Monthly Archives: March 2020

Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing. Also, they mine your data with vampire teeth.

Posted on by

Zoom, the video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

With millions of people around the world working from home in order to slow the spread of the coronavirus, business is booming for Zoom, bringing more attention on the company and its privacy practices, including a policy, later updated, that seemed to give the company permission to mine messages and files shared during meetings for the purpose of ad targeting.

Still, Zoom offers reliability, ease of use, and at least one very important security assurance: As long as you make sure everyone in a Zoom meeting connects using “computer audio” instead of calling in on a phone, the meeting is secured with end-to-end encryption, at least according to Zoom’s website, its security white paper, and the user interface within the app. But despite this misleading marketing, the service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood. Instead it offers what is usually called transport encryption, explained further below.

zoom-ui

When mousing over the green lock in the top left of the Zoom desktop app, it says, “Zoom is using an end to end encrypted connection”

Screenshot: The Intercept

In Zoom’s white paper, there is a list of “pre-meeting security capabilities” that are available to the meeting host that starts with “Enable an end-to-end (E2E) encrypted meeting.” Later in the white paper, it lists “Secure a meeting with E2E encryption” as an “in-meeting security capability” that’s available to meeting hosts. When a host starts a meeting with the “Require Encryption for 3rd Party Endpoints” setting enabled, participants see a green padlock that says, “Zoom is using an end to end encrypted connection” when they mouse over it.

But when reached for comment about whether video meetings are actually end-to-end encrypted, a Zoom spokesperson wrote, “Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”

The encryption that Zoom uses to protect meetings is TLS, the same technology that web servers use to secure HTTPS websites. This means that the connection between the Zoom app running on a user’s computer or phone and Zoom’s server is encrypted in the same way the connection between your web browser and this article (on https://theintercept.com) is encrypted. This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won’t stay private from the company. (In a statement, Zoom said it does not directly access, mine, or sell user data; more below.)

Source: Zoom Meetings Do Not Support End-to-End Encryption

Oh dear.

 

 

Hacker hijacks all Microsoft and CCC YouTube accounts to broadcast crypto Ponzi scam

Posted on by

A hacker has hijacked all of Microsoft’s official YouTube accounts and is broadcasting a cryptocurrency Ponzi scam to the company’s subscribers, ZDNet has learned from one of our readers.

The hacks appear to have occurred about 13 hours ago, according to our source. The hijacked accounts are still streaming at the time of writing, despite being reported to YouTube’s moderators for more than one hour.

The hacker is currently live-streaming an old Bill Gates talk on startups that the former Microsoft CEO gave to an audience at Village Global in June 2019.

Hackers are live-streaming an altered version of the presentation, but also asking for viewers to participate in a classic “crypto giveaway” — where victims are tricked to send a small sum of cryptocurrency to double their earnings but never get any funds in return.

[…]

The Bitcoin address listed in the video streams did not receive any transactions or holds any funds, suggesting that no users have fallen for the scam. Based on YouTube stream stats, tens of thousands have seen the video feeds.

Microsoft was not the only organization impacted by the mass hijack and defacement incident. The Chaos Computer Club, a famous Germany-based hacking community, has also had its account hijacked to broadcast a similar message.

Source: Hacker hijacks Microsoft YouTube accounts to broadcast crypto Ponzi scam | ZDNet

Someone Convinced Google To Delist Our Entire Right To Be Forgotten Tag In The EU For Searches On Their Name, which means we can’t tell if they are abusing the system

Posted on by

The very fact that the tag being delisted when searching for this unnamed individual is the “right to be forgotten” tag shows that whoever this person is, they recognize that they are not trying to cover up the record of, say, an FTC case against them from… oh, let’s just say 2003… but rather are now trying to cover up their current effort to abuse the right to be forgotten process.

Anyway, in theory (purely in theory, of course) if someone in the EU searched for the name of anyone, it might be helpful to know if the Director of the FTC’s Bureau of Consumer Protection once called him a “spam scammer” who “conned consumers in two ways.” But, apparently, in the EU, that sort of information is no longer useful. And you also can’t find out that he’s been using the right to be forgotten process to further cover his tracks. That seems unfortunate, and entirely against the supposed principle behind the “right to be forgotten.” No one is trying to violate anyone’s “privacy” here. We’re talking about public court records, and an FTC complaint and later settlement on a fairly serious crime that took place not all that long ago. That ain’t private information. And, even more to the point, the much more recent efforts by that individual to then hide all the details of this public record.

Source: Someone Convinced Google To Delist Our Entire Right To Be Forgotten Tag In The EU For Searches On Their Name | Techdirt

A Woman Who Can Smell Parkinson’s, Alzheimers, Cancer, TBC, Is Inspiring New Research Into Diagnosis

Posted on by

For most of her life, Joy Milne had a superpower that she was totally oblivious to. She simply had no idea she possessed an utterly amazing, slightly terrifying biological gift that scientists would itch to study.

In fact, Joy probably would have stayed oblivious if it hadn’t been for her husband, Les Milne.

[…]

But then one day, about 10 years into the marriage, when Les was 31, he came home, and strangely, Joy says, he smelled different. “His lovely male musk smell had got this overpowering sort of nasty yeast smell,” she says.

[…]

Joy says that over the next 20 years she and Les tried to make the best of things, but it was difficult: the loss of movement, the loss of work, the slow narrowing of their world. Still, they struggled through. Then about seven years ago, they decided to attend a support group for people suffering from Parkinson’s.

“We were late. … A lot of people were there. And I walked into the room and I thought, ‘SMELL!’ ” she says.

Joy realized that the other people in the room had the same greasy, musty smell that Les had — the smell that Joy had first noticed when Les was just 31. “And then I realized for some people it smelled stronger and for other people it didn’t smell so strong,” she says.

Could it be, Joy wondered, that Parkinson’s has a smell?

As they drove home from the meeting, Joy kept puzzling it over in her head, and by the time they arrived, she’d decided she would tell her husband.

She says once she made her discovery clear, his eyes widened: “He’s a doctor — we both understood the significance. Immediately.”

To begin, this was a new scientific discovery, but also, Joy had smelled the disease on Les more than a decade before his symptoms got severe enough for them to seek medical help. If Joy could predict Parkinson’s before its well-known symptoms, such as shaking and sleep disruption, even started to appear, maybe she could work with researchers. It might lead to a breakthrough.

[…]

Kunath asked one group of people who had Parkinson’s and another group of people who didn’t have Parkinson’s to take home white T-shirts, wear them overnight and then return them.

Then Kunath gave the T-shirts to Joy to smell. “They were all given randomized numbers and put in a box, and then she was asked to take each one out and give it a score,” he says.

Was the person who wore this shirt at an early stage of Parkinson’s? In a late stage of Parkinson’s? Something in between? Or maybe the person didn’t have the disease at all.

“And she was incredibly accurate,” Kunath says.

In fact, out of all the samples, Joy made only one mistake. She identified a man in the control group, the group without Parkinson’s, as having the disease. But many months later, Kunath says, that man actually approached him at an event and said, “Tilo, you’re going to have to put me in the Parkinson’s pile because I’ve just been diagnosed.”

It was incontrovertible: Joy not only could smell Parkinson’s but could smell it even in the absence of its typical medical presentation.

Kunath and fellow scientists published their work in ACS Central Science in March 2019, listing Joy as a co-author. Their research identified certain specific compounds that may contribute to the smell that Joy noticed on her husband and other Parkinson’s patients.

