Daily Archives: April 27, 2021

NASA Generates Oxygen on Mars, Setting Stage for Crewed Missions

Posted on by

[…]

On April 20, the MOXIE device on Perseverance produced roughly 5 grams of oxygen. That’s a tiny step for NASA and its rover, but a potentially huge leap for humanity and our aspirations on Mars. This small amount of oxygen—extracted from the carbon dioxide-rich Martian atmosphere—is only enough to sustain an astronaut for about five minutes, but it’s the principle of the experiment that matters. This technology demonstration shows that it’s possible to produce oxygen on Mars, a necessary requirement for sustainably working on and departing the Red Planet.

[…]

“Someday we hope to send people to Mars, but they will have to take an awful lot of stuff with them,” Michael Hecht, the principal investigator of the MOXIE project, explained in an email. “The single biggest thing will be a huge tank of oxygen, about 25 tonnes of it.”

Yikes—that converts to approximately 55,100 pounds, or 25,000 kg.

Some of this oxygen will be for the astronauts to breathe, but the “bulk of it” will be used for the rocket “to take the crew off the planet and start them on their journey home again,” Hecht said.

Hence the importance of the MOXIE experiment. Should we be capable of making that oxygen on Mars, it would “save a lot of money, time, and complexity,” said Hecht, but it’s a “challenging new technology that we can only really test properly if we actually do it on Mars,” and that’s “what MOXIE is for, even though it’s a very small scale model.”

[…]

MOXIE works by separating oxygen from carbon dioxide, leaving carbon monoxide as the waste product.

“MOXIE uses electrical energy to take carbon dioxide molecules, CO2, and separate them into two other types of molecule, carbon monoxide (CO) and oxygen (O2),” Hecht explained. “It uses a technology called electrolysis that is very similar to a fuel cell, except that a fuel cell goes the other way—it starts with fuel and oxygen and combines them to get electrical energy out.”

[…]

When asked what surprised him most about the first test, Hecht said it was the identical performance compared to tests done on Earth.

[…]

 

Source: NASA Generates Oxygen on Mars, Setting Stage for Crewed Missions

China behind another hack as U.S. cybersecurity issues mount

Posted on by

China is behind a newly discovered series of hacks against key targets in the U.S. government, private companies and the country’s critical infrastructure, cybersecurity firm Mandiant said Wednesday.

The hack works by breaking into Pulse Secure, a program that businesses often use to let workers remotely connect to their offices. The company announced Tuesday how users can check to see if they were affected but said the software update to prevent the risk to users won’t go out until May.

The campaign is the third distinct and severe cyberespionage operation against the U.S. made public in recent months, stressing an already strained cybersecurity workforce. The U.S. government accused Russia in January of hacking nine government agencies via SolarWinds, a Texas software company widely used by American businesses and government agencies. In March, Microsoft blamed China for starting a free-for-all where scores of different hackers broke into organizations around the world through the Microsoft Exchange email program.

In all three campaigns, the hackers first used those programs to hack into victims’ computer networks, then created backdoors to spy on them for months, if not longer.

The U.S. Cybersecurity and Infrastructure Security Agency, or CISA, said in a warning Tuesday evening the latest hacking campaign is currently “affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations.”

[…]

Source: China behind another hack as U.S. cybersecurity issues mount

If you have a QNAP NAS, stop what you’re doing right now and install latest updates before Qlocker gets you

Posted on by

Two file-scrambling nasties, Qlocker and eCh0raix, are said to be tearing through vulnerable QNAP storage equipment, encrypting data and demanding ransoms to restore the information.

In response, QNAP said on Thursday users should do the following to avoid falling victim:

  • Install the latest software updates for the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps on their QNAP NAS gear to close off vulnerabilities that can be exploited by ransomware to infect devices.
  • Install the latest Malware Remover tool from QNAP, and run a malware scan. The manufacturer said it has “released an updated version of Malware Remover for operating systems such as QTS and QuTS hero to address the ransomware attack.”
  • Change the network port of the web-based user interface away from the default of 8080, presumably to mitigate future attacks. We’ll assume for now that vulnerable devices are being found and attacked by miscreants scanning the internet for public-facing QNAP products – we’ve asked the manufacturer to comment on this.
  • Make sure they use strong, unique passwords that can’t easily be brute-forced or guessed.
  • If possible, follow the 3-2-1 rule on backups: have at least three good recent copies of your documents stored on at least two types of media, at least one of which is off-site. That means if your files are scrambled, you have a good chance of restoring them from a backup untouched by the malware, thus avoiding having to cough up the demand, if you make sure the software nasty can’t alter said backups.

