Monthly Archives: December 2021

Scott Morrison urged to end ‘lunacy’ and push UK and US for Julian Assange’s release by Australian PMs

Posted on by

Australian parliamentarians have demanded the prime minister, Scott Morrison, intervene in the case of Julian Assange, an Australian citizen, after the United States won a crucial appeal in its fight to extradite the WikiLeaks founder on espionage charges.

“The prime minister must get Assange home,” the Australian Greens leader, Adam Bandt, told Guardian Australia on Saturday.

“An Australian citizen is being prosecuted for publishing details of war crimes, yet our government sits on its hands and does nothing.”

WikiLeaks founder Julian Assange.
WikiLeaks founder Julian Assange. Photograph: Daniel Leal-Olivas/AFP/Getty Images

The independent MP Andrew Wilkie called on Morrison to “end this lunacy” and demand the US and UK release Assange.

[…]

Source: Scott Morrison urged to end ‘lunacy’ and push UK and US for Julian Assange’s release | Australian politics | The Guardian

‘Cowboy Bebop’ Canceled by Netflix After One Season

Posted on by

That was fast: Netflix has canceled its ambitious, widely hyped and, ultimately, widely disappointing anime adaptation Cowboy Bebop, The Hollywood Reporter has learned.

The move comes less than three weeks after the show’s Nov. 19 debut on the streaming service.

The space Western had a rough reception. The 10-episode series garnered only a 46 percent positive critics rating on review aggregator Rotten Tomatoes. Fans seemed to agree, giving the show a 56 percent positive audience score on the site. According to Netflix’s Top 10 site, the series has racked up almost 74 million viewing hours worldwide since its debut — so it got plenty of sampling out of the gate — but it plummeted 59 percent for the week of Nov. 29 to Dec. 5.

Insiders pointed out that Netflix’s renewal rate for scripted series that have two or more seasons stands at 60 percent, in line with industry averages, and, like all Netflix renewal verdicts, the decision was made by balancing the show’s viewership and cost. The streamer also prides itself on taking big swings on projects like Cowboy Bebop and has many other genre shows on the air and in the works.

[…]

Source: ‘Cowboy Bebop’ Canceled by Netflix After One Season – The Hollywood Reporter

What a shame – there seems to have been some fashion in bashing this show, especially from people who were 12 when they watched the original and endowed it with some completely non-existing properties. I liked the original and thought this one was brilliant too. This is why we can’t have nice things.

FAA: No more commercial astronaut wings, too many launching. You still get to be on a list.

Posted on by

Heads up, future space travelers: No more commercial astronaut wings will be awarded from the Federal Aviation Administration after this year.

The FAA said Friday it’s clipping its astronaut wings because too many people are now launching into space and it’s getting out of the astronaut designation business entirely.

The news comes one day ahead of Blue Origin’s planned liftoff from West Texas with former NFL player and TV celebrity Michael Strahan. He and his five fellow passengers will still be eligible for wings since the FAA isn’t ending its long-standing program until Jan. 1.

NASA’s astronauts also have nothing to worry about going forward—they’ll still get their pins from the .

All 15 people who rocketed into space for the first time this year on private U.S. flights will be awarded their wings, according to the FAA. That includes Blue Origin founder Jeff Bezos and Virgin Galactic’s Richard Branson, as well as the other space newbies who accompanied them on their brief up-and-down trips. The companies handed out their own version of astronaut wings after the flights.

All four passengers on SpaceX’s first private flight to orbit last September also qualified for FAA wings.

Adding Blue Origin’s next crew of six will bring the list to 30. The FAA’ s first commercial wings recipient was in 2004.

Earlier this year, the FAA tightened up its qualifications, specifying that awardees must be trained crew members, versus paying customers along for the ride. But with the program ending, the decision was made to be all-inclusive, a spokesman said.

Future space tourists will get their names put on a FAA commercial spaceflight list. To qualify, they must soar at least 50 miles (80 kilometers) on an FAA-sanctioned launch.

Source: FAA: No more commercial astronaut wings, too many launching

The European Commission is making its software open source to benefit society – considering it was paid for by the tax payers it’s the least they could do and should have done this years ago

Posted on by

The European Commission has announced that it’s adopting new rules around open source software which will see it release software under open source licenses. The decision follows a Commission study that found investment in open source software leads on average to four times higher returns. There has also been a push for this type of action from the Public Money, Public Code campaign.

If you’re wondering what sort of code the EC could offer to the world, it gave two examples. First, there’s its eSignature, a set of free standards, tools, and services that can speed up the creation and verification of electronic signatures that are legally valid inside the EU. Another example is LEOS (Legislation Editing Open Software) which is used to draft legal texts.

[…]

Source: The European Commission is making its software open source to benefit society – Neowin

Julian Assange can be extradited to the US, court rules, changes mind because US tells judge to.

