FreedomFi Gateway is the easiest path towards your open source Private LTE or 5G network. Be it for Fixed Wireless Access, Enterprise Cellular or Mobile Broadband, just plug in any commodity small cell into a FreedomFi Gateway and start managing your private cellular network via a SaaS-hosted portal. Project sponsorship options start at $300.
Private Celluar Easy as 1-2-3
Buy your LTE small cell from any commodity vendor
2. Connect your LTE radio(s) to FreedomFi Gateway
3. Start managing your network via a SaaS portal. All software included and we’ll even provide sim cards and spectrum
Software underpinning everything we build at FreedomFi is open source, based on project Magma. Our work is supported by Telecom Infra Project, Open Air Interface Alliance and OpenStack Foundation. Help us ensure that the future of 5G is open by joining and contributing.
As if things were not going badly enough for the UK’s COVID-19 test and trace service, it now seems police will be able to access some test data, prompting fear that the disclosure could deter people who should have tests from coming forward.
As revealed in the Health Service Journal (paywalled), Department for Health and Social Care (DHSC) guidance describing how testing data will be handled was updated on Friday.
The memorandum of understanding between DHSC and National Police Chiefs’ Council said forces could be allowed to access test information that tells them if a “specific individual” has been told to self-isolate.
A failure to self-isolate after getting a positive COVID-19 test or being in contact with someone who has tested positive, could result in a police fine of £1,000, or even a £10,000 penalty for those serial offenders or those seriously breaking the rules.
A Department of Health and Social Care spokesperson said: “It is a legal requirement for people who have tested positive for COVID-19 and their close contacts to self-isolate when formally notified to do so.
“The DHSC has agreed a memorandum of understanding with the National Police Chiefs Council to enable police forces to have access on a case-by-case basis to information that enables them to know if a specific individual has been notified to self-isolate.
[…]
The UK government’s emphasis should be on providing support to people – financial and otherwise – if they need to self-isolate, so that no one is deterred from coming forward for a test, the BMA spokesperson added.
The service has had a bumpy ride to say the least. Earlier this month, it came to light that as many as 48,000 people were not informed they had come in close contact with people who had tested positive, as the service under-reported 15,841 novel coronavirus cases between 25 September and 2 October.
The use of Microsoft’s Excel spreadsheet program in transferring test results from labs to the health service to total up was at the heart of the problem. A plausible explanation emerged that test results were automatically fetched in CSV format by PHE from various commercial testing labs, and stored in rows in an older .XLS Excel format that limited the number of rows to 65,536 per spreadsheet, rather than the one-million row limit offered by the modern .XLSX file format.
But that was not the only miss-step. It has emerged that people in line for a coronavirus test were sent to a site in Sevenoaks, Kent, where, in fact, no test centre existed, according to reports.
In a world first, researchers from the University of Ottawa in collaboration with Israeli scientists have been able to create optical framed knots in the laboratory that could potentially be applied in modern technologies. Their work opens the door to new methods of distributing secret cryptographic keys—used to encrypt and decrypt data, ensure secure communication and protect private information. The group recently published their findings in Nature Communications.
“This is fundamentally important, in particular from a topology-focused perspective, since framed knots provide a platform for topological quantum computations,” explained senior author, Professor Ebrahim Karimi, Canada Research Chair in Structured Light at the University of Ottawa.
“In addition, we used these non-trivial optical structures as information carriers and developed a security protocol for classical communication where information is encoded within these framed knots.”
The concept
The researchers suggest a simple do-it-yourself lesson to help us better understand framed knots, those three-dimensional objects that can also be described as a surface.
“Take a narrow strip of a paper and try to make a knot,” said first author Hugo Larocque, uOttawa alumnus and current Ph.D. student at MIT.
“The resulting object is referred to as a framed knot and has very interesting and important mathematical features.”
The group tried to achieve the same result but within an optical beam, which presents a higher level of difficulty. After a few tries (and knots that looked more like knotted strings), the group came up with what they were looking for: a knotted ribbon structure that is quintessential to framed knots.
Encryption scheme of a framed braid within a framed knot. The knot along with a pair of numbers can be used to recover the encrypted braid by means of a procedure relying on prime factorization. Credit: University of Ottawa
“In order to add this ribbon, our group relied on beam-shaping techniques manipulating the vectorial nature of light,” explained Hugo Larocque. “By modifying the oscillation direction of the light field along an “unframed” optical knot, we were able to assign a frame to the latter by “gluing” together the lines traced out by these oscillating fields.”
According to the researchers, structured light beams are being widely exploited for encoding and distributing information.
“So far, these applications have been limited to physical quantities which can be recognized by observing the beam at a given position,” said uOttawa Postdoctoral Fellow and co-author of this study, Dr. Alessio D’Errico.
“Our work shows that the number of twists in the ribbon orientation in conjunction with prime number factorization can be used to extract a so-called “braid representation” of the knot.”
“The structural features of these objects can be used to specify quantum information processing programs,” added Hugo Larocque. “In a situation where this program would want to be kept secret while disseminating it between various parties, one would need a means of encrypting this “braid” and later deciphering it. Our work addresses this issue by proposing to use our optical framed knot as an encryption object for these programs which can later be recovered by the braid extraction method that we also introduced.”
“For the first time, these complicated 3-D structures have been exploited to develop new methods for the distribution of secret cryptographic keys. Moreover, there is a wide and strong interest in exploiting topological concepts in quantum computation, communication and dissipation-free electronics. Knots are described by specific topological properties too, which were not considered so far for cryptographic protocols.”
Rendition of the reconstructed structure of a framed trefoil knot generated within an optical beam. Credit: University
[…]
The paper “Optical framed knots as information carriers” was recently published in Nature Communications.