Source: If you have a QNAP NAS, stop what you’re doing right now and install latest updates. Do it before Qlocker gets you • The Register

Samsung Electronics Expands its Galaxy Upcycling Program to Enable Consumers to Repurpose Galaxy Smartphones into Smart Home Devices

Posted on by

With Galaxy Upcycling at Home, users can easily turn their old Galaxy devices² into smart home devices like a childcare monitor, a pet care solution and other tools that meet individual lifestyle needs.

Make Any Home a Smart Home

The Galaxy Upcycling at Home program provides enhanced sound and light-control features, by repurposing built-in sensors. Users can transform their old devices through SmartThings Labs, a feature within the SmartThings app.

[…]

For a device to continuously detect sound and light, it needs to be actively operating for long periods of time. For this reason, Samsung equipped the Galaxy Upcycling at Home upgrade with battery optimization solutions to minimize battery usage. Devices will also be able to connect effortlessly to SmartThings, allowing them to interact with countless other IoT devices in the SmartThings ecosystem.

[…]

Source: Samsung Electronics Expands its Galaxy Upcycling Program to Enable Consumers to Repurpose Galaxy Smartphones into Smart Home Devices – Samsung US Newsroom

So it can do sound and light detection stuff for you or be used as a controller for your other IoT equipment

Man sues Apple for terminating Apple ID with $24K worth of content and no reason

Posted on by

Apple has been hit with a lawsuit alleging that its media services terms and conditions, which permit the company to terminate an Apple ID, are “unlawful” and “unconscionable.”

The complaint, filed on Tuesday in the U.S. District Court for the Northern District of California, goes after an Apple services clause that states a user with a terminated Apple ID cannot access media content that they’ve purchased.

Through its terms and conditions, Apple retains the right to terminate an Apple ID. More than that, the lawsuit claims that Apple can terminate an account based on mere suspicion.

“Apple’s unlawful and unconscionable clause as a prohibited de facto liquidated damages provision which is triggered when Apple suspects its customers have breached its Terms and Conditions,” the lawsuit reads.

[…]

The plaintiff in the case, Matthew Price, reportedly spent nearly $25,000 on content attached to an Apple ID. When Apple terminated Price’s Apple ID for an alleged violation of its terms and conditions, Price lost access to all of that content.

Source: Man sues Apple for terminating Apple ID with $24K worth of content | AppleInsider

Deere John: Researcher Warns Ag Giant’s Site Provides a Map to Customers, Equipment

Posted on by

Web sites for customers of agricultural equipment maker John Deere contained vulnerabilities that could have allowed a remote attacker to harvest sensitive information on the company’s customers including their names, physical addresses and information on the Deere equipment they own and operate.

The researcher known as “Sick Codes” (@sickcodes) published two advisories on Thursday warning about the flaws in the myjohndeere.com web site and the John Deere Operations Center web site and mobile applications. In a conversation with Security Ledger, the researcher said that a he was able to use VINs (vehicle identification numbers) taken from a farm equipment auction site to identify the name and physical address of the owner. Furthermore, a flaw in the myjohndeere.com website could allow an unauthenticated user to carry out automated attacks against the site, possibly revealing all the user accounts for that site.

Sick Codes disclosed both flaws to John Deere and also to the U.S. Government’s Cybersecurity and Infrastructure Security Agency (CISA), which monitors food and agriculture as a critical infrastructure sector. As of publication, the flaws discovered in the Operations Center have been addressed while the status of the myjohndeere.com flaws is not known.

[…]

the national security consequences of the company’s leaky website could be far greater. Details on what model combines and other equipment is in use on what farm could be of very high value to an attacker, including nation-states interested in disrupting U.S. agricultural production at key junctures, such as during planting or harvest time.

The consolidated nature of U.S. farming means that an attacker with knowledge of specific, Internet connected machinery in use by a small number of large-scale farming operations in the midwestern United States could launch targeted attacks on that equipment that could disrupt the entire U.S. food supply chain.

Despite creating millions of lines of software to run its sophisticated agricultural machinery, Deere has not registered so much as a single vulnerability with the Government’s CVE database, which tracks software flaws.

[…]

“Unlike many industries, there is extreme seasonality in the way John Deere’s implements are used,” Jahn told Security Ledger. “We can easily imagine timed interference with planting or harvest that could be devastating. And it wouldn’t have to persist for very long at the right time of year or during a natural disaster – a compound event.”

[…]

Source: Deere John: Researcher Warns Ag Giant’s Site Provides a Map to Customers, Equipment | The Security Ledger

CEO of Turkish Crypto Platform Thodex Flees Country as Users Say They’re Locked Out

Posted on by

Federal police in Turkey are investigating Thodex, a cryptocurrency trading platform that handles hundred of millions of dollars in trades every day, after users complained they’d been locked out of their accounts, according to new reports from Reuters and Turkey’s TRT World news service. CEO Faruk Fatih Ozer reportedly fled Turkey on Tuesday and 62 people connected to Thodex have reportedly been detained.