Posted on by

Wikileaks founder Julian Assange can be extradited from the UK to the US, the High Court has ruled.

The US won its appeal against a January UK court ruling that he could not be extradited due to concerns over his mental health.

Judges were reassured by US promises to reduce the risk of suicide. His fiancee said they intended to appeal.

Mr Assange is wanted in the US over the publication of thousands of classified documents in 2010 and 2011.

Senior judges found the lower judge had based her decision in January on the risk of Mr Assange being held in highly restrictive prison conditions if extradited.

However, the US authorities later gave assurances that he would not face those strictest measures unless he committed an act in the future that merited them.

Giving the judgement, Lord Chief Justice Lord Burnett said: “That risk is in our judgement excluded by the assurances which are offered.

“It follows that we are satisfied that, if the assurances had been before the judge, she would have answered the relevant question differently.”

Mr Assange’s fiancee Stella Moris called the ruling “dangerous and misguided”, adding that the US assurances were “inherently unreliable”.

[…]

Wikileaks editor-in-chief Kristinn Hrafnsson said in a statement: “Julian’s life is once more under grave threat, and so is the right of journalists to publish material that governments and corporations find inconvenient.

“This is about the right of a free press to publish without being threatened by a bullying superpower.”

Amnesty International described the ruling as a “travesty of justice” and the US assurances as “deeply flawed”.

Nils Muiznieks, the human rights organisation’s Europe director, said it “poses a grave threat to press freedom both in the Unites States and abroad”.

Judges ordered the case must return to Westminster Magistrates’ Court for a district judge to send it formally to Home Secretary Priti Patel.

Mr Assange’s legal team – Birnberg Peirce Solicitors – said any appeal to the Supreme Court would relate to the question of assurances, rather than on issues such as free speech or “the political motivation of the US extradition request”.

Source: Julian Assange can be extradited to the US, court rules – BBC News

Ventoy – add an iso to usb drive and boot it (or any other iso on it) up without any configuration

Posted on by

Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files.
With ventoy, you don’t need to format the disk over and over, you just need to copy the ISO/WIM/IMG/VHD(x)/EFI files to the USB drive and boot them directly.
You can copy many files at a time and ventoy will give you a boot menu to select them (screenshot).
x86 Legacy BIOS, IA32 UEFI, x86_64 UEFI, ARM64 UEFI and MIPS64EL UEFI are supported in the same way.
Most type of OS supported (Windows/WinPE/Linux/ChromeOS/Unix/VMware/Xen…)
770+ image files are tested (list),     90%+ distros in distrowatch.com supported (details),

Source: Ventoy

FAA says lack of federal whistleblower protections is ‘enormous factor’ hindering Blue Origin safety review

Posted on by

Jeff Bezos’ rocket company, Blue Origin, became the subject of a federal review this fall after a group of 21 current and former employees co-signed an essay that raised serious questions about the safety of the company’s rockets — including the rocket making headlines for flying Bezos and other celebrities to space.

Blue Origin: Essay alleges sexism, 'dehumanizing' culture at Jeff Bezos' rocket company

But that review was hamstrung by a lack of legal protections for whistleblowers in the commercial spaceflight industry, according to emails from Federal Aviation Administration investigators that were obtained by CNN Business.
The FAA also confirmed in a statement Friday that its Blue Origin review is now closed, saying the “FAA investigated the safety allegations made against Blue Origin’s human spaceflight program” and “found no specific safety issues.”
The emails obtained by CNN Business, however, reveal that investigators were not able to speak with any of the engineers who signed the letter anonymously. Investigators also were not able to go to Blue Origin and ask for documents or interviews with current employees or management, according to the FAA.
The situation highlights how commercial spaceflight companies like Blue Origin are operating in a regulatory bubble, insulated from much of the scrutiny other industries are put under. There are no federal whistleblower statues that would protect employees in the commercial space industry if they aid FAA investigators, according to the agency.
[…]

Source: FAA says lack of federal whistleblower protections is ‘enormous factor’ hindering Blue Origin safety review – CNN

Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package, hugely popular

Posted on by

A few hours ago, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string.

Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We’re calling it “Log4Shell” for short.

The 0-day was tweeted along with a POC posted on GitHub. Since this vulnerability is still very new, there isn’t a CVE to track it yet. This has been published as CVE-2021-44228.

This post provides resources to help you understand the vulnerability and how to mitigate it for yourself.

Who is impacted?

Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable.

Anybody using Apache Struts is likely vulnerable. We’ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach.

Many Open Source projects like the Minecraft server, Paper, have already begun patching their usage of log4j2.

Simply changing an iPhone’s name has been shown to trigger the vulnerability in Apple’s servers.