[…]

Joy and her super smelling abilities have opened up a whole new realm of research, Kunath says. Researchers, including Perdita Barran at the University of Manchester, led a second, larger study and have recently found 10 compounds linked to Parkinson’s by using mass spectrometry and other techniques to analyze samples from 274 people. They’re hoping to find a way to diagnose Parkinson’s from skin-based biomarkers, according to Barran. More work is soon to come, she adds.

[…]

Joy’s superpower is so unusual that researchers all over the world have started working with her and have discovered that she can identify several kinds of illnesses — tuberculosis, Alzheimer’s disease, cancer and diabetes.

Source: A Woman Who Can Smell Parkinson’s Is Inspiring New Research Into Diagnosis : Shots – Health News : NPR

US Officials Use Mobile Ad Location Data to Study How COVID-19 Spreads, not cellphone tower data

Posted on by

Government officials across the U.S. are using location data from millions of cellphones in a bid to better understand the movements of Americans during the coronavirus pandemic and how they may be affecting the spread of the disease…

The data comes from the mobile advertising industry rather than cellphone carriers. The aim is to create a portal for federal, state and local officials that contains geolocation data in what could be as many as 500 cities across the U.S., one of the people said, to help plan the epidemic response… It shows which retail establishments, parks and other public spaces are still drawing crowds that could risk accelerating the transmission of the virus, according to people familiar with the matter… The data can also reveal general levels of compliance with stay-at-home or shelter-in-place orders, according to experts inside and outside government, and help measure the pandemic’s economic impact by revealing the drop-off in retail customers at stores, decreases in automobile miles driven and other economic metrics.

The CDC has started to get analyses based on location data through through an ad hoc coalition of tech companies and data providers — all working in conjunction with the White House and others in government, people said.

The CDC and the White House didn’t respond to requests for comment.
It’s the cellphone carriers turning over pandemic-fighting data in Germany, Austria, Spain, Belgium, the U.K., according to the article, while Israel mapped infections using its intelligence agencies’ antiterrorism phone-tracking. But so far in the U.S., “the data being used has largely been drawn from the advertising industry.

“The mobile marketing industry has billions of geographic data points on hundreds of millions of U.S. cell mobile devices…”

Source: US Officials Use Mobile Ad Location Data to Study How COVID-19 Spreads – Slashdot

I am unsure if this says more about the legality of the move or the technical decentralisation of cell phone tower data making it technically difficult to track the whole population

Israel uses anti-terrorist tech to monitor phones of virus patients

Posted on by

Israel has long been known for its use of technology to track the movements of Palestinian militants. Now, Prime Minister Benjamin Netanyahu wants to use similar technology to stop the movement of the coronavirus.

Netanyahu’s Cabinet on Sunday authorized the Shin Bet security agency to use its phone-snooping tactics on coronavirus patients, an official confirmed, despite concerns from civil-liberties advocates that the practice would raise serious privacy issues. The official spoke on condition of anonymity pending an official announcement.

Netanyahu announced his plan in a televised address late Saturday, telling the nation that the drastic steps would protect the public’s health, though it would also “entail a certain degree of violation of privacy.”

Israel has identified more than 200 cases of the coronavirus. Based on interviews with these patients about their movements, health officials have put out public advisories ordering tens of thousands of people who may have come into contact with them into protective home quarantine.

The new plan would use mobile-phone tracking technology to give a far more precise history of an infected person’s movements before they were diagnosed and identify people who might have been exposed.

In his address, Netanyahu acknowledged the technology had never been used on civilians. But he said the unprecedented health threat posed by the virus justified its use. For most people, the coronavirus causes only mild or moderate symptoms. But for some, especially older adults and people with existing health problems, it can cause more severe illness.

“They are not minor measures. They entail a certain degree of violation of the privacy of those same people, who we will check to see whom they came into contact with while sick and what preceded that. This is an effective tool for locating the virus,” Netanyahu said.

The proposal sparked a heated debate over the use of sensitive security technology, who would have access to the information and what exactly would be done with it.

Nitzan Horowitz, leader of the liberal opposition party Meretz, said that tracking citizens “using databases and sophisticated technological means are liable to result in a severe violation of privacy and basic civil liberties.” He said any use of the technology must be supervised, with “clear rules” for the use of the information.

Netanyahu led a series of discussions Sunday with security and health officials to discuss the matter. Responding to privacy concerns, he said late Sunday he had ordered a number of changes in the plan, including reducing the scope of data that would be gathered and limiting the number of people who could see the information, to protect against misuse.

Source: Israel takes step toward monitoring phones of virus patients – ABC News

What I’m missing is a maximum duration for these powers to be used.

Astronomers have found the edge of the Milky Way at last

Posted on by

Our galaxy is a whole lot bigger than it looks. New work finds that the Milky Way stretches nearly 2 million light-years across, more than 15 times wider than its luminous spiral disk. The number could lead to a better estimate of how massive the galaxy is and how many other galaxies orbit it.

Astronomers have long known that the brightest part of the Milky Way, the pancake-shaped disk of stars that houses the sun, is some 120,000 light-years across (SN: 8/1/19). Beyond this stellar disk is a disk of gas. A vast halo of dark matter, presumably full of invisible particles, engulfs both disks and stretches far beyond them (SN: 10/25/16). But because the dark halo emits no light, its diameter is hard to measure.

Now, Alis Deason, an astrophysicist at Durham University in England, and her colleagues have used nearby galaxies to locate the Milky Way’s edge. The precise diameter is 1.9 million light-years, give or take 0.4 million light-years, the team reports February 21 in a paper posted at arXiv.org.

To put that size into perspective, imagine a map in which the distance between the sun and the Earth is just one inch. If the Milky Way’s heart were at the center of the Earth, the galaxy’s edge would be four times farther away than the moon actually is.

To find the Milky Way’s edge, Deason’s team conducted computer simulations of how giant galaxies like the Milky Way form. In particular, the scientists sought cases where two giant galaxies arose side by side, like the Milky Way and Andromeda, our nearest giant neighbor, because each galaxy’s gravity tugs on the other (SN: 5/12/15). The simulations showed that just beyond the edge of a giant galaxy’s dark halo, the velocities of small nearby galaxies drop sharply (SN: 3/11/15).

Using existing telescope observations, Deason and her colleagues found a similar plunge in the speeds of small galaxies near the Milky Way. This occurred at a distance of about 950,000 light-years from the Milky Way’s center, marking the galaxy’s edge, the scientists say. The edge is 35 times farther from the galactic center than the sun is.

Although dark matter makes up most of the Milky Way’s mass, the simulations reveal that stars should also exist at these far-out distances. “Both have a well-defined edge,” Deason says. “The edge of the stars is very sharp, almost like the stars just stop at a particular radius.”

Source: Astronomers have found the edge of the Milky Way at last | Science News

Zoom Removes Code That Sends Data to Facebook – but there is still plenty of nasty stuff in there

Posted on by

On Friday video-conferencing software Zoom issued an update to its iOS app which stops it sending certain pieces of data to Facebook. The move comes after a Motherboard analysis of the app found it sent information such as when a user opened the app, their timezone, city, and device details to the social network giant.

When Motherboard analyzed the app, Zoom’s privacy policy did not make the data transfer to Facebook clear.

“Zoom takes its users’ privacy extremely seriously. We originally implemented the ‘Login with Facebook’ feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data,” Zoom told Motherboard in a statement on Friday.

Source: Zoom Removes Code That Sends Data to Facebook – VICE

But there is still pleny of data being hoovered up by Zoom:
Yeah, that Zoom app you’re trusting with work chatter? It lives with ‘vampires feeding on the blood of human data’

Yeah, that Zoom app you’re trusting with work chatter? It lives with ‘vampires feeding on the blood of human data’

Posted on by

As the global coronavirus pandemic pushes the popularity of videoconferencing app Zoom to new heights, one web veteran has sounded the alarm over its “creepily chummy” relationship with tracking-based advertisers.

