The Linkielist

Linking ideas with the world

The Linkielist

Monthly Archives: September 2022

Air pollution cancer breakthrough rewrites how to think about cancer activation

Posted on by

Researchers say they have cracked how air pollution leads to cancer, in a discovery that completely transforms our understanding of how tumours arise.

The team at the Francis Crick Institute in London showed that rather than causing damage, air pollution was waking up old damaged cells.

One of the world’s leading experts, Prof Charles Swanton, said the breakthrough marked a “new era”.

And it may now be possible to develop drugs that stop cancers forming.

The findings could explain how hundreds of cancer-causing substances act on the body.

The classical view of cancer starts with a healthy cell. It acquires more and more mutations in its genetic code, or DNA, until it reaches a tipping point. Then it becomes a cancer and grows uncontrollably.

[…]

  • around one in every 600,000 cells in the lungs of a 50-year-old already contains potentially cancerous mutations
  • These are acquired as we age but appear completely healthy until they are activated by the chemical alarm and become cancerous

Crucially, the researchers were able to stop cancers forming in mice exposed to air pollution by using a drug that blocks the alarm signal.

The results are a double breakthrough, both for understanding the impact of air pollution and the fundamentals of how we get cancer.

[…]

Source: Air pollution cancer breakthrough will rewrite the rules – BBC News

How to Easily Make Your Own Pyramid Salt Crystals

Posted on by

[…]

What is pyramid salt?

Pyramid salt crystals are made of the same stuff as regular salt. But these crystals look different because they formed in a different way.

In nature, these elusive crystals grow on the surface of quiet, undisturbed pools of salt water that evaporate under the hot sun.

Pyramid salt is more expensive than regular salt, because they taste saltier. Pyramid salt is hollow, and gram for gram, it dissolves in your mouth faster than regular salt. So the saltiness comes at your taste buds all at once.

Plus, they also look awesome.

what are pyramid salt crystalsNow, it’s easy to make regular salt crystals at home. Just leave a dish of salt water to evaporate, and you’ll get white powdery salt inside after a few hours.

However, it’s much harder to make pyramid salt.

True, you can buy them online. Maldon Sea Salt, for instance, contains crunchy pyramidal salt crystals. They are made by evaporating sea water in large heated pans, mimicking nature.

But that kind of salt is produced industrially, with special equipment and mineral rich seawater.

I’ve always wondered whether you could grow pyramids at home using a hot plate, a glass dish and some regular table salt.

It took over 100 experiments and some sleepless nights, but here are the results.

homemade pyramid salt recipe

How to make pyramid salt crystals

This guide will consist of the following parts:

  1. Materials
  2. Preparing the salt solution
  3. Growing the pyramid salt crystals
  4. Harvesting the pyramid salt crystals
  5. Storing the pyramid salt crystals
  6. Tasting the pyramid salt crystals
  7. 8 types of pyramid salt crystals
  8. Some more information
  9. Summary

Materials

To make pyramid salt crystals, you’ll need:

I have tried table salt, sea salt, and Himalayan rock salt, and they all work. Sea salt seems to give better results.

I’ve used both tap and deionized water. Both are fine.

Also, in this experiment, we’ll be heating some very concentrated salt water. This solution will damage metallic objects, so you can’t use a stainless steel pot.

Instead, I suggest using a heat resistant glass dish. The exact type doesn’t matter. You can use a Pyrex dish or an enameled cast iron pot, which won’t get corroded.

I used a glass casserole.

Preparing the salt solution

Dissolve 165 g of salt in 500 mL of hot water. If you want to make a bigger batch, just use the same ratio (e.g. 330 g of salt per 1 L of water).

Stir the solution gently until all of it dissolves.

Depending on whether the salt is dirty, you can choose to filter it. I filtered mine.

In my setup, I poured my filtered salt solution into a glass casserole sitting on top of a hot plate.

growing setup

A hot plate is fine. But don’t put the glass dish directly on the gas stove – the glass might break due to strong, uneven heating, even though it is technically heat resistant. Use a water bath instead.

Growing the pyramid salt crystals

Now, heat the solution to 60-70°C and keep it there throughout the growing process.

When the solution warms up, convection currents start forming, causing the surface of the solution to swirl around.

This is bad news, because when our pyramids form, they will also move around the surface of the solution. And they will bump into each other, stick together and fall to the bottom of the dish.

The key is to add an ingredient called potassium alum. Alum calms the surface and helps the pyramids form. It is normally used in baking and pickling. You can find it at the grocery store, or buy it online.

adding potassium alum to the solutionAdd 0.5 g of alum per 500 mL of salt solution. No need to measure – just drop a few pea-sized pieces of alum/two pinches of alum powder into the solution and let it dissolve.