Updates (3 hours after posting): According to this blog post (see translation), JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are not affected by the LDAP attack vector. In these versions com.sun.jndi.ldap.object.trustURLCodebase is set to false meaning JNDI cannot load remote code using LDAP.

However, there are other attack vectors targeting this vulnerability which can result in RCE. An attacker could still leverage existing code on the server to execute a payload. An attack targeting the class org.apache.naming.factory.BeanFactory, present on Apache Tomcat servers, is discussed in this blog post.

Affected Apache log4j2 Versions

2.0 <= Apache log4j <= 2.14.1

Permanent Mitigation

Version 2.15.0 of log4j has been released without the vulnerability. log4j-core.jar is available on Maven Central here, with [release notes] and [log4j security announcements].

The release can also be downloaded from the Apache Log4j Download page.

[…]

Source: Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package | LunaSec

You can find sites that have been exloited https://github.com/YfryTchsGD/Log4jAttackSurface

MCH2022 Submit a talk above and beyond the final frontier!

Posted on by

In the first part of this series of posts where we explore possible subjects that may trigger your “Aha! I know about this and can talk about this!” reflex, medical technology was suggested as an avenue of interest. In this second part, we would like to tickle your memories from not so very long ago but quite far far away and suggest space as a topic for your consideration.

There has been an incredible acceleration of technology and accessibility in this space. With the introduction of CubeSats, space became much more accessible and a few years ago the first fully open-source CubeSat was launched. Companies such as Astra, Rocket Labs and SpaceX have entered the space race, elbowing out the traditional nationally funded efforts. A car was fired into space. Mars was landed on – twice – with the first aircraft on another planet flying around. The moon was rear-ended by the Chinese. 2021 was the year where we launched billionaires into space willy-nilly with even Captain Kirk having a go. NASA got all childish and changed the definition of an astronaut so that some billionaires were one and some weren’t suddenly. Satellite mesh networks are cluttering the skies so ground astronomers can’t see out any more. Nations are firing missiles at satellites, contributing significantly to the space junk problem. Satellites are jamming each other and trying to take each other over. The ISS is leaking and suddenly firing thrusters when it isn’t avoiding aforesaid trash. SpinLaunch is using a giant snail-like centrifuge that launches stuff into space from Earth. Neumann Space is trying to build a gas station for satellites in space. Steve Wozniak wants to become a space janitor and clean up all that mess. China has its own space station.

With all this action also comes condemnation. Should we be spending all that money on space when there are so many problems here on Earth? Reflection: What kind of legal structures and governance do we try to impose on foreign planets, the moon, the space above us, and how do we enforce this? But also what does cheap and plentiful access to space mean on a societal level, looking forward? Technically, what efforts have we thrown into tracking and communicating with these satellites? What should we do with old satellites? How can we as a community access space, and what do we want to do there?

We are looking forward to hearing from you – a workshop, lecture, anything you feel you can contribute is welcome!

Call for Participation

Source: May Contain Hackers 2022

I wrote this in the hopes that you are inspired to join the CFP!

Italian regulator fines Amazon $1.28 billion for abusing its market dominance

Posted on by

Italy’s antitrust authority (AGCM) has fined Amazon €1.13 billion ($1.28 billion) for “abuse of dominant position,” the second penalty it has imposed on Amazon over the last month. Amazon holds a position of “absolute dominance” in the Italian brokerage services market, “which has allowed it to promote its own logistics service, called Fulfillment by Amazon (FBA),” the authority wrote in a (Google translated) press release.

According to the AGCM, companies must use Amazon’s FBA service if they want access to key benefits like the Prime label, which in turn allows them to participate in Black Friday sales and other key events. “Amazon has thus prevented third-party sellers from associating the Prime label with offers not managed with FBA,” it said.

The authority said access to those functions are “crucial” for seller success. It also noted that third-party sellers using FBA are not subject to the same stringent performance requirements as non-FBA sellers. As such, they’re less likely to be suspended from the platform if they fail to meet certain goals. Finally, it noted that sellers using Amazon’s logistics services are discouraged from offering their products on other online platforms, at least to the same extent they do on Amazon.

[…]

Source: Italian regulator fines Amazon $1.28 billion for abusing its market dominance | Engadget

Report: VPNs Are Often a Mixed Bag for Privacy

Posted on by

[…] Consumer Reports, which recently published a 48-page white paper on VPNs that looks into the privacy and security policies of 16 prominent VPN providers. Researchers initially looked into some 51 different companies but ultimately honed in on the most prominent, high-quality providers. The results are decidedly mixed, with the report highlighting a lot of the long offered criticisms of the industry—namely, it’s lack of transparency, its PR bullshit, and its not always stellar security practices. On the flip side, a small coterie of VPNs actually seem pretty good.

