Bats confirmed as SARS origin

A team of international scientists has isolated a very close relative of the Severe Acute Respiratory Syndrome coronavirus (SARS-CoV) from horseshoe bats in China, confirming them as the origin of the virus responsible for the 2002-3 pandemic.

The SARS-CoV pandemic killed 774 people of the 8094 people infected, a case fatality ratio of almost 10 per cent. With cases diagnosed across the world, the pandemic had an impact on international travel and trade.

The research team, led by Professor Shi Zhengli from Wuhan Institute of Virology, Chinese Academy of Sciences and including CSIRO and Duke-NUS scientist Professor Linfa Wang, have just had their breakthrough results published in the prestigious journal Nature.

The results will help governments design more effective prevention strategies for SARS and similar epidemics.
While researchers globally have previously used genetic sequencing to demonstrate that bats are the natural reservoirs of SARS-like CoVs, this is the first time that live virus has been successfully isolated from bats to definitively confirm them as the origin of the virus.

The team successfully isolated a SARS-like CoV, named SL-CoV WIV1, directly from faecal samples of Chinese Horseshoe bats using the world renowned bat virus isolation methodology developed by scientists at CSIRO’s Australian Animal Health Laboratory in Geelong.

The results will help governments design more effective prevention strategies for SARS and similar epidemics.

Horseshoe bats are found around the world, including Australia and play an important ecological role. Their role in SARS-CoV transmission highlights the importance of protecting the bat’s natural environment so they are not forced into highly populated urban areas in search of food.

This work is part of CSIRO’s ongoing commitment to protect Australia from biosecurity threats posed by new and emerging infectious diseases.

Source: csiro.au

YouTube MP3 Converter Loses Court Battle But The Music Plays On

I am going to post this article here from TorrentFreak mainly because this is the site I have recommended to convert mp3’s in my article How to Download Free Music on the BlackBerry PlayBook and BlackBerry 10.

One of the world’s largest sites dedicated to converting YouTube videos to downloadable MP3s has lost a court battle with representatives from the music industry. YouTube-MP3, a site that was also threatened by Google in 2012, agreed to cease and desist from its current mode of operation after it was revealed it was not only ripping music from YouTube, but also archiving the MP3s for future download. Despite the loss, the site remains online – legally.

In addition to obtaining music from file-sharing networks, those looking for free tracks often get them from so-called tube-rippers, sites and services that transform YouTube videos into downloadable MP3s.

These tools are available in several formats including desktop packages, apps for mobile devices, and more commonly browser-based tools. In mid-2012 YouTube owners Google, believed to be under pressure from the music industry, started to make life more difficult for web-based YouTube converters and some cases issued threats to sue.

While some sites decided to shut down, many others continued business as usual, including the German site YouTube-MP3, one of the largest YouTube ripping services around with around 30 million visits per month. The site has long insisted that it has a right to provide ripping services but having fought off Google it recently found itself up against fresh adversaries.

Three music companies under the umbrella of industry group BVMI challenged YouTube-MP3′s assertion that it operates legally and sued it in the Hamburg District Court. The companies said that while YouTube-MP3 claimed to be offering only a rip-and-download service, there were serious technical issues behind the scenes that rendered the site in breach of copyright law.

YouTube-MP3 claimed that users of its service could enter the URL of a YouTube video and have the site convert and churn out an MP3 for download. Apparently, however, that wasn’t always the way it worked. Once a video had been converted to MP3, that audio was stored on YouTube-MP3′s servers. If another user subsequently entered the same YouTube URL, no conversion or ripping was carried out. They were simply handed a copy of the previously stored MP3 for download.

In a statement sent to TorrentFreak, BVMI said that this was a clear breach of copyright law.

“Contrary to the common assumption that YouTubeMP3 is a streamripper that allows users to record songs from the Internet (much as cassette recorders were used to record music from the radio back in the day), in fact the online converter often simply made the pieces available for download without a license,” BVMI said.

BVMI said that by the time the case had arrived in court last month the owner of YouTube-MP3 had already signed cease and desist declarations and agreed to refrain from reproducing and distributing copyright content.