More information: Hugo Larocque et al, Optical framed knots as information carriers, Nature Communications (2020). DOI: 10.1038/s41467-020-18792-z
Back in January, Google Health, the branch of Google focused on health-related research, clinical tools, and partnerships for health care services, released an AI model trained on over 90,000 mammogram X-rays that the company said achieved better results than human radiologists. Google claimed that the algorithm could recognize more false negatives — the kind of images that look normal but contain breast cancer — than previous work, but some clinicians, data scientists, and engineers take issue with that statement. In a rebuttal published today in the journal Nature, over 19 coauthors affiliated with McGill University, the City University of New York (CUNY), Harvard University, and Stanford University said that the lack of detailed methods and code in Google’s research “undermines its scientific value.”
Science in general has a reproducibility problem — a 2016 poll of 1,500 scientists reported that 70% of them had tried but failed to reproduce at least one other scientist’s experiment — but it’s particularly acute in the AI field. At ICML 2019, 30% of authors failed to submit their code with their papers by the start of the conference. Studies often provide benchmark results in lieu of source code, which becomes problematic when the thoroughness of the benchmarks comes into question. One recent report found that 60% to 70% of answers given by natural language processing models were embedded somewhere in the benchmark training sets, indicating that the models were often simply memorizing answers. Another study — a meta-analysis of over 3,000 AI papers — found that metrics used to benchmark AI and machine learning models tended to be inconsistent, irregularly tracked, and not particularly informative.
In their rebuttal, the coauthors of the Nature commentary point out that Google’s breast cancer model research lacks details, including a description of model development as well as the data processing and training pipelines used. Google omitted the definition of several hyperparameters for the model’s architecture (the variables used by the model to make diagnostic predictions), and it also didn’t disclose the variables used to augment the dataset on which the model was trained. This could “significantly” affect performance, the Nature coauthors claim; for instance, it’s possible that one of the data augmentations Google used resulted in multiple instances of the same patient, biasing the final results.
Updated Twitter is right now suffering a baffling outage in that the website is still up, you can still log in, the apps will run.
But there are, seemingly, no tweets nor notifications. At all. All gone. All that anger and snark, and information and misinformation, wiped off the face of the planet, just like that.
Visiting your timeline or profile shows simply the message, “Something went wrong.” It’s otherwise empty. And earlier, people’s notifications pages went blank, suggesting really, truly no one on Earth cares about your twitterings. “Nothing to see here,” it states.
Reassuringly, you’re not alone in your blank internet universe: Downdetector reports a surge of complaints that Twitter isn’t working properly, with the outage kicking off around 1430 PT (2130 UTC).
As your vulture types this, it appears some people can see their tweets, but cannot tweet. And some of us can’t see anything. The Twitter status page reports the team is “investigating irregularity” with the platform’s APIs.
What one of our vultures saw as they tried to tweet or see other people’s tweets
This IT breakdown comes within hours of American financial regulators demanding Twitter be subject to harsher rules following the July hacks of prominent users’ accounts – and soon after CEO Jack Dorsey furiously backpedaled after his website censored a problematic article from a US newspaper.
A Supreme Court Justice this week also mused that the likes of Twitter have gained sweeping immunity from the legal consequences of their users’ content and actions, and that imbalance ought to be righted. ®
Updated to add at 2220 UTC
People’s tweets are showing up again in timelines and profiles, though no one can send any new tweets nor view those that were able to be sent, if any, during the past hour or so. Notifications are also still AWOL.
Updated to add at 2300 UTC
And Twitter now appears to be back to normal, or rather, Twitter’s idea of normal.
Hackers are currently selling a trove of 3 million credit card numbers and customer records apparently stolen from Dickey’s Barbecue Pit, one of the biggest barbecue chains in the United States.
The company made a statement today about the hack, suggesting that charges made to the stolen cards will be reversed.
[…]
Security firm Gemini Advisory found the data on a hacker site called The Joker’s Stash under the name “BLAZINGSUN.” The data appears to have come from magstripe data on customer cards.
“This represents a broader challenge for the industry, and Dickey’s may become the latest cautionary tale of facing lawsuits in addition to financial damage from cybersecurity attacks,” wrote Gemini researchers.
Dickey’s experienced a ransomware attack in 2015 and recently claimed to have locked down their servers. This recent attack, however, suggests that hackers have breached a central payments service and could have even more data available for sale.
The hackers are selling the card numbers on Joker’s Stash for $17 each. Because each Dickey’s location is able to run its own point-of-sale system, it seems that this breach affected a central payments processor, allowing hackers to gain access to data from 156 of the company’s 469 locations. The hackers claim the data is “high valid,” meaning 90 to 100 percent of the cards are active and usable.
British Airways has been fined £20m ($26m) by the Information Commissioner’s Office (ICO) for a data breach which affected more than 400,000 customers.
The breach took place in 2018 and affected both personal and credit card data.
The fine is considerably smaller than the £183m that the ICO originally said it intended to issue back in 2019.
It said “the economic impact of Covid-19” had been taken into account.
However, it is still the largest penalty issued by the ICO to date.
The incident took place when BA’s systems were compromised by its attackers, and then modified to harvest customers’ details as they were input.
It was two months before BA was made aware of it by a security researcher, and then notified the ICO.
The data stolen included log in, payment card and travel booking details as well name and address information.
A subsequent investigation concluded that sufficient security measures, such as multi-factor authentication, were not in place at the time.
The ICO noted that some of these measures were available on the Microsoft operating system that BA was using at the time.
“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security,” said Information Commissioner Elizabeth Denman.
British Airways said it had alerted customers as soon as it had found out about the attack on its systems.
“We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation,” said a spokesman.
Data protection officer Carl Gottlieb said that in the current climate, £20m was a “massive” fine.
“It shows the ICO means business and is not letting struggling companies off the hook for their data protection failures,” he said.
The company breached data protection law and failed to protect themselves from preventable cyber attack. It then failed to detect the hack until the damage was done to hundreds of thousands of customers.
The lag between incident and fine has raised eyebrows in privacy circles but I understand the Information Commissioner’s Office has been working methodically to get it right. This is the commissioner’s first major fine under the EU data regulation GDPR and was being watched closely by the rest of Europe as a potential landmark decision.
The final figure of £20m has come as a shock to many who were expecting it to be closer to the eye-watering £183m initially proposed but it is still a significant moment for data privacy and GDPR. Other companies will look at the fine as a shape of things to come if they also fail to protect customers.