[…]

. Consumers may often believe that by using a VPN they are able to become completely invisible online, as companies promise stuff like “unrivaled internet anonymity,” and the ability to “keep your browsing private and protect yourself from hackers and online tracking,” and so on and so forth.

In reality, there are still a whole variety of ways that companies and advertisers can track you across the internet—even if your IP address is hidden behind a virtual veil.

[…]

via a tool developed by a group of University of Michigan researchers, dubbed the “VPNalyzer” test suite, which was able to look at various security issues with VPN connections. The research team found that “malicious and deceptive behaviors by VPN providers such as traffic interception and manipulation are not widespread but are not nonexistent. In total, the VPNalyzer team filed more than 29 responsible disclosures, 19 of which were for VPNs also studied in this report, and is awaiting responses regarding its findings.”

The CR’s own analysis found “little evidence” of VPNs “manipulating users’ networking traffic when testing for evidence of TLS interception,” though they did occasionally run into examples of data leakage.

And, as should hopefully go without saying, any VPN with the word “free” near it should be avoided at all costs, lest you accidentally download some sort of Trojan onto your device and casually commit digital hari-kari.

[…]

According to CR’s review, four VPN providers rose to the top of the list in terms of their privacy and security practices. They were:

Apparently in that order.

These companies stood out mostly by not over-promising what they could deliver, while also scoring high on scales of transparency and security

[…]

Source: Report: VPNs Are Often a Mixed Bag for Privacy

Physicists discover special transverse sound wave

Posted on by

A research team at City University of Hong Kong (CityU) has discovered a new type of sound wave: The airborne sound wave vibrates transversely and carries both spin and orbital angular momentum like light does. The findings shattered scientists’ previous beliefs about the sound wave, opening an avenue to the development of novel applications in acoustic communications, acoustic sensing and imaging.

The research was initiated and co-led by Dr. Shubo Wang, Assistant Professor in the Department of Physics at CityU, and conducted in collaboration with scientists from Hong Kong Baptist University (HKBU) and the Hong Kong University of Science and Technology (HKUST). It was published in Nature Communications, titled “Spin-orbit interactions of transverse sound.”

Beyond the conventional understanding of sound wave

The physics textbooks tell us there are two kinds of waves. In like light, the vibrations are perpendicular to the direction of wave propagation. In longitudinal waves like sound, the vibrations are parallel to the direction of wave propagation. But the latest discovery by scientists from CityU changes this understanding of sound waves.

“While the airborne sound is a longitudinal wave in usual cases, we demonstrated for the first time that it can be a transverse wave under certain conditions. And we investigated its spin-orbit interactions (an important property only exists in transverse waves), i.e. the coupling between two types of angular momentum. The finding provides new degrees of freedom for sound manipulations.”

The absence of shear force in the air, or fluids, is the reason why sound is a longitudinal wave, Dr. Wang explained. He had been exploring whether it is possible to realize transverse sound, which requires shear force. Then he conceived the idea that synthetic shear force may arise if the air is discretized into “meta-atoms,” i.e., volumetric air confined in small resonators with size much smaller than the wavelength. The collective motion of these air “meta-atoms” can give rise to a transverse sound on the macroscopic scale.

Negative refraction induced by the spin-orbit interaction in momentum space. Credit: S. Wang et al. DOI: 10.1038/s41467-021-26375-9

Conception and realization of ‘micropolar metamaterial’

He ingeniously designed a type of artificial material called “micropolar metamaterial” to implement this idea, which appears like a complex network of resonators. Air is confined inside these mutually connected resonators, forming the “meta-atoms.” The metamaterial is hard enough so that only the air inside can vibrate and support sound propagation. The showed that the collective motion of these air “meta-atoms” indeed produces the shear force, which gives rise to the transverse sound with spin-orbit interactions inside this metamaterial. This theory was verified by experiments conducted by Dr. Ma Guancong’s group in HKBU.

Moreover, the research team discovered that air behaves like an elastic material inside the micropolar metamaterial and thus supports transverse sound with both spin and orbital angular momentum. Using this metamaterial, they demonstrated two types of spin-orbit interactions of sound for the first time. One is the momentum-space spin-orbit interaction, which gives rise to negative refraction of the transverse sound, meaning that sound bends in the opposite directions when passing through an interface. Another one is the real-space spin-orbit interaction, which generates sound vortices under the excitation of the transverse sound.

[…]

Source: Physicists discover special transverse sound wave

Prisons snoop on inmates’ phone calls with speech-to-text AI

Posted on by

Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

“(The) sheriff believes (the calls) will help him fend off pending liability via civil action from inmates and activists,” Sexton said. Verus transcribes phone calls and finds certain keywords discussing issues like COVID-19 outbreaks or other complaints about jail conditions.