“The current case provides deep insights into the workings of so-called ‘recording services’
and exposes a trick that not only hoodwinks the rights owners but also misleads the users of
these services,” said BVMI Managing Director Dr Florian Drücke.

“Under the guise of private copying [YouTube-MP3] deceives people into thinking that
everything is above-board, even though the user – unwittingly – avails himself of an illegal download platform. We have for some time pointed out that the vague definition of ‘private copies’ encourages cat-and-mouse games in matters of streamripping, so a clarification at the political level is needed here.”

With the signing of the declarations the Hamburg District Court considered the case closed but ordered YouTube-MP3 to pay everyone’s costs.

TorrentFreak contacted the site’s owner for a comment but as yet we’ve received no response. Presumably life at YouTube-MP3 will continue, but without storing converted MP3s for subsequent download. The end result, of course, is that users of the site will still get ripped MP3s just as they did before, a point not lost on BVMI.

“One thing is clear: this platform, as well as most other streamripper sites, generate considerable advertising income that is not shared with the artists or their partners. This has nothing to do with fairness, nor does it fit with our current digital age, when many music sites – some of them free – can be used perfectly legally on the Internet,” BVMI conclude.

Source: TorrentFreak

Apple iOS apps subject to man-in-the-middle attacks

HTTP Request Hijacking attack said to be simple to do against Apple IOS apps

Network World – Many Apple iOS applications are vulnerable to a man-in-the-middle attack that can result in permanent manipulation by the attacker, according to start-up Skycure, which released its research findings on this today during the RSA Europe conference.

Skycure CTO Yair Amit says many mobile iOS apps are vulnerable to a “very simple attack that relies on the 301 HTTP Response, a permanent re-direction.” If an Apple iOS app can cache these so-called 301 HTTP Re-Direct Response requests — and many popular iOS apps do, according to Skycure — then the app is vulnerable to being repeatedly hijacked via re-direction to the attacker’s server.

While this general type of man-in-the-middle attack has been known on the Web for many years, for mobile applications the result is worse in that it “persistently changes the URL” of the server and lets the attacker take dynamic control over the app, says Amit. In the information that Skycure is publishing today, the company notes the impact of the attack is basically that instead of loading data from the real site that the user wants to visit, the attacker can make the app permanently load the data from the attacker’s site.

Skycure isn’t releasing the names of the vulnerable iOS apps because this issue hasn’t necessarily been fixed. Amit says according to Skycure’s research, a significant portion of apps available through the official Apple App Store could be attacked this way. The problem is not a vulnerability in iOS itself but a coding weakness on the part of the developer.

Skycure says “HTTP Request Hijacking” of Apple iOS mobile devices such as iPhones and iPads starts with a man-in-the-middle attack, which would typically commence in a public WiFi zone, such as in a coffee shop.  While a type of attack like this has been known to happen on the Web between computer-based Web browsers and Web servers for quite some time, the way a similar attack works on mobile devices hasn’t yet been subject to much scrutiny, says Amit.

He adds the implication of such an attack on news or financial information received through iOS devices is troubling.
“In a mobile application, it changes the application,” he says, adding “there’s no easy way to remove the problem.” But Skycure believes there are a number of steps that app developers can take to remediate or mitigate against it.

Among them are making sure the app doesn’t cache a 301 HTTP Re-Direct Response for re-direction. Another is to make sure the mobile device interacts with a designated server via an encrypted protocol, such as HTTPS, instead of HTTP. “If you want your application to behave differently with a server, just release an update,” he suggests. Making changes to apps to correct for this may be somewhat disruptive to the end-user, he adds.

The HTTP Request Hijacking attack on iOS that Skycure has identified may also exist in Android or other mobile-device platforms, but Skycure currently puts its focus primarily on Apple iOS. Skycure believes one danger in this type of man-in-the-middle attack on mobile devices is that it is much less visible to the victimized end-user than the more traditional computer-based form of the attack.