Doc Searls, co-author of the influential internet marketing book The Cluetrain Manifesto last century, today warned [cached] Zoom not only has the right to extract data from its users and their meetings, it can work with Google and other ad networks to turn this personal information into targeted ads that follow them across the web.

This personal info includes, and is not limited to, names, addresses and any other identifying data, job titles and employers, Facebook profiles, and device specifications. Crucially, it also includes “the content contained in cloud recordings, and instant messages, files, whiteboards … shared while using the service.”

Searls said reports outlining how Zoom was collecting and sharing user data with advertisers, marketers, and other companies, prompted him to pore over the software maker’s privacy policy to see how it processes calls, messages, and transcripts.

And he concluded: “Zoom is in the advertising business, and in the worst end of it: the one that lives off harvested personal data.

“What makes this extra creepy is that Zoom is in a position to gather plenty of personal data, some of it very intimate (for example with a shrink talking to a patient) without anyone in the conversation knowing about it. (Unless, of course, they see an ad somewhere that looks like it was informed by a private conversation on Zoom.)”

The privacy policy, as of March 18, lumps together a lot of different types of personal information, from contact details to meeting contents, and says this info may be used, one way or another, to personalize web ads to suit your interests.

“Zoom does use certain standard advertising tools which require personal data,” the fine-print states. “We use these tools to help us improve your advertising experience (such as serving advertisements on our behalf across the internet, serving personalized ads on our website, and providing analytics services) … For example, Google may use this data to improve its advertising services for all companies who use their services.”

Searls, a former Harvard Berkman Fellow, said netizens are likely unaware their information could be harvested from their Zoom accounts and video conferences for advertising and tracking across the internet: “A person whose personal data is being shed on Zoom doesn’t know that’s happening because Zoom doesn’t tell them. There’s no red light, like the one you see when a session is being recorded.

“Nobody goes to Zoom for an ‘advertising experience,’ personalized or not. And nobody wants ads aimed at their eyeballs elsewhere on the ‘net by third parties using personal information leaked out through Zoom.”

Speaking of Zoom…

Zoom’s iOS app sent analytics data to Facebook even if you didn’t use Facebook, due to the application’s use of the social network’s Graph API, Vice discovered. The privacy policy stated the software collects profile information when a Facebook account is used to sign into Zoom, though it didn’t say anything about what happens if you don’t use Facebook. Zoom has since corrected its code to not send analytics in these circumstances.

It should go without saying but don’t share your Zoom meeting ID and password in public, such as on social media, as miscreants will spot it, hijack it, and bomb it with garbage. And don’t forget to set a strong password, too. Zoom had to beef up its meeting security after Check Point found a bunch of weaknesses, such as the fact it was easy to guess or brute-force meeting IDs.

Source: Yeah, that Zoom app you’re trusting with work chatter? It lives with ‘vampires feeding on the blood of human data’ • The Register

Android Apps Are Transmitting what other apps you have ever installed to marketing peole

Posted on by

At this point we’re all familiar with apps of all sorts tracking our every move and sharing that info with pretty much every third party imaginable. But it actually may not be as simple as tracking where you go and what you do in an app: It turns out that these apps might be dropping details about the other programs you’ve installed on your phone, too.

This news comes courtesy of a new paper out from a team of European researchers who found that some of the most popular apps in the Google Play store were bundled with certain bits of software that pull details of any apps that were ever downloaded onto a person’s phone.

Before you immediately chuck your Android device out the window in some combination of fear and disgust, we need to clarify a few things. First, these bits of software—called IAMs, or “installed application methods”—have some decent uses. A photography app might need to check the surrounding environment to make sure you have a camera installed somewhere on your phone. If another app immediately glitches out in the presence of an on-phone camera, knowing the environment—and the reason for that glitch—can help a developer know which part of his app to tinker with to keep that from happening in the future.

Because these IAM-specific calls are technically for debugging purposes, they generally don’t need to secure permissions the same way an app usually would when, say, asking for your location. Android devices have actually gotten better about clamping down on that form of invasive tracking after struggling with it for years, recently announcing that the Android 11 formally requiring that devs apply for location permissions access before Google grants it.

But at the same time, surveying the apps on a given phone can go the invasive route very easily: The apps we download can tip developers off about our incomes, our sexualities, and some of our deepest fears.

The research team found that, of the roughly 4,200 commercial apps it surveyed making these IAM calls, almost half were strictly grabbing details on the surrounding apps. For context, most other calls—which were for monitoring details about the app like available updates, or the current app version—together made up less than one percent of all calls they observed.

There are a few reasons for the prevalence of this errant app-sniffing behavior, but for the most part it boils down to one thing: money. A lot of these IAMs come from apps that are on-boarding software from adtech companies offering developers an easy way to make quick cash off their free product. That’s probably why the lion’s share—more than 83%—of these calls were being made on behalf of third-party code that the dev onboarded for their commercially available app, rather than code that was baked into that app by design.

And for the most part, these third parties are—as you might have suspected—companies that specialize in targeted advertising. Looking over the top 20 libraries that pull some kind of data via IAMs, some of the top contenders, like ironSource or AppNext, are in the business of getting the right ads in front of the right player at the right time, offering the developer the right price for their effort.

And because app developers—like most people in the publishing space—are often hard-up for cash, they’ll onboard these money-making tools without asking how they make that money in the first place. This kind of daisy-chaining is the same reason we see trackers of every shape and size running across every site in the modern ecosystem, at times without the people actually behind the site having any idea.

Source: Android Apps May Be Snooping on You More Than You Realize

cheap High-frequency, high-power and nanoscale semiconductors that can see through walls

Posted on by

Scientists have crafted a tiny flexible electrical device capable of generating terahertz waves that can penetrate walls and microscopic cells, potentially paving the way for new imaging techniques – and fast switching in chips.

Terahertz radiation lies in the electromagnetic spectrum where microwaves and infrared meet. These so-called T-waves, ranging from 0.3 to 3THz according to the ITU, have interesting properties: they can travel through clothing, wood, walls, and even human skin, for one thing.

However, they can be tricky to produce, depending on the application, as you often need expensive and clunky equipment. Now, a team of researchers led by the École polytechnique fédérale de Lausanne (EPFL) in Switzerland believe they’ve created something that not only emits high-power terahertz radiation but is both compact and cheap. Which is useful for miniaturization and productization.

The gizmo detailed in a paper published in Nature this week works by producing so-called nanoplasma.

Here’s how it works: two tiny metal plates are placed 20 nanometres apart and a voltage is applied. Electrons migrate towards one of the plates to create a nanoplasma. When enough negative charge has accumulated and the voltage across the plates reaches a critical threshold, the electrons instantly flock to the other plate.

“The very high electric field in the small volume of the nanoplasma leads to ultrafast electron transfer, resulting in extremely short time responses,” the paper explained. This back and forth motion of the electrons on each plate continues, and the device emits a high-intensity pulse of terahertz waves.

“We achieved an ultrafast switching speed, higher than 10 volts per picosecond (10-12 s), which is about two orders of magnitude larger than that of field-effect transistors and more than ten times faster than that of conventional electronic switches,” the academics said.

The tiny nanoplasma devices were fabricated on bits of Kapton tape pasted onto a sapphire substrate, where a thin layer of gold or tungsten was stacked on top of titanium.

“High-frequency semiconductor devices are nanoscale in size,” said Elison Matioli, co-author of the study and an electrical engineering professor at EPFL.