Investigators raided Thodex’s headquarters in Istanbul on Thursday after
“thousands” of people in Turkey filed criminal complaints, according to TRT World. Users have been unable to access money in their accounts over the past three days and federal authorities have issued at least 78 arrest warrants, according to Reuters.

[…]

There have been thousands of criminal complaints made in many places around Turkey,” he told Reuters, adding that the platform had 400,000 users, 391,000 of whom were active.

While Reuters reports the CEO had fled to the city of Tirana, Albanian, apparently people at Thodex insist he will be returning to Turkey soon. He’s going to be returning to a lot of pissed off people.

Source: CEO of Turkish Crypto Platform Flees Country as Users Say They’re Locked Out

Apple AirDrop Security Flaw Exposes iPhone Numbers, Emails: Researchers

Posted on by

Apple’s AirDrop feature is a convenient way to share files between the company’s devices, but security researchers from Technische Universitat Darmstadt in Germany are warning that you might be sharing way more than just a file.

According to the researchers, it’s possible for strangers to discover the phone number and email of any nearby AirDrop user. All a bad actor needs is a device with wifi and to be physically close by. They can then simply open up the AirDrop sharing pane on an iOS or macOS device. If you have the feature enabled, it doesn’t even require you to initiate or engage with any sharing to be at risk, according to their findings.

The problem is rooted in AirDrop’s “Contacts Only” option. The researchers say that in order to suss out whether an AirDrop user is in your contacts, it uses a “mutual authentication mechanism” to cross-reference that user’s phone number and email with another’s contacts list. Now, Apple isn’t just doing that willy nilly. It does use encryption for this exchange. The problem is that the hash Apple uses is apparently easily cracked using “simple techniques such as brute-force attacks.” It is not clear from the research what level of computing power would be necessary to brute-force the hashes Apple uses.

[…]

Source: Apple AirDrop Security Flaw Exposes iPhone Numbers, Emails: Researchers

This New App Lets You Turn Anything and Everything Into an NFT

Posted on by

Well, if you have an iPhone, now you can turn practically anything into a unique, one-of-a-kind digital token. A new app is out that, by its own admission, lets you turn “every idea” into an NFT. It’s called S!NG, and it is the first and only free iOS app designed to let you create as many NFTs as you want. Where previously you would have had to pay a crypto exchange to get your asset minted, S!NG does all the minting for you, free of charge.

Founded by ex-Apple executive Geoff Osler, the company has sought to make its product really easy to use, too: it has a point-and-click function—so it’s basically as simple as taking a picture or making a recording on your phone to create them. You can also upload files.

[…]

As the name of the app might suggest, it’s being marketed to artists and musicians. A video on the company’s website claims that S!NG wants to use NFTs to protect creators from intellectual property theft—which is an interesting idea. The thinking here seems to be that because the non-fungibles designate specific ownership over a unique digital asset, they can preclude you from getting your song lyrics or digital recording copied and legally foisted away from you. Thus, the website claims S!NG is the “easiest way to put a stamp on an idea, label it as your own, convert to an NFT and stored in a centralized portfolio,” also adding that the app is a space where ideas can be shared “confidently and hesitation free, without having to lawyer up.” In other words, it’s like that old trick of sending yourself a certified letter to copyright text or song lyrics: it works, but only barely.

While this all sounds pretty good, the flip side is that it makes S!NG sound almost like a notepad app, where every note becomes an NFT. When you consider the ecological toll that NFTs purportedly are wreaking on the world, maybe it’s not a great idea to make every thought you jot down a non-fungible? Then again, people are apparently working on this problem, so maybe we can assume it’ll be a short-lived issue.

[…]

Source: This New App Lets You Turn Anything and Everything Into an NFT

I’m very curious what their business model is. Put an advert into every NFT they create?

Jaguar Land Rover to suspend output due to chip shortage

Posted on by

Jaguar Land Rover (JLR) is shutting its two main car factories temporarily due to a shortage of computer chips.

The difficulties at Britain’s biggest carmaker echo similar problems at other manufacturers, including Ford, who have been hit by a global shortage of chips.

JLR said there would be a “limited period” of closure at its Halewood and Castle Bromwich sites from Monday.

A mixture of strong demand and Covid shutdowns at chipmakers has also hit phone, TV and video games companies.