Source: Network World

Hospital To Use Microfluid Prototype For Diagnosing Tumors

Photo: Lucas Laursen

Chemist Emmanuel Delamarche held a thin slice of human thyroid tissue on a glass slide between his fingers. The tissue poses a mystery: does it contain a tumor or not? Delamarche, who works at IBM Research in Zurich, Switzerland, turned the slide around in his hand as he explained that the normal method of diagnosing a tumor involves splashing a chemical reagent, some of which are expensive, onto the uneven surface of the tissue and watching for it to react with disease markers. A pathologist “looks at them under a microscope, and he’s using his expertise, his judgment, and looks at what chemical he used, what type of color he can see and what part and he has to come up with a diagnosis,” Delamarche says, “he has a very, very hard job, OK?”

IBM is already good at precise application of materials to flat surfaces such as computer chips. Human tissue, sliced thin enough, turns out to receptive to the company’s bag of tricks too. Delamarche, turning to one of three machines on lab benches, explained that a few years ago his team began trying to deliver reagents with more precision. University Hospital Zurich will be testing the results over the next few months.

The idea was that instead of a sprawling blot occupying most of a tissue sample, a tiny tube something like an inkjet printer could deliver many droplets onto the tissue. Pathologists might put multiple reagents on a single fingernail-sized tissue sample, saving them the need for more samples and surgery. They might make better-informed diagnoses because the printer-like machine would allow them to control how much reagent to place on the tissue and where it goes. Pathologists could also compare the effects of well-measured doses on suspected cancerous parts. “We are interested in maybe thinking about technology to go from qualitative info to more quantitative information,” Delamarche says.

But that precise delivery of the reagents proved elusive. Some of it spilled outside the target area. In 2011 Delamarche and colleagues announced a vertical microfluidic probe, that unlike previous microfluidic probes was not parallel to the target surface. It consisted of a glass and silicon wafer about one square centimeter with one channel about a micrometer across that shot liquid to the target and another channel that vacuumed up any excess. “The trick, or the invention actually, that we had was to put a second aperture that continuously re-aspirates what we inject,” Delamarche says. Today the team can create spots just 50 micrometers across, though he says the sweet spot for diagnoses may be more like a few hundred micrometers.

The microfluidic machine is part of a trend toward keeping samples put and moving the thing that analyzes them, according to a recent review in Lab on a Chip.

The technology is attractive both to pathologists, such as those at University Hospital Zurich, and to basic researchers, with whom Delamarche and mechanical engineer Govind Kaigala can share a larger, more customizable version in their lab.

Source: IEEE Spectrum

BlackBerry Met With Facebook Last Week on Potential Bid

Via: WSJ BlackBerry Ltd. executives flew to California to meet with Facebook Inc. last week to gauge its interest in a potential bid for the struggling smartphone-maker, according to people familiar with the matter.

It remains unclear whether Facebook is interested in placing a bid. Spokesmen for both companies declined to comment.

Last month BlackBerry struck a preliminary deal to go private with Canadian insurer Fairfax Financial Holdings Ltd. for $4.7 billion, or $9 a share. The due diligence period for that deal ends next week, but BlackBerry and its advisers remain open to interest from other potential bidders. The deadline for other bids is Monday.

BlackBerry does have other players circling. Earlier this month The Wall Street Journal reported that Chinese computer giant Lenovo Group Ltd. was interested in a possible bid. And BlackBerry has signed a nondisclosure agreement with distressed asset specialists Cerberus Captial Management LP, people familiar with the matter have said.

BlackBerry’s co-founders, Mike Lazaridis and Doug Fregin are also weighing a bid, according to a Securities and Exchange Commission filing earlier this month.

Source: WSJ

Security experts warn against using LinkedIn app for Apple iPhone

App embeds link to an email sender's profile and could compromise security of the device

The new LinkedIn iPhone app that embeds a link to an email sender’s profile on the professional network presents a number of security risks and should not be used, experts warned.

Criticism of the app, called Intro, started soon after its release last week. The first to slam LinkedIn was security consultancy Bishop Fox, which accused the site of “hijacking email.”

Over the weekend, Jordan Wright, a security engineer at CoNetrix, said he was able to spoof  Intro profile information, using a technique that a criminal could easily replicate for a phishing attack.

On Monday, Neohapsis, which does penetration testing and risk assessment for mobile apps, got into the act, saying Intro users were taking on serious risks for a “marginal convenience feature at best.”