“They can only cope with a few volts before breaking out. High-power devices, meanwhile, are too big and slow to generate terahertz waves. Our solution was to revisit the old field of plasma with state-of-the-art nanoscale fabrication techniques to propose a new device to get around those constraints.”

“High-frequency, high-power and nanoscale aren’t terms you’d normally hear in the same sentence,” he added.

The fast switching speeds could help deliver ultrafast chips that could be used in wireless communication, sensors, or even biomedical imaging.

Source: Want to see through walls? Electroboffins build tiny chip in the lab that vibrates at just the right frequency to do it • The Register

LA Teen Who Died of Covid-19 Was Denied Treatment Because He Didn’t Have Health Insurance. The US looks like a banana republic.

Posted on by

A 17-year-old boy in Los Angeles County who became the first teen believed to have died from complications with covid-19 in the U.S. was denied treatment at an urgent care clinic because he didn’t have health insurance, according to R. Rex Parris, the mayor of Lancaster, California. Roughly 27.5 million Americans—8.5 percent of the population—don’t have health insurance based on the latest government figures.

“He didn’t have insurance, so they did not treat him,” Parris said in a video posted to YouTube. The staff at the urgent care facility told the teen to try the emergency room at Antelope Valley (AV) Hospital, a public hospital in the area, according to the mayor.

“En route to AV Hospital, he went into cardiac arrest, when he got to AV hospital they were able to revive him and keep him alive for about six hours,” Parris said. “But by the time he got there, it was too late.”

The name of the urgent care clinic that refused to treat the teen has not been released. Mayor Parris explained in his YouTube video that the 17-year-old is believed to have had no underlying conditions that may have contributed to his death.

“He had been sick for a few days, he had no previous health conditions. On the Friday before he died, he was healthy, he was socializing with his friends,” the mayor explained.

Source: Teen Who Died of Covid-19 Was Denied Treatment Because He Didn’t Have Health Insurance

Singapore Government to make its contact-tracing app freely available to developers worldwide

Posted on by

SINGAPORE – In a move to help the international community combat the coronavirus pandemic, the Government will be making the software for its contact-tracing application TraceTogether, which has already been installed by more than 620,000 people, freely available to developers around the world.

In a Facebook post on Monday (March 23), Minister-in-charge of the Smart Nation Initiative Vivian Balakrishnan said that the app, developed by the Government Technology Agency (GovTech) and the Ministry of Health, will be open-sourced.

This means that the software’s source code will be made freely available and may be redistributed and modified.

“We believe that making our code available to the world will enhance trust and collaboration in dealing with a global threat that does not respect boundaries, political systems or economies,” said Dr Balakrishnan, who is also Foreign Minister.

“Together, we can make our world safer for everyone.”

Launched last Friday, the TraceTogether app can identify people who have been within 2m of coronavirus patients for at least 30 minutes, using wireless Bluetooth technology. Its developers say the app is useful when those infected cannot recall whom they had been in close proximity with for an extended duration.

For the app to start tracing, the Bluetooth setting on mobile phones has to be turned on.

If a user gets infected, the authorities will be able to quickly find out the other users he has been in close contact with, allowing for easier identification of potential cases and helping curb the spread of the virus.

Official contact tracers will provide a code that users can match with a corresponding verification code on their app. Once authenticated, users will get a PIN that allows data to be submitted.

Contact tracers will not ask for any personal financial details or request that money be transferred over the phone.

In his post on Monday, Dr Balakrishnan said that the GovTech team was working “around the clock” to finalise documents to allow others to use the BlueTrace protocol – the building blocks of the TraceTogether app. He added that TraceTogether has been installed by more than 620,000 users so far.

Dr Janil Puthucheary, Minister-in-charge of GovTech, also weighed in on the app in a radio show on Monday, saying that a team of about 40 engineers spent more than 10,000 man-hours developing TraceTogether.

Dr Janil also encouraged more people to download TraceTogether as added protection.

TraceTogether’s developers uploaded a manifesto for BlueTrace on the app’s website on Monday, calling for international adoption of contact-tracing solutions in today’s globalised world as weapons to turn the tide against the Covid-19 outbreak.

“Covid-19 and other novel viruses do not respect national boundaries. Neither should humanity’s response. In a globalised world, with high volumes of international travel, any decentralised contact-tracing solution will need mass adoption to maximise network effects,” stated the app developers’ manifesto.

Help fight the spread of COVID-19 with TraceTogether!

Interested parties can contact the TraceTogether team via e-mail or check this website for more information.

Source: Coronavirus: S’pore Government to make its contact-tracing app freely available to developers worldwide, Singapore News & Top Stories – The Straits Times

WPA Cracking from Kismet sensors

Posted on by

During a recent event I decided to setup a passive monitoring station to check for any attempts to impersonate, hi-jack, or deny service to our WiFi . For this task I decided to use an Alpha card, and Kismet (which comes already installed on Kali linux). To deploy for wireless intrusion detection (WIDS)

Kismet worked as advertised and I was able to monitor channel utilization and for wireless anomalies (think pwnagotchi or hak5 pineapple)

Channel Utilization Monitoring

Kismet WIDS alerting

This worked great, but I soon noticed that Kismet also was logging WPA handshakes for client connections. Which made me wonder, could kismet be used as an attack platform?

Captured WPA key exchange

After some quick googling I found indeed its very possible using this 3 step process.

  1. Export PCAP data out of the kismet session database (by default stored at the root of a user home dir) by issuing the command kismet_log_to_pcap — in foo.kismet — out foo.pcap
  2. Convert that PCAP into something consumable by hashcat by issuing the command cap2hccapx.bin foo.pcap foo.hccapx
  3. Setup hashcat to crack the stored key exchanges by using the command hashcat64.exe -m 2500 foo.hccapx rockyou.txt -r rules/rockyou-30000.rule

What was surprising was that it took seconds or less to crack many of the captured sessions. Whats more interesting is that its possible to deploy kismet on extremely cheap hardware such as a Raspberry Pi and form fleets of sensors that all log to a central point, and that are all cracked and monitored.

hashcat output

Today’s key take away? If you use a portable access point such as your phone as a hotspot you still need to use an extremely long and complex password. It used to take an exorbitant amount of time to crack WPA2 but that is no longer true. Modern techniques for cracking the pairwise master key have been developed which combined with GPU based password cracking means weak passwords can often be instantly cracked.

To read more about this check out Ins1gn1a’s article titled Understanding WPA/WPA2 Pre-Shared-Key Cracking

Source: WPA Cracking from Kismet sensors – William Reyor – Medium

Ring corporate surveillance doorbells Continues To Insist Its Cameras Reduce Crime, But Crime Data Doesn’t Back Those Claims Up

Posted on by

Despite evidence to the contrary, Amazon’s Ring is still insisting its the best thing people can put on their front doors — an IoT camera with PD hookups that will magically reduce crime in their neighborhoods simply by being a mute witness of criminal acts.

Boasting over 1,000 law enforcement partnerships, Ring talks a good game about crime reduction, but its products haven’t proven to be any better than those offered by competitors — cameras that don’t come with law enforcement strings attached.

Last month, Cyrus Farivar undid a bit of Ring’s PR song-and-dance by using public records requests and conversations with law enforcement agencies to show any claim Ring makes about crime reduction probably (and in some cases definitely) can’t be linked to the presence of Ring’s doorbell cameras.

CNET has done the same thing and come to the same conclusion: the deployment of Ring cameras rarely results in any notable change in property crime rates. That runs contrary to the talking points deployed by Dave Limp — Amazon’s hardware chief — who “believes” adding Rings to neighborhoods makes neighborhoods safer. Limp needs to keep hedging.