Several minutes after the alum has dissolved, the surface of the solution should start to settle down. Check out this GIF:

the effect of adding alum to the salt solutionI placed a cork on the surface of the solution to visualize the movement on the surface. Before adding alum, the cork swirled around. After adding alum, the cork was completely motionless.

Good. Now you just need to wait.

It takes about 30 minutes for the salt solution to reach saturation, which is the point where salt crystals start to form.

Eventually, small white squares will appear on the surface of the solution.

Those are baby pyramid salt crystals.

They’ll keep growing, and within 15 minutes they’ll look like this:

growing pyramid salt crystalsThe crystals are actually upside down pyramids, suspended on the surface of the solution due to surface tension. It’s the same principle that lets some insects walk on water.

Here’s what they look like from the side:

growing pyramid salt crystals side viewAs the pyramid salt crystals get heavier, they sink lower into the solution. But evaporation on the surface causes the base of the pyramids to grow outwards, widening it and forming a staircase pattern in the process.

Super cool.

Here’s a time lapse of the growing process over 1 hour:

growing pyramid salt crystals timelapseAs the pyramids get larger, they risk bumping into their neighbors.

Usually, it isn’t a big problem – unless your solution is too hot. If you heat it beyond 80°C, the pyramids quickly join together to form a layer of crust.

salt crustBut even at 60°C, you shouldn’t leave them there, because they might get too heavy and fall to the bottom to the dish.

So it’s time to harvest the pyramids.

Harvesting the pyramid salt crystals

Using a pair of tweezers, carefully remove the pyramid that you want, and place it on a piece of tissue paper. The paper will soak up excess salt solution.

harvesting salt pyramidsBefore you remove the second pyramid, dip the tweezers in a cup of water. This step ensures that there are no powdery salt grains sticking to your tweezers – which will cause thousands of tiny crystals to form in the dish.

Then, dry the tweezers with a tissue, and remove your second pyramid. Rinse and repeat.

Instead of using tweezers, you can also use a sieve to scoop up those pyramids. Remember to dip the sieve in water after every run.

Wash your tweezers after every run to prevent powdery salt grains from forming.

You can keep doing this until the salt water starts to dry out. By this time, you should have quite a few pyramids.

And that’s it!

You’ve just made the fabled pyramid salt, also known as fleur de sel, flower of salt, at home.

a large salt pyramid i grewIf you want to make more pyramids, just add some water to the dish and wait for all the salt to re-dissolve. Then repeat the process. This time, you don’t need to add alum.

Re-dissolving the salt to make more pyramids.

Storing the pyramid salt crystals

Just store them like regular salt.

If you live somewhere humid, the crystals will absorb moisture from the air and get slightly wet. This will cause part of the pyramid’s base to dissolve.

It’s no big deal, but if you want to prevent this, store the pyramid salt crystals with a desiccant.

[…]

Summary

That’s all for now. I have been trying to grow pyramid salt crystals for a very long time, and I’m glad to share what I’ve learnt with you. Hopefully you found the guide useful.

growing salt pyramids at homeHere’s a super short summary of what we’ve covered.

To grow pyramid salt crystals, you’ll need:

  1. Dissolve 165 g salt per 500 mL of water.
  2. Heat the solution to 60°C.
  3. Add 0.5 g alum per 500 mL of solution.
  4. Wait for pyramids to form.
  5. Remove the pyramids with tweezers.
  6. Dry and store them with a desiccant.
  7. Enjoy your pyramid salt. […]

Source: How to Easily Make Your Own Pyramid Salt Crystals – Crystalverse

 The TAK Ecosystem: Open SourceMilitary Coordination

Posted on by

In recent years you’ve probably seen a couple of photos of tablets and smartphones strapped to the armor of soldiers, especially US Special Forces. The primary app loaded on most of those devices is ATAK or Android Tactical Assault Kit. It allows the soldier to view and share geospatial information, like friendly and enemy positions, danger areas, casualties, etc. As a way of working with geospatial information, its civilian applications became apparent, such as firefighting and law-enforcement, so CivTAK/ATAK-Civ was created and open sourced in 2020. Since ATAK-Civ was intended for those not carrying military-issued weapons, the acronym magically become the Android Team Awareness Kit. This caught the attention of the open source community, so today we’ll dive into the growing TAK ecosystem, its quirks, and potential use cases.

Tracking firefighting aircraft in 3D space using ADS-B (Credit: The TAK Syndicate)

 

The TAK ecosystem includes ATAK for Android, iTAK for iOS, WinTAK for Windows, and a growing number of servers, plugins, and tools to extend functionality. At the heart of TAK lies the Cursor on Target (CoT) protocol, an XML or Protobuf-based message format used to share information between clients and servers. This can include a “target’s” location, area, and route information, sensor data, text messages, or medevac information, to name a few. Clients, like ATAK, can process this information as required, and also generate CoT data to share with other clients. A TAK client can also be a sensor node, or a simple node-Red flow. This means the TAK can be a really powerful tool for monitoring, tracking, or controlling the things around you.