“I can’t think of a situation where a user would agree to a reduced level of transport security of their emails in exchange for the novelty of being able to instantly view their LinkedIn contact’s details in the iPhone email client,” Gene Meltser, technical director at Neohapsis Labs, said.

LinkedIn has defended Intro, saying the criticism is based on “inaccuracies and misperceptions“.

Wright’s spoofing experiment started with the interception of the security profile Intro inserts into iOS. He then found the username and password used to log into the LinkedIn service and grabbed the first email to look closely at what LinkedIn injects.

His investigation found that he could remove the Intro data and replace it with his own, thereby commandeering the Intro profile tab to show whatever information he wanted.

While his proof-of-concept would be benign to an email recipient, “it would be just as easy to attach a malicious payload, request sensitive information, etc.,” Wright said.

Fox compared Intro to a “man-in-the-middle” attack, because all messages go through LinkedIn servers and are analyzed and scraped for data “pertaining to whatever they feel like it.”

Also, by pushing a security profile to the iOS device, so LinkedIn can re-route emails, posed the risk of having the profile used to wipe a phone, install apps, delete apps and restrict functionality.

“You are effectively putting your trust in LinkedIn to manage your users’ device security,” Fox said.

Continue reading by clicking the source link below.

Source: NetworkWorld

Experian caught up in ID theft investigation

One of the three major consumer credit bureaus is under investigation by the US Secret Service for selling personal data to an ID theft ring.

Security researcher Brian Krebs has uncovered the involvement of credit bureau Experian in an ID theft operation.

Experian, an information services company best-known as one of the three major consumer credit bureaus, became involved through their March, 2012 acquisition of Court Ventures.

Through research, Krebs demonstrated that Court Ventures had sold data to Superget.info, a “fraudster-friendly” site which marketed the ability to look up personally-identifiable information on millions of Americans.

Krebs cites an interview with Marc Martin, the CEO of another information services company which had a relationship with Court Ventures.  Martin tells of a US Secret Service investigation of Experian related to ID theft and the data sold to Superget.info.

Individuals at Superget.info had presented themselves to Court Ventures as US-based investigators and gained access to Experian data. In fact, they were based in Vietnam, and the individuals have a history of involvement in ID theft.

Experian has also been in the news recently as the agency which performs credit history checks for the troubled government site healthcare.gov.

Souce: ZDNET

Healthcare.gov Website Allegedly Violates Software GPL, Omits Licensing Information

Healthcare.gov, the new government website designed to help Americans find and apply for health insurance plans across 36 of the 50 states (14 states have their own health insurance exchanges) hasn’t had a smooth rollout. Troubles have dogged the site from Day 1, and a recent discovery isn’t going to help matters, even if it’s just an embarrassing faux pas. British developer SpryMedia has found its own code being used on Healthcare.gov. There’s nothing intrinsically wrong with that, since the code in question is licensed under the GPL, as shown below.

But on Healthcare.gov, the aforementioned section of sript states only:

Comparisons of comments within the DataTables script by SpryMedia and the Healthcare.gov have turned up multiple instances of exact comments, so the government’s work is clearly based on SpryMedia’s. But why remove the code attribution? It turns out, there’s reason to think this may have been a genuine accident. The company that developed the website front-end, Development Seed, is devoted to open source work and passionate about giving back to both the larger world community and the programming world in particular. Companies devoted to promoting open data and universal access do not, as a rule, run about ripping off other open source contributors.

Until this week, the entire front-end of the government website was available for download on GitHub, and while it’s not clear why that repository has vanished, a great many eyeballs have been pointed at it for several weeks. The general consensus is that Healthcare.gov’s various problems and glitches have been driven by issues with the backend of the website, which was developed by other contractors, like Oracle.

Sprymedia is less-than thrilled about the discovery and has yet to receive a response, but it’s not clear who has even been manning the phones during the shutdown. Hopefully with the government reactivating, this kind of issue gets fixed immediately. It might seem a small thing, given the range of other problems, but the fact that it is a small issue means it’s also quickly and easily fixed. Proper acknowledgment of the GPL2 has proven to have teeth in court before, but this should be addressed long before that point.

Source: Hot Hardware

NASA Laser Communication System Sets Record with Data Transmissions to and from Moon

NASA’s Lunar Laser Communication Demonstration (LLCD) has made history using a pulsed laser beam to transmit data over the 239,000 miles between the moon and Earth at a record-breaking download rate of 622 megabits per second (Mbps).

