Monthly Archives: January 2022

Microsoft warns of destructive cyberattack on Ukrainian computer networks

Posted on by
Microsoft warned Saturday evening that it had detected a highly destructive form of malware in dozens of government and private computer networks in Ukraine that appeared to be waiting to be triggered by an unknown actor.

In a blog post, the company said that Thursday — around the same time that government agencies in Ukraine found their websites had been defaced — investigators who watch over Microsoft’s global networks detected the code. “These systems span multiple government, nonprofit and information technology organisations, all based in Ukraine,” Microsoft said.

The code appears to have been deployed around the time that Russian diplomats, after three days of meetings with the United States and NATO over the massing of Russian troops at the Ukrainian border, declared that the talks had essentially hit a dead end.

[…]

The code, as described by the company’s investigators, is meant to look like ransomware — it freezes up all computer functions and data, and demands a payment in return. But there is no infrastructure to accept money, leading investigators to conclude that the goal is to inflict maximum damage, not raise cash.

[…]

 

Source: Microsoft warns of destructive cyberattack on Ukrainian computer networks | bdnews24.com

Canon can’t get enough toner chips, so it’s telling customers how to defeat its DRM

Posted on by

[.,..]To enforce the use of first-party cartridges, manufacturers typically embed chips inside the consumables for the printers to “authenticate.” But when chips are in short supply, like today, manufacturers can find themselves in a bind. So Canon is now telling German customers how to defeat its printers’ warnings about third-party cartridges.

“Due to the worldwide continuing shortage of semiconductor components, Canon is currently facing challenges in procuring certain electronic components that are used in our consumables for our multifunction printers (MFP),” a Canon support website says in German. “In order to ensure a continuous and reliable supply of consumables, we have decided to supply consumables without a semiconductor component until the normal supply takes place again.”

[…]

The software on these printers comes with a relatively simple way to defeat the chip checks. Depending on the model, when an error message occurs after inserting toner, users can press either “I Agree,” “Close,” or “OK.” When users press that button, the world does not end. Rather, Canon says users may find that their toner cartridge doesn’t give them a low-toner warning before running empty.

“Although there are no negative effects on print quality when consumables are used without electronic components, certain additional functions, such as the detection of the toner level, may be impaired,” Canon’s support site says.

Source: Canon can’t get enough toner chips, so it’s telling customers how to defeat its DRM | Ars Technica

Developer Bricks Open-Source Apps Colors and Faker – used in 20k projects – no reason given, world of crazy

Posted on by

The eccentric developer behind two immensely popular open-source NPM coding libraries recently corrupted them both with a series of bizarre updates—a decision that has led to the bricking of droves of projects that relied upon them for support.

Marak Squires is the creator behind the popular JavaScript libraries Faker and Colors—the likes of which are key instruments for developers the world over. To give you an idea of how widely used these are, Colors reportedly sees more than 20 million downloads a week and Faker gets about 2 million. Suffice it to say, they see a lot of use.

However, Squires recently made the bizarre decision to mess all that up when he executed a number of malicious updates that sent the libraries haywire—taking a whole lot of dependent projects with it. In the case of Colors, Squires sent an update that caused its source code to go on an endless repeating loop. This caused apps using it to emit the text “Liberty Liberty Liberty,” followed by a splurge of meaningless, garbled data, effectively crippling their functionality. With Faker, meanwhile, a new update was recently introduced that basically nuked the library’s entire code. Squires subsequently announced he would no longer be maintaining the program “for free.”

The whole episode, which sent developers that rely on both programs into panic mode, appears to have been first observed by researchers with Snyk, an open-source security company, as well as BleepingComputer.

[…]

The most perplexing thing about this whole episode is that it’s not entirely clear why Squires did this. Some online commentators attributed the decision to a blog post he published in 2020, in which he railed against big companies’ use of open-source code from developers like himself. It’s true that corporate America tends to cut fiscal corners by exploiting freely available coding tools (just look at the recent log4j debacle, for example), though, if you’re an open-source coder, you would ostensibly know and expect that.

Indeed, the way in which Squires blitzed his libraries seems to defy simple explanation. For one thing, the commits that messed with the libraries were accompanied by odd text files that, in the case of the Faker update, referenced Aaron Swartz. Swartz is a well-known computer programmer who was found dead in his apartment in 2013 of an apparent suicide. Squires also made a number of other odd public references to Swartz around the time of the malicious commits.

[…]

Source: Developer Bricks Open-Source Apps Colors and Faker, Causes Chaos

Did you always want to hack an ESA satellite? Now’s your chance

Posted on by

The European Space Agency (ESA) is inviting applications from attackers who fancy having a crack at its OPS-SAT spacecraft.

It’s all in the name of ethical hacking, of course. The plan is to improve the resilience and security of space assets by understanding the threats dreamed up by security professionals and members of the public alike.

OPS-SAT has, according to ESA, “a flight computer 10 times more powerful than any current ESA spacecraft” and the CubeSat has been in orbit since 2019, providing a test bed for software experiments.