Prisoners, however, said the tool was used to catch crime. In one case, it allegedly found one inmate illegally collecting unemployment benefits. But privacy advocates aren’t impressed. “T​​he ability to surveil and listen at scale in this rapid way – it is incredibly scary and chilling,” said Julie Mao, deputy director at Just Futures Law, an immigration legal group.

[…]

Source: Prisons snoop on inmates’ phone calls with speech-to-text AI • The Register

Spotify Pulls Content of Comedians Fighting to Get Royalties

Posted on by

[…]

Spotify took down the work of hundreds of comedians, including big names like John Mulaney, Jim Gaffigan, and Kevin Hart, the Wall Street Journal reported on Saturday. Mulaney, Gaffigan, Hart, and other comedians are represented by Spoken Giants, a global rights company that’s leading the fight to get radio and digital platforms, such as Spotify, SiriusXM, Pandora, and YouTube, to pay comedians royalty payments on the copyright for their written work.

According to the outlet, the streaming giant been in negotiations with Spoken Giants but couldn’t reach an agreement. On Thanksgiving, Spotify informed Spoken Giants that would pull all work by comedians represented by the organization until they could come to an understanding.

[…]

“In music, songwriter royalties are a very basic revenue stream, so this is not an unfamiliar concept and our work is based on established precedents and clear copyright language,” King said. “With this take-down, individual comedians are now being penalized for collectively requesting the same compensation songwriters receive.”

[…]

Source: Spotify Pulls Content of Comedians Fighting to Get Royalties

Cuba ransomware gang scores almost $44m from 49 victims: FBI

Posted on by

The US Federal Bureau of Investigation (FBI) says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year.

The attacks were spread across five “critical infrastructure”, which, besides government, included the financial, healthcare, manufacturing, and – as you’d expect – IT sectors. The Feds said late last week the threat actors are demanding $76m in ransoms and have already received at least $43.9m in payments.

The ransomware gang’s loader of choice, Hancitor, was the culprit, distributed via phishing emails, or via exploit of Microsoft Exchange vulnerabilities, compromised credentials, or Remote Desktop Protocol (RDP) tools. Hancitor – also known as Chanitor or Tordal – enables a CobaltStrike beacon as a service on the victim’s network using a legitimate Windows service like PowerShell.

[…]

Source: Cuba ransomware gang scores almost $44m from 49 victims: FBI • The Register

Executive at Swiss Tech Company Said to Operate Secret Surveillance Operation

Posted on by

The co-founder of a company that has been trusted by technology giants including Google and Twitter to deliver sensitive passwords to millions of their customers also operated a service that ultimately helped governments secretly surveil and track mobile phones, Bloomberg reported Monday, citing former employees and clients. From the report: Since it started in 2013, Mitto AG has established itself as a provider of automated text messages for such things as sales promotions, appointment reminders and security codes needed to log in to online accounts, telling customers that text messages are more likely to be read and engaged with than emails as part of their marketing efforts. Mitto, a closely held company with headquarters in Zug, Switzerland, has grown its business by establishing relationships with telecom operators in more than 100 countries. It has brokered deals that gave it the ability to deliver text messages to billions of phones in most corners of the world, including countries that are otherwise difficult for Western companies to penetrate, such as Iran and Afghanistan. Mitto has attracted major technology giants as customers, including Google, Twitter, WhatsApp, Microsoft’s LinkedIn and messaging app Telegram, in addition to China’s TikTok, Tencent and Alibaba, according to Mitto documents and former employees.

But a Bloomberg News investigation, carried out in collaboration with the London-based Bureau of Investigative Journalism, indicates that the company’s co-founder and chief operating officer, Ilja Gorelik, was also providing another service: selling access to Mitto’s networks to secretly locate people via their mobile phones. That Mitto’s networks were also being used for surveillance work wasn’t shared with the company’s technology clients or the mobile operators Mitto works with to spread its text messages and other communications, according to four former Mitto employees. The existence of the alternate service was known only to a small number of people within the company, these people said. Gorelik sold the service to surveillance-technology companies which in turn contracted with government agencies, according to the employees.

Source: Executive at Swiss Tech Company Said to Operate Secret Surveillance Operation – Slashdot

$150m – $200m of digital assets stolen in BitMart security breach

Posted on by

Cryptocurrency exchange BitMart has coughed to a large-scale security breach relating to ETH and BSC hot wallets. The company reckons that hackers made off with approximately $150m in assets.

Security and analytics outfit PeckShield put the figure at closer to $200m.

“We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets today. At this moment we are still concluding the possible methods used. Hackers were able to withdraw assets of the value of approximately 150 million USD,” BitMart said.

“The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress,” it added.

Worryingly for customers, BitMart has blocked withdrawals until it has completed a “thorough security review” or, in the common metaphor, shut the stable door after the horse has bolted.