CNET obtained property-crime statistics from three of Ring’s earliest police partners, examining the monthly theft rates from the 12 months before those partners signed up to work with the company, and the 12 months after the relationships began, and found minimal impact from the technology.

The data shows that crime continued to fluctuate, and analysts said that while many factors affect crime rates, such as demographics, median income and weather, Ring’s technology likely wasn’t one of them.

Worse for Ring — which has used its partnerships with law enforcement agencies to corner the market for doorbell cameras — law enforcement agencies are saying the same thing: Ring isn’t having any measurable impact on crime.

“In 2019, we saw a 6% decrease in property crime,” said Kevin Warych, police patrol commander in Green Bay, Wisconsin, but he noted, “there’s no causation with the Ring partnership.”

[…]

“I can’t put numbers on it specifically, if it works or if it doesn’t reduce crime,” [Aurora PD public information officer Paris] Lewbel said.

But maybe it doesn’t really matter to Ring if law enforcement agencies believe the crime reduction sales pitch. What ultimately matters is that end users might. After all, these cameras are installed on homes, not police departments. As long as potential customers believe crime in their area (or at least their front doorstep) will be reduced by the presence of camera, Ring can continue to increase market share.

But the spin is, at best, inaccurate. Crime rates in cities where Ring has partnered with law enforcement agencies continue to fluctuate. Meanwhile, Ring has fortuitously begun its mass deployment during a time of historically-low crime rates which have dropped steadily for more than 20 years. Hitting the market when things are good and keep getting better makes for pretty good PR, especially when company reps are willing to convert correlation to causation to sell devices.

Source: Ring Continues To Insist Its Cameras Reduce Crime, But Crime Data Doesn’t Back Those Claims Up | Techdirt

Comet ATLAS is Brightening Faster than Expected might be awesome to look at mid May

Posted on by

Comet ATLAS (C2019 Y4) is plunging toward the sun, and if it doesn’t fly apart it could soon become one of the brightest comets in years.

“Comet ATLAS continues to brighten much faster than expected,” says Karl Battams of the Naval Research Lab in Washington DC. “Some predictions for its peak brightness now border on the absurd.”

atlas3_crop

Above: Comet ATLAS (C/2019 Y4) photographed on March 6, 2020, by Austrian astrophotographer Michael Jäger. The comet’s diffuse green atmosphere is about twice as wide as the planet Jupiter.

The comet was discovered in December 2019 by the Asteroid Terrestrial-impact Last Alert System (ATLAS) in Hawaii. Astronomers quickly realized it might be special. On May 31, 2020, Comet ATLAS will pass deep inside the orbit of Mercury only 0.25 AU from the sun. If it can survive the blast furnace of solar heating, it could put on a good show.

However, no one expected the show to start this soon. More than 2 months before perihelion (closest approach to the sun), Comet ATLAS is already “heating up.” The worldwide Comet Observation Database shows it jumping from magnitude +17 in early February to +8 in mid-March–a 4000-fold increase in brightness. It could become visible to the naked eye in early April.

“Right now the comet is releasing huge amounts of its frozen volatiles (gases),” says Battams. “That’s why it’s brightening so fast.”

lightcurve

Can ATLAS sustain this crazy pace? If it has a big nucleus with large stores of frozen gas, then yes; we could get a very bright comet. Otherwise, Comet ATLAS might “run out of gas”, crumbling and fading as it approaches the sun.

Current best estimates of the comet’s peak brightness in May range from magnitude +1 to -5. If Comet ATLAS hits the high end of that range, a bit brighter than Venus, it could become visible in broad daylight.

Source: Comet ATLAS is Brightening Faster than Expected | Spaceweather.com

Ancestor of all animals identified in Australian fossils

Posted on by

A team led by UC Riverside geologists has discovered the first ancestor on the family tree that contains most familiar animals today, including humans.

The tiny, wormlike creature, named Ikaria wariootia, is the earliest bilaterian, or organism with a front and back, two symmetrical sides, and openings at either end connected by a gut. The paper is published today in Proceedings of the National Academy of Sciences.

The earliest multicellular organisms, such as sponges and algal mats, had variable shapes. Collectively known as the Ediacaran Biota, this group contains the oldest fossils of complex, multicellular organisms. However, most of these are not directly related to animals around today, including lily pad-shaped creatures known as Dickinsonia that lack basic features of most animals, such as a mouth or gut.

The development of bilateral symmetry was a critical step in the evolution of animal life, giving organisms the ability to move purposefully and a common, yet successful way to organize their bodies. A multitude of animals, from worms to insects to dinosaurs to humans, are organized around this same basic bilaterian body plan.

Evolutionary biologists studying the genetics of modern animals predicted the oldest ancestor of all bilaterians would have been simple and small, with rudimentary sensory organs. Preserving and identifying the fossilized remains of such an animal was thought to be difficult, if not impossible.

A 3D laser scan that showing the regular, consistent shape of a cylindrical body with a distinct head and tail and faintly grooved musculature. Credit: Droser Lab/UCR

For 15 years, scientists agreed that fossilized burrows found in 555 million-year-old Ediacaran Period deposits in Nilpena, South Australia, were made by bilaterians. But there was no sign of the creature that made the burrows, leaving scientists with nothing but speculation.

Scott Evans, a recent doctoral graduate from UC Riverside; and Mary Droser, a professor of geology, noticed miniscule, oval impressions near some of these burrows. With funding from a NASA exobiology grant, they used a three-dimensional laser scanner that revealed the regular, consistent shape of a cylindrical body with a distinct head and tail and faintly grooved musculature. The animal ranged between 2-7 millimeters long and about 1-2.5 millimeters wide, with the largest the size and shape of a grain of rice—just the right size to have made the burrows.

“We thought these should have existed during this interval, but always understood they would be difficult to recognize,” Evans said. “Once we had the 3-D scans, we knew that we had made an important discovery.”

The researchers, who include Ian Hughes of UC San Diego and James Gehling of the South Australia Museum, describe Ikaria wariootia, named to acknowledge the original custodians of the land. The genus name comes from Ikara, which means “meeting place” in the Adnyamathanha language. It’s the Adnyamathanha name for a grouping of mountains known in English as Wilpena Pound. The species name comes from Warioota Creek, which runs from the Flinders Ranges to Nilpena Station.

Ikaria wariootia impressions in stone. Credit: Droser Lab/UCR

“Burrows of Ikaria occur lower than anything else. It’s the oldest fossil we get with this type of complexity,” Droser said. “Dickinsonia and other big things were probably evolutionary dead ends. We knew that we also had lots of little things and thought these might have been the early bilaterians that we were looking for.”

In spite of its relatively simple shape, Ikaria was complex compared to other fossils from this period. It burrowed in thin layers of well-oxygenated sand on the ocean floor in search of organic matter, indicating rudimentary sensory abilities. The depth and curvature of Ikaria represent clearly distinct front and rear ends, supporting the directed movement found in the burrows.

The burrows also preserve crosswise, “V”-shaped ridges, suggesting Ikaria moved by contracting muscles across its body like a worm, known as peristaltic locomotion. Evidence of sediment displacement in the burrows and signs the organism fed on buried organic matter reveal Ikaria probably had a mouth, anus, and gut.

“This is what evolutionary biologists predicted,” Droser said. “It’s really exciting that what we have found lines up so neatly with their prediction.”