LLCD is NASA’s first system for two-way communication using a laser instead of radio waves. It also has demonstrated an error-free data upload rate of 20 Mbps transmitted from the primary ground station in New Mexico to the spacecraft currently orbiting the moon.

“LLCD is the first step on our roadmap toward building the next generation of space communication capability,” said Badri Younes, NASA’s deputy associate administrator for space communications and navigation (SCaN) in Washington. “We are encouraged by the results of the demonstration to this point, and we are confident we are on the right path to introduce this new capability into operational service soon.”

Since NASA first ventured into space, it has relied on radio frequency (RF) communication. However, RF is reaching its limit as demand for more data capacity continues to increase. The development and deployment of laser communications will enable NASA to extend communication capabilities such as increased image resolution and 3-D video transmission from deep space.

“The goal of LLCD is to validate and build confidence in this technology so that future missions will consider using it,” said Don Cornwell, LLCD manager at NASA’s Goddard Space Flight Center in Greenbelt, Md. “This unique ability developed by the Massachusetts Institute of Technology’s Lincoln Laboratory has incredible application possibilities.”

LLCD is a short-duration experiment and the precursor to NASA’s long-duration demonstration, the Laser Communications Relay Demonstration (LCRD). LCRD is a part of the agency’s Technology Demonstration Missions Program, which is working to develop crosscutting technology capable of operating in the rigors of space. It is scheduled to launch in 2017.

LLCD is hosted aboard NASA’s Lunar Atmosphere and Dust Environment Explorer (LADEE), launched in September from NASA’s Wallops Flight Facility on Wallops Island, Va. LADEE is a 100-day robotic mission operated by the agency’s Ames Research Center at Moffett Field, Calif. LADEE’s mission is to provide data that will help NASA determine whether dust caused the mysterious glow astronauts observed on the lunar horizon during several Apollo missions. It also will explore the moon’s atmosphere. Ames designed, developed, built, integrated and tested LADEE, and manages overall operations of the spacecraft. NASA’s Science Mission Directorate in Washington funds the LADEE mission.

The LLCD system, flight terminal and primary ground terminal at NASA’s White Sands Test Facility in Las Cruces, N.M., were developed by the Lincoln Laboratory at MIT. The Table Mountain Optical Communications Technology Laboratory operated by NASA’s Jet Propulsion Laboratory in Pasadena, Calif., is participating in the demonstration. A third ground station operated by the European Space Agency on Tenerife in the Canary Islands also will be participating in the demonstration.

For more click the source link below.

Source: NASA

NSA spied on Mexican President’s emails: Report

Even foreign governments are no match for the NSA’s reach, with documents now showing that it could read the Mexican president’s email.

The US has been snooping on the inbox belonging to former Mexican President Felipe Calderon, according to documents leaked to Der Spiegel.

The documents were leaked by whistleblower Edward Snowden and, according to Der Spiegel, reveal that in May 2010, the National Security Agency’s (NSA) Tailored Access Operations division was successful in compromising an email server within the Mexican presidential network. This would provide the NSA with access to emails from the president’s own email account, as well as those of Cabinet members who also use the same server.

The NSA is alleged to boast about the achievement in the documents, noting that it now has access to “diplomatic, economic and leadership communications”.

The issue of spying on Mexico reaches further back than the presidential office. Further documents obtained by Der Spiegel show that the department responsible for regulating drug trade and human trafficking, the Public Security Secretariat, had been similarly compromised in August 2009.

Documents as recent as April 2013 show that Mexico’s leaders were a priority target for surveillance, as well as Brazil.

Brazil’s recent announcement over the security of its email may indicate that it is aware of the US surveillance campaign against its communications, however.

The country’s President Dilma Rousseff has tasked one of its departments with creating a system to ensure its email is free from espionage attempts. She previously lashed out at the US after earlier leaked documents showed that her country was being spied on.
NSA director Keith Alexander and his deputy John Inglis are soon expected to leave the US spy agency, but the NSA denies that their departures have anything to do with the recent media attention.

Source: ZDNet