On Friday, a federal judge decided that he’s had enough of reading the tea leaves when it comes to exactly what the fuck Trump is talking about.
The president’s tweets have become more central to his tenure in office than ever before as he’s been recovering from covid-19 infection and lashing out in every direction to save his floundering campaign. On Oct. 6, between retweeting supporters and spreading conspiracies about the FDA, Trump tweeted: “I have fully authorized the total Declassification of any & all documents pertaining to the single greatest political CRIME in American History, the Russia Hoax. Likewise, the Hillary Clinton Email Scandal. No redactions!” And in case you didn’t get the message, he tweeted it again later that day.
This was news to anyone who has been trying to get their hands on a copy of the full unredacted Mueller Report—including reporters at CNN and BuzzFeed who are involved in ongoing litigation around the report. And like clockwork, BuzzFeed filed two emergency motions requesting all documents related to the Russia investigation
Earlier this week, Justice Department lawyers told a federal court that no such declassification order exists and the department would continue to make redactions and declassify documents at its discretion. “The White House Counsel’s Office informed the Department that there is no order requiring wholesale declassification or disclosure of documents at issue in this matter,” the DOJ said in a court filing.
U.S. District Court Judge Reggie Walton is done taking the word of people in this administration. On a brief hearing by telephone this morning, Walton told the DOJ that he wants Trump to say whether or not the tweets were serious or just more bullshit he hopes people believe and forget about.
[…]
Writing about BuzzFeed’s promising morning in court, Jason Leopold pointed out that this could be a “watershed moment” for individuals who’ve had to fight battles in court over Trump tweets. The administration has argued in the past that his tweets shouldn’t be taken seriously and are official statements by the president, depending on what argument suits them in a given case. We’ve even seen a court fight over whether Trump has the right to selectively block Americans from viewing his tweets.
Judge Walton is done with this nonsense and now puts Trump in a difficult position. Does Trump admit that he was lying, or does he just say screw it and unleash more chaos with a flood of unredacted documents that might not paint him in the greatest of lights? This is a man who has said he has “no regrets” about his administration’s response to the covid-19 pandemic that has left the U.S. with the highest recorded case-load and death toll in the world. He doesn’t admit when he’s wrong. On the other hand, declassifying the documents could, at minimum, amount to a political situation that finds Trump essentially doing to himself what FBI Director James Comey did to Hillary Clinton a week before the 2016 election.
Owners of the brand-new Oculus Quest 2—the first VR headset which requires a Facebook account to use—are finding themselves screwed out of their new purchases by Facebook’s account verification system.
As first reported by UploadVR this week, some Oculus 2 owners are finding that Facebook’s reportedly AI-powered account verification system is demanding some users upload a photo before they can proceed with logging in. Others who have previously suspended their Facebook accounts are getting insta-banned upon reactivation and reported they were subsequently unable to create a new account, or said they were locked out upon trying to merge their old Oculus usernames with their Facebook accounts. Facebook’s failure prompt gave no way for users to appeal directly, essentially turning the $300 units into expensive bricks.
On the Oculus subreddit, one user reported that they had uploaded a photo ID to Facebook and received a response stating that “we have already reviewed this decision and it can’t be reversed.”
On Thursday, Amazon Web Services launched CloudWatch Synthetics Recorder, a Chrome browser extension for recording browser interactions that it copied from the Headless Recorder project created by developer Tim Nolet.
It broke no law in doing so – the software is published under the permissive Apache License v2 – and developers expect such open-source projects will be copied forked. But Amazon’s move didn’t win any fans for failing to publicly acknowledge the code’s creator.
There is a mention buried in the NOTICE.txt file bundled with the CloudWatch extension that credits Headless Recorder, under its previous name “puppeteer-recorder,” as required by the license. But there’s an expectation among open source developers that biz as big as AWS should show more courtesy.
“The core of the problem here (for me at least) is not the letter of the license, it’s the spirit,” said Nolet in a message to The Register.
“It’s the fact that no one inside of AWS cared enough to stop and think ‘is this a dick move? Is this something I would want to have happen to me?’ Hence the current PR damage control campaign. They know it’s wrong. Not illegal, but wrong. Someone just had to tell them that.”
Nolet runs a software monitoring service called Checkly and developed the Headless Recorder browser extension as a tool for his company and customers. He said he hadn’t given the license for Headless Recorder a lot of thought because it’s just a browser extension full of client-side code – meaning it’s visible to anyone familiar with browser development tools.
“Amazon should have opened a PR [pull request] and proposed ‘let’s add this feature to your code. Or they could have simply kept their fork open source,” he said.
“In the least, they could have mentioned that their work was based on my work. I do this in the README.md of the project itself where I acknowledge the creators of an old project by segment.io that I used as inspiration.”
This is not the first time AWS has taken the work of open source developers and turned it into an AWS product. Last year, it launched Open Distro for Elasticsearch, to the dismay of Elasticsearch, a company formed to make a business out of the Elasticsearch open source project. And earlier that year it released DocumentDB, based on an outdated version of the open source MongoDB code.
Many popular open source licenses allow this, but because AWS brings billions in infrastructure assets into the competition, smaller companies trying to commercialize open source projects find the challenge difficult to deal with.
Part of the problem is that open source zealots make a point of refusing any kind of money for FOSS licensed projects, which is fine for the zealots as they are paid by a university or foundation. Developers themselves, meanwhile have to contend with other people monetising their work and having to accept it. Projects are hijacked and closed and the original impetus and community around that are killed by large companies.
This is something I have been talking about since 2017 in my talk Open Source XOR Money
Barnes and Noble tonight confirmed it was hacked, and that its customers’ personal information may have been accessed by the intruders. The cyber-break-in forced the bookseller to take its systems offline this week to clean up the mess. See our update at the end of this piece. Our original report follows.
Bookseller Barnes and Noble’s computer network fell over this week, and its IT staff are having to restore servers from backups.