Source: Ancestor of all animals identified in Australian fossils

Hackers target WHO as cyberattacks double

Posted on by

WHO Chief Information Security Officer Flavio Aggio said the identity of the hackers was unclear and the effort was unsuccessful. But he warned that hacking attempts against the agency and its partners have soared as they battle to contain the coronavirus, which has killed more than 15,000 worldwide.

The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity.

Urbelis said he picked up on the activity around March 13, when a group of hackers he’d been following activated a malicious site mimicking the WHO’s internal email system.

“I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,” he said.

Urbelis said he didn’t know who was responsible, but two other sources briefed on the matter said they suspected an advanced group of hackers known as DarkHotel, which has been conducting cyber-espionage operations since at least 2007.

Messages sent to email addresses maintained by the hackers went unreturned.

When asked by Reuters about the incident, the WHO’s Aggio confirmed that the site spotted by Urbelis had been used in an attempt to steal passwords from multiple agency staffers.

“There has been a big increase in targeting of the WHO and other cybersecurity incidents,” Aggio said in a telephone interview. “There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”

The WHO published an alert last month – available here here – warning that hackers are posing as the agency to steal money and sensitive information from the public.

And government officials in the United States, Britain and elsewhere have issued cybersecurity warnings about the dangers of a newly remote workforce as people disperse to their homes to work and study because of the coronavirus pandemic.

The motives in the case identified by Reuters aren’t clear. United Nations agencies, the WHO among them, are regularly targeted by digital espionage campaigns and Aggio said he did not know who precisely at the organization the hackers had in their sights.

Cybersecurity firms including Romania’s Bitdefender and Moscow-based Kaspersky said they have traced many of DarkHotel’s operations to East Asia – an area that has been particularly affected by the coronavirus. Specific targets have included government employees and business executives in places such as China, North Korea, Japan, and the United States.

Source: Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike – Reuters

New York Stock Exchange Chairman Sold Millions in Stock Before Crash and after wife had been briefed about Covid-19 secretly

Posted on by

Jeffrey Sprecher, the chairman of the New York Stock Exchange, sold $3.5 million in stock on February 26, a month after his wife, Senator Kelly Loeffler of Georgia, received a closed-door briefing about the covid-19 threat. According to SEC filings, Sprecher sold $15.3 million more in stock on March 11, at the beginning of the crash that has seen trillions of dollars wiped from the financial markets. Both stock sales were of Intercontinental Exchange (known as ICE), the company that owns the NYSE, and of which Sprecher just happens to be CEO.

The revelations about Sprecher come from a new report by CBS News, which examined filings with the Securities and Exchange Commission (SEC). Loeffler’s own stock sales recently made headlines after it was revealed that she sold millions in stock the same day she received a closed-door January 26 briefing on the potential impact of the covid-19 pandemic. Loeffler denies having any knowledge of the sales done in her name.

What makes Sprecher’s stock sales a scandal? For one, they should have been reported as part of Loeffler’s financial disclosures, but were not. Senators have been required to give periodic financial disclosures since 2012 and those filings include any sales and purchases made by the politician’s spouse.

[…]

his wife had secret information about a global pandemic and both of them unloaded while she kept publicly saying everything was fine and dandy.

In fact, this was the video Loeffler posted to Twitter on March 10, the day before her husband unloaded $15.3 million worth of stock in his own company.

Sprecher and Loeffler are reportedly worth at least $500 million. Capitalism may be on its last legs during the covid-19 pandemic, but you can bet that millionaires and billionaires will do everything they can to keep it afloat. Even if a few million people have to die.

Source: New York Stock Exchange Chairman Sold Millions in Stock Before Crash

Hacker selling data of 538 million Weibo users

Posted on by

The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online, according to ads seen by ZDNet and corroborating reports from Chinese media.

In ads posted on the dark web and other places, a hacker claims to have breached Weibo in mid-2019 and obtained a dump of the company’s user database.

The database allegedly contains the details for 538 million Weibo users. Personal details include the likes of real names, site usernames, gender, location, and — for 172 million users — phone numbers.

Passwords were not included, which explains why the hacker is selling the Weibo data for only ¥1,799 ($250).

Source: Hacker selling data of 538 million Weibo users | ZDNet

After 450 years, the tiny feudal Channel island of Sark will finally earn the right to exist on the internet with a domain

Posted on by

The island of Sark, a United Kingdom royal fiefdom located in the Channel Islands and measuring just two square miles (517 hectares), has succeeded in its 20-year quest to be officially recognized by the International Standards Organization (ISO).

The decision will lead to creation of a new two-letter code for the island and an addition to the internet’s country codes: the .sk code is already taken by Slovakia so Sark may end up with .cq form in reference to the original Norman dialect spelling of the island – Sercq.

That’s something that Sark has been desperate to achieve thanks to the ever-growing impact of the internet on modern life. “In today’s connected world, business and personal matters are increasingly transacted online,” reads a quote at the start of the 54-page submission [PDF] to the ISO, written by the secretary of the group that has spent 21 years trying to make recognition a reality.

“In such a world, it makes it even more important for a small island like ours to have the ability to promote and protect its identity,” Conseiller Nicolas Moloney states.

Even though Sark controls its own budget, taxation, waters, medical register, vehicle registration, licensing, legislature and fishing rights, it doesn’t exist online. Instead everything is currently routed through nearby island of Guernsey, since Sark is officially part of the Bailiwick of Guernsey and has been since 1204 (it’s historically complicated). Guernsey is a 45-minute boat ride away, with its own .gg notation.

With every online form in the world using the ISO’s 3166 list to populate its dropdown list of territories, if you aren’t on that list, you effectively don’t exist on the internet. For an island strongly dependent on tourism, that is a major problem. “Our future depends on this and we therefore request support for our identity so we can be recognised correctly by the world,” its petition reads.

Banking, shipping addresses of goods bought on the internet and geographical identity for trade, tourism and travel are all largely dependent these days on having a unique online identifier. Without it, Sark faced an existential threat.

A determined no

But despite the full backing the UK government, reams of evidence of its autonomy, the European Court of Human Rights specifically recognizing Sark as a dependent territory, and Sark’s application fulfilling every criteria necessary to get on to the official ISO-3166 list, it has gone back and forth with the committee that decides the list for 21 years. At one point the committee even changed its own rules to prevent Sark from being recognized.

In the end, the man behind the push, Register reader Mike Locke, realized that they were never going to get anywhere by going to the same committee over and over again and went above their heads. A meeting of the ISO’s Technical Management Board, in Oslo, Norway, at the end of February heard Sark’s appeal [PDF], presented by the UK government’s British Standards Institution (BSI). Its decision was only announced late on Thursday last week. It reads [PDF, resolution 15]:

Noting the appeal received by BSI on 12 August 2018 against the ISO 3166/MA decision on the Sark request for an alpha code, and having reviewed the process and criteria for assignment of codes, and
Noting that there are islands that are not member states of the UN but have been assigned a code,
Supports the request from Sark, and
Requests the ISO3166/MA to assign Sark the requested code.

On Sark itself, the committee that has spent innumerable hours since 1999 trying to get approval proudly told the Chief Pleas (the parliament of Sark), that: “After much hard work both on and off island the Special Committee for the Top Level Domain is very pleased to announce that the ISO Technical Board has accepted the application and recommended approval of a Country Code for Sark and inclusion on the ISO 3166 Standard.”

Shortly after, the island went into a lockdown over the novel coronavirus.

Source: After 450 years, the tiny feudal Channel island of Sark will finally earn the right to exist on the internet with a domain • The Register

The rest of the story is a bizarre tale of the ISO committee refusing to change an inane decision again and again and again.

Finally! Two colour e-readers about to hit the market!

