Month: August 2019

Enlarge / Passwords stored in a database for BioStar 2. (credit: vpnMentor)

Researchers said they have found a publicly accessible database containing almost 28 million records—including plain-text passwords, face photos, and personal information—that was used to secure buildings around the world.

Researchers from vpnMentor reported on Wednesday that the database was used by the Web-based Biostar 2 security system sold by South Korea-based Suprema. Biostar uses facial recognition and fingerprint scans to identify people authorized to enter warehouses, municipal buildings, businesses, and banks. vpnMentor said the system has more than 1.5 million installations in a wide range of countries including the US, the UK, Indonesia, India, and Sri Lanka.

According to vpnMentor, the 23-gigabyte database contained more than 27.8 million records used by Biostar to secure customer facilities. The data included usernames, passwords and user IDs in plaintext, building access logs, employee records including start dates, personal details, mobile device data, and face images.

Enlarge / Elizabeth Warren speaking to a crowd on February 18, 2019 in Glendale, California. (credit: Getty Images | Mario Tama)

Equifax's massive 2017 data breach screwed over more than 140 million people, so it was not terribly surprising when tens of millions of people jumped at the opportunity to claim cash money in compensation. The Federal Trade Commission, however, apparently was surprised. A few days after the settlement claims page went public, the option for affected consumers to claim cash vanished, with the agency citing "overwhelming" and "unexpected" public response.

Sen. Elizabeth Warren (D-Mass.) is now among the many who were frustrated by the FTC's apparently questionable description of the settlement, and she's calling on the agency to investigate its own claims about available consumer compensation.

"The FTC has the authority to investigate and protect the public from unfair or deceptive acts or practices, including deceptive advertising," Warren says in a letter (PDF) to the commission's inspector general. "Unfortunately, it appears as though the agency itself may have misled the American public about the terms of the Equifax settlement and their ability to obtain the full reimbursement to which they are entitled."

The 2015 15-inch Retina MacBook Pro. (credit: Andrew Cunningham)

The Federal Aviation Administration has banned certain 15-inch MacBook Pros with potentially defective batteries from US flights. The move, which follows Apple's June recall announcement, is part of a general FAA policy on devices with defective batteries.

"The FAA is aware of the recalled batteries that are used in some Apple MacBook Pro laptops," FAA spokespeople said in emails to Ars Technica. Under FAA policy, affected MacBook Pros are banned from the passenger cabin and from checked luggage.

The FAA says it alerted airlines about the recall in early July. The agency also says it informed the public on social media around the same time, though it didn't get much attention at the time.

Enlarge (credit: Getty Images | Tero Vesalainen)

AT&T and T-Mobile announced a joint anti-robocall initiative today, but they didn't promise any new call-blocking capabilities for their customers.

The carriers made a big deal of the partnership, saying in an announcement that they "put differences aside to fight unwanted robocalls for customers." Specifically, the companies said they are now using the new SHAKEN/STIR technology to determine whether Caller ID numbers are being spoofed in calls made between the two carriers.

Theoretically, carriers could use this Caller ID authentication technology to automatically block calls that fail the authentication test. But that's not what's happening now. For example, AT&T told Ars that it's using Caller ID authentication as one data point in its anti-robocall algorithm but that it isn't blocking calls solely based on whether they aren't authenticated.

Enlarge / Bottles of Clorox bleach sit on a shelf at a grocery store. (credit: Getty | Justin Sullivan)

The US Food and Drug Administration this week released an important health warning that everyone should heed: drinking bleach is dangerous—potentially life-threatening—and you should not do it.

The warning may seem unnecessary, but guzzling bleach is an unfortunately persistent problem. Unscrupulous sellers have sold “miracle” bleach elixirs for decades, claiming that they can cure everything from cancer to HIV/AIDS, hepatitis, flu, hair loss, and more. Some have promoted it to parents as a way to cure autism in children—prompting many allegations of child abuse.

Of course, the health claims are false, not to mention abhorrent. When users prepare the solution as instructed, it turns into the potent bleaching agent chlorine dioxide, which is an industrial cleaner. It’s toxic to drink and can cause severe diarrhea, vomiting, life-threatening low blood pressure, acute liver failure, and damage to the digestive tract and kidneys.

Enlarge / The leaf-nosed bat, native to Central and South America, has noseleaves that may help project its echolocation calls. (credit: Thomas Lohnes/AFP/Getty Image)

Leaf-nosed bats can locate even small prey with echolocation by exploiting an "acoustic mirror" effect, according to a recent paper in Current Biology. If the bat approaches an insect on a leaf from an optimal angle, the leaves act as a mirror, reflecting sound away from the source. The research could have important implications for studying predator-prey interactions and for the field of sensory ecology.

It's common knowledge that bats hunt and navigate in the dark primarily by emitting ultrasonic pulses and using the returning echoes to determine the location, speed, and distance of nearby objects or prey (active echolocation). But different species of bat can use echolocation in slightly different ways, including passive echolocation strategies. The pallid bat, for instance, might use active echolocation for navigation but a passive approach when it hunts. It has two pairs of ears (internal and external), the better to pick up any noise generated by insects. But what about insects that don't make any noise, like the dragonfly?

Co-author Inge Geipel, a postdoc with the Smithsonian Tropical Research Institute (STRI), first became interested in the issue while working on her PhD at the Institute for Advanced Study in Berlin, Germany. Her thesis advisor, Elizabeth Kalko, had found dragonfly wings in leaf-nosed bat roosts—a surprising find, since dragonflies are diurnal, meaning they don't fly at night, settling in on vegetation instead. They don't have ears, so they can't hear hunting bats, nor do they produce sounds as a means of communication. Most bat scientists assumed dragonflies would be too small for the bats to find purely via echolocation.

Enlarge / Project xCloud running Gears of War 4 at an E3 Microsoft Theater demonstration.

With the planned 2019 launch of Project Xcloud, Microsoft isn't ignoring the game industry's current mania for streaming gaming. But in a recent interview with Gamespot, Microsoft Xbox head Phil Spencer tempered near-term expectations for the supposed streaming gaming "revolution" some are expecting.

On the one hand, Spencer told the site that streaming is "one of the directions the industry is headed" and will be "inevitably... part of gaming." At the same time, though, Spencer said he doesn't want to oversell the speed of that transition.

"I think [streaming] is years away from being a mainstream way people play," Spencer said. "And I mean years, like years and years." Comparing the trend to Netflix's now two-decade-old transition to streaming movies, Spencer said, "I think game streaming will get there faster than 20 years, but it's not going to be two years. This is a technological change. While it seems like it happens overnight, it doesn't."