The effects of the collapse were first felt on Sunday, with owners of B&N’s Nook tablets discovering they were unable to download their purchased e-books to their gadgets nor buy new ones. That is to say, if they had bought an e-book and hadn’t downloaded it to their device before B&N’s cloud imploded, they would be unable to open and read the digital tome. The bookseller’s Android and Windows 10 apps were similarly affected.
It soon became clear the problem was quite serious when some cash registers in Barnes and Noble’s physical stores also briefly stopped working.
[…]
Shortly after this article was published, Barnes & Noble confirmed in an email to customers that it was hacked. The biz said it found out over the weekend, on October 10, that miscreants had broken into its computer systems, adding that customers’ personal information stored on file may have been accessed or taken by the intruders. This info includes names, addresses, telephone numbers, and purchase histories.
A team of physicists led by Professor Patrick Windpassinger at Johannes Gutenberg University Mainz (JGU) has successfully transported light stored in a quantum memory over a distance of 1.2 millimeters. They have demonstrated that the controlled transport process and its dynamics has only little impact on the properties of the stored light. The researchers used ultra-cold rubidium-87 atoms as a storage medium for the light as to achieve a high level of storage efficiency and a long lifetime.
“We stored the light by putting it in a suitcase so to speak, only that in our case the suitcase was made of a cloud of cold atoms. We moved this suitcase over a short distance and then took the light out again. This is very interesting not only for physics in general, but also for quantum communication, because light is not very easy to ‘capture’, and if you want to transport it elsewhere in a controlled manner, it usually ends up being lost,” said Professor Patrick Windpassinger, explaining the complicated process.
The world’s plague-time video meeting tool of choice, Zoom, says it’s figured out how to do end-to-end encryption sufficiently well to offer users a tech preview.
News of the trial comes after April 2020 awkwardness that followed the revelation that Zoom was fibbing about its service using end-to-end encryption.
As we reported at the time, Zoom ‘fessed up but brushed aside criticism with a semantic argument about what “end-to-end” means.
“When we use the phrase ‘End-to-end’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” the company said. The commonly accepted definition of end-to-end encryption requires even the host of a service to be unable to access the content of a communication. As we explained at the time, Zoom’s use of TLS and HTTPS meant it could intercept and decrypt video chats.
To use it, customers must enable E2EE meetings at the account level and opt-in to E2EE on a per-meeting basis
Now Zoom reckons it has cracked the problem.
A Wednesday post revealed: “starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days.”
Sharp-eyed Reg readers have doubtless noticed that Zoom has referred to “E2EE”, not just the “E2E” contraction of “end-to-end”.
What’s up with that? The company has offered the following explanation:
“Zoom’s E2EE uses the same powerful GCM encryption you get now in a Zoom meeting. The only difference is where those encryption keys live.In typical meetings, Zoom’s cloud generates encryption keys and distributes them to meeting participants using Zoom apps as they join. With Zoom’s E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants. Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents.”
Don’t go thinking the preview means Zoom has squared away security, because the company says: “To use it, customers must enable E2EE meetings at the account level and opt-in to E2EE on a per-meeting basis.”
With users having to be constantly reminded to use non-rubbish passwords, not to click on phish or leak business data on personal devices, they’ll almost certainly choose E2EE every time without ever having to be prompted, right?
Edge Chromium started out as a respectable alternative to Google Chrome on Windows, but it didn’t take long for Microsoft to turn it into a nuisance. To top it off, it looks like Edge is now a vector for installing (even more) Microsoft stuff on your PC—without you asking for it, of course.
We don’t like bloatware, or those pre-installed apps that come on your computer or smartphone. Some of these apps are worthwhile, but most just take up space and can’t be fully removed in some cases. Some companies are worse about bloatware than others, but Microsoft is notorious for slipping extra software into Windows. And now, Windows Insiders testing the most recent Edge Chromium preview caught the browser installing Microsoft Office web apps without permission.
The reports have only come from Windows Insiders so far, but it’s unlikely these backdoor installations are an early-release bug. And this isn’t just a Microsoft problem. For example, Chrome can install Google Docs and other G Suite apps without any notification, too.
German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.
The Duesseldorf University Clinic’s systems have been disrupted since last Thursday. The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in “widely used commercial add-on software,” which it didn’t identify.
As a consequence, systems gradually crashed and the hospital wasn’t able to access data; emergency patients were taken elsewhere and operations postponed.
The hospital said that that “there was no concrete ransom demand.” It added that there are no indications that data is irretrievably lost and that its IT systems are being gradually restarted.
A report from North Rhine-Westphalia state’s justice minister said that 30 servers at the hospital were encrypted last week and an extortion note left on one of the servers, news agency dpa reported. The note — which called on the addressees to get in touch, but didn’t name any sum — was addressed to the Heinrich Heine University, to which the Duesseldorf hospital is affiliated, and not to the hospital itself.
Duesseldorf police then established contact and told the perpetrators that the hospital, and not the university, had been affected, endangering patients. The perpetrators then withdrew the extortion attempt and provided a digital key to decrypt the data. The perpetrators are no longer reachable, according to the justice minister’s report.
Prosecutors launched an investigation against the unknown perpetrators on suspicion of negligent manslaughter because a patient in a life-threatening condition who was supposed to be taken to the hospital last Friday night was sent instead to a hospital in Wuppertal, a roughly 32-kilometer (20-mile) drive. Doctors weren’t able to start treating her for an hour and she died.
EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. Despite the standard’s advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV’s lengthy and complex specification, running over 2,000 pages. We formalize a comprehensive symbolic model of EMV in Tamarin, a state-of-the-art protocol verifier. Our model is the first that supports a fine-grained analysis of all relevant security guarantees that EMV is intended to offer. We use our model to automatically identify flaws that lead to two critical attacks: one that defrauds the cardholder and another that defrauds the merchant. First, criminals can use a victim’s Visa contactless card for high-value purchases, without knowledge of the card’s PIN. We built a proof-of-concept Android application and successfully demonstrated this attack on real-world payment terminals. Second, criminals can trick the terminal into accepting an unauthentic offline transaction, which the issuing bank should later decline, after the criminal has walked away with the goods. This attack is possible for implementations following the standard, although we did not test it on actual terminals for ethical reasons. Finally, we propose and verify improvements to the standard that prevent these attacks, as well as any other attacks that violate the considered security properties. The proposed improvements can be easily implemented in the terminals and do not affect the cards in circulation.