Posted on by

Ireader C6 is a full color e-reader and will be released soon

the company has just announced they are working on a new color e-reader that is capable of displaying 4,096 colors and will be released on March 26th.

The iReader C6 will feature a six inch capacitive touchscreen display with 300 PPI and it is employing the new E INk Print-Color e Paper technology. It has a front-lit display system with 24 LED lights, so you will be able to read in the dark.

Underneath the hood is a quad-core high-speed processor, 1GB of RAM and 16GB of internal storage.  It has integrated speakers and weighs 150 grams, is 6.9 millimeters thick, is light and comfortable, and  can be held with one hand.

iReader disclosed that they have completed mass production on this device and it will be available on JD.com on March 26th.

Source: Goodreader.com

iFlytek is working on a color e-reader

Details are light, but the company has developed a color e-reader that will be available soon.

The color e-reader is currently called the iFlytek Ebook and it features a 6 inch display with 300 PPI for black and white mode and 212 PPI for color. You will be able to read in the dark via their front-lit display system with 24 LED lights. It has 4,096 colors, which will make manga, comics and other materials shine, it is employing the E INK Just Print tech.

It has integrated speakers and 4 voices for their TTS engine, so it can read aloud ebooks to you. The other hardware specs like processor, RAM and internal storage is currently unknown. There is also no word on what operating system it is running, but it looks like it will be sold on JD.com and other Chinese e-commerce sites.

Source: Goodreader.com

Two Senators Dumped Stock After Being Briefed About COVID-19; While Telling The World Things Were Going To Be Fine

Posted on by

Senator Richard Burr is a real piece of work. In 2012 he was one of only three Senators to vote against the STOCK Act. This was a law put in place following a 60 Minutes expose about how Congress was getting filthy stinkin’ rich off of insider trading, since Congress was exempt from insider trading laws. The bill did pass — Burr’s vote against notwithstanding — and President Obama signed into law. Unfortunately, the next year, Congress passed (and Obama signed) an amendment that rolled the rules back for staffers, though it still does apply to elected officials themselves.

So, it’s quite interesting to see the news that Senator Burr just sold off a “significant percentage” of his stock holdings, according to a ProPublica article detailing the sale. A big chunk of that stock sale? In the hospitality industry that has been so hard hit. He had a big chunk of stock in Wyndam Hotels and Extended Stay America, but sold those off just before everything went bad. The timing is interesting:

Soon after he offered public assurances that the government was ready to battle the coronavirus, the powerful chairman of the Senate Intelligence Committee, Richard Burr, sold off a significant percentage of his stocks, unloading between $628,000 and $1.72 million of his holdings on Feb. 13 in 33 separate transactions.

As the head of the intelligence committee, Burr, a North Carolina Republican, has access to the government’s most highly classified information about threats to America’s security. His committee was receiving daily coronavirus briefings around this time, according to a Reuters story.

Now, you might say that there might be another reason why he sold stuff off, but it certainly appears that Burr knew full well what was coming. And that’s because in another news bombshell from just a few hours earlier, a recording was leaked of Burr telling a private luncheon gathering that things were going to be bad — all at the same time he was insisting that the US was totally prepared for COVID-19. A month after he sold all that stock, and a few weeks after he told the private luncheon that the coronavirus was “much more aggressive in its transmission than anything that we have seen in recent history” and compared it “to the 1918 pandemic” he publicly was claiming that we had everything under control:

“Luckily, we have a framework in place that has put us in a better position than any other country to respond to a public health threat, like the coronavirus.”

He also said the same thing just days before selling all that stock:

Thankfully, the United States today is better prepared than ever before to face emerging public health threats, like the coronavirus, in large part due to the work of the Senate Health Committee, Congress, and the Trump Administration.

That op-ed also said:

The public health preparedness and response framework that Congress has put in place and that the Trump Administration is actively implementing today is helping to protect Americans. Over the years, this framework has been designed to be flexible and innovative so that we are not only ready to face the coronavirus today but new public health threats in the future.

And then he sold most of his stock earning somewhere between half a million and a million and a half dollars — most of which would have plunged in value if he’d kept it invested. And, the fact that such a large chunk was in the hospitality industry is telling: he would have likely realized were going to be hit hard by any form of lock down and the expected decline in travel due to the pandemic.

Hours after the Burr story broke, The Daily Beast highlighted how another Senator, the new Senator from Georgia, Kelly Loefler, sold off millions of dollars of stock the very day she was briefed about the COVID-19 threat. She literally tweeted that day:

And then she dumped tons of stock:

Loeffler assumed office on Jan. 6 after having been appointed to the seat vacated by retiring Sen. Johnny Isakson. Between then and Jan. 23 she did not report a single stock transaction from accounts owned by her individually or by her and her husband jointly.

Between Jan. 24 and Feb. 14, by contrast, Loeffler reported selling stock jointly owned with her husband worth between $1,275,000 and $3,100,000, according to transaction reports filed with Senate ethics officials.

For what it’s worth, it’s probably worth noting that Loeffler’s husband, Jeffrey Sprecher, is the chairman and CEO of the New York Stock Exchange. The stock sales included a bunch of retailers: Ross Stores, TJX (owners of TJ Maxx, Marshalls and a bunch of similar brands), and Autozone. All of those are struggling — TJX just announced it’s closing all its stores for at least two weeks.

Like Burr, Loeffler toed the Trumpian line that the country was all set to handle this pandemic that (spoiler alert!) it’s still not ready to handle:

Some might argue that while she didn’t have any transactions in the weeks leading up to that coronavirus briefing, and then sold a bunch of stock, she did make two purchases of stock in that period. But those really don’t help her case:

One of Loeffler’s two purchases was stock worth between $100,000 and $250,000 in Citrix, a technology company that offers teleworking software…

Yes, sold a bunch of other stock, but purchased stock in a company that enables telework, just weeks before practically the whole country moved to telework. The other purchase? Oracle. While Oracle stock has declined along with most of the rest of the market, given how much Oracle pushes itself as a “cloud” provider, you could see someone thinking it might get a boost as well.

Given all, a little other spelunking through the newly released financial disclosures for stocks sales in this period from three other Senators as well: Ron Johnson, Dianne Feinstein, and Jim Inhofe. The details of those sales don’t look quite as suspicious as the other two, but still might raise some eyebrows. Inhofe sold a bunch of Paypal, Intuit, and Apple stock. Feinstein sold a bunch of Allogene Therapeutics stock, a biotech firm doing cancer research — so it’s not clear that that’s related to pandemic info. Johnson made a bundle: between $5 million and $25 million in selling all of his share of a plastic extrusion company, Pacur, but that’s a private family company that he ran before becoming a Senator (his brother now runs the firm), and the sale was made to a private equity firm, and shows no evidence of being connected in any way to the pandemic (indeed, the company does plastic extrusion for medical devices, and you can see why that might suddenly be in more demand these days).

In a just world, someone would be looking into the Burr and Loeffler sales as insider trading. I’m not convinced that we’re in that world right now, though. In the meantime, as many of us are isolated at home, we can rest safe, knowing that Senator Burr and Senator Loeffler socked away a bunch of money while the rest of us suffer. The only surprising thing I will note, is that Burr, at least, is now receiving heavy criticism from both Democrats and Republicans, and even Tucker Carlson — usually a trusty voice repeating Trumpian talking points, has called for Burr to resign.

Of course, it’s worth highlighting one more point: profiting off the coming disaster is horrible and disgusting and awful. But it’s much, much worse to have spent weeks or even months knowing what disaster was about to befall the country and lying to the public about it.

