Slashdot reader juul_advocate quotes ITWire: A British tech researcher, who quit working as a security threat analyst with Microsoft a few months back, has called on his former employer to act speedily to remove links to ransomware on its Office365 platform. In a tweet sent on Friday, Beaumont said: "Microsoft cannot advertise themselves as the security leader with 8,000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware. OneDrive abuse has been going on for years. Fix it...."

An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows... Beaumont, who has a well-earned reputation as a researcher who is quick to admit faults in his own industry, acknowledged that other technology companies also played a big role in hosting malware. Quoting a tweet from a Swiss researcher [given below], he said: "And yes, it's not just Microsoft. Tech companies have got to do better."

ArchieBunker writes: Everyone's favorite security-focused operating system, OpenBSD, released version 7.0 today. In addition to the usual bug fixes and performance enhancements, support for RISC-V processors has been added. The changelog and mirrors can be found at their respective links.

Facebook -- and all the major services that Facebook owns -- are down today. ArsTechnica: We first noticed the problem at about 11:30 am Eastern time, when some Facebook links stopped working. Investigating a bit further showed major DNS failures at Facebook: "Google anycast DNS returns SERVFAIL for Facebook queries; querying http://a.ns.facebook.com directly times out."

The problem goes deeper than Facebook's obvious DNS failures, though. Facebook-owned Instagram was also down, and its DNS services -- which are hosted on Amazon rather than being internal to Facebook's own network -- were functional. Instagram and WhatsApp were reachable but showed HTTP 503 (no server is available for the request) failures instead, an indication that while DNS worked and the services' load balancers were reachable, the application servers that should be feeding the load balancers were not. A bit later, Cloudflare VP Dane Knecht reported that all BGP routes for Facebook had been pulled. With no BGP routes into Facebook's network, Facebook's own DNS servers would be unreachable -- as would the missing application servers for Facebook-owned Instagram, WhatsApp, and Oculus VR. UPDATE 10/4/2021 22:15 UTC: Facebook is coming back online after a six-hour outage due to DNS routing problems.

"Inside Facebook, the outage broke internal systems as well, leaving employees unable to get into offices and communicate easily with each other," reports The Verge. "Some told The Verge they were using work-provided Outlook email accounts, allowing Facebook workers to email each other but unable to send or receive emails from external addresses."

Not only was it a rough day for Facebook and their stockholders, but it was especially hard on CEO Mark Zuckerberg. According to Bloomberg, Zuckerberg's personal wealth has fallen by more than $6 billion in just a few hours.

The Record reports: The Electronic Frontier Foundation said it is preparing to retire the famous HTTPS Everywhere browser extension after HTTPS adoption has picked up and after several web browsers have introduced HTTPS-only modes." "After the end of this year, the extension will be in 'maintenance mode' for 2022," said Alexis Hancock, Director of Engineering at the EFF. Maintenance mode means the extension will receive minor bug fixes next year but no new features or further development.

No official end-of-life date has been decided, a date after which no updates will be provided for the extension whatsoever.

Launched in June 2010, the HTTPS Everywhere browser extension is one of the most successful browser extensions ever released. The extension worked by automatically switching web connections from HTTP to HTTPS if websites had an HTTPS option available. At the time it was released, it helped upgrade site connections to HTTPS when users clicked on HTTP links or typed domains in their browser without specifying the "https://" prefix. The extension reached cult status among privacy advocates and was integrated into the Tor Browser and, after that, in many other privacy-conscious browsers. But since 2010, HTTPS is not a fringe technology anymore. Currently, around 86.6% of all internet sites support HTTPS connections. Browser makers such as Chrome and Mozilla previously reported that HTTPS traffic usually accounts for 90% to 95% of their daily connections.
From EFF's announcement: The goal of HTTPS Everywhere was always to become redundant. That would mean we'd achieved our larger goal: a world where HTTPS is so broadly available and accessible that users no longer need an extra browser extension to get it. Now that world is closer than ever, with mainstream browsers offering native support for an HTTPS-only mode.

