing’s Deputy Chief Privacy Officer Marie Olson notified the security breach to the Attorney General for the state of Washington Bob Ferguson.

Boeing

According to Olson, the spreadsheet also included “hidden columns” containing social security numbers and dates of birth.

According to the breach notification, the incident occurred on Nov. 21, 2016, it was discovered on Jan. 9, but Boeing notified the security breach starting from Feb. 8.

In response to the breach, Boeing has destroyed copies of the spreadsheet from both the Boeing employee’s computer and his spouse’s PC.

“Both the employee and his spouse have confirmed to us that they have not distributed or used any of the information,” reads the Boeing breach notification.

Boeing experts don’t believe the data have been used inappropriately, anyway, it is offering employees two years access to a free identity theft protection service.

In order to avoid similar incidents in the near future, the company plans to require additional training to its employees on how to manage sensitive data and it to implement additional controls to sensitive information.

Unfortunately, this isn’t the first time that the company suffered similar incidents, in several cases, laptops containing sensitive data were stolen. In December 2006, thieves have stolen a laptop containing data related to 382,000 employees.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – cyber security, data leak)

The post Boeing notified 36,000 employees following an accidental data leak appeared first on Security Affairs.

Source: Security affairs

(credit: TimothyJ / flickr)

Eolas Technologies, which has been called a “patent troll,” has continued to file against big companies, even after losing a landmark 2012 trial. But following an appeals court order (PDF) last week, Eolas will have to pursue its lawsuits in California—not its preferred patent hotspot of East Texas.

As of Friday, Eolas’ lawsuits against Google, Amazon, and Wal-Mart have been transferred to the Northern District of California. The move could reduce Eolas’ chances of winning a settlement or verdict since East Texas courts have been viewed by some as favoring patent holders.

To understand the context, let’s briefly sum up the history of Eolas. The company was formed out of a patent filed by Michael Doyle, who was the head of IT at the University of California, San Francisco, campus in the 1990s. Doyle says that, while at UCSF, he created the first program that allowed users to interact with images inside of a Web browser. He claimed that patent entitled him to royalties on a vast swath of features related to the “interactive Web,” including online video, user-manipulated images on shopping websites, and suggestions that pop up in search bars.

Read 12 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: https://www.youtube.com/watch?v=EcxNHgYUz6s)

A maker of Internet-connected stuffed animal toys has exposed more than 2 million voice recordings of children and parents, as well as e-mail addresses and password data for more than 800,000 accounts.

The account data was left in a publicly available database that wasn’t protected by a password or placed behind a firewall, according to a blog post published Monday by Troy Hunt, maintainter of the Have I Been Pwned?, breach-notification website. He said searches using the Shodan computer search engine and other evidence indicated that, since December 25 and January 8, the customer data was accessed multiple times by multiple parties, including criminals who ultimately held the data for ransom. The recordings were available on an Amazon-hosted service that required no authorization to access.

The data was exposed by Spiral Toys, maker of the CloudPets line of stuffed animals. The toys record and play voice messages that can be sent over the Internet by parents and children. The MongoDB database of 821,296 account records was stored by a Romanian company called mReady, which Spiral Toys appears to have contracted with. Hunt said that, on at least four occasions, people attempted to notify the toy maker of the breach. In any event, evidence left behind by the ransom demanders made it almost certain company officials knew of the intrusions.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

(credit: Andrew Turner)

The operator of a drone that knocked a woman unconscious was sentenced Friday to 30 days in jail, Seattle prosecutors said. The woman was attending a local parade when the drone crashed and struck her.

Skinner

Skinner (credit: KomoNews)

Paul Skinner, a 38-year-old man from Washington state, was charged with reckless endangerment in connection to the 2015 incident, in which an 18-inch-by-18-inch drone collided into a building before falling into a crowd. The authorities said the 2-pound drone struck the 25-year-old in the head and gave her a concussion. Her boyfriend caught her before she fell to the ground. Another man suffered a minor bruise. The accident took place during during the city’s Pride Parade.

Skinner, who had turned himself in, plans to appeal the sentence. His attorney, Jeffrey Kradel, said the punishment was “too severe.” His client remains free pending the appeal’s outcome. A misdemeanor reckless endangerment charge—one that poses “substantial risk of death or serious bodily injury to another person”—carries a penalty of up to a year in jail.

Read 3 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

One of the joys of good space opera, aside from the action, is the discovery of worlds that are meaningfully alien. In award-winning science fiction author Kameron Hurley’s latest novel, The Stars Are Legion, we get to slither into the fascinating, saliva-covered scenery of the biotech world-ships that make up the mysterious Legion. As civil war rips the Legion apart, Hurley draws us into an intense, Bourne Identity-style mystery about who our heroes are and why they’re fighting.

Zan awakens in a medical bay. She can speak, but she doesn’t know who or where she is. A doctor explains that Zan’s been recycled and reconstructed, hinting that she’s been in this situation many times before. But that’s all Zan knows—well, that and the fact that she has the kind of warrior instincts that let her fight like an MMA master. Plus, she knows an awful lot about how to ride the sentient space motorcycles beasts that the Legion flies from one ship to the other, trailing plumes of yellow exhaust like something out of a 1960s comic book.

Biotech worlds

A myserious woman named Jayd eventually visits Zan and tells her that she’s currently on a planet ship called Katazyrna. Jayd tells Zan that it’s time to get back to her mission, penetrating the defenses of another world called Mokshi. And it would be nice if she could do it without getting all her troops killed this time around. Apparently, whenever Zan goes to Mokshi, she’s completely destroyed and loses her memory. But Jayd and her mother, Lord Katazyrna, keep sending Zan back because she’s the only person able to breach Mokshi’s outer perimeter.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/