Source: Two Senators Sold A Bunch Of Stock After Being Briefed About COVID-19; While Telling The World Things Were Going To Be Fine | Techdirt

NASA to launch 247 petabytes of data into AWS – but forgot about eye-watering cloudy egress costs before lift-off

Posted on by

NASA needs 215 more petabytes of storage by the year 2025, and expects Amazon Web Services to provide the bulk of that capacity. However, the space agency didn’t realize this would cost it plenty in cloud egress charges. As in, it will have to pay as scientists download its data.

That omission alone has left NASA’s cloud strategy pointing at the ground rather than at the heavens.

The data in question will come from NASA’s Earth Science Data and Information System (ESDIS) program, which collects information from the many missions that observe our planet. NASA makes those readings available through the Earth Observing System Data and Information System (EOSDIS).

To store all the data and run EOSDIS, NASA operates a dozen Distributed Active Archive Centers (DAACs) that provide pleasing redundancy. But NASA is tired of managing all that infrastructure, so in 2019, it picked AWS to host it all, and started migrating its records to the Amazon cloud as part of a project dubbed Earthdata Cloud. The first cut-over from on-premises storage to the cloud was planned for Q1 2020, with more to follow. The agency expects to transfer data off-premises for years to come.

NASA also knows that a torrent of petabytes is on the way. Some 15 imminent missions, such as the NASA-ISRO Synthetic Aperture Radar (NISAR) and the Surface Water and Ocean Topography (SWOT) satellites, are predicted to deliver more than 100 terabytes a day of data. We mention SWOT and NISAR because they’ll be the first missions to dump data directly into Earthdata Cloud.

The agency therefore projects that by 2025 it will have 247 petabytes to handle, rather more than the 32 it currently wrangles.

NASA thinks this is all a great idea: in its documentation for the migration, it said:

Researchers and commercial users of NASA Earth Science data will have increased opportunity to access and process large quantities of data quickly, allowing new types of research and analysis. Data that was previously geographically dispersed will now be accessible via the cloud, saving time and resources.

And it will – if NASA can afford to operate it.

And that’s a live question because a March audit report [PDF] from NASA’s Inspector General noticed EOSDIS hadn’t properly modeled what data egress charges would do to its cloudy plan.

“Specifically, the agency faces the possibility of substantial cost increases for data egress from the cloud,” the Inspector General’s Office wrote, explaining that today NASA doesn’t incur extra costs when users access data from its DAACs. “However, when end users download data from Earthdata Cloud, the agency, not the user, will be charged every time data is egressed.

“That means EDSIS wearing cloud egress costs. Ultimately, ESDIS will be responsible for both cloud costs, including egress charges, and the costs to operate the 12 DAACS.”

And to make matters worse, NASA “has not yet determined which data sets will transition to Earthdata Cloud nor has it developed cost models based on operational experience and metrics for usage and egress.

Scientific data may become less available to end users if NASA imposes limitations on the amount of data egress for cost control reasons

“As a result, current cost projections may be lower than what will actually be necessary to cover future expenses and cloud adoption may become more expensive and difficult to manage.”

There’s more. The watchdog concluded: “Collectively, this presents potential risks that scientific data may become less available to end users if NASA imposes limitations on the amount of data egress for cost control reasons.”

And to put a cherry on top, the report found the project’s organizers didn’t consult widely enough, didn’t follow NIST data integrity standards, and didn’t look for savings properly during internal reviews, in part because half of the review team worked on the project itself.

The result is three recommendations from the auditors:

  1. Once NISAR and SWOT are operational and providing sufficient data, complete an independent analysis to determine the long-term financial sustainability of supporting the cloud migration and operation while also maintaining the current DAAC footprint.
  2. Incorporate in appropriate agency guidance language specifying coordination with ESDIS and OCIO early in a mission’s life cycle during data management plan development.
  3. Ensure all applicable information types are considered during DAAC categorization, that appropriate premises are used when determining impact levels, and that the appropriate categorization procedures are standardized.

At least NASA seems to have bagged a good deal from AWS: The Register used Amazon’s cloudy cost calculator to tot up the cost of storing 247PB in the cloud giant’s S3 service. The promised pay-as-you-go price for us on the street was a staggering $5,439,526.92 per month, not taking into account the free tier discount of 12 cents. The audit, meanwhile, suggests an increased cloud spend of around $30m a year by 2025, on top of NASA’s $65m-per-year deal with AWS.

You don’t need to be a rocket scientist to learn about and understand data egress costs. Which left The Register wondering how an agency capable of sending stuff into orbit or making marvelously long-lived Mars rovers could also make such a dumb mistake.

It turns out NASA makes plenty: your humble vulture found this story after looking into Tuesday’s audit of the agency’s development work on its mobile launchers – the colossal vehicles designed to assemble, transport, and launch SLS and Orion rockets and capsules.

That audit found the project “has greatly exceeded its cost and schedule targets in developing ML-1. As of January 2020, modification of ML-1 to accommodate the SLS has cost $693 million — $308 million more than the agency’s March 2014 budget estimate — and is running more than 3 years behind schedule.” ®

Source: NASA to launch 247 petabytes of data into AWS – but forgot about eye-watering cloudy egress costs before lift-off

no Intel Management Engine: Purism lifts lid on the Librem Mini, a privacy-focused micro PC

Posted on by

Purism has dropped the veil on the latest computer in its privacy-focused lineup – a small form-factor PC designed for space-conscious free software enthusiasts.

Available to pre-order now, the Librem Mini packs an eighth-generation, quad-core Whiskey Lake i7-8565U processor, modified with Purism’s Pureboot technology. At its heart, this aims to minimise any potential third-party interference with the operation of the computer – particularly during the boot phase, where it is potentially vulnerable.

It accomplishes this by thoroughly excising the Intel Management Engine, which Purism regards as an untrustworthy black-box baked into the heart of the processor, along with other software-level approaches. These include the use of the free software Coreboot BIOS, as well as the Purism-developed Heads, which aims to identify potential tampering within the BIOS, Kernel, and GRUB config.

In terms of expansibility, the machine packs a SATA and M.2 slot, and comes with two SODIMM slots, which can be filled with up to 64GB of RAM. There’s no dedicated graphics to speak of, but it does include Intel’s UHD 640 integrated graphics. Aside from a smattering of USB-A and USB-C slots, the Librem Mini also includes both Display and HDMI slots.

There’s also a standard RJ45 Ethernet slot – although you can add WiFi and Bluetooth via an optional Atheros ATH9k jack.

The Librem Mini has a small footprint, measuring just 5 inches across and weighing just 1kg – which is lighter than many laptops.

This machine is the latest in a growing lineup of machines that cater to the privacy-centric punter, including the Librem 13 and 15 laptops. Purism is also in the process of developing a smartphone platform to run on its own Linux-based PureOS operating system, and a baseband fully separate from the CPU. The firm has raised $2 million via crowdfunding for this effort and is expected to ship the first units later this year.

Pre-orders for the Librem Mini are open now. Retailing at $699, the base model packs 8GB of RAM and 256GB of NVMe storage. Units will ship one month after the firm has reached its (relatively modest) $50,000 pre-order goal.

Purism touts the Librem Mini as a potential mini-desktop or media server, although El Reg feels the use-case isn’t really as relevant as the potential customer. Greater awareness of privacy – and the way it’s gradually being eroded – has created an appetite for such devices, as demonstrated by Purism’s previous crowdfunding accomplishments. And if you want to excise a greater control over how you use your computer, this machine will undoubtedly appeal to you. ®

Source: Look ma, no Intel Management Engine: Purism lifts lid on the Librem Mini, a privacy-focused micro PC • The Register