With these simple settings available, EFF is preparing to deprecate the HTTPS Everywhere web extension as we look to new frontiers of secure protocols like SSL/TLS... We know many different kinds of users have this tool installed, and want to give our partners and users the needed time to transition.
The announcement also promises to inform users of browser-native HTTPS-only options before the day when the extension reaches its final sunsetting — and ends with instructions for how to activate the native HTTPS-only features in Firefox, Chrome, Edge, and Safari, "and celebrate with us that HTTPS is truly everywhere for users."

An anonymous reader quotes a report from The Verge: Discord is starting to test YouTube integration, just weeks after Google-owned YouTube forced two popular Discord music bots offline. YouTube integration has started appearing in a small number of Discord servers today as part of what appears to be a new test of a collaboration between Discord and YouTube. The feature is called Watch Together, and as the name implies, it allows Discord members to watch YouTube videos together. A test of a similar Discord feature started 10 months ago before disappearing and resurfacing as Watch Together today, and we understand the company has re-prioritized this particular feature due to the recent music bot shutdowns.

Watch Together is very similar to the experience of someone broadcasting their screen in Discord, and the button to launch it even appears alongside the video and screen sharing options. It's designed specifically with YouTube in mind, allowing Discord server members to create a playlist of YouTube videos by searching or pasting in YouTube links. You can even toggle a remote button that lets other Discord server members share the ability to control playback. While it's not identical to the popular Rythm and Groovy Discord music bots, you can use Watch Together to listen to music through YouTube in Discord. You may end up hearing or seeing ads, though. Discord warns, when you first use the Watch Together feature, that "you may see ads during YouTube videos." [...] If you're interested in testing the feature, it's currently live in Discord's Game Labs server.

"China fired a fresh regulatory shot at its tech giants on Monday," writes Reuters, "telling them to end a long-standing practice of blocking each other's links on their sites or face consequences." The comments, made by the Ministry of Industry and Information Technology (MIIT) at a news briefing, mark the latest step in Beijing's broad regulatory crackdown that has ensnared sectors from technology to education and property and wiped billions of dollars off the market value of some of the country's largest companies.

China's internet is dominated by a handful of technology giants which have historically blocked links and services by rivals on their platforms. Restricting normal access to internet links without proper reason "affects the user experience, damages the rights of users and disrupts market order," said MIIT spokesperson Zhao Zhiguo, adding that the ministry had received reports and complaints from users since it launched a review of industry practices in July. "At present we are guiding relevant companies to carry out self-examination and rectification," he said, citing instant messaging platforms as one of the first areas they were targeting.

He did not specify what the consequences would be for companies that failed to abide by the new guidelines.

Tencent allowed users of its main WeChat social media service to link to rivals' content for the first time in years, taking initial steps to comply with Beijing's call to dismantle walls around platforms run by the country's online giants. From a report: From Friday, users who upgrade to the latest version of the messaging service can access external services such as Alibaba's Taobao online mall or ByteDance's video app Douyin, both of which were previously walled off from WeChat's billion-plus members. That applies however only to one-on-one messaging, not group chats nor Facebook-like Moments pages.

While it's unclear whether the social giant has opened up more of its scores of online services, it's a major step for Tencent, which along with Alibaba and ByteDance controls vast swathes of China's internet. In a statement announcing the move Friday, Tencent said it will also provide ways for its users to report suspicious content, and work on features for sharing links in wider group discussions. China's top technology regulator has warned internet firms to stop blocking links to rival services, prising open so-called walled gardens in a broader campaign to curb their growing monopoly on data and protect consumers. The government has accused a handful of companies of unfairly protecting their respective spheres: Tencent in social media via WeChat, Alibaba in e-commerce with Taobao and Tmall and, more recently, ByteDance in video via TikTok-cousin Douyin.