It is therefore the ideal candidate for l33t h4x0rs to turn their attention to, while ESA engineers ensure the environment is kept under control.

“The in-built robustness of OPS-SAT makes it the perfect flying platform for ethical hackers to demonstrate their skills in a safe but suitably realistic environment,” explained Dave Evans, OPS-SAT mission manager.

Ideas need to be submitted by 18 February and the successful applicants will be given controlled, technical access to OPS-SAT during the April CYSAT conference. It’ll be a challenge since teams will only have six-minute communication slots available with the satellite in which to unleash their creations.

Running code submitted by the public in space is not a particularly new concept – the AstroPi hardware on board the International Space Station (ISS) is a great example of such outreach.

However, the engagement with cybersecurity experts via the OPS-SAT demo will give space agencies an opportunity to learn what works – and what does not – from a security standpoint as satellites become ever more complicated and the surface area for attack grows.

Interestingly, ESA’s announcement had originally been made a month ago and then hurriedly pulled. Possibly because the original title “Hack an ESA spacecraft” caused at least one of the agency’s bosses to pass their morning caffeinated beverage through a nostril. Or, as an ESA insider put it, seek to “review” the emission.

Source: Hack our spacecraft, says ESA • The Register

Robinhood Must Pay User $29,460 Over Meme Stock Trading Halt

Posted on by

In January 2021, stock trading app Robinhood infuriated users when it responded to surging trades of so-called meme stocks, by halting trades—effectively preventing users from selling shares until the prices had collapsed. Congressional hearings, regulatory probes, and a deluge of regulatory complaints and lawsuits ensued, which was at least one cause of its initial public offering’s wretched post-IPO performance. A year later, at least one investor has finally succeeded in forcing Robinhood to pay out for the fiasco.

As Marketwatch first reported, on Jan. 6, an arbitrator for the Financial Industry Regulatory Authority (FINRA) ruled in favor of 27-year-old truck driver Jose Batista’s May 2021 complaint that the restrictions caused him to lose significant amounts of money, finding the stock-trading app owes him nearly $29,500 in restitution. FINRA has previously slapped Robinhood with roughly $70 million in penalties for system outages in March 2020, issuing false and/or misleading information to investors, and failing to abide by rules designed to protect investors; the Securities and Exchange Commission also fined the company $65 million in 2020 on similar grounds. But according to Marketwatch, this is the first time any retail investor complaints specifically related to the 2021 meme stock restrictions have resulted in a monetary judgment.

That’s perhaps because previous attempts to get the company to pay up have relied on elaborate theories Robinhood halted the trades in order to please partner Citadel Securities, its prime market maker. The exact nature of Robinhood’s relationship with Citadel attracted attention from both angry investors and members of Congress. FINRA has previously concluded the accusations of collusion had no merit.

[…]

Batista made a “narrow and specific case” against Robinhood, according to Marketwatch, saying that he focused on how the restrictions made him unable to manage his investments in headphone maker Koss and fast-fashion retailer Express Inc. Shortly before the restrictions went into place, Koss was trading at $58 a share and Express was trading at $9.55; by the time Robinhood lifted them, Koss was down to $35 and Express shares were just $5. (While he had Gamestop stock, he had no intention of selling at that point, he told Marketwatch.)

“My plan was to sell Koss and Express that day,” Batista told the site. “I had a lot, but no one could buy it… They basically left me with no other option. They were saying ‘You’re just stuck. If you want to sell it. Sell it.’”

[…]

Batista made a “narrow and specific case” against Robinhood, according to Marketwatch, saying that he focused on how the restrictions made him unable to manage his investments in headphone maker Koss and fast-fashion retailer Express Inc. Shortly before the restrictions went into place, Koss was trading at $58 a share and Express was trading at $9.55; by the time Robinhood lifted them, Koss was down to $35 and Express shares were just $5. (While he had Gamestop stock, he had no intention of selling at that point, he told Marketwatch.)

“My plan was to sell Koss and Express that day,” Batista told the site. “I had a lot, but no one could buy it… They basically left me with no other option. They were saying ‘You’re just stuck. If you want to sell it. Sell it.’”

[…]

Source: Robinhood Must Pay User $29,460 Over Meme Stock Trading Halt

Raspberry Pi Can Detect Malware By Scanning for EM Waves

Posted on by

A team of researchers at France’s Research Institute of Computer Science and Random Systems created an anti-malware system centered around a Raspberry Pi that scans devices for electromagnetic waves. As reported by Tom’s Hardware, the security device uses an oscilloscope (Picoscope 6407) and H-Field probe connected to a Raspberry Pi 2B to pick up abnormalities in specific electromagnetic waves emitted by computers that are under attack, a technique the researchers say is used to “obtain precise knowledge about malware type and identity.”

The detection system then relies on Convolution Neural Networks (CNN) to determine whether the data gathered indicates the presence of a threat. Using this technique, researchers claims they could record 100,000 measurement traces from IoT devices infected by genuine malware samples, and predicted three generic and one benign malware class with an accuracy as high as 99.82%.