[…]

Source: Jaguar Land Rover to suspend output due to chip shortage – BBC News

Another fatality of the growing chip shortage

Passwordstate password manager Hacked, Exposing Users’ Passwords for 28 Hours with automatic update

Posted on by

Passwordstate, the enterprise password manager offered by Australian software developer Click Studios, was hacked earlier this week, exposing the passwords of an undisclosed number of its clients for approximately 28 hours. The hack was carried out through an upgrade feature for the password manager and potentially harvested the passwords of those who carried out upgrades.

On Friday, Click Studios issued an incident management advisory about the hack. It explained that the initial vulnerability was related to its upgrade director—which points the in-place update to the appropriate version of the software on the company’s content distribution network—on its website. When customers performed in-place upgrades on Tuesday and Wednesday, they potentially downloaded a malicious file, titled “moserware.secretsplitter.dll,” from a download network not controlled by Click Studios.

Once the malicious file was loaded, it set off a process that extracted information about the computer system as well as data stored in Passwordstate, including URLs, usernames and passwords. The information was then posted to the hackers’ content distribution network.

According to the company, the vulnerability has been addressed and eliminated. Click Studios said that only customers who performed in-place updates between Tuesday, April 20 at 4:33 p.m. ET and Thursday, April 22 at 8:30 p.m. ET are believed to be affected. Customers who carried out manual upgrades of Passwordstate are not compromised.

[…]

Source: Passwordstate Hacked, Exposing Users’ Passwords for 28 Hours

These Are Ingenuity’s First Color In-Flight Photos of Mars

Posted on by

In recent days, NASA published three aerial photos taken by Ingenuity. These aren’t the first photos taken by the rover. It has previously sent back images of its shadows taken with its downward-facing navigation camera. And let’s not forget its watchful and proud surrogate parent, the Perseverance rover, which snaps magnificent photos of the helicopter in action. However, this latest set of images is special because they’re the first color photos of Mars taken by an aerial vehicle while it’s in the air.

Ingenuity’s First Aerial Color Image of Mars

At the time of this image, Ingenuity was 17 feet (5.2 meters) above the surface and pitching (moving the camera’s field of view upward) so the helicopter could begin its 7-foot (2-meter) translation to the west.
At the time of this image, Ingenuity was 17 feet (5.2 meters) above the surface and pitching (moving the camera’s field of view upward) so the helicopter could begin its 7-foot (2-meter) translation to the west.
Photo: NASA/JPL-Caltech

This is the first color image taken by Ingenuity, which is equipped with a high-resolution color camera that contains a 4208 x 3120-pixel sensor, on its April 22 test flight. According to NASA, Ingenuity was 17 feet (5.2 meters) above the surface. It was also moving its field of view upward as it prepared to move sideways for its 51.9-second flight.

Read More

In Third Mars Flight, Ingenuity Goes Beyond All Tests Done on Earth
NASA’s Ingenuity Helicopter Just Completed Its Second Flight on Mars
NASA Generates Oxygen on Mars, Setting Stage for Crewed Missions

“The image, as well as the inset showing a closeup of a portion of the tracks [of] the Perseverance Mars rover and Mars surface features, demonstrates the utility of scouting Martian terrain from an aerial perspective,” NASA explained in the photo’s description.

Speaking of Perseverance, you can check out the six-wheeled rover’s tracks in the winding parallel discolorations on the surface. Apparently, Perseverance itself isn’t too far away, but rather top center and unfortunately out of frame.

“Wright Brothers Field,” which is what NASA has named Ingenuity’s official launch zone, is in the vicinity of the helicopter’s shadow at the bottom center, the space agency said, and its point of takeoff is just below the image. Meanwhile, the black objects on the sides of the photo are Ingenuity’s landing pads. And in case this photo couldn’t get any better, you can see a small part of the horizon on the upper left and right corners.

Ingenuity’s Second Aerial Color Image of Mars

This is the second color image taken by NASA’s Ingenuity helicopter.
This is the second color image taken by NASA’s Ingenuity helicopter.
Photo: NASA/JPL-Caltech

Besides stating that this photo was also taken at an altitude of 17 feet (5.2 meters), NASA didn’t have much to say. Nonetheless, the space agency noted that you could see tracks made by Perseverance here as well.

Ingenuity’s Third Aerial Color Image of Mars

This is the third color image taken by NASA’s Ingenuity helicopter.
This is the third color image taken by NASA’s Ingenuity helicopter.
Photo: NASA/JPL-Caltech

NASA was short on words for this photo, too, but helpfully reminded us that Perseverance’s tracks can be seen in this case if you’re looking. (I was). I see the tracks at the bottom of the photo, but the rest of the picture is a lot more captivating to me.

Source: These Are Ingenuity’s First Color In-Flight Photos of Mars