Standalone tools: Checking line-of-sight and camera coverage

ATAK is a powerful mapping tool on its own. It can display and plot information on a 3D map, calculate a heading to a target, set up a geofence, and serve as a messaging app between team members. Besides using it for outdoor navigation, I’ve used two other built-in mapping features extensively. Viewshed allows you to plan wireless node locations, and check line-of-sight their line-of-sight coverage. The “sensor” (camera) markers are handy for planning coverage of CCTV installations. However, ATAK starts to truly shine when you add plugins to extend features, and link clients in a network to share information.

Networking

To allow networking between clients, you either need to set up a multicast network or a central server that all the clients connect to. A popular option for multicast communication is to set up a free ZeroTier VPN, or any other VPN. For client-server topologies, there are several open source TAK servers available that can be installed on a Raspberry Pi or any other machine, including the official TAK server that was recently open sourced on GitHub. FreeTakServer can be extended with its built-in API and optional Node-RED server, and includes an easy-to-use “zero-touch” installer. Taky, is another lightweight Python-based server. All these servers also include data package servers, for distributing larger info packs to clients.

Plugins

If an internet connection is not available where you are going, there are several off-grid networking plugins available. HAMMER acts as an audio modem to send CoTs using cheap Baofeng radios. Atak-forwarder works with LoRa-based Meshtastic radios, or you can use APRS-TAK with ham radios.

Plugins can also pull data from other sources, like ADSB data from an RTL-SDR, or the video feed and location information from a drone. Many of the currently available plugins are not open source and are only available through the TAK.gov website after agreeing to terms and conditions from the US federal government. Fortunately, this means there is a lot of space for open source alternatives to grow.

For further exploration, the team behind the FreeTAK server maintains an extensive list of TAK-related tools, plugins, info sources, and hardware.

Tips to get started

At the time of writing, ATAK is significantly more mature than iTAK and WinTAK, so it’s the best option if you want to start exploring. iTAK is actually a bit easier to start using immediately, but it’s missing a lot of features and can’t load plugins.

Opening ATAK on Android for the first time will quickly become apparent that it is not exactly intuitive to use. I won’t bore you with a complete tutorial but will share a couple of tips I’ve found helpful. Firstly, RTFM. The usage of many of the features and tools is not self-evident, so the included PDF manual (Settings > Support > ATAK Documents) might come in handy. There is also a long list of settings to customize, which are a lot easier to navigate with the search function in the top bar of the Settings menu.

No maps are included in ATAK by default, so download and import [Joshua Fuller]’s ATAK-Maps package. This gives ATAK an extensive list of map sources to work with, including Google Maps and OpenStreetMaps. ATAK can also cache maps and imagery for offline use. ATAK only has low-resolution elevation data included by default, but you can download and import more detailed elevation data from the USGS website.

To connect with others interested in TAK you can also check out the TAK Community Discord server

Source: The TAK Ecosystem: Military Coordination Goes Open Source | Hackaday

Dump these routers, says Cisco, because we won’t patch them

Posted on by

Cisco patched three security vulnerabilities in its products this week, and said it will leave unpatched a VPN-hijacking flaw that affects four small business routers.

Those small-biz routers – the RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router – have reached their end-of-life (EoL) and the networking vendor is recommending customers upgrade to devices that aren’t vulnerable. To give you an idea of the potential age of this kit, Cisco stopped selling the RV110W and RV130 in 2017, and ended support for them this year.

“Cisco has not released and will not release software updates to address the vulnerability described in this advisory,” the supplier wrote in an advisory. “Customers are encouraged to migrate to Cisco Small Business RV132W, RV160, or RV160W Routers.”

It also said that there are no workarounds to mitigate the flaw.

That vulnerability, tracked as CVE-2022-20923 with a severity rating of “medium,” if exploited could enable an unauthenticated remote attacker to bypass authentication checks and freely access the device’s IPSec VPN.

“The attacker may obtain privileges that are the same level as an administrative user, depending on the crafted credentials that are used,” Cisco added. The flaw is the result of the improper implementation of a password validation algorithm, we’re told.

[…]

Source: Dump these routers, says Cisco, because we won’t patch them • The Register

Roombas don’t work if an iRobot server is down

Posted on by

That floor won’t clean itself… well, quite literally it won’t, especially if the vacuum robot you bought to clean the floor won’t hop off its dock when the servers are down

Users started reporting issues with their Roomba app around midday Friday. The status page for iRobot, the maker of Roomba, identified there were outages with Amazon Web Services. The company said they were working with AWS engineers to get the problem sorted out, though as of reporting this, the issue was still unresolved.