Best of all, no software is needed and the device you’re scanning doesn’t need to be manipulated in any way. As such, bad actors won’t be successful with their attempts to conceal malicious code from malware detection software using obfuscation techniques.

“Our method does not require any modification on the target device. Thus, it can be deployed independently from the resources available without any overhead. Moreover, our approach has the advantage that it can hardly be detected and evaded by the malware authors,” researchers wrote in the paper.

Keep in mind that this system was made for research purposes, not to be released as a commercial product, though it may inspire security teams to look into novels way of using EM waves to detect malware. The research is currently in its early stages and the neural network will need to be further trained before it could have any practical uses.

[…]

Source: Raspberry Pi Can Detect Malware By Scanning for EM Waves

Oscilloscope used costs loads of money and needs to be mounted at 45o to the processor. Lots of work needed to turn this into a viable system.

Facebook Pixel Hunt – Mozilla Rally want to track the trackers

Posted on by

In a collaboration between journalists at The Markup and Mozilla researchers, this study seeks to map Facebook’s pixel tracking network and understand the kinds of information it collects on sites across the web. The Markup will use the data collected in this study to create investigative journalism around the kinds of information Facebook collects about you, and where.

The study will run until July 13, 2022.

Goals of the Study

According to its own privacy policy, Facebook may collect information about you across the web even if you don’t have a Facebook account. One way Facebook performs this tracking is through a network of “pixels” that may be installed on many of the sites you visit. By joining this study, you will help Rally and The Markup investigate and report on where Facebook is tracking you and what kind of information they are collecting.

This Study Will Collect:

This Study will Collect:

  • The data sent to Facebook pixels as you browse
  • The URLs of the web pages you browse
  • The time you spend browsing pages
  • The presence of Facebook login cookies in your browser
  • A study survey that the user completes
  • Metadata on the URLs your visit:
    • The full URL of each webpage that you are on
    • Time spent browsing and playing media on each webpage
    • How far down the webpage you scrolled

In addition, your Rally demographics survey responses will be combined with study data for the analysis.

Note: Only deidentified metrics and models will be exported from our secure environment. For additional information about our data collection, view our metrics definition file in our open source codebase.

Source: Facebook Pixel Hunt

Earth Is in a 1,000-Light-Year-Wide Bubble That Cooks Up Stars

Posted on by

In a study published today in Nature, they describe an amorphous, 1,000-light-year-wide bubble ensconcing Earth that is responsible for those stars.

Called the Local Bubble, the researchers believe it formed from a series of large explosions that blasted energy into space over the last 14 million years. Those explosions were supernovae—spectacular collapses of stars that sometimes leave behind beautiful nebulae. In this case, the supernovae also shaped our galactic neighborhood, 500 light-years in any direction from Earth.

“We find that all nearby, young stars formed as powerful supernova explosions triggered an expanding shockwave, sweeping up interstellar clouds of gas and dust into a cold dense shell that now forms the surface of the Local Bubble,” said study co-author Catherine Zucker in an email to Gizmodo.

“Astronomers have theorized for many decades that supernovae can ‘sweep up’ gas into dense clouds that ultimately form new stars, but our work provides the strongest observational evidence to date in support of this theory,” added Zucker, an astronomer at the Center for Astrophysics | Harvard & Smithsonian.

The team modeled how the explosions likely took place over millions of years, pushing gas outward like a broom sweeping up dust. At its genesis, the bubble was probably moving outward at about 60 miles per second, Zucker said. It’s still expanding today, but at a more leisurely 4 miles per second. Interactive figures of the bubble can be seen here.

Our Solar System is at the center of the bubble, rather than at its edge. That’s because, unlike the stars on the Local Bubble’s periphery, our solar system was born much longer ago than the last 14 million years.

A bright orange halo surrounds the white core of NGC2392, the remains of a star that went supernova.
NGC2392, a nebula left by a supernovae some 5,000 light-years from Earth, taken by the Hubble Space Telescope in 2002.
Image: NASA

“When the Local Bubble first started forming, the Earth was over 1,000 light-years away,” Zucker said. “We think the Earth entered the bubble about 5 million years ago, which is consistent with estimates of radioactive iron isotope deposits from supernova in the Earth’s crust from other studies.”

Source: Earth Is in a 1,000-Light-Year-Wide Bubble That Cooks Up Stars

Dutch Athletes Warned To Keep Phones and Laptops Out of China

Posted on by

Dutch athletes competing in next month’s Beijing Winter Olympics will need to leave their phones and laptops at home in an unprecedented move to avoid Chinese espionage, Dutch newspaper De Volkskrant reported on Tuesday. The urgent advice to athletes and supporting staff to not bring any personal devices to China was part of a set of measures proposed by the Dutch Olympic Committee (NOCNSF) to deal with any possible interference by Chinese state agents, the paper said citing sources close to the matter. NOCNSF spokesman Geert Slot said cybersecurity was part of the risk assessment made for the trip to China, but declined to comment on any specific measure. “The importance of cybersecurity of course has grown over the years”, Slot said. “But China has completely closed off its internet, which makes it a specific case.”