An anonymous reader shares a report: In January, Google's parent company, Alphabet, shut down Project Loon, an initiative exploring using stratospheric helium balloons to distribute wireless internet (an attempt to use solar-powered drones folded in 2017). However, some technology developed as a part of the Loon project remained in development, specifically the Free Space Optical Communications (FSOC) links that were originally meant to connect the high flying balloons -- and now that technology is actively in use providing a high-speed broadband link for people in Africa.

Sort of like fiber optic cables without the cable, FSOC can create a 20Gbps+ broadband link from two points that have a clear line of sight, and Alphabet's moonshot lab X has built up Project Taara to give it a shot. They started by setting up links in India a few years ago as well as a few pilots in Kenya, and today X revealed what it has achieved by using its wireless optical link to connect service across the Congo River from Brazzaville in the Republic of Congo and Kinshasa in the Democratic Republic of Congo. In 20 days, Project Taara lead Baris Erkmen says the link transmitted nearly 700TB of data, augmenting fiber connections used by local telecom partner Econet and its subsidiaries.

Research shows there is a 'sweet spot' and subjective wellbeing drops off after about five hours. The Guardian: The lesson of Goldilocks, that one can have too much of a good thing, even when it comes to the size of a chair, has applied in fields from astrobiology to economics. Now, it seems it may even govern our free time. Researchers have found that while levels of subjective wellbeing initially rise as free time increases, the trend does not necessarily hold for very high levels of leisure. "The sweet spot is a moderate amount of free time," said Dr Marissa Sharif, a co-author of the study from the University of Pennsylvania. "We found that having too much time was associated with lower subjective wellbeing due to a lacking sense of productivity and purpose."

Writing in the Journal of Personality and Social Psychology, Sharif and colleagues reported how they analysed results from two large-scale surveys, involving a combined total of more than 35,000 participants. One was the American Time Use Survey, which was carried out between 2012 and 2013 and asked participants what they had done in the past 24 hours. After crowdsourcing opinions on which activities would be equated with leisure time and then calculating this time for participants, the team found that while subjective wellbeing rose with the amount of free time up to about two hours, it began to drop once it exceeded five hours. Meanwhile data from the National Study of the Changing Workforce, carried out between 1992 and 2008, revealed that beyond a certain point, having more free time was no longer linked to greater subjective wellbeing, but it did not dip -- possibly because few of the participants reported having more than five hours of free time a day.

A U.S. judge on Friday issued a ruling in "Fortnite" creator Epic Games' antitrust lawsuit against Apple's App Store, labelling Apple's conduct in enforcing anti-steering restrictions as anticompetitive. From a report: The case may determine whether Apple is allowed to retain control over what apps appear on its iPhones and whether it is allowed to charge commissions to developers. The Verge adds: Judge Yvonne Gonzalez-Rogers issued a permanent injunction in the Epic v. Apple case on Friday morning, handing a major setback to Apple's App Store model. Under the new order, Apple is: "permanently restrained and enjoined from prohibiting developers from including in their apps and their metadata buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to In-App Purchasing and (ii) communicating with customers through points of contact obtained voluntarily from customers through account registration within the app."

Ideas from 4chan (including its paranormal section) have percolated into the "dead internet" theory, writes the Atlantic, with a seminal post on another forum by "IlluminatiPirate" now arguing that the internet is almost entirely overrun by artificial intelligence: Like lots of other online conspiracy theories, the audience for this one is growing because of discussion led by a mix of true believers, sarcastic trolls, and idly curious lovers of chitchat... Peppered with casually offensive language, the post suggests that the internet died in 2016 or early 2017, and that now it is "empty and devoid of people," as well as "entirely sterile." Much of the "supposedly human-produced content" you see online was actually created using AI, IlluminatiPirate claims, and was propagated by bots, possibly aided by a group of "influencers" on the payroll of various corporations that are in cahoots with the government. The conspiring group's intention is, of course, to control our thoughts and get us to purchase stuff... He argues that all modern entertainment is generated and recommended by an algorithm; gestures at the existence of deepfakes, which suggest that anything at all may be an illusion; and links to a New York story from 2018 titled "How Much of the Internet Is Fake? Turns Out, a Lot of It, Actually."