Roomba also tweeted about the issue, saying “some customers may be having issues accessing the iRobot app.”

Server outages happen, and that will of course cause issues with apps that rely on connectivity for most of devices more robust features. The problem is when some users cannot access necessary features at all. One user reported they could no longer stop their Roomba from doing its business as child lock features are only accessible in the app.

In response to Gizmodo’s inquiry, iRobot apologized to the customers for the inconvenience and linked to a video and written instructions about how to manually deactivate child and pet locks.

Other users wrote to Gizmodo that although their Roombas can activate manually by hitting the “Clean” button, their devices are still effectively unusable since they cannot tell the vacuum to only do certain rooms or avoid debris in other parts of the house.

This is just another example of the finicky difficulties employed when electronic devices require an internet connection to access necessary functionality.

[…]

Source: Roomba Users Report App Outages

Cory Doctorow Launches New Fight against Copyrights, Creative Chokepoints, and Big Tech’s ‘Chokepoint Capitalism’

Posted on by

“Creators aren’t getting paid,” says Cory Doctorow. “That’s because powerful corporations have figured out how to create chokepoints — that let them snatch up more of the value generated by creative work before it reaches creative workers.”

But he’s doing something about it.

Doctorow’s teamed up with Melbourne-based law professor Rebecca Giblin, the director of Australia’s Intellectual Property Research Institute, for a new book that first “pulls aside the veil on the tricks Big Tech and Big Content use…” But more importantly, it also presents specific ideas for “how we can recapture creative labor markets to make them fairer and more sustainable.” Their announcement describes the book as “A Big Tech/Big Content disassembly manual,” saying it’s “built around shovel-ready ideas for shattering the chokepoints that squeeze creators and audiences — technical, commercial and legal blueprints for artists, fans, arts organizations, technologists, and governments to fundamentally restructure the broken markets for creative labor.”

Or, as they explain later, “Our main focus is action.” Lawrence Lessig says the authors “offer a range of powerful strategies for fighting back.” Anil Dash described it as “a credible, actionable vision for a better, more collaborative future where artists get their fair due.” And Douglas Rushkoff called the book “an infuriating yet inspiring call to collective action.”

The book is titled “Chokepoint Capitalism: How Big Tech and Big Content Captured Creative Labor Markets and How We’ll Win Them Back.” And at one point their Kickstarter page lays down a thought-provoking central question about ownership. “For 40 years, every question about creators rights had the same answer: moar copyright. How’s that worked out for artists?” And then it features a quote from Wikipedia co-founder Jimmy Wales. “Copyright can’t unrig a rigged market — for that you need worker power, antitrust, and solidarity.”

A Kickstarter campaign to raise $10,000 has already raised $72,171 — in its first five days — from over 1,800 backers. That’s partly because, underscoring one of the book’s points, their Kickstarter campaign is offering “an audiobook Amazon won’t sell.” While Amazon will sell you a hardcover or Kindle edition of the book…. Audible has a hard and fast rule: if you’re a publisher or writer who wants to sell your audiobook on Audible, you have to let it be wrapped in “Digital Rights Management,” aka DRM: digital locks that permanently bind your work to the Audible platform. If a reader decides to leave Audible, DRM stops them taking the books they’ve already bought with them…. Every time Audible sells a book, DRM gives it a little bit more power to shake down authors and publishers. Amazon uses that stolen margin to eliminate competition and lock-in more users, ultimately giving it even more power over the people who actually make and produce books.
The announcement says their book “is about traps like the one Audible lays for writers and readers. We show how Big Tech and Big Content erect chokepoints between creators and audiences, allowing them to lock in artists and producers, eliminate competition, and extract far more than their fair share of revenues from creative labour. No way are we going to let Audible put its locks on our audiobook.

“So we’re kickstarting it instead.”

The announcement notes that Cory Doctorow himself has written dozens of books, “and he won’t allow digital locks on any of them.” And then in 2020, “Cory had an idea: what if he used Kickstarter to pre-sell his next audiobook? It was the most successful audiobook crowdfunding campaign in history.”

So now Cory’s working instead with independent audiobook studio Skyboat Media “to make great editions, which are sold everywhere except Audible (and Apple, which only carries Audible books): Libro.fm, Downpour, Google Play and his own storefront. Cory’s first kickstarter didn’t just smash all audiobook crowdfunding records — it showed publishers and other writers that there were tons of people who cared enough about writers getting paid fairly that they were willing to walk away from Amazon’s golden cage. Now we want to send that message again — this time with a book that takes you behind the curtain to unveil the Machiavellian tactics Amazon and the other big tech and content powerhouses use to lock in users, creators and suppliers, eliminate competition, and extract more than their fair share….