Source: Dutch Athletes Warned To Keep Phones and Laptops Out of China – Slashdot

Russia Arrests Members of Notorious Ransomware Gang REvil

Posted on by

[…]

The Federal Security Service (FSB), Russia’s domestic intelligence agency, said in a press release Friday that it had recently conducted raids at 25 residences across Moscow, Leningrad, Lipetsk, and St. Petersburg, where 14 members of the cybercriminal gang were arrested. During the raids, authorities seized more than 426 million rubles, $600,000, and €500,000, along with 20 luxury vehicles and hordes of computer equipment.

While the identities of the hackers have not been made public at this time, video provided by the FSB shows officers chasing and handcuffing various individuals, while also rifling through apartments.

[…]

REvil has been high on America’s shit-list ever since it carried out the massive Kaseya ransomware attack last summer. The attack used malicious software updates in the tech firm’s popular IT products to infect upwards of 1,500 different companies worldwide—including many in the U.S.

[…]

But the gang has also allegedly been involved in attacks on hardware manufacturer Acer, celebrity law firm Grubman Shire Meiselas & Sacks (they reportedly leaked 2.4 gigabytes of Lady Gaga’s legal documents), and Quanta, a prominent computer parts supplier that works for Apple, among other big names. It also conducted a disruptive ransomware attack on meat-processing giant JBS Foods last May, temporarily forcing the company to shut down a number of its food production sites. All in all, they’ve caused quite a lot of damage.

[…]

Some commentators have noted the odd timing of the FSB’s operation, however. The U.S. and Russia are currently experiencing severe tensions over the political situation in Ukraine—where some U.S. commentators have alleged that Russia is preparing for a military invasion. As such, the possibility that Russia has arrested REvil as a kind of bargaining tactic with the U.S. seems plausible to some. “I think being concerned about Russia’s ulterior motives is perfectly reasonable,” John Hultquist, vice president of threat intelligence at cyber firm Mandiant, recently told WIRED.

[…]

Source: Russia Arrests Members of Notorious Ransomware Gang REvil

DOJ Say Evidence Against Oath Keepers Came From Signal Chats

Posted on by

While many of the groups that took part in last year’s siege on the U.S. Capitol turned to Facebook and Telegram groups to plan their part in the attack, the Oath Keepers—a far-right org that’s best described as somewhere between a militia and a rag-tag group of wannabe vigilantes—are alleged to be bigger fans of the encrypted chat app Signal, instead.

In court filings that were made public this week following the arrest of 10 Oath Keeper members and the group’s leader Stewart Rhodes for their alleged role in the Capitol riots, authorities claim that they were able to access multiple invite-only chatrooms where group members coordinated their role in the riots. Authorities describe detailed meetings discussing everything from combat and firearms training to the uniforms Oath Keeper members were going to wear the day of. What’s less clear is how these encrypted chats were divulged in the first place.

[…]

While it’s clear that these docs lay out some pretty horrific chats happening over Signal, it’s less clear how authorities were able to access these chats in the first place. Law enforcement has clashed with this particular app for years while trying to glean information on suspects that use it, and Signal often publicly brushed those attempts off.

In 2018, Signal’s developers told Australian authorities that it wouldn’t be able to comply with the country’s new Assistance and Access Law even if it wanted to because each message’s encrypted contents are protected by keys that were “entirely inaccessible” to the people running the app. More recently, authorities in California tried multiple times to get the company to budge on the issue and comply with the state’s subpoena requests, only to be met with the same responses each time.

“Just like last time, we couldn’t provide any of that,” Signal’s team wrote in a blog post at the time. “ It’s impossible to turn over data that we never had access to in the first place.” Heck, even recent FBI training docs that were obtained via Freedom of Information Act requests reveal that the agency can’t access people’s chats on the app!

[…]

It’s possible that one of the Oath Keeper members that was privy to these chatrooms cooperated with authorities and handed the details over.

[…]

Another theory is that authorities gained access to these chats by gaining access to one of the defendants’ locked devices

[…]

Source: DOJ Say Evidence Against Oath Keepers Came From Signal Chats

Or  they infiltrated the group and were invited into the chatroom…

John Deere Hit With Class Action Lawsuit for Alleged Tractor Repair Monopoly

Posted on by

A class action lawsuit filed in Chicago has accused John Deere of running an illegal repair monopoly. The lawsuit alleged that John Deere has used software locks and restricted access to repair documentation and tools, making it very difficult for farmers to fix their own agricultural equipment, a problem that Motherboard has documented for years and that lawmakers, the FTC, and even the Biden administration have acknowledged.

[…]

The situation is so bad that it’s created a boom in the secondary market. Used tractors are selling for hundreds of thousands of dollars, in part, because they’re easier to repair than modern machines.