"I think it's entirely obvious what I'm subtly suggesting here given this setup," the post continues. "The U.S. government is engaging in an artificial intelligence powered gaslighting of the entire world population." So far, the original post has been viewed more than 73,000 times...

The theory has become fodder for dramatic YouTube explainers, including one that summarizes the original post in Spanish and has been viewed nearly 260,000 times. Speculation about the theory's validity has started appearing in the widely read Hacker News forum and among fans of the massively popular YouTube channel Linus Tech Tips. In a Reddit forum about the paranormal, the theory is discussed as a possible explanation for why threads about UFOs seem to be "hijacked" by bots so often. The theory's spread hasn't been entirely organic. IlluminatiPirate has posted a link to his manifesto in several Reddit forums that discuss conspiracy theories... Anyway ... dead-internet theory is pretty far out-there. But unlike the internet's many other conspiracy theorists, who are boring or really gullible or motivated by odd politics, the dead-internet people kind of have a point... [Y]ou could even say that the point of the theory is so obvious, it's cliché — people talk about longing for the days of weird web design and personal sites and listservs all the time. Even Facebook employees say they miss the "old" internet. The big platforms do encourage their users to make the same conversations and arcs of feeling and cycles of outrage happen over and over, so much so that people may find themselves acting like bots, responding on impulse in predictable ways to things that were created, in all likelihood, to elicit that very response.
That 2018 article in New York magazine had argued that (at that time) a majority of web traffic was probably coming from bots — including especially high bot traffic on YouTube — while even the engagement metrics for major sites like Facebook had been gamed or inflated.

But whether or not that's changed, the Atlantic shares a compelling argument from a forum poster arguing that their very presence in this discussion proves they must be a bot. "If I was real I'm pretty sure I'd be out there living each day to the fullest and experiencing everything I possibly could with every given moment of the relatively infinitesimal amount of time I'll exist for instead of posting on the internet about nonsense."

Slashdot reader storagedude writes: In a novel attack technique, Israeli security researchers discovered that cybercriminals were subscribing to Salesforce in order to use its email service to launch a phishing campaign and thus bypass corporate security defenses like whitelisting.

The researchers, from email security service provider Perception Point, said bad actors are sending phishing emails via the Salesforce email service by impersonating the Israel Postal Service in a campaign that has targeted multiple Israeli organizations.

In a blog post, security analysts Miri Slavoutsky and Shai Golderman wrote that this is the first time they had seen attackers abuse Salesforce services for malicious purposes.

"Mass Email gives users the option to send an individual, personalized email to each recipient, thus creating the perception of receiving a unique email, created especially for you," Slavoutsky and Golderman wrote. "Spoofing attempts of Salesforce are nothing new to us. Attackers spoof emails from Salesforce for credential theft, is a typical example. In this case, the attackers actually purchased and abused the service; knowing that most companies use this service as part of their business, and therefore have it whitelisted and even allowed in their SPF records."

Shlomi Levin, Perception Point's co-founder and CTO, told eSecurity Planet that given how whitelisting a trusted source can result in security breaches, "it is essential to employ a zero-trust attitude combined with a strong filtering mechanism to any content that enters the organization no matter the source: email, collaboration tools or Instant Messaging."

Stephen Banda, senior manager of security solutions at cybersecurity vendor Lookout, agreed with the researchers that it's a new approach by malicious actors.

"The practice of legitimately signing up for an email service with the full intention of using it for malice is an innovative strategy," Banda said. "This breach should be a warning to all service providers to conduct extensive due diligence into who is requesting access to their services so that this type of scam can be avoided in the future."