A team of researchers has demonstrated for the first time a single-molecule electret – a device that could be one of the keys to molecular computers.
Smaller electronics are crucial to developing more advanced computers and other devices. This has led to a push in the field toward finding a way to replace silicon chips with molecules, an effort that includes creating single-molecule electret – a switching device that could serve as a platform for extremely small non-volatile storage devices. Because it seemed that such a device would be so unstable, however, many in the field wondered whether one could ever exist.
Along with colleagues at Nanjing University, Renmin University, Xiamen University, and Rensselaer Polytechnic Institute, Mark Reed, the Harold Hodgkinson Professor of Electrical Engineering & Applied Physics demonstrated a single-molecule electret with a functional memory. The results were published Oct. 12 in Nature Nanotechnology.
Most electrets are made of piezoelectric materials, such as those that produce the sound in speakers. In an electret, all the dipoles – pairs of opposite electric charges – spontaneously line up in the same direction. By applying an electric field, their directions can be reversed.
“The question has always been about how small you could make these electrets, which are essentially memory storage devices,” Reed said.
The researchers inserted an atom of Gadolinium (Gd) inside a carbon buckyball, a 32-sided molecule, also known as a buckminsterfullerene. When the researchers put this construct (Gd@C82) in a transistor-type structure, they observed single electron transport and used this to understand its energy states. However, the real breakthrough was that they discovered that they could use an electric field to switch its energy state from one stable state to another.
“What’s happening is that this molecule is acting as if it has two stable polarization states,” Reed said. He added that the team ran a variety of experiments, measuring the transport characteristics while applying an electric field, and switching the states back and forth. “We showed that we could make a memory of it – read, write, read, write,” he said.
Reed emphasized that the present device structure isn’t currently practical for any application, but proves that the underlying science behind it is possible.
“The important thing in this is that it shows you can create in a molecule two states that cause the spontaneous polarization and two switchable states,” he said. “And this can give people ideas that maybe you can shrink memory down literally to the single molecular level. Now that we understand that we can do that, we can move on to do more interesting things with it.”
Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications.
The statement is the alliance’s latest effort to get tech companies to agree to encryption backdoors.
The Five Eyes alliance, comprised of the US, the UK, Canada, Australia, and New Zealand, have made similar calls to tech giants in 2018 and 2019, respectively.
Just like before, government officials claim tech companies have put themselves in a corner by incorporating end-to-end encryption (E2EE) into their products.
If properly implemented, E2EE lets users have secure conversations — may them be chat, audio, or video — without sharing the encryption key with the tech companies.
Representatives from the seven governments argue that the way E2EE encryption is currently supported on today’s major tech platforms prohibits law enforcement from investigating crime rings, but also the tech platforms themselves from enforcing their own terms of service.
Signatories argue that “particular implementations of encryption technology” are currently posing challenges to law enforcement investigations, as the tech platforms themselves can’t access some communications and provide needed data to investigators.
This, in turn, allows a safe haven for criminal activity and puts the safety of “highly vulnerable members of our societies like sexually exploited children” in danger, officials argued.
There is no way for a backdoored system to be secure. This means that not only do you give access to the government police services, secret services, stazi and thought police who can persecute you for being jewish or thinking the “wrong way” (eg being homosexual or communist), you also give criminal networks, scam artists, discontented exes and foreign government free reign to run around your private content
You have a right to privacy and you need it. It’s fundamental to being able to think creatively and the only way in which societies advance. If thought is policed by some random standard then deviations which lead to change will be surpressed. Stasis leads to economic collapse among other things, even if those at the top will be collecting more and more wealth for themselves.
We as a society cannot “win” or become “better” by emulating the societies that we are competing against, that represent values and behaviours that we disagree with. Becoming a police state doesn’t protect us from other police states.
The Xplora 4 smartwatch, made by Chinese outfit Qihoo 360 Technology Co, and marketed to children under the Xplora brand in the US and Europe, can covertly take photos and record audio when activated by an encrypted SMS message, says Norwegian security firm Mnemonic.
This backdoor is not a bug, the finders insist, but a deliberate, hidden feature. Around 350,000 watches have been sold so far, Xplora says. Exploiting this security hole is essentially non-trivial, we note, though it does reveal the kind of remotely accessible stuff left in the firmware of today’s gizmos.
“The backdoor itself is not a vulnerability,” said infosec pros Harrison Sand and Erlend Leiknes in a report on Monday. “It is a feature set developed with intent, with function names that include remote snapshot, send location, and wiretap. The backdoor is activated by sending SMS commands to the watch.”
The researchers suggest these smartwatches could be used to capture photos covertly from its built-in camera, to track the wearer’s location, and to conduct wiretapping via the built-in mic. They have not claimed any such surveillance has actually been done. The watches are marketed as a child’s first phone, we’re told, and thus contain a SIM card for connectivity (with an associated phone number). Parents can track the whereabouts of their offspring by using an app that finds the wearer of the watch.
It is a feature set developed with intent, with function names that include remote snapshot, send location, and wiretap. The backdoor is activated by sending SMS commands to the watch
Xplora contends the security issue is just unused code from a prototype and has now been patched. But the company’s smartwatches were among those cited by Mnemonic and Norwegian Consumer Council in 2017 for assorted security and privacy concerns.
Sand and Leiknes note in their report that while the Norwegian company Xplora Mobile AS distributes the Xplora watch line in Europe and, as of September, in the US, the hardware was made by Qihoo 360 and 19 of its 90 Android-based applications come from the Chinese company.
They also point out that in June, the US Department of Commerce placed the Chinese and UK business groups of Qihoo 360 on its Entities List, a designation that limits Qihoo 360’s ability to do business with US companies. US authorities claim, without offering any supporting evidence, that the company represents a potential threat to US national security.
