Daily Archives: October 29, 2020

Daycares in Finland Built a ‘Forest Floor’, And It Changed Children’s Immune Systems

Posted on by

Playing through the greenery and litter of a mini forest’s undergrowth for just one month may be enough to change a child’s immune system, according to a small new experiment.

When daycare workers in Finland rolled out a lawn, planted forest undergrowth such as dwarf heather and blueberries, and allowed children to care for crops in planter boxes, the diversity of microbes in the guts and on the skin of young kids appeared healthier in a very short space of time.

Compared to other city kids who play in standard urban daycares with yards of pavement, tile and gravel, 3-, 4-, and 5-year-olds at these greened-up daycare centres in Finland showed increased T-cells and other important immune markers in their blood within 28 days.

“We also found that the intestinal microbiota of children who received greenery was similar to the intestinal microbiota of children visiting the forest every day,” says environmental scientist Marja Roslund from the University of Helsinki.

paivakodin pihatOne daycare before (left) and after introducing grass and planters (right). (University of Helsinki)

Prior research has shown early exposure to green space is somehow linked to a well-functioning immune system, but it’s still not clear whether that relationship is causal or not.

The experiment in Finland is the first to explicitly manipulate a child’s urban environment and then test for changes in their micriobiome and, in turn, a child’s immune system.

[…]

The results aren’t conclusive and they will need to be verified among larger studies around the world. Still, the benefits of green spaces appear to go beyond our immune systems.

Research shows getting outside is also good for a child’s eyesight, and being in nature as a kid is linked to better mental health. Some recent studies have even shown green spaces are linked to structural changes in the brains of children.

What’s driving these incredible results is not yet clear. It could be linked to changes to the immune system, or something about breathing healthy air, soaking in the sun, exercising more or having greater peace of mind.

Given the complexities of the real world, it’s really hard to control for all the environmental factors that impact our health in studies.

While rural children tend to have fewer cases of asthma and allergies, the available literature on the link between green spaces and these immune disorders is inconsistent.

The current research has a small sample size, only found a correlation, and can’t account for what children were doing outside daycare hours, but the positive changes seen are enough for scientists in Finland to offer some advice.

[…]

Bonding with nature as a kid is also good for the future of our planet’s ecosystems. Studies show kids who spend time outdoors are more likely to want to become environmentalists as adults, and in a rapidly changing world, that’s more important than ever.

Just make sure everyone’s up to date on their tetanus vaccinations, Sinkkonen advises.

The study was published in the Science Advances.

Source: Daycares in Finland Built a ‘Forest Floor’, And It Changed Children’s Immune Systems

Brave browser first to nix CNAME deception, the sneaky DNS trick used by marketers to duck privacy controls

Posted on by

The Brave web browser will soon block CNAME cloaking, a technique used by online marketers to defy privacy controls designed to prevent the use of third-party cookies.

The browser security model makes a distinction between first-party domains – those being visited – and third-party domains – from the suppliers of things like image assets or tracking code, to the visited site. Many of the online privacy abuses over the years have come from third-party resources like scripts and cookies, which is why third-party cookies are now blocked by default in Brave, Firefox, Safari, and Tor Browser.

Microsoft Edge, meanwhile, has a tiered scheme that defaults to a “Balanced” setting, which blocks some third-party cookies. Google Chrome has implemented its SameSite cookie scheme as a prelude to its planned 2022 phase-out of third-party cookies, maybe.

While Google tries to win support for its various Privacy Sandbox proposals, which aim to provide marketers with ostensibly privacy-preserving alternatives to increasingly shunned third-party cookies, marketers have been relying on CNAME shenanigans to pass their third-party trackers off as first-party resources.

The developers behind open-source content blocking extension uBlock Origin implemented a defense against CNAME-based tracking in November and now Brave has done so as well.

CNAME by name, cookie by nature

In a blog post on Tuesday, Anton Lazarev, research engineer at Brave Software, and senior privacy researcher Peter Snyder, explain that online tracking scripts may use canonical name DNS records, known as CNAMEs, to make associated third-party tracking domains look like they’re part of the first-party websites actually being visited.

They point to the site https://mathon.fr as an example, noting that without CNAME uncloaking, Brave blocks six requests for tracking scripts served by ad companies like Google, Facebook, Criteo, Sirdan, and Trustpilot.

But the page also makes four requests via a script hosted at a randomized path under the first-party subdomain 16ao.mathon.fr.