"There are ways to detect spoofing but in this case the emails look authentic and are also coming from where they say they are coming from," said Saumitra Das, CTO of cybersecurity firm Blue Hexagon. "This means that attackers have got through the first email firewall both from a threat intelligence signature perspective of blocking known bad sources and also in some sense the instinct of the user themselves to be suspicious of what something is. It is common for attacks to get through email security solutions, but then well-trained or savvy users are the next line of defense. This [use of a legitimate email service] increases the chances of those users also clicking on links or downloading attachments."

An anonymous reader quotes a report from Berkeley News: Wearing face masks, particularly surgical masks, is truly effective in reducing the spread of COVID-19 in community settings, finds a new study led by researchers from Yale University, Stanford Medical School, the University of California, Berkeley, and the nonprofit Innovations for Poverty Action (IPA). The study, which was carried out among more than 340,000 adults living in 600 rural communities in Bangladesh, is the first randomized trial to examine the effectiveness of face masks at reducing COVID-19 in a real-world setting, where mask use may be imperfect and inconsistent.

The results show that increased mask-wearing -- the result of a community-level mask distribution and in-person promotion campaign -- led to a significant reduction in the percentage of people with COVID-19, based on symptom reporting and SARS-CoV-2 antibody testing. The team tested both cloth and surgical masks and found especially strong evidence that surgical masks are effective in preventing COVID-19. In the study, surgical masks prevented one in three symptomatic infections among community members 60 years and older. The findings come at a crucial time in the U.S., when many in-person events have resumed and children -- including those who are under 12 and do not yet qualify for vaccination -- are returning to in-person school. The full press release and study can be found at their respective links.

Artist Banksy's team was warned his website had a security weakness seven days before a hacker scammed a fan out of $336,000. The BBC reports: On Tuesday a piece of art was advertised on Banksy's official website as the world-renowned graffiti artist's first NFT (non-fungible token). A British collector won the auction to buy it, before realizing it was a fake. A cyber-security expert warned Banksy that the website could be hacked, but was ignored. Sam Curry, a professional ethical hacker from the US and founder of security consultancy Palisade, said he first heard that the site could have a weakness on the social network Discord, last month.

"I was in a security forum and multiple people were posting links to the site. I'd clicked one and immediately saw it was vulnerable, so I reached out to Banksy's team via email as I wasn't sure if anyone else had. "They didn't respond over email, so I tried a few other ways to contact them including their Instagram, but never received a response." Mr Curry's disclosure, first reported by rekt.news was made initially by email on 25 August. The BBC was shown the email thread and has tried to contact Banksy's team several times, with no response.

Mr Curry says the website flaw -- which has now been fixed -- "allowed you to create arbitrary files on the website" and post your own pages and content. The new page, called 'Banksy.co.uk/NFT,' was deleted shortly after the auction, with Banksy's team saying: "Any Banksy NFT auctions are not affiliated with the artist in any shape or form." The British man who won the auction is a prominent NFT collector and Banksy fan known on Twitter as Pranksy. He said he felt "burned" when he was scammed out of nearly $340,000 in cryptocurrency coins, but was relieved when the hacker inexplicably returned most of the money to him by the end of the day.

Twitter's latest beta update introduces support for providing content creators with Bitcoin tips using the "Tip Jar" feature that Twitter introduced earlier this year. MacRumors reports: Bitcoin isn't yet available to select as a tip option for beta users, but code in the beta suggests that Twitter is in the process of rolling it out. When the Tip Jar was first introduced, Twitter allowed users to add Bandcamp, Cash App, Patreon, PayPal and Venmo links to their Twitter profile, but soon, there will be a Bitcoin option.

Details in the latest Twitter beta indicate that users will be directed through a Bitcoin tutorial that includes details on the Bitcoin Lightning Network and custodial and non-custodial Bitcoin wallets. Twitter gives Strike, Blue Wallet and Wallet of Satoshi as examples of custodial wallets and Muun, Breez, Phoenix and Zap as examples of non-custodial wallets. Twitter also informs users that a Strike account is required. "We use Strike to generate Bitcoin Lightning invoices so you'll need to connect your account to accept Bitcoin tips" reads the text.