In 2012, a report by a China-based civilian hacker group called Intelligent Defense Friends Laboratory accused Qihoo 360 of having a backdoor in its 360 secure browser [[PDF]].
In March, Qihoo 360 claimed that the US Central Intelligence Agency has been conducting hacking attacks on China for over a decade. Qihoo 360 did not immediately respond to a request for comment.
According to Mnemonic, the Xplora 4 contains a package called “Persistent Connection Service” that runs during the Android boot process and iterates through the installed apps to construct a list of “intents,” commands for invoking functionality in other apps.
With the appropriate Android intent, an incoming encrypted SMS message received by the Qihoo SMS app could be directed through the command dispatcher in the Persistent Connection Service to trigger an application command, like a remote memory snapshot.
Exploiting this backdoor requires knowing the phone number of the target device and its factory-set encryption key. This data is available to those to Qihoo and Xplora, according to the researchers, and can be pulled off the device physically using specialist tools. This basically means ordinary folks aren’t going to be hacked, either by the manufacturer under orders from Beijing or opportunistic miscreants attacking gizmos in the wild, though it is an issue for persons of interest. It also highlights the kind of code left lingering in mass-market devices.
Italian defense contractor Leonardo says that it has conducted a successful demonstration in cooperation with the U.K. Royal Air Force of an autonomous swarm of unmanned aircraft, each carrying a variant of its BriteCloud expendable active decoy as an electronic warfare payload. Using the BriteClouds, which contain electronic warfare jammers, the drones were able to launch a mock non-kinetic attack on radars acting as surrogates for a notional enemy integrated air defense network.
Leonardo announced it had carried out the swarm demonstration, which it conducted together with the Royal Air Force’s Rapid Capabilities Office (RCO), as well as private unmanned technology firms Callen-Lenz and Blue Bear, on Oct. 7, 2020. The latter two firms, as well as Boeing, are working on prototype semi-autonomous “loyal wingman” type drones for the RAF, which that service also refers to as “remote carriers,” as part of Project Mosquito, which is itself a component of the larger Lightweight Affordable Novel Combat Aircraft (LANCA) program.
“During the demonstration, a number of Callen Lenz drones were equipped with a modified Leonardo BriteCloud decoy, allowing each drone to individually deliver a highly-sophisticated jamming effect,” according to Leonardo’s press release. “They were tested against ground-based radar systems representing the enemy air defence emplacement. A powerful demonstration was given, with the swarm of BriteCloud-equipped drones overwhelming the threat radar systems with electronic noise.”
For reasons that are unclear, Leonardo has since removed its press release from its website, though an archived copy of the page remains available through Google. The company also deleted an official Tweet with an infographic, a copy of which is seen below, regarding BriteCloud and this demonstration.
Leonardo
Leonardo did not offer any details about the unmanned aircraft used in the demonstration. Artist’s conceptions of a drone swarm strike that the company released along with the announcement, seen at the top of this story and in the infographic above, showed a tailless fixed-wing design with a single, rear-mounted pusher propeller and fixed undercarriage. However, there is no indication one way or another if this in any way reflects the Callen-Lenz design employed in the recent test.
The standard BriteCloud is what is known as a Digital Radio Frequency Memory (DRFM) jammer that first detects incoming radar pulses from hostile platforms, including aircraft, ships, and ground-based air defense systems, as well as active radar guidance systems on incoming missiles. It then mimics those signals in return, creating the appearance of a false target. As Leonardo said in its own press release, this effect can “confuse and overwhelm” radars and lure missiles away from friendly aircraft.
Unlike a plane dropping expendable BriteClouds, in the recent demonstration, Leonardo noted that “the decoy packages were programmed and navigated to work collaboratively to cause maximum confusion.” Placing the jammers inside drones offers the ability to help space them out for optimal coverage across a wide area. The entire swarm provides immense additional flexibility by being able to rapidly shift its focus from one area to another to respond to new developments in the battlespace. Above all else, they allow BriteCloud to employ its bag of tricks over longer periods of time and even execute multiple electronic attacks instead of just one.
At the same time, the off-the-shelf electronic warfare expendables are just that, expendable. If you lose one and its drone platform, it isn’t a big deal as they are meant to be expendable in the first place. As such, they are the very definition of attritable. This term refers to designs that could be recovered and reused, but that are also cheap enough for commanders to be willing to commit them to higher-risk missions where there is a significant chance of them getting knocked down.
The RAF is not the only one to be looking at drone swarms, or otherwise networking munitions and other expendable stores together to reduce duplication of effort and otherwise improve the efficacy of strikes and other missions. The U.S. Air Force is in the midst of its own networked munition program, called Golden Horde, and the Army recently revealed plans to develop swarms of air-launched drones carrying electronic warfare systems and other payloads, efforts that you can read about in more detail in these past War Zone pieces.
It took Soraya Bagheri a day to learn that 450 shares of Moderna Inc. had been liquidated in her Robinhood account and that $10,000 in withdrawals were pending. But after alerting the online brokerage to what she believed was a theft in progress, she received a frustrating email.
The firm wrote it would investigate and respond within “a few weeks.” Now her money is gone
Bagheri is among five Robinhood customers who recounted similar experiences to Bloomberg News, saying they’ve been left in limbo in recent weeks after someone sold their investments and withdrew funds. Because the wildly popular app has no emergency phone number, some said they tried in vain to intervene, only to watch helplessly as their money vanished.
“A limited number of customers appear to have had their Robinhood account targeted by cyber criminals because of their personal email account (that which is associated with their Robinhood account) being compromised outside of Robinhood,” a spokesman for the company said in an email. “We’re actively working with those impacted to secure their accounts.”
[…]
Bagheri, a Washington attorney, and three other Robinhood users said they also contacted authorities including the Securities and Exchange Commission and the Financial Industry Regulatory Authority. Two of those customers said they have heard back from an official at the SEC seeking more information.
Finra and the SEC declined to comment.