Chokepoint Capitalism is not just a rollicking read, and a delightful listen: it also does good.

Your willingness to break out of the one-click default of buying from the Audible monopoly in support of projects like this sends a clear message to writers, publishers, and policymakers that you have had enough of the unfair treatment of creative workers, and you are demanding change.
Rewards include ebooks, audiobooks, hardcover copies, and even the donation of a copy to your local library. You can also pledge money without claiming a reward, or pledge $1 as a show of support for “a cryptographically signed email thanking you for backing the project. Think of it as a grift-free NFT.”

Craig Newmark says the book documents “the extent to which competition’s been lost throughout the creative industries, and how this pattern threatens every other worker. There is still time to do something about it, but the time to act is now.”

Source: Cory Doctorow Launches New Fight against Copyrights, Creative Chokepoints, and Big Tech’s ‘Chokepoint Capitalism’ – Slashdot

A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal, destroyed his digital life with no recourse

Posted on by

It was a Friday night in February 2021. His wife called an advice nurse at their health care provider to schedule an emergency consultation for the next morning, by video because it was a Saturday and there was a pandemic going on. The nurse said to send photos so the doctor could review them in advance.

Mark’s wife grabbed her husband’s phone and texted a few high-quality close-ups of their son’s groin area to her iPhone so she could upload them to the health care provider’s messaging system. In one, Mark’s hand was visible, helping to better display the swelling. Mark and his wife gave no thought to the tech giants that made this quick capture and exchange of digital data possible, or what those giants might think of the images.

[…]

the episode left Mark with a much larger problem, one that would cost him more than a decade of contacts, emails and photos, and make him the target of a police investigation. Mark, who asked to be identified only by his first name for fear of potential reputational harm, had been caught in an algorithmic net designed to snare people exchanging child sexual abuse material.

[…]

“There could be tens, hundreds, thousands more of these,” he said.

Given the toxic nature of the accusations, Callas speculated that most people wrongfully flagged would not publicize what had happened.

“I knew that these companies were watching and that privacy is not what we would hope it to be,” Mark said. “But I haven’t done anything wrong.”

Police agreed. Google did not.

[…]

Two days after taking the photos of his son, Mark’s phone made a blooping notification noise: His account had been disabled because of “harmful content” that was “a severe violation of Google’s policies and might be illegal.” A “learn more” link led to a list of possible reasons, including “child sexual abuse and exploitation.”

Mark was confused at first but then remembered his son’s infection. “Oh, God, Google probably thinks that was child porn,” he thought.

[…]

He filled out a form requesting a review of Google’s decision, explaining his son’s infection. At the same time, he discovered the domino effect of Google’s rejection. Not only did he lose emails, contact information for friends and former colleagues, and documentation of his son’s first years of life, his Google Fi account shut down, meaning he had to get a new phone number with another carrier. Without access to his old phone number and email address, he couldn’t get the security codes he needed to sign in to other internet accounts, locking him out of much of his digital life.

[…]

A few days after Mark filed the appeal, Google responded that it would not reinstate the account, with no further explanation.

Mark didn’t know it, but Google’s review team had also flagged a video he made and the San Francisco Police Department had already started to investigate him.

[…]

Cassio was in the middle of buying a house, and signing countless digital documents, when his Gmail account was disabled. He asked his mortgage broker to switch his email address, which made the broker suspicious until Cassio’s real estate agent vouched for him.

[…]

In December, Mark received a manila envelope in the mail from the San Francisco Police Department. It contained a letter informing him that he had been investigated as well as copies of the search warrants served on Google and his internet service provider. An investigator, whose contact information was provided, had asked for everything in Mark’s Google account: his internet searches, his location history, his messages and any document, photo and video he’d stored with the company.

The search, related to “child exploitation videos,” had taken place in February, within a week of his taking the photos of his son.

Mark called the investigator, Nicholas Hillard, who said the case was closed. Hillard had tried to get in touch with Mark, but his phone number and email address hadn’t worked.

“I determined that the incident did not meet the elements of a crime and that no crime occurred,” Hillard wrote in his report. Police had access to all the information Google had on Mark and decided it did not constitute child abuse or exploitation.

Mark asked if Hillard could tell Google that he was innocent so he could get his account back.

“You have to talk to Google,” Hillard said, according to Mark. “There’s nothing I can do.”

Mark appealed his case to Google again, providing the police report, but to no avail. After getting a notice two months ago that his account was being permanently deleted, Mark spoke with a lawyer about suing Google and how much it might cost.

“I decided it was probably not worth $7,000,” he said.