Forest River Farms, a farming corporation in North Dakota, filed the recent antitrust lawsuit against John Deere, alleging that “Deere’s network of highly-consolidated independent dealerships is not permitted through their agreements with Deere to provide farmers or repair shops with access to the same software and repair tools the Dealerships have.”

[…]

Last year, President Biden signed an executive order aimed at making it easier for everyone to fix their own stuff. He also directed the FTC to formally adopt a pro right-to-repair platform. Legislation has been introduced in congress that would enshrine the right-to-repair and similar laws are working their way through various statehouses across the country. Microsoft’s shareholders have pressed the company to do more for repair and even Apple is backing away from its monopolistic repair practices.

[…]

Source: John Deere Hit With Class Action Lawsuit for Alleged Tractor Repair Monopoly

German IT security watchdog: No evidence of censorship function in Xiaomi phones

Posted on by

Germany’s federal cybersecurity watchdog, the BSI, did not find any evidence of censorship functions in mobile phones manufactured by China’s Xiaomi Corp (1810.HK), a spokesperson said on Thursday.

Lithuania’s state cybersecurity body had said in September that Xiaomi phones had a built-in ability to detect and censor terms such as “Free Tibet”, “Long live Taiwan independence” or “democracy movement”. The BSI started an examination following these accusations, which lasted several months. read more

“As a result, the BSI was unable to identify any anomalies that would require further investigation or other measures,” the BSI spokesperson said.

Source: German IT security watchdog: No evidence of censorship function in Xiaomi phones | Reuters

Google’s and Facebook’s top execs accused of fixing ads

Posted on by

The alleged 2017 deal between Google and Facebook to kill header bidding, a way for multiple ad exchanges to compete fairly in automated ad auctions, was negotiated by Facebook COO Sheryl Sandberg, and endorsed by both Facebook CEO Mark Zuckerberg (now with Meta) and Google CEO Sundar Pichai, according to an updated complaint filed in the Texas-led antitrust lawsuit against Google.

Texas, 14 other US states, and the Commonwealths of Kentucky and Puerto Rico accused Google of unlawfully monopolizing the online ad market and rigging ad auctions in a December, 2020, lawsuit. The plaintiffs subsequently filed an amendment complaint in October, 2021, that includes details previously redacted.

On Friday, Texas et al. filed a third amended complaint [PDF] that fills in more blanks and expands the allegations by 69 more pages.

The fortified filing adds additional information about previous revelations and extends the scope of concern to cover in-app advertising in greater detail.

Presently, there are three other US government-backed unfair competition claims against Google ongoing: a federal antitrust lawsuit from the US Justice Department, a challenge from Colorado and 38 other State Attorneys General (filed around the same time as the Texas-led complaint), as well as a competition claim focused on Android and the Google Play Store filed last July.

The third amendment complaint delves into more detail about how Google allegedly worked “to kill header bidding,”

[]…]

The deal, referred to as “Jedi Blue” internally and eventually as “Open Bidding” when discussed publicly, allegedly allowed Facebook to win ad auctions even when outbid by competitors.

The third amended complaint explains, “Facebook’s Chief Operating Officer [REDACTED] was explicit that ‘[t]his is a big deal strategically’ in an email thread that included Facebook CEO [REDACTED].

[…]

The expanded filing includes new allegations about how Google used Accelerated Mobile Pages to hinder header bidding.

Google first created Accelerated Mobile Pages (“AMP”), a framework for developing mobile webpages, and made AMP compatible with Google’s ad server but substantially hindered compatibility with header bidding. Specifically, Google made AMP unable to execute JavaScript in the header, which frustrated publishers’ use of header bidding.

[…]

What’s more, the revised filing adds support for the claim that a Google ad program called Dynamic Revenue Share or DRS cheated to help Google win more valuable ad impressions.

“DRS manipulated Google’s exchange fee after soliciting bids in the auction and after peeking at rival exchanges’ bids to win impressions it would have otherwise lost,” the revised complaint says.

And the complaint now contends that Google personnel admitted the unfairness of the DRS system: “Google internally acknowledged that DRS made its auction untruthful: ‘One known issue with the current DRS is that it makes the auction untruthful as we determine the AdX revshare after seeing buyers’ bids and use winner’s bid to price itself (first-pricing)….'”

[…]

Source: Google’s and Facebook’s top execs accused of fixing ads • The Register

Apple Lets Developers in the Netherlands Offer Payment Options, escape from the 30% squeeze

Posted on by

Apple will grudgingly allow dating app developers in the Netherlands to use alternative payment methods in the App Store, but it doesn’t like it, and the score hasn’t been settled yet.

In an update on its developers’ blog on Friday, Apple said dating app developers will have two new optional “entitlements” in the App Store, which sounds strangely medieval, but OK. Besides using Apple’s in-app payment system—which nearly all developers worldwide are obligated to use, with some exceptions—they will also be able to include an in-app link directing users to their website to make a purchase or use a third-party payment system in the app.