[…]
Now, even though the firm said this year that it has more than doubled its customer-service team, clients complain they’re struggling to get quick help when their funds are disappearing.
“They don’t have a customer service line, which I’m quite shocked about,” Bagheri said.
[…]
Rao showed Bloomberg the same emailed response from Robinhood that Bagheri received. “We understand the sensitivity of your situation and will be escalating the matter to our fraud investigations team,” Robinhood customer service agents wrote them. “Please be aware that this process may take a few weeks, and the team working on your case won’t be able to provide constant updates.”
Rao said he had previously set up two-factor authentication to access his account, and Bagheri said she’s certain her Robinhood password is unique from all others, including her email. Neither believed they had been duped by phishing scams or malware. Both said they use the same email for Robinhood and other accounts, and that only Robinhood has been affected.
[…]
They also said Robinhood’s online portal showed their money went to a recipient at Revolut, another popular financial-technology startup. London-based Revolut, which offers a money transfer and exchange app, expanded to the U.S. this year.
“Revolut has been made aware of the issue and is investigating urgently,” a company spokesman said Friday in an email.
Bill Hurley, who owns a metal-fabrication shop in Windsor, Connecticut, said he received notifications that stock and Bitcoin had been sold from his account on Sept. 21, and that $5,000 was transferred to Revolut accounts in two transactions. He said he emailed Robinhood for assistance while the transactions were pending but received none.
“They’ve had more than enough time to deal with this,” he said.
A team of astronomers from the University of Hawaiʻi at Mānoa’s Institute for Astronomy (IfA) has produced the most comprehensive astronomical imaging catalog of stars, galaxies, and quasars ever created with help from an artificially intelligent neural network.
The group of astronomers from the University of Hawaiʻi at Mānoa’s Institute for Astronomy (IfA) released a catalog containing 3 billion celestial objects in 2016, including stars, galaxies, and quasars (the active cores of supermassive black holes).
[…]
he results of their work have been published to the Monthly Notices of the Royal Astronomical Society.
Their PS1 telescope, located on the summit of Haleakalā on Hawaii’s Big Island, is capable of scanning 75% of the sky, and it currently hosts the world’s largest deep multicolor optical survey, according to a press release put out by the University of Hawaiʻi. By contrast, the Sloan Digital Sky Survey (SDSS) covers just 25% of the sky.
[…]
“Utilizing a state-of-the-art optimization algorithm, we leveraged the spectroscopic training set of almost 4 million light sources to teach the neural network to predict source types and galaxy distances, while at the same time correcting for light extinction by dust in the Milky Way,” Beck said.
These training sessions worked well; the ensuing neural network did a bang up job when tasked with sorting the objects, achieving success rates of 98.1% for galaxies, 97.8% for stars, and 96.6% for quasars. The system also determined the distances to galaxies, which were at most only off by about 3%. The resulting work is “the world’s largest three-dimensional astronomical imaging catalog of stars, galaxies and quasars,” according to the University of Hawai’i.
“This beautiful map of the universe provides one example of how the power of the Pan-STARRS big data set can be multiplied with artificial intelligence techniques and complementary observations,” explained team member and study co-author Kenneth Chambers.
[…]
The new catalog, which was made possible by a grant from the National Science Foundation, is publicly available through the Mikulski Archive for Space Telescopes. The database is 300 gigabytes in size, and it’s accessible through multiple formats, including downloadable computer-readable tables.
This survey has already yielded some interesting science, including an explanation for a rather spooky region of space known as the Cold Spot. Using the PS1 telescope, and also NASA’s Wide Field Survey Explorer satellite, the Pan-STARRS scientists spotted a massive supervoid—a “vast region 1.8 billion light-years across, in which the density of galaxies is much lower than usual in the known universe,” as the University of Hawai’i described it five years ago. It’s this supervoid that is causing the Cold Spot, as it’s seen in the cosmic microwave background, according to the researchers.
French company Nawa technologies says it’s already in production on a new electrode design that can radically boost the performance of existing and future battery chemistries, delivering up to 3x the energy density, 10x the power, vastly faster charging and battery lifespans up to five times as long.
Nawa is already known for its work in the ultracapacitor market, and the company has announced that the same high-tech electrodes it uses on those ultracapacitors can be adapted for current-gen lithium-ion batteries, among others, to realize some tremendous, game-changing benefits.
It all comes down to how the active material is held in the electrode, and the route the ions in that material have to take to deliver their charge. Today’s typical activated carbon electrode is made with a mix of powders, additives and binders. Where carbon nanotubes are used, they’re typically stuck on in a jumbled, “tangled spaghetti” fashion. This gives the charge-carrying ions a random, chaotic and frequently blocked path to traverse on their way to the current collector under load.
The benefits are all about how far an ion has to carry its charge; on the left, a depiction of a typical, chaotic electrode structure through which an ion has to travel long and circuitous distances. On the right, the rigid structure of a vertically aligned carbon nanotube structure, which links every tiny blob of active material and the ions within straight to the current collector
Nawa Technologies
Nawa’s vertically aligned carbon nanotubes, on the other hand, create an anode or cathode structure more like a hairbrush, with a hundred billion straight, highly conductive nanotubes poking up out of every square centimeter. Each of these tiny, securely rooted poles is then coated with active material, be it lithium-ion or something else.
The result is a drastic reduction in the mean free path of the ions – the distance the charge needs to travel to get in or out of the battery – since every blob of lithium is more or less directly attached to a nanotube, which acts as a straight-line highway and part of the current collector. “The distance the ion needs to move is just a few nanometers through the lithium material,” Nawa Founder and CTO Pascal Boulanger tells us, “instead of micrometers with a plain electrode.”
This radically boosts the power density – the battery’s ability to deliver fast charge and discharge rates – by a factor of up to 10x, meaning that smaller batteries can put out 10 times more power, and the charging times for these batteries can be brought down just as drastically. Nawa says a five-minute charge should be able to take you from 0-80 percent given the right charging infrastructure.