[…]

False positives, when people are erroneously flagged, are inevitable given the billions of images being scanned. While most people would probably consider that trade-off worthwhile, given the benefit of identifying abused children, Klonick said companies need a “robust process” for clearing and reinstating innocent people who are mistakenly flagged.

“This would be problematic if it were just a case of content moderation and censorship,” Klonick said. “But this is doubly dangerous in that it also results in someone being reported to law enforcement.”

It could have been worse, she said, with a parent potentially losing custody of a child. “You could imagine how this might escalate,” Klonick said.

Cassio was also investigated by police. A detective from the Houston Police department called this past fall, asking him to come into the station.

After Cassio showed the detective his communications with the pediatrician, he was quickly cleared. But he, too, was unable to get his decade-old Google account back, despite being a paying user of Google’s web services.

[…]

Source: A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal.

Have you patched your Zimbra server – actively exploited hacks

Posted on by

In a security alert updated on Monday, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that cybercriminals are actively exploiting five vulnerabilities in the Zimbra Collaboration Suite (ZCS) to break into both government and private-sector networks. The agencies have provided fresh detection signatures to help admins identify intruders abusing these flaws.

[…]

The five CVE-listed bugs being exploited include CVE-2022-27924, which Zimbra patched in May and received a 7.5 out of 10 CVSS score. This high-severity bug can be used by an unauthenticated user to ultimately steal email account credentials in cleartext form with no user interaction.

SonarSource security researchers discovered the flaw in March, and published a detailed technical analysis that explained how an attacker could inject arbitrary memcache commands into a targeted instance, causing an overwrite of arbitrary cached entries, allowing them to steal account credentials.

In June, the security biz publicly released proof-of-concept (POC) exploits for this vulnerability. “Due to the POC and ease of exploitation, CISA and the MS-ISAC expect to see widespread exploitation of unpatched ZCS instances in government and private networks,” the Feds warned.

Another high-severity vulnerability, CVE-2022-27925, which also received a 7.4 CVSS rating, could allow an authenticated user with admin privileges to upload arbitrary files, thus leading to directory traversal. When combined with CVE-2022-37042, CVE-2022-27925 could be exploited without valid administrative credentials, according to researchers from Volexity, which reported more than 1,000 Zimbra email servers had been compromised in attacks chaining the two vulnerabilities.

Further big problems found

CVE-2022-37042 is a critical remote authentication bypass vulnerability that received a 9.8 CVSS rating. Zimbra issued fixes for both of these bugs in late July.

CVE-2022-30333 is a 7.5 rated high-severity flaw in RARLAB UnRAR, used by Zimbra, before 6.12 on Linux and Unix-flavored systems that allows miscreants to write to files during an extract operation.

“In the case of Zimbra, successful exploitation gives an attacker access to every single email sent and received on a compromised email server. They can silently backdoor login functionalities and steal the credentials of an organization’s users,” according to SonarSource, which discovered the bug. “With this access, it is likely that they can escalate their access to even more sensitive, internal services of an organization.”

To fix this issue, Zimbra made configuration changes to use the 7zip program instead of UnRAR.

We’re told that a miscreant is selling an exploit kit for CVE-2022-30333, and there’s also a Metasploit module that creates a RAR file, which then can be emailed to a Zimbra server to exploit this flaw.

The fifth known Zimbra vulnerability under active exploit, CVE-2022-24682, is a medium severity cross-site scripting bug that allows crooks to steal session cookie files. Volexity discovered this one, too, and Zimbra patched it in February.

[…]

Source: US government really hopes you’ve patched your Zimbra server • The Register

Oracle facing class action over ‘brokering’ personal data of 5 billion people

Posted on by

Oracle is the subject of a class-action suit alleging the software giant created a network containing personal information of hundreds of millions of people and sold the data to third parties.

The case [PDF] is being brought by Johnny Ryan, formerly a policy officer at Brave, maker of the privacy-centric browser, and now part of the Irish Council for Civil Liberties (ICCL), who was behind several challenges to Google, Amazon, and Microsoft’s online advertising businesses.

The ICCL claims Oracle has amassed detailed dossiers on 5 billion people which generates $42.4 billion in annual revenue.

The allegations appear to be based, in part, on an Oracle presentation from 2016 in which Oracle CTO and founder Larry Ellison described how data was collected so businesses could predict purchasing patterns among consumers.

Ellison said at the time [1:15 onward]: “It is a combination of real-time looking at all of their social activity, real-time looking at where they are including, micro-locations – and this is scaring the lawyers [who] are shaking their heads and putting their hands over their eyes – knowing how much time you spend in a specific aisle of a specific store and what is in that aisle of a store. As we collect information about consumers and you combine that with their demographic profile, and their past purchasing behavior, we can do a pretty good job of predicting what they’re going to buy next.”