An anonymous reader quotes a report from Bloomberg: Intuit, the maker of TurboTax and QuickBooks software, is in talks to buy email marketing firm Mailchimp for more than $10 billion, according to people familiar with the matter. No final decision has been made and discussions could fall through, said the people, who asked to not be identified because the matter isn't public. Another buyer could also emerge for the company and others are interested, they added. The deal would unite two providers of services for small businesses. Intuit has offered QuickBooks accounting software to clients for decades, supplementing it with services such as Credit Karma, which it acquired last year. Mailchimp is focused on digital marketing services, including social advertising, so-called shoppable links and automation products. [...] If talks are successful, it would be the largest deal to date for Intuit, according to data compiled by Bloomberg.

In Facebook's "widely viewed content report" released last week, The Verge's Casey Newton noticed something arguably just as damning as the spread of COVID-19 misinformation or rise of vaccine hesitancy: almost all of the most-viewed posts on Facebook over the past quarter were effectively plagiarized from elsewhere. From the report: Facebook's report details the top 20 most widely viewed posts on the network over the past three months. One of the posts was deleted before Facebook published it. Of the remaining 19, though, only four appear to have been original. The remaining 15 had been published in at least one other place first, and were then re-uploaded to Facebook, sometimes with small changes. [...] Facebook has long been home to reappropriated content, from the freebooting scandal during 2017's pivot to video to the more recent phenomenon of Instagram's Reels being flooded with videos bearing TikTok watermarks. But this kind of dumb, cheap growth hacking should sound familiar to anyone who paid even passing attention to the 2016 election. Russia's infamous Internet Research Agency commissioned a troll army to build up big followings on innocuous-seeming Facebook pages using a wide variety of engagement bait, then gradually shifted those pages to begin sharing more divisive political memes.

That's all much harder to do now, thanks to a variety of measures Facebook has taken to make it more difficult for people to disguise their identities or countries of origin. The company now routinely removes networks of pages where the creators' identities are suspect. And it's worth saying that in the most recent election, inauthentic behavior of the 2016 variety did not play a significant role. Most importantly, Facebook now has a policy against "abusive audience building" -- switching topics and repeatedly changing a page's name for the purpose of growing a following. But it seems notable that for domestic actors, the tactics not only work, but remain the most effective way to reach a large audience five years later. Steal some questions that went viral somewhere else, spam them on your page, and presto: you're one of the most-viewed links for the entire quarter on the world's biggest social network. "The plagiarists who dominate Facebook's top 20 links are likely doing it primarily for clout and ill-gotten audience growth," Casey goes on to say. "But some of the other characters here appear to have more direct monetary incentives..."

Elise Blanchard, writing on Mozilla blog: [...]

What happened in 1993 to suddenly make hyperlinks blue? No one knows, but I have some theories. I often hear that blue was chosen as the hyperlink color for color contrast. Well, even though the W3C wasn't created until 1994, and so the standards for which we judge web accessibility weren't yet defined, if we look at the contrast between black as a text color, and blue as a link color, there is a contrast ratio of 2.3:1, which would not pass as enough color contrast between the blue hyperlink and the black text. Instead, I like to imagine that Cello and Mosaic were both inspired by the same trends happening in user interface design at the time. My theory is that Windows 3.1 had just come out a few months before the beginning of both projects, and this interface was the first to use blue prominently as a selection color, paving the way for blue to be used as a hyperlink color.

Additionally, we know that Mosaic was inspired by ViolaWWW, and kept the same gray background and black text that they used for their interface. Reviewing Mosaic's release notes, we see in release 0.7 black text with underlines appearing as the preferred way of conveying hyperlinks, and we can infer that was still the case until something happened around mid April right before when blue hyperlinks made their appearance in release 0.13. In fact, conveying links as black text with underlines had been the standard since 1985 with Microsoft 1, which some once claimed Microsoft had stolen from Apple's Lisa's look and feel.