[…]
“Research has shown vertically aligned – or even just well distributed – carbon nanotubes have far greater properties than randomly placed carbon nanotubes,” said Dr. Shearer. “I am not surprised a x10 in conductivity is possible. Controlling the placement of carbon nanotubes is really the way to unlock their potential. The issue in commercialization is the cost associated with producing aligned carbon nanotubes. My guess is the cost would be much more than x10.”
We put the question of cost to Nawa. “The million dollar question!” said Boulanger. “Here’s a million dollar answer: the process we’re using is the same process that’s used for coating glasses with anti-reflective coatings, and for photovoltaics. It’s already very cheap.”
“In high volume, like those processes, yes,” added Nawa CEO Ulrik Grape. “We are firmly convinced that this will be cost-competitive with existing electrodes.”
[…]
In some cases, Nawa says, it eliminates issues that have been holding back certain other battery chemistries. Silicon-based batteries, for example, could offer around twice the energy density of lithium-ion, but the active material grows to four times its size as it’s charged and shrinks back again as it discharges, causing mechanical issues that lead to cracks. As a result, you might be lucky to get 50 charges out of a silicon battery before it dies.
[…]
Moving to these electrodes, Grape and Boulanger say, will require battery companies to make some fairly considerable changes to the early stages of their manufacturing processes prior to cell assembly. But such dramatic performance multipliers without a price penalty or any changes to battery chemistry will surely make these things tough to compete against.
Nawa’s first large-scale customer is French battery manufacturer Saft, which is partnering with PSA and Renault as part of the European Battery Alliance to develop EV batteries for the brands under those umbrellas. The company is also speaking to a number of car companies directly, as well as other battery manufacturers supplying the EV space.
Apple’s T2 security chip is insecure and cannot be fixed, a group of security researchers report.
Over the past three years, a handful of hackers have delved into the inner workings of the custom silicon, fitted inside recent Macs, and found that they can use an exploit developed for iPhone jailbreaking, checkm8, in conjunction with a memory controller vulnerability known as blackbird, to compromise the T2 on macOS computers.
The primary researchers involved – @h0m3us3r, @mcmrarm, @aunali1 and Rick Mark (@su_rickmark) – expanded on the work @axi0mX did to create checkm8 and adapted it to target the T2, in conjunction with a group that built checkm8 into their checkra1n jailbreaking software. Mark on Wednesday published a timeline of relevant milestones.
The T2, which contains a so-called secure enclave processor (SEP) intended to safeguard Touch ID data, encrypted storage, and secure boot capabilities, was announced in 2017. Based on the Arm-compatible A10 processor used in the iPhone 7, the T2 first appeared in devices released in 2018, including MacBook Pro, MacBook Air, and Mac mini. It has also shown up in the iMac Pro and was added to the Mac Pro in 2019, and the iMac in 2020.
The checkm8 exploit, which targets a use-after-free() vulnerability, allows an attacker to run unsigned code during recovery mode, or Device Firmware Update (DFU) mode. It has been modified to enable a tethered debug interface that can be used to subvert the T2 chip.
So with physical access to your T2-equipped macOS computer, and an appropriate USB-C cable and checkra1n 0.11, you – or a miscreant in your position – can obtain root access and kernel execution privileges on a T2-defended Mac. This allows you to alter macOS, loading arbitrary kernel extensions, and expose sensitive data.
According to Belgian security biz ironPeak, it also means that firmware passwords and remote device locking capabilities, instituted via MDM or the FindMy app, can be undone.
Compromising the T2 doesn’t dissolve macOS FileVault2 disk encryption but it would allow someone to install a keylogger to obtain the encryption key or to attempt to crack the key using a brute-force attack.
[…]
Unfortunately, it appears the T2 cannot be fixed. “Apple uses SecureROM in the early stages of boot,” explained Rick Mark in a blog post on Monday. “ROM cannot be altered after fabrication and is done so to prevent modifications. This usually prevents an attacker from placing malware at the beginning of the boot chain, but in this case also prevents Apple from fixing the SecureROM.”
Tesla co-founder J.B. Straubel wants to build his startup Redwood Materials into the world’s top battery recycling company and one of the largest battery materials companies, he said at a technology conference Wednesday.
Straubel aims to leverage two partnerships, one with Panasonic Corp 6752.T, the Japanese battery manufacturer that is teamed with Tesla TSLA.O at the Nevada gigafactory, and one announced weeks ago with e-commerce giant Amazon AMZN.O.
With production of electric vehicles and batteries about to explode, Straubel says his ultimate goal is to “make a material impact on sustainability, at an industrial scale.”
Established in early 2017, Redwood this year will recycle more than 1 gigawatt-hours’ worth of battery scrap materials from the gigafactory — enough to power more than 10,000 Tesla cars.
That is a fraction of the half-million vehicles Tesla expects to build this year. At the company’s Battery Day in late September, Chief Executive Elon Musk said he was looking at recycling batteries to supplement the supply of raw materials from mining as Tesla escalates vehicle production.
Redwood’s partnership with Panasonic started late last year with a pilot operation to recover materials at Redwood’s recycling facilities in nearby Carson City, according to Celina Mikolajczak, vice president of battery technology at Panasonic Energy of North America.
Mikolajczak, who spent six years at Tesla as a battery technology leader, said: “People underestimate what recycling can do for the electric vehicles industry. This could have a huge impact on raw material prices and output in the future.”
Straubel’s broader plan is to dramatically reduce mining of raw materials such as nickel, copper and cobalt over several decades by building out a circular or “closed loop” supply chain that recycles and recirculates materials retrieved from end-of-life vehicle and grid storage batteries and from cells scrapped during manufacturing.
In September, Redwood said it received funding from Amazon’s Climate Pledge Fund, following an investment by Breakthrough Energy Ventures, backed by Amazon CEO Jeff Bezos and Microsoft founder Bill Gates.
Along with colleagues at Nanjing University, Renmin University, Xiamen University, and Rensselaer Polytechnic Institute, Mark Reed, the Harold Hodgkinson Professor of Electrical Engineering & Applied Physics demonstrated a single-molecule electret with a functional memory. The results were published Oct. 12 in Nature Nanotechnology.