The ICCL claims Oracle’s dossiers about people include names, home addresses, emails, purchases online and in the real world, physical movements in the real world, income, interests and political views, and a detailed account of online activity.

[…]

 

Source: Oracle facing class action over ‘brokering’ personal data • The Register

Smartphone gyroscopes and LED threaten air-gapped systems

Posted on by

[…]

A pair of preprint papers from Mordechai Guri, head of R&D at Ben-Gurion University’s Cyber Security Research Labs, detail new methods for transmitting data ultrasonically to smartphone gyroscopes and sending Morse code signals via LEDs on network interface cards (NICs).

Dubbed Gairoscope and EtherLED respectively, the two exploits are the latest in a long line of research from Guri, who has previously developed air gap exfiltration methods, including stealing data by reading the radio frequency of networking cables, using RAM buses to transmit data electromagnetically, and doing the same with power supplies.

[…]

The problem with phone gyroscopes is that, unlike microphones that are generally visibly activated, Gyroscopes can be “used by many types of applications to ease the graphical interfaces, and users may approve their access without suspicion,” Guri wrote in the paper.

Additionally, Guri cites a lack of visual indicator in iOS and Android that the gyroscope is being used and the fact that smartphone gyroscopes can be accessed from a browser using JavaScript, meaning – in theory – that no actual malware need be installed on the device to execute the attack.

Using his method, Guri was able to achieve speeds of up to eight bits per second at a max distance of eight meters, which the paper claims is faster than other established covert acoustic methods. Guri demonstrated the attack in a video showing an Android app detecting and decoding a message typed on a computer monitor within a few seconds of it being typed.

NICing data from LEDs

The second attack Guri reported on was EtherLED, which uses the familiar green-and-amber lights on network interface cards to transmit data in Morse code. As opposed to similar attacks that rely on exploiting lights on keyboards, hard drives and the brightness of monitors, Guri said Ethernet LEDs are “a threat that has not been studied before, theoretically or technically.”

In this case, the lights being used is the novel element. As with other optical exfiltration techniques, EtherLED requires a visual line of sight, and as such is limited by the placement of existing hackable cameras that can spot the infected NIC and whether the lights face an outside window where someone could place a drone or other camera capable of picking up the blinks and decoding them.

Additionally, mitigations like covering NIC lights with black tape still apply.

[…]

It’s easy to dismiss attacks against air-gapped systems as rare instances targeted against specific types of targets. While uncommon, attacks against such systems can be devastating.

[…]

Guri cites Stuxnet, a joint operation between the US and Israel to destroy Iranian nuclear enrichment systems, as a successful air gap infiltration. In addition, “several attacks on air-gapped facilities such as the power utilities and nuclear power plants have been publicized in recent years,” Guri wrote.

[…]

Source: Smartphone gyroscopes threaten air-gapped systems • The Register

Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects

Posted on by

Binance Chief Communications Officer Patrick Hillmann wrote in a blog post last week that internet scammers had been using deepfake technology to copy his image during video meetings. He started to catch on to this trend when he received messages from the leadership of various crypto projects thanking him for meetings he never attended.

Hillmann shared one screenshot of messages sent over LinkedIn with one supposed project leader telling the Binance exec somebody had impersonated his hologram. The communications officer wrote that a team of hackers had used old interviews found online to create a deepfake of him. Hillmann added that “Other than the 15 pounds that I gained during COVID being noticeably absent, this deep fake was refined enough to fool several highly intelligent crypto community members.”

[…]

Source: Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects

Oktatapus Hack Stole 10,000 Logins From 130 Different Orgs

Posted on by

Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organizations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, among many others.

The news comes from research conducted by cybersecurity firm Group-IB, which began looking into the hacking campaign after a client was phished and reached out for help. The research shows that the threat actor behind the campaign, which researchers have dubbed “0ktapus,” used basic tactics to target staff from droves of well-known companies. The hacker(s) would use stolen login information to gain access to corporate networks before going on to steal data and then break into another company’s network.

“This case is of interest because despite using low-skill methods it was able to compromise a large number of well-known organizations,” researchers wrote in their blog Thursday. “Furthermore, once the attackers compromised an organization they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance.”

[…]

the hackers first went after companies that were users of Okta, the identity and access management firm that provides single sign-on services to platforms all across the web. Using the toolkit, the threat actor sent SMS phishing messages to victims that were styled to look just like the ID authentication pages provided by Okta. Thinking that they were engaging in a normal security procedure, victims would enter their information—including username, password, and multi-factor authentication code.

After they entered this information, the data was then secretly funneled to a Telegram account controlled by the cybercriminals. From there, the threat actor could use the Okta credentials to log into the organizations that the victims worked for. The network access was subsequently abused to steal company data and engage in more sophisticated supply chain attacks that targeted the broader corporate ecosystems that the firms were a part of.