According to Apple, developers can choose only one of the two entitlements and have to request it from Apple. For those who want to continue using Apple’s in-app payment system, where the company takes between a 15% and 30% cut of every purchase, no action is needed.

[…]

Source: Apple Lets Developers in the Netherlands Offer Payment Options

Yes, a small country can make a big difference!

North Korea made ‘$400m’ in cryptocurrency heists last year

Posted on by

Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader’s coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 – although part of the reason might be that they are now so valuable people are taking more care with them.

Source: North Korea made ‘$400m’ in cryptocurrency heists last year • The Register

Teen hacker finds bug that lets him control 25+ Teslas remotely. Also 1000s of auth tokens expired silmutaneously

Posted on by

A young hacker and IT security researcher found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday.

David Colombo explained in the thread that the flaw was “not a vulnerability in Tesla’s infrastructure. It’s the owner’s faults.” He claimed to be able to disable a car’s remote camera system, unlock doors and open windows, and even begin keyless driving. He could also determine the car’s exact location.

[…]

On a related note, early on Wednesday morning, a third-party Tesla app called TezLab reported that it saw the “simultaneous expiry of several thousand Tesla authentication tokens from Tesla’s side.” TezLab’s app makes use of Tesla APIs that allow apps to do things like log in to the car and enable or disable the anti-theft camera system, unlock the doors, open the windows, and so on.

Source: Teen hacker finds bug that lets him control 25+ Teslas remotely | Ars Technica

Ransomware puts New Mexico prison in lockdown, closes doors, security cameras to personnel

Posted on by

[…]

Commissioners told the court that all of Bernalillo County, which covers the US state of New Mexico’s largest city Albuquerque, had been affected by a January 5, 2022, ransomware attack, including the Metropolitan Detention Center (MDC) that houses some of the state’s incarcerated.

[…]

Over the phone, a spokesperson for the facility told The Register on Wednesday that services are still being repaired.

The attack took automatic security doors offline on January 5th, requiring officials to open doors manually with keys until that particular function could be revived.

Officials said in their filing that County-operated databases, servers, and internet service had been compromised. At MDC, this has meant limited access to email and no access to County wireless internet. This is particularly problematic, the officials say, because the MDC’s structure and location interferes with cellular service.

“One of the most concerning impacts of the cyber attack is that MDC is unable to access facility cameras,” they explained. “As of the evening of January 5th, there was no access to cameras within the facility.”

MDC instituted a temporary lockdown in response to the situation. Court-related video conferences are also not happening.

Several County databases at MDC are also believed to have been corrupted by the attack.

“The Incident Tracking System (ITS), the database in which MDC creates and houses all incident reports, including inmate fights, use of force, allegations of violations of the Prison Rape Elimination Act, is not currently available as it is suspected to be corrupted by the attack,” the filing states.

“Further, the Offender Management System (OMS) which MDC uses to store and access information about inmates including inmate account data is likewise unavailable at the present.”

[…]

The plaintiffs in the case have taken the opportunity to submit the statement [PDF] of a registered nurse who announced that she was quitting her job at MDC because of concerns about conditions there. The nurse, Taileigh Sanchez, describes dire staff shortages at MDC and problems with a new electronic medical records system, issues that have been made worse by the ransomware attack.

The attack denied access to current medical records, she said, which may have prevented some inmates from getting their medications.

Sanchez said she told supervisors about her concerns – which date back before the ransomware hit – but faced retaliation. “Even though I like my job, and have even been here 11 years, I will be resigning my full-time position effective immediately due to the safety concerns I have for our clientele and our staff,” she said in her declaration.

Source: Ransomware puts New Mexico prison in lockdown • The Register

Open source maintainer PLC4X hits out at corporate freeloaders, stops offering free support

Posted on by

Yet another developer of open source software has tired of companies utilizing the code he helps maintain without giving anything back to support the project.

On Tuesday, Christofer Dutz, creator of Apache PLC4X, said he will stop providing community support for the software if corporate users fail to step up and open their wallets.

“The industry seems to like using PLC4X and open-source in general, but doesn’t seem to be willing to support the people working on it,” he wrote in a post to GitHub. “So, I will stop providing free community support for PLC4X.”

Dutz is one of six listed maintainers of Apache PLC4X, a set of libraries for communicating with programmable logic controllers – industry-specific devices involved in the automation of various manufacturing tasks. His demand for support exists outside his involvement with the Apache Foundation; he maintains a separate IT consultancy called c-ware to help companies design and implement PLC4X software to suit their respective businesses.

C-ware has launched several crowdfunding initiatives to adapt Apache PLC4X to Python, Rust, and TypeScript, among other enhancements, but these have barely attracted any funding commitments.

[…]

Source: Open source maintainer hits out at corporate freeloaders • The Register

With log4j fresh in memory it’s pretty clear that this widespread use of FOSS without any money going the way of the non-university funded maintainers is not sustainable

FTC’s latest monopoly lawsuit against Meta Facebook gets go-ahead

Posted on by

The Federal Trade Commission’s antitrust complaint that Facebook, er, Meta operates as a monopoly will be heard by the courts after the US watchdog’s initial lawsuit was dismissed.

