Month: September 2019

Enlarge (credit: portal gda / Flickr)

Researchers have disclosed a zeroday vulnerability in the Android operating system that gives a major boost to attackers who already have a toe-hold on an affected device.

The privilege-escalation flaw is located in the V4L2 driver, which Android and other Linux-based OSes use to capture real-time video. The vulnerability results from a "lack of validating the existence of an object prior to performing operations on the object," researchers with Trend Micro's Zero Day Initiative said in a blog post published Wednesday. Attackers who already have untrusted code running with low privileges on a device can exploit the bug to access privileged parts of the Android kernel. The severity score is rated a 7.8 out of a possible 10 points.

Modern OSes have become increasingly hard to compromise in recent years thanks to exploitation mitigations that prevent untrusted code from interacting with hard drives, kernels, and other sensitive resources. Hackers have responded by chaining two or more exploits together. A buffer overflow, for instance, may allow an attacker to load malicious code into memory, and a privilege-escalation flaw gives the code the privileges it needs to install a persistent payload.

Enlarge (credit: Gordon Wrigley / Flickr)

Among the stranger subjects that has been caught up in the political wars raging in the United States is the lowly lightbulb. Back in the George W. Bush administration, a law was passed that set efficiency standards for a variety of lightbulbs and allowed the Department of Energy (DOE) to expand the standards going forward.

Almost immediately afterward, legislators who apparently find efficiency a threat to the American way of life had second thoughts, and they started undermining the law's implementation. As a result, the first real evaluation and update of the standards didn't take place until late in Obama's second term. Now, the Trump administration has officially thrown out the results of the work done by Obama's DOE and has issued a rule that prevents the standards from applying to a variety of bulbs.

How in the world did we get here?

So how did lightbulbs become a political controversy? Back during the second Bush administration, bulbs were an obvious target for efficiency measures, given how poorly incandescents do on those measures and due to the fact that there were promising newer technologies—compact fluorescents and LEDs—that hadn't really put a dent in the incandescent markets. And, while individual electricity savings would be small, nationwide standards would ensure that the overall savings could be substantial. Increased efficiency on that scale has been a contributing factor to the United States' ability to lower its total electricity use even as its economy has expanded.

When my kids were younger, we used to tell them we were going to send them to "manners camp" if they didn't behave properly at the dinner table. An Internet Society-supported initiative, the Mutually Agreed Norms for Routing Security (MANRS), has tried to coax Internet service providers into minding their manners as well—particularly when it comes to how they use the Border Gateway Protocol (BGP), the occasionally abused communications method that drives much of how Internet traffic is routed.

On August 13, the MANRS initiative launched the MANRS Observatory, a new Web tool that provides insight into just how well networks comply with routing security standards. The observatory provides a semblance of transparency into a part of the Internet invisible to most users.

• 

  The MANRS Observatory's dashboard gives a general view of how well the Internet is doing at securing its routing. [credit: MANRS ]

Last year, there were more than 12,000 routing outages or attacks, according to the Internet Society, including the use of BGP to hijack or misdirect traffic and internal BGP "leaks" from poorly configured routers. Deliberate BGP attacks can be used to steal data or redirect requests to hostile "spoofed" websites, as some state actors have been known to do.

Enlarge / Image of a hydrogen atom's electron orbitals taken with a quantum microscope in 2013. Physicists have been trying to resolve conflicting experimental results, using hydrogen atoms, on the proton's radius for nearly a decade. (credit: APS/Alan Stonebraker)

Physicists at York University in Toronto have spent the last eight years meticulously conducting a sensitive experiment to measure the charge radius of the proton in hopes of resolving conflicting values obtained by several similar experiments performed over the last decade. That conundrum has been dubbed the "proton radius puzzle." The new results, published in a new paper in Science, confirm a 2010 finding that the proton is significantly smaller than scientists previously believed.

Most popularizations discussing the structure of the atom rely on the much-maligned Bohr model, in which electrons move around the nucleus in circular orbits. It's fine as a gateway drug to physics, so to speak, but quantum mechanics gives us a much more precise (albeit weirder) description. The electrons aren't really orbiting the nucleus; they are technically waves that take on particle-like properties when we do an experiment to determine their position. While orbiting an atom, they exist in a superposition of states, both particle and wave, with a wave function encompassing all the probabilities of its position at once. A measurement will collapse the wave function, giving us the electron's position. Make a series of such measurements and plot the various positions that result, and it will yield something akin to a fuzzy orbit-like pattern.

Quantum weirdness extends to the proton, too. Technically it's made of three charged quarks bound together by the strong nuclear force. But it's fuzzy, like a cloud. And how can we talk about the radius of a cloud? Physicists rely on the charge density to do so, akin to the density of water molecules in a cloud. The radius of the proton is the distance at which the charge density drops below a certain energy threshold. And it's possible to measure that radius by studying how the electron interacts with the proton, via either electron scattering experiments or by using electron or muon spectroscopy to look at the difference between atomic energy levels. (It's called the "Lamb shift," after Nobel laureate Wallis Lamb, who first measured the shift in 1947.) The combined fuzziness of the electron and proton means that the electron can be anywhere inside that region—including inside the proton.