[…]

Source: $150m of digital assets stolen in BitMart security breach • The Register

The SEC is probing Tesla’s faulty solar panels prone to fire, whistleblower says they kept evidence of danger under wraps

Posted on by

The Securities and Exchange Commission has launched an investigation into whether Tesla failed to tell investors and customers about the fire risks of its faulty solar panels.

Whistleblower and ex-employee, Steven Henkes, accused the company of flouting safety issues in a complaint with the SEC in 2019. He filed a freedom of information request to regulators and asked to see records relating to the case in September, earlier this year. An SEC official declined to hand over documents, and confirmed its probe into the company is still in progress.

[…]

Tesla started selling and installing solar panels after it acquired SolarCity for $2.6bn in 2016. But its goal of becoming a renewable energy company hasn’t been smooth. Several fires have erupted from Tesla’s solar panels installed on the roofs of Walmart stores, Amazon warehouses, and people’s homes.

In fact, Walmart sued the company in 2019 after seven of its supermarkets in the US caught fire. The lawsuit accused Tesla of “utter incompetence or callousness, or both.” Walmart later dropped its claims, and settled the matter privately.

Before Walmart’s lawsuit, however, Steven Henkes, who was employed as a field quality manager by Tesla after the acquisition, said he attempted to raise concerns about fire risks with managers. He claimed in a lawsuit [PDF] filed last year in November that he was wrongfully terminated after he was fired in August, last year. Henkes claimed his concerns about defects in the company’s solar panels and electrical connectors were repeatedly ignored, and after he filed initial whistleblower complaints with the SEC and the US Consumer Protection Safety Commission (CPSC).

Over 60,000 people as well as over 500 commercial consumers could have been potentially affected by fire risks from Tesla’s faulty solar panels, the lawsuit said. Tesla started replacing and reimbursing defective components in 2019, Business Insider reported. The CPSC has also been investigating the company, too. Tesla did not respond to The Register’s questions.

Source: The SEC is probing Tesla’s faulty solar panels prone to fire • The Register

Suspected Russian Activity Targeting Government and Business Entities Around the Globe after Solarwinds

Posted on by

Mandiant continues to track multiple clusters of suspected Russian intrusion activity that have targeted business and government entities around the globe. Based on our assessment of these activities, we have identified two distinct clusters of activity, UNC3004 and UNC2652. We associate both groups with UNC2452 also referred to as Nobelium by Microsoft.

Some of the tactics Mandiant has recently observed include:

  • Compromise of multiple technology solutions, services, and reseller companies since 2020.
  • Use of credentials likely obtained from an info-stealer malware campaign by a third-party actor to gain initial access to organizations.
  • Use of accounts with Application Impersonation privileges to harvest sensitive mail data since Q1 2021.
  • Use of both residential IP proxy services and newly provisioned geo located infrastructure to communicate with compromised victims.
  • Use of novel TTPs to bypass security restrictions within environments including, but not limited to the extraction of virtual machines to determine internal routing configurations.
  • Use of a new bespoke downloader we call CEELOADER.
  • Abuse of multi-factor authentication leveraging “push” notifications on smartphones

In most instances, post compromise activity included theft of data relevant to Russian interests. In some instances, the data theft appears to be obtained primarily to create new routes to access other victim environments. The threat actors continue to innovate and identify new techniques and tradecraft to maintain persistent access to victim environments, hinder detection, and confuse attribution efforts.

The sections below highlight intrusion activity from multiple incident response efforts that are currently tracked as multiple uncategorized clusters. Mandiant suspects the multiple clusters to be attributable to a common Russian threat. The information below covers some of the Tactics, Techniques, and Procedures (TTPs) used by the threat actors for initial compromise, establishing a foothold, data collection, and lateral movement; how the threat actors provision infrastructure; and indicators of compromise. The information is being shared to raise awareness and allow organizations to better defend themselves.

[…]

Source: Suspected Russian Activity Targeting Government and Business Entities Around the Globe | Mandiant

Life360 Reportedly Sells Location Data of Families and Kids

Posted on by

Life360, a popular tracking app that bills itself as “the world’s leading family safety service,” is purportedly selling location data on the 31 million families and kids that use it to data brokers. The chilling revelation may make users of the Tile Bluetooth tracker, which is being bought by Life360, think twice before continuing to use the device.

Life360’s data selling practices were revealed in a damning report published by the Markup on Monday. The report claims that Life360 sells location data on its users to roughly a dozen data brokers, some of which have sold data to U.S. government contractors. The data brokers then proceed to sell the location data to “virtually anyone who wants to buy it.” Life360 is purportedly one of the largest sources of data for the industry, the outlet found.

While selling location data on families and kids is already alarming, what’s even more frightening is that Life360 is purportedly failing to take steps to protect the privacy of the data it sells. This could potentially allow the location data, which the company says is anonymized, to be linked back to the people it belongs to.