In December 2020, the FTC accused Meta of “illegally maintaining its personal social networking (PSN) monopoly through a years-long course of anticompetitive conduct.” It threatened to break up the mega-corporation and undo its acquisitions Instagram and Whatsapp.

This legal challenge fell flat, however, when judges threw the case out six months later. Evidence supporting the idea it unlawfully dominated social media was said to be lacking though the regulator was given another chance to file an amended lawsuit. A federal judge has now agreed to hear the case this time.

“First, the FTC has now alleged enough facts to plausibly establish that Facebook exercises monopoly power in the market for PSN services,” Judge James Boasberg ruled [PDF] this week.

“Second, it has adequately alleged that the company’s dominant market share is protected by barriers to entry into that market. Third, the agency has also explained that Facebook not only possesses monopoly power, but that it has willfully maintained that power through anticompetitive conduct — specifically, the acquisitions of Instagram and WhatsApp.”

The amended lawsuit brings up pretty much the same allegations as the first lawsuit. It claims Meta has been operating as a monopoly for years with Instagram and Whatsapp under its belt, and that it has enforced anticompetitive practices to deter or thwart rivals.

[…]

Source: FTC’s latest monopoly lawsuit against Meta gets go-ahead • The Register

UltraRAM Breakthrough Brings Combined Memory and Storage to a single wafer

Posted on by

Scientists from the Physics and Engineering Department of the UK’s Lancaster University have published a paper detailing a breakthrough in the mass production of UltraRAM. Researchers have pondered over this novel memory type for several years due to its highly attractive qualities, and the latest breakthrough means that mass production on silicon wafers could be within sight. UltraRAM is described as a memory technology which “combines the non-volatility of a data storage memory, like flash, with the speed, energy-efficiency, and endurance of a working memory, like DRAM.”

ULTRARAM fabrication

(Image credit: Lancaster University)

Importantly, UltraRAM on silicon could be the universal memory type that will one day cater to all the memory needs (both RAM and storage) of PCs and devices.

[…]

The fundamental science behind UltraRAM is that it uses the unique properties of compound semiconductors, commonly used in photonic devices such as LEDs, lasers, and infrared detectors can now be mass-produced on silicon. The researchers claim that the latest incarnation on silicon outperforms the technology as tested on Gallium Arsenide semiconductor wafers.

An ULTRARAM cell

(Image credit: Lancaster University)

Some extrapolated numbers for UltraRAM are that it will offer “data storage times of at least 1,000 years,” and its fast switching speed and program-erase cycling endurance is “one hundred to one thousand times better than flash.” Add these qualities to the DRAM-like speed, energy efficiency, and endurance, and this novel memory type sounds hard for tech companies to ignore.

If you read between the lines above, you can see that UltraRAM is envisioned to break the divide between RAM and storage. So, in theory, you could use it as a one-shot solution to fill these currently separate requirements. In a PC system, that would mean you would get a chunk of UltraRAM, say 2TB, and that would cover both your RAM and storage needs.

The shift, if it lives up to its potential, would be a great way to push forward with the popular trend towards in-memory processing. After all, your storage would be your memory – with UltraRAM; it is the same silicon.

[…]

Source: UltraRAM Breakthrough Brings New Memory and Storage Tech to Silicon | Tom’s Hardware

Undersea Cable Connecting Norway With Arctic Satellite Station Has Been Mysteriously Severed

Posted on by

n undersea fiberoptic cable located between mainland Norway and the Svalbard archipelago in the Arctic Ocean has been put out of action in a still-mysterious incident. The outage on the subsea communications cable — the furthest north of its kind anywhere in the world — follows an incident last year in which different cables linking an undersea surveillance network off the Norwegian coast were severed, a story that we covered in detail at the time.

The latest disruption involves one of two fiberoptic cables that enable communications between the Norwegian mainland and Norwegian-administered Svalbard that lies between the mainland and the North Pole. The outage occurred on the morning of January 7, but was first widely reported yesterday. The extent of the damage is not clear from the official press release from Space Norway, the country’s space agency, which maintains the cables primarily in support of the Svalbard Satellite Station (SvalSat), but it is significant enough that it is expected to require the services of an ocean-going cable-laying vessel.

Bjoertvedt/Wikimedia Commons

The Svalbard Satellite Station atop the mountain of Platåberget on the island of Spitsbergen in Svalbard, Norway.

In addition to the SvalSat facilities, the fiber-optic cables provide broadband internet to Svalbard. The SvalSat site consists of more than 100 satellite antennas on a mountain plateau and is the largest commercial ground station of its kind.

Being located between mainland Norway and the North Pole means that SvalSat is in much demand with operators of polar-orbiting satellites, being one of only two ground stations from which data can be downloaded from these types of satellites on each of the Earth’s rotations.

Space Norway, which operates the undersea cables, confirms that the second is still functioning normally, but the loss of the first means there is now no redundancy available until repairs can be made.

