Last month, Foxconn announced plans to build a $10 billion factory in southeastern Wisconsin in exchange for $3 billion in tax breaks. While the factory was heralded as a big win for President Trump and Governor Scott Walker, a report issued last week says the plan is looking less and less like a good deal for the state. In the report, Wisconsin's Legislative Fiscal Bureau said that the state wouldn't break even on its investment until 2043 -- and that's in an absolute best-case scenario. The Verge reports: How many workers Foxconn actually hires, and where Foxconn hires them from, would have a significant impact on when the state's investment pays off, the report says. The current analysis assumes that "all of the construction-period and ongoing jobs associated with the project would be filled by Wisconsin residents." But the report says it's likely that some positions would go to Illinois residents, because the factory would be located so close to the border. That would lower tax revenue and delay when the state breaks even. And that's still assuming that Foxconn actually creates the 13,000 jobs it claimed it might create, at the average wage -- just shy of $54,000 -- it promised to create them at. In fact, the plant is only expected to start with 3,000 jobs; the 13,000 figure is the maximum potential positions it could eventually offer. If the factory offers closer to 3,000 positions, the report notes, "the breakeven point would be well past 2044-45."

schwit1 shares a report from The Sun: Researchers at a Chinese university have revealed the results of an investigation aimed at creating a "repression network" which can identify cars from "customized paintings, decorations or even scratches" rather than by scanning its number plate. A team from Peking University said the technology they have developed to perform this task could also be used to recognize the faces of human beings. Essentially, it works by learning from what it sees, allowing it to differentiate between cars (or humans) by spotting small differences between them. "The growing explosion in the use of surveillance cameras in public security highlights the importance of vehicle search from large-scale image databases," the researcher wrote. "Precise vehicle search, aiming at finding out all instances for a given query vehicle image, is a challenging task as different vehicles will look very similar to each other if they share same visual attributes." They added: "We can extend our framework [software] into wider applications like face and person retrieval [identification] as well."

Orome1 shares a report from Help Net Security: Nothing should be more important for these sites and apps than the security of the users who keep them in business. Unfortunately, Dashlane found that that 46% of consumer sites, including Dropbox, Netflix, and Pandora, and 36% of enterprise sites, including DocuSign and Amazon Web Services, failed to implement the most basic password security requirements. The most popular sites provide the least guidance when it comes to secure password policies. Of the 17 consumer sites that failed Dashlane's tests, eight are entertainment/social media sites, and five are e-commerce. Most troubling? Researchers created passwords using nothing but the lowercase letter "a" on Amazon, Google, Instagram, LinkedIn, Venmo, and Dropbox, among others. GoDaddy emerged as the only consumer website with a perfect score, while enterprise sites Stripe and QuickBooks also garnered a perfect score of 5/5. Here's a screenshot of how each consumer/enterprise website performed.

Archeron writes: It seems that scientists at University of Washington in Seattle have managed to encode malware into genomic data, allowing them to gain full access to a computer being used to analyze the data. While this may be a highly contrived attack scenario, it does ask the question whether we pay sufficient attention to data-driven exploits, especially where the data is instrument-derived. What other systems could be vulnerable to a tampered raw data source? Perhaps audio and RF analysis systems? MIT Technology Review reports: "To carry out the hack, researchers led by Tadayoshi Kohno and Luis Ceze encoded malicious software in a short stretch of DNA they purchased online. They then used it to gain 'full control' over a computer that tried to process the genetic data after it was read by a DNA sequencing machine. The researchers warn that hackers could one day use faked blood or spit samples to gain access to university computers, steal information from police forensics labs, or infect genome files shared by scientists. To make the malware, the team translated a simple computer command into a short stretch of 176 DNA letters, denoted as A, G, C, and T. After ordering copies of the DNA from a vendor for $89, they fed the strands to a sequencing machine, which read off the gene letters, storing them as binary digits, 0s and 1s. Yaniv Erlich, a geneticist and programmer who is chief scientific officer of MyHertige.com, a genealogy website, says the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command. In this case, the command contacted a server controlled by Kohno's team, from which they took control of a computer in their lab they were using to analyze the DNA file." You can read their paper here.

China recently launched a crackdown on the use of software which allows users to get around its heavy internet censorship. Now as the BBC reports, developers are facing growing pressure. From the report: The three plain-clothes policemen tracked him down using a web address. They came to his house and demanded to see his computer. They told him to take down the app he was selling on Apple's App Store, and filmed it as it was happening. His crime was to develop and sell a piece of software that allows people to get round the tough restrictions that limit access to the internet in China. A virtual private network (VPN) uses servers abroad to provide a secure link to the internet. It's essential in China if you want to access parts of the outside world like Facebook, Gmail or YouTube, all of which are blocked on the mainland. "They insisted they needed to see my computer," the software developer, who didn't want us to use his name, told us during a phone interview. "I said this is my private stuff. How can you search as you please?" No warrant was produced and when he asked them what law he had violated they didn't say. Initially he refused to co-operate but, fearing detention, he relented. Then they told him what they wanted: "If you take the app off the shelf from Apple's App Store then this will be all over." 'Sorry, I can't help you with that'. Up until a few months ago his was a legal business. Then the government changed the regulations. VPN sellers need a licence now.