[…]

Source: Life360 Reportedly Sells Location Data of Families and Kids

AWS Outage Takes Down Amazon, Disney+, Venmo, loads of online games

Posted on by

Amazon Web Services (AWS), the engine that powers many of the internet’s most-trafficked websites and apps, appears to be experiencing a widespread outage that is bringing down several popular services.

Amazon, Disney+, and Venmo are all being affected by the outage, and are showing error messages when users attempt to visit their websites. Amazon appears to be aware of the issue and admitted to seeing “Increased Error Rates” in the AWS Management Console. We reached out to Amazon, and the company pointed us to its AWS Service Health Dashboard. An update posted at 8:26 a.m. PT reads:

“We are experiencing API and console issues in the US-EAST-1 Region. We have identified root cause and we are actively working towards recovery. This issue is affecting the global console landing page, which is also hosted in US-EAST-1.

Amazon further revealed the issue to be caused by an “impairment of several network devices.” In a 2:47 p.m. PT update, the company claims to have “mitigated the underlying issue” that caused network devices to be faulty. Server health is improving, according to Amazon, which is now conducting a service-by-service recovery. The company disabled Event Deliveries for Amazon EventBridge in US-EAST-1 as it works for a full recovery for all affected AWS customers. There is still no timeline on when your favorite sites will be fully operational again.

Source: AWS Outage Takes Down Amazon, Disney+, and Venmo

yay cloud!

DARPA Funded Researchers Accidentally Create The World’s First Warp Bubble

Posted on by

Warp drive pioneer and former NASA warp drive specialist Dr. Harold G “Sonny” White has reported the successful manifestation of an actual, real-world “Warp Bubble.” And, according to White, this first of its kind breakthrough by his Limitless Space Institute (LSI) team sets a new starting point for those trying to manufacture a full-sized, warp-capable spacecraft.

“To be clear, our finding is not a warp bubble analog, it is a real, albeit humble and tiny, warp bubble,” White told The Debrief, quickly dispensing with the notion that this is anything other than the creation of an actual, real-world warp bubble. “Hence the significance.”

Warp Bubble Theoretical
Theoretical Warp Bubble Structure: Image Credit LSI

In 1994, Mexican Mathematician Miguel Alcubierre proposed the first mathematically valid solution to the warp drive. More specifically, he outlined a spacecraft propulsion system previously only envisioned in science fiction that can traverse the cosmos above the speed of light without violating currently accepted laws of physics.

[…]
“While conducting analysis related to a DARPA-funded project to evaluate possible structure of the energy density present in a Casimir cavity as predicted by the dynamic vacuum model,” reads the actual findings published in the peer-reviewed European Physical Journal, “a micro/nano-scale structure has been discovered that predicts negative energy density distribution that closely matches requirements for the Alcubierre metric.”

Or put more simply, as White did in a recent email to The Debrief, “To my knowledge, this is the first paper in the peer-reviewed literature that proposes a realizable nano-structure that is predicted to manifest a real, albeit humble, warp bubble.”

This fortuitous finding, says White, not only confirms the predicted “toroidal” structure and negative energy aspects of a warp bubble, but also resulted in potential pathways he and other researchers can follow when trying to design, and one day actually construct, a real-world warp-capable spacecraft.

[…]

“This is a potential structure we can propose to the community that one could build that will generate a negative vacuum energy density distribution that is very similar to what’s required for an Alcubierre space warp.”

When asked by The Debrief in December if his team has built and tested this proposed nano-scale warp craft design since that August announcement, or if they have plans to do so, White said, “We have not manufactured the one-micron sphere in the middle of a 4-micron cylinder.” However, he noted, if the LSI team were to undertake that at some point, “we’d probably use a nanoscribe GT 3D printer that prints at the nanometer scale.” In short, they have the means, now they just need the opportunity.

[…]

White and his team have also outlined a second testable experiment that involves stringing a number of these Casimir-created warp bubbles in a chain-like configuration. This design, he said, would allow researchers to better understand the physics of the warp bubble structure already created, as well as how a craft may one day traverse actual space inside such a warp bubble.

“We could go through an examination of the optical properties as a result of these little, nano-scale warp bubbles,” explained White at the AIAA conference. “Aggregating a large number of them in a row, we can increase the magnitude of the effect so we can see (and study) it.”

Source: DARPA Funded Researchers Accidentally Create The World’s First Warp Bubble – The Debrief

Huge 20-Year Study Shows Trickle-Down Is a Myth, Inequality Rampant

Posted on by

The 2022 World Inequality Report, a huge undertaking coordinated by economic and inequality experts Lucas Chancel, Thomas Piketty, Emmanuel Saez, and Gabriel Zucman, was the product of four years of research and produced an unprecedented data set on just how wealth is distributed.