“Inspection outside of the browser reveals that 16ao.mathon.fr actually has a canonical name of et5.eulerian.net, meaning it’s a third-party script served by Eulerian,” observe Lazarev and Snyder.

When Brave 1.17 ships next month (currently available as a developer build), it will be able to uncloak the CNAME deception and block the Eulerian script.

Other browser vendors are planning related defenses. Mozilla has been working on a fix in Firefox since last November. And in August, Apple’s Safari WebKit team proposed a way to prevent CNAME cloaking from being used to bypass the seven-day cookie lifetime imposed by WebKit’s Intelligent Tracking Protection system

Source: Brave browser first to nix CNAME deception, the sneaky DNS trick used by marketers to duck privacy controls • The Register

Physical Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Posted on by

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems.

The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of customers globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Acting on a tip from Milwaukee, Wis.-based cyber intelligence firm Hold Security, KrebsOnSecurity in March told Gunnebo about a financial transaction between a malicious hacker and a cybercriminal group which specializes in deploying ransomware. That transaction included credentials to a Remote Desktop Protocol (RDP) account apparently set up by a Gunnebo Group employee who wished to access the company’s internal network remotely.

[…]

Larsson quotes Gunnebo CEO Stefan Syrén saying the company never considered paying the ransom the attackers demanded in exchange for not publishing its internal documents. What’s more, Syrén seemed to downplay the severity of the exposure.

“I understand that you can see drawings as sensitive, but we do not consider them as sensitive automatically,” the CEO reportedly said. “When it comes to cameras in a public environment, for example, half the point is that they should be visible, therefore a drawing with camera placements in itself is not very sensitive.”

It remains unclear whether the stolen RDP credentials were a factor in this incident. But the password to the Gunnebo RDP account — “password01” — suggests the security of its IT systems may have been lacking in other areas as well.

[…]

Source: Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo — Krebs on Security

In a first, researchers extract secret key used to encrypt Intel CPU code

Posted on by

Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they’re secured.

The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it’s patching. The key may also allow parties other than Intel—say a malicious hacker or a hobbyist—to update chips with their own microcode, although that customized version wouldn’t survive a reboot.

“At the moment, it is quite difficult to assess the security impact,” independent researcher Maxim Goryachy said in a direct message. “But in any case, this is the first time in the history of Intel processors when you can execute your microcode inside and analyze the updates.” Goryachy and two other researchers—Dmitry Sklyarov and Mark Ermolov, both with security firm Positive Technologies—worked jointly on the project.

The key can be extracted for any chip—be it a Celeron, Pentium, or Atom—that’s based on Intel’s Goldmont architecture.

[…]

attackers can’t use Chip Red Pill and the decryption key it exposes to remotely hack vulnerable CPUs, at least not without chaining it to other vulnerabilities that are currently unknown. Similarly, attackers can’t use these techniques to infect the supply chain of Goldmont-based devices.

[…]

In theory, it might also be possible to use Chip Red Pill in an evil maid attack, in which someone with fleeting access to a device hacks it. But in either of these cases, the hack would be tethered, meaning it would last only as long as the device was turned on. Once restarted, the chip would return to its normal state. In some cases, the ability to execute arbitrary microcode inside the CPU may also be useful for attacks on cryptography keys, such as those used in trusted platform modules.

“For now, there’s only one but very important consequence: independent analysis of a microcode patch that was impossible until now,” Positive Technologies researcher Mark Ermolov said. “Now, researchers can see how Intel fixes one or another bug/vulnerability. And this is great. The encryption of microcode patches is a kind of security through obscurity.”

Source: In a first, researchers extract secret key used to encrypt Intel CPU code | Ars Technica

Another eBay exec pleads guilty after couple stalked, harassed for daring to criticize the internet tat bazaar – pig corpese involved

Posted on by

Philip Cooke, 55, oversaw eBay’s security operations in Europe and Asia and was a former police captain in Santa Clara, California. He pleaded guilty this week to conspiracy to commit cyberstalking and conspiracy to tamper with witnesses.

Cooke, based in San Jose, was just one of seven employees, including one manager, accused of targeting a married couple living on the other side of the United States, in Massachusetts, because they didn’t like their criticisms of eBay in the newsletter.

It’s said the team would post aggressive anonymous comments on the couple’s newsletter website, and at some point planned a concerted campaign against the pair including cyberstalking and harassment. Among other things, prosecutors noted, “several of the defendants ordered anonymous and disturbing deliveries to the victims’ home, including a preserved fetal pig, a bloody pig Halloween mask and a book on surviving the loss of a spouse.”