[…]

Source: Undersea Cable Connecting Norway With Arctic Satellite Station Has Been Mysteriously Severed

FAA’s Statement On Mysterious US wide Air Traffic Halt after Korean missile launch Leaves More Questions Than Answers

Posted on by

The Federal Aviation Administration has finally put out an official statement regarding a still very mysterious ground stop order that it issued to all aircraft in the western U.S. and Hawaii yesterday around 2:30 PM PST. While the incident is now confirmed, there are still a significant number of unanswered questions, including the most important one: what triggered this decision in the first place? You can get up to speed first on what The War Zone had been able to determine in our initial reporting here

The Federal Aviation Administration (FAA) issued their statement just before 9:40 AM PST this afternoon, over 20 hours after the order was sent. The War Zone had already reached out to the FAA with a number of basic questions regarding the event, but we have still not received a direct response.

FAA’s full statement, so far, regarding this incident, is as follows:

As a matter of precaution, the FAA temporarily paused departures at some airports along the West Coast on Monday night. Full operations resumed in less than 15 minutes. The FAA regularly takes precautionary measures. We are reviewing the process around this ground stop as we do after all such events.

This statement is immediately curious for a number of reasons. For one, publicly available recordings of air traffic controllers on the ground talking with pilots at the time show that this pause was not limited to the West Coast of the continental United States. For instance, pilots in Honolulu, Hawaii were given similar instructions.

One source, a pilot flying into Yuma, Arizona, which lies around 150 miles inland from the West Coast, told The War Zone that the alert had been described to them as “national ground stop.” This also highlights that we know that the stop order did not only impact departures. Other air traffic control recordings make clear that even some aircraft were ordered to land as soon as possible, as well.

The FAA statement makes no mention of what prompted it to take this “precaution,” either. Air traffic controllers at Burbank in California can be heard in one recording referencing an unspecified “national security threat.”

There had been reports, as well as general speculation, that the ground stop may have been related to a North Korean missile launch that occurred right at almost the same time that FAA issued its order. This was not entirely out of the realm of reason.

[…]

Source: FAA’s Statement On Mysterious Air Traffic Halt Leaves More Questions Than Answers

White House invites tech firms to discuss open-source software security in January

Posted on by

White House National Security Advisor Jake Sullivan has invited major tech firms to discuss ways that the cybersecurity of open-source software can be improved, Bloomberg reported on Thursday.

According to Bloomberg, the tech firms include “major software companies and developers.” Cloud providers are also reportedly among the invited companies.

Anne Neuberger, deputy national security advisor for cyber and emerging technology, will reportedly host a one-day discussion in January with representatives of the invited tech companies. The discussion will involve “company officials responsible for open-source projects and security,” according to Reuters.

The White House’s invitation to tech companies comes a few weeks after the discovery of a critical vulnerability in Log4j, a widely used open-source tool. In a letter to the invited tech firms, Sullivan reportedly stated that the popularity of open-source software projects and the fact that they’re maintained by volunteers is a “combination that is a key national security concern, as we are experiencing with the Log4j vulnerability.”

[…]

Source: White House invites tech firms to discuss open-source software security in January – SiliconANGLE

A real problem is that due to rabid insistence by hard core FOSS advocates who are usually tenured at a university and thus have a good salary, Open source maintainers are not really allowed to make any money, whilst uptake and complexity of their software has grown massively, making it an uphill slog maintaining the software for no renumeration whatsoever.

Google and Facebook Fined Big in Russia for Failing to Remove Banned Content – imprisonment threats follow forcing local data storage

Posted on by

A Russian court fined Alphabet Inc.’s Google 7.2 billion rubles ($98 million) and Meta Platforms Inc. 2 billion rubles Friday for failing to remove banned content, the largest such penalties yet, as the authorities escalate a crackdown on foreign technology companies.

The fines were due to the companies’ repeated failure to comply with orders to take down content and based on a percentage of their annual earnings in Russia, the federal communications watchdog said in a statement. Google and Meta could face more fines if they don’t remove the material, it said.

[…]

The government is also pushing tech companies to comply with its increasingly strict laws on localizing data storage. This year, Google and Apple Inc. removed a protest-voting app from their Russian stores during parliamentary elections after the authorities threatened to imprison their local staff.

Until the latest rulings, however, fines for failure to remove content were generally insignificant. In September, Russia’s federal communications watchdog said companies that did not delete content could face fines of 5% to 20% of their annual local revenue.

Google earned revenues in Russia of about 85 billion rubles in 2020, according to the Spark-Interfax database.

“For some reason, the company fulfills decisions of American and European courts unquestioningly,” Anton Gorelkin, a ruling party deputy in the lower house of parliament who sits on the Information Policy committee, wrote on Telegram after the Google ruling was announced Friday. “If the turnover fine doesn’t bring Google to its senses, I’m afraid that some very unpleasant measures will be taken.”

[…]

Source: Google in Russia Fined $98 Million for Failing to Remove Banned Content – Bloomberg