I think the real reason why we have blue hyperlinks is simply because color monitors were becoming more popular around this time. Mosaic as a product also became popular, and blue hyperlinks went along for the ride. Mosaic came out during an important time where support for color monitors was shifting; the standard was for hyperlinks to use black text with some sort of underline, hover state or border. Mosaic chose to use blue, and they chose to port their browser for multiple operating systems. This helped Mosaic become the standard browser for internet use, and helped solidify its user interface as the default language for interacting with the web.

Scientists at Northwestern University found that people became less sensitive to food odors based on the meal they had eaten just before. These findings show that just as smell regulates what we eat, what we eat -- in turn -- regulates our sense of smell. Phys.Org reports: The study found that participants who had just eaten a meal of either cinnamon buns or pizza were less likely to perceive "meal-matched" odors, but not non-matched odors. The findings were then corroborated with brain scans that showed brain activity in parts of the brain that process odors was altered in a similar way.

Feedback between food intake and the olfactory system may have an evolutionary benefit, said senior and corresponding study author Thorsten Kahnt, an assistant professor of neurology and psychiatry and behavioral sciences at Northwestern University Feinberg School of Medicine. "If you think about our ancestors roaming the forest trying to find food, they find and eat berries and then aren't as sensitive to the smell of berries anymore," Kahnt said. "But maybe they're still sensitive to the smell of mushrooms, so it could theoretically help facilitate diversity in food and nutrient intake."

Kahnt said while we don't see the hunter-gatherer adaptation come out in day-to-day decision-making, the connection between our nose, what we seek out and what we can detect with our nose may still be very important. If the nose isn't working right, for example, the feedback loop may be disrupted, leading to problems with disordered eating and obesity. There may even be links to disrupted sleep, another tie to the olfactory system the Kahnt lab is researching. Kahnt said with a better understanding of the feedback loop between smell and food intake, he's hoping to take the project full circle back to sleep deprivation to see if lack of sleep may impair the loop in some way. He added that with brain imaging, there are more questions about how the adaptation may impact sensory and decision-making circuits in the brain. The study has been published in the journal PLOS Biology.

The state security ministry is recruiting from a vast pool of private-sector hackers who often have their own agendas and sometimes use their access for commercial cybercrime, experts say. From a report: China's buzzy high-tech companies don't usually recruit Cambodian speakers, so the job ads for three well-paid positions with those language skills stood out. The ad, seeking writers of research reports, was placed by an internet security start-up in China's tropical island-province of Hainan. That start-up was more than it seemed, according to American law enforcement. Hainan Xiandun Technology was part of a web of front companies controlled by China's secretive state security ministry, according to a federal indictment from May. They hacked computers from the United States to Cambodia to Saudi Arabia, seeking sensitive government data as well as less-obvious spy stuff, like details of a New Jersey company's fire-suppression system, according to prosecutors. The accusations appear to reflect an increasingly aggressive campaign by Chinese government hackers and a pronounced shift in their tactics: China's premier spy agency is increasingly reaching beyond its own ranks to recruit from a vast pool of private-sector talent.

This new group of hackers has made China's state cyberspying machine stronger, more sophisticated and -- for its growing array of government and private-sector targets -- more dangerously unpredictable. Sponsored but not necessarily micromanaged by Beijing, this new breed of hacker attacks government targets and private companies alike, mixing traditional espionage with outright fraud and other crimes for profit. China's new approach borrows from the tactics of Russia and Iran, which have tormented public and commercial targets for years. Chinese hackers with links to state security demanded ransom in return for not releasing a company's computer source code, according to an indictment released by the U.S. Department of Justice last year. Another group of hackers in southwest China mixed cyber raids on Hong Kong democracy activists with fraud on gaming websites, another indictment asserted. One member of the group boasted about having official protection, provided that they avoid targets in China.