[…]

But it was when the couple noticed they were under surveillance in their own home they finally went to the cops in Natick, where they lived, and officers opened an investigation.

It was Cooke’s behavior at that point that led to the subsequent charge of conspiracy to tamper with a witness: he formulated a plan to give the Natick police a false lead in an effort to prevent them from discovering proof that his team had sent the pig’s head and other items. The eBay employees also deleted digital evidence that showed their involvement, prosecutors said, obstructing an investigation and breaking another law.

[…]

Source: Another eBay exec pleads guilty after couple stalked, harassed for daring to criticize the internet tat bazaar • The Register

NASA Discovers a Rare Metal Asteroid Worth $10,000 Quadrillion

Posted on by

NASA’s Hubble Space Telescope has discovered a rare, heavy and immensely valuable asteroid called “16 Psyche” in the Solar System’s main asteroid belt between Mars and Jupiter.

Asteroid Psyche is located at roughly 230 million miles (370 million kilometers) from Earth and measures 140 miles (226 kilometers) across, about the size of West Virginia. What makes it special is that, unlike most asteroids that are either rocky or icy, Psyche is made almost entirely of metals, just like the core of Earth, according to a study published in the Planetary Science Journal on Monday.

[…]

Given the asteroid’s size, its metal content could be worth $10,000 quadrillion ($10,000,000,000,000,000,000), or about 10,000 times the global economy as of 2019.

[…]

Psyche is the target of the NASA Discovery Mission Psyche, expected to launch in 2022 atop a SpaceX Falcon Heavy rocket. Further facts about the asteroid, including its exact metal content, will hopefully be uncovered when an orbiting probe arrives in early 2026.

[…]

The asteroid is believed to be the dead core left by a planet that failed during its formation early in the Solar System’s life or the result of many violent collisions in its distant past.

“Short of it being the Death Star… one other possibility is that it’s material that formed very near the Sun early in the Solar System,” Elkins-Tanton told Forbes in an interview in May, 2017 interview. “I figure we’re either going to go see something that’s really improbable and unique, or something that is completely astonishing.”

Source: NASA Discovers a Rare Metal Asteroid Worth $10,000 Quadrillion | Observer

I’d invest in the NASA mission, but it’s being launched on a SpaceX vehicle, which means that Musk will either send it the wrong direction (like his car) or more likely, it will blow up.

NSA: foreign spies used one of our crypto backdoors – we learnt some lessons but we lost them

Posted on by

It’s said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software.

However, curiously enough, the NSA has been unable to find a copy of that report.

On Wednesday, Reuters reporter Joseph Menn published an account of US Senator Ron Wyden’s efforts to determine whether the NSA is still in the business of placing backdoors in US technology products.

Wyden (D-OR) opposes such efforts because, as the Juniper incident demonstrates, they can backfire, thereby harming national security, and because they diminish the appeal of American-made tech products.

But Wyden’s inquiries, as a member of the Senate Intelligence Committee, have been stymied by lack of cooperation from the spy agency and the private sector. In June, Wyden and various colleagues sent a letter to Juniper CEO Rami Rahim asking about “several likely backdoors in its NetScreen line of firewalls.”

Juniper acknowledged in 2015 that “unauthorized code” had been found in ScreenOS, which powers its NetScreen firewalls. It’s been suggested that the code was in place since around 2008.

The Reuters report, citing a previously undisclosed statement to Congress from Juniper, claims that the networking biz acknowledged that “an unnamed national government had converted the mechanism first created by the NSA.”

Wyden staffers in 2018 were told by the NSA that a “lessons learned” report about the incident had been written. But Wyden spokesperson Keith Chu told Reuters that the NSA now claims it can’t find the file. Wyden’s office did not immediately respond to a request for comment.

The reason this malicious code was able to decrypt ScreenOS VPN connections has been attributed to Juniper’s “decision to use the NSA-designed Dual EC Pseudorandom Number Generator.”

[…]

After Snowden’s disclosures about the extent of US surveillance operations in 2013, the NSA is said to have revised its policies for compromising commercial products. Wyden and other lawmakers have tried to learn more about these policies but they’ve been stonewalled, according to Reuters.

[…]

Source: NSA: We’ve learned our lesson after foreign spies used one of our crypto backdoors – but we can’t say how exactly • The Register

And this is why you don’t put out insecure security products, which is exactly what products with a backdoor are. Here’s looking at you, UK and Australia and all the other countries trying to force insecure products on us.