“The world is marked by a very high level of income inequality and an extreme level of wealth inequality,” the authors wrote.

The data serves as a complete rebuke of the trickle-down economic theory, which posits that cutting taxes on the rich will “trickle down” to those below, with the cuts eventually benefiting everyone. In America, trickle-down was exemplified by President Ronald Reagan’s tax slashes. It’s a theory that persists today, even though most research has shown that 50 years of tax cuts benefits the wealthy and worsens inequality.

[…]

Piketty, who was Zucman’s doctoral adviser, wrote the tome “Capital in the 21st Century” which used an unprecedented data set going back to the French Revolution to expose how centuries of growing wealth inequality was a feature of capitalism, not a bug. The World Inequality Report was his effort to do the same for recent history.

They argue in the new report that the last two decades of wealth data show that “inequality is a political choice, not an inevitability.”

For instance, when it comes to wealth, which accounts for the values of assets people hold, researchers found that the “poorest half of the global population barely owns any wealth at all.” That bottom half owns just 2% of total wealth. That means that the top half of the world holds 98% of the world’s wealth, and that gets even more concentrated the wealthier you get.

Indeed, the richest 10% of the world’s population hold 76%, or two-thirds of all wealth. That means the 517 million people who make up the top hold vastly more than the 2.5 billion who make up the bottom. The world’s policy choices have led to wealth trickling up rather than down.

[…]

Billionaires now hold a 3% share of global wealth, up from 1% in 1995

The report notes that “2020 marked the steepest increase in global billionaires’ share of wealth on record.” Broadly, the number of billionaires rose to a record-number in 2020, with Wealth-X finding that there are now over 3,000 members of the three-comma club.

[…]

Source: Huge 20-Year Study Shows Trickle-Down Is a Myth, Inequality Rampant

LINE Pay leaks around 133,000 users’ data to GitHub

Posted on by

Smartphone payment provider LINE Pay announced yesterday that around 133,000 users’ payment details were mistakenly published on GitHub between September and November of this year.

Files detailing participants in a LINE Pay promotional program staged between late December 2020 and April 2021 were accidentally uploaded to the collaborative coding crèche by a research group employee.

Among the leaked details were the date, time, and amount of transactions, plus user and franchise store identification numbers. Although names, addresses, telephone, credit card and bank account numbers were not shared, the names of the users and other details could be traced with a little effort.

The information – which covered of over 51,000 Japanese users and almost 82,000 Taiwanese and Thai users – was accessed 11 times during the ten weeks it was available online.

[…]

Source: LINE Pay leaks around 133,000 users’ data to GitHub • The Register

The UAE Just Became The Biggest Export Customer For Dassault’s Rafale Fighter

Posted on by

[…]

A contract for the sale of the 80 Rafales was agreed today between Eric Trappier, Chairman and CEO of Dassault, and Tareq Abdul Raheem Al Hosani, CEO of Tawazun Economic Council, which is responsible for security and defense acquisitions on behalf of the United Arab Emirates (UAE). Dassault describes the deal as “the largest ever obtained by the French combat aeronautics industry.” The total value of the Rafale contract is $16 billion, on top of which will be added weapons for the jets. These deals fall within a larger French arms package for the UAE worth $19 billion that also includes 12 Airbus H225M Caracal military transport helicopters.

DASSAULT AVIATION

An artist’s conception of a UAE Rafale equipped for the air-to-air mission, with Meteor and Mica missiles.

Underlining the significance of the Rafale sale, the French President Emmanuel Macron and Sheikh Mohammed bin Zayed Al Nahyane, Crown Prince of Abu Dhabi, one of the Emirates within the UAE and the country’s effective ruler, as well as vice-commander of its armed forces, were both present at the contract signing.

[\…]

the United Arab Emirates Air Force and Air Defense (UAEAF&AD) will also become the first export recipient of the F4-standard Rafale.

The latest F4 version of the Rafale is part of an ongoing process to continuously improve the fighter and is optimized for networked combat, with new satellite and intra-flight data links, as well as a communication server and software-defined radio. Aside from this, the F4 features upgrades to the radar, electro-optical system, and helmet-mounted display. New weapons are also being integrated, including the forthcoming Mica NG air-to-air missile and the 2,200-pound version of the AASM modular air-to-ground weapon.

[…]

The contract UAE comes as a boost to the French aerospace industry and the Rafale program in particular, which has now secured six export customers. The previous countries to select the French fighter are Egypt, Qatar, India, Greece, and Croatia. Other potential customers have been linked with the Rafale in the recent past, including Indonesia, although the type was rejected this year by Switzerland in favor of the F-35.

[…]

Source: The UAE Just Became The Biggest Export Customer For Dassault’s Rafale Fighter