[…]

Source: Oktatapus Hack Stole 10,000 Logins From 130 Different Orgs

Google research AI image noise reduction is out of this world

Posted on by

If you have great lighting, a good photographer can take decent photos even with the crappiest camera imaginable. In low light, though, all bets are off. Sure, some cameras can shoot haunting video lit only by the light of the moon, but for stills — and especially stills shot on a smartphone — digital noise continues to be a scourge. We may be getting close to what is possible to achieve with hardware; heat and physics are working against us making even better camera sensors. But then Google Research came along, releasing an open source project it calls MultiNerf, and I get the sense that we’re at the precipice of everything changing.

I can write a million words about how awesome this is, but I can do better; here’s a 1-minute-51-second video, which, at 30 frames per second and “a picture tells a thousand words,” is at least 1.5 million words worth of magic:

Video Credits: DIYPhotography

The algorithms run on raw image data and adds AI magic to figure out what footage “should have” looked like without the distinct video noise generated by imaging sensors.

Source: Google research AI image noise reduction is out of this world

Physicists invent intelligent quantum sensor of light wave properties

Posted on by

[…]

Typically, when you want to characterize a wave of light, you have to use different instruments to gather information, such as the intensity, wavelength and polarization state of the light. Those instruments are bulky and can occupy a significant area on an optical table,” said Dr. Fan Zhang, a corresponding author of the study and associate professor of physics in the School of Natural Sciences and Mathematics.

“Now we have a single device—just a tiny and thin chip—that can determine all these properties simultaneously in a very short time,” he said.

The device exploits the unique physical properties of a novel family of two-dimensional materials called moiré metamaterials. Zhang, a , published a review article on these materials Feb. 2 in Nature.

The 2D materials have periodic structures and are atomically thin. If two layers of such a material are overlaid with a small rotational twist, a moiré pattern with an emergent, orders-of-magnitude larger periodicity can form. The resulting moiré metamaterial yields that differ significantly from those exhibited by a single layer alone or by two naturally aligned layers.

The sensing device that Zhang and his colleagues chose to demonstrate their new idea incorporates two layers of relatively twisted, naturally occurring bilayer graphene, for a total of four atomic layers.

“The moiré metamaterial exhibits what’s called a bulk photovoltaic effect, which is unusual,” said Patrick Cheung, a physics doctoral student at UT Dallas and co-lead author of the study. “Normally, you have to apply a voltage bias to produce any current in a material. But here, there is no bias at all; we simply shine a light on the moiré metamaterial, and the light generates a current via this bulk photovoltaic effect. Both the magnitude and phase of the photovoltage are strongly dependent on the , wavelength and polarization state.”

By tuning the moiré metamaterial, the photovoltage generated by a given incoming light wave creates a 2D map that is unique to that wave—like a fingerprint—and from which the wave’s properties might be inferred, although doing so is challenging, Zhang said.

Researchers in Dr. Fengnian Xia’s lab at Yale University, who constructed and tested the device, placed two , or gates, on top and underneath the moiré metamaterial. The two gates allowed the researchers to tune the quantum geometric properties of the material to encode the infrared light waves’ properties into “fingerprints.”

The team then used a —an artificial intelligence algorithm that is widely used for image recognition—to decode the fingerprints.

“We start with light for which we know the intensity, wavelength and polarization, shine it through the device and tune it in different ways to generate different fingerprints,” Cheung said. “After training the with a data set of about 10,000 examples, the network is able to recognize the patterns associated with these fingerprints. Once it learns enough, it can characterize an unknown .”

[…]

Source: Physicists invent intelligent quantum sensor of light waves

Evusheld COVID Protection for Immunocompromised People

Posted on by

[…]

If you couldn’t get a COVID vaccine, or if you got it but are in the group of people who likely aren’t as well protected, you can get Evusheld for an extra layer of protection.

What is Evusheld?

Evusheld is considered “pre-exposure prophylaxis” for COVID, and is available for people who are moderately to severely immunocompromised. The CDC has guidelines about Evusheld here. Evusheld is given every 6 months.

The treatment consists of two injections of monoclonal antibodies, tixagevimab and cilgavimab. In other words, instead of triggering your body to produce its own antibodies, you’re being given some ready-made antibodies. You should still also get your COVID vaccine, if you’re able to.

Who can get Evusheld?

Evusheld is for people who are moderately or severely immunocompromised or who are unable to be fully vaccinated with one of the regular COVID vaccines (for example, if you had an allergic reaction to your first dose or if you know you are allergic to a component of the vaccine). You also need to be at least 12 years old and weigh at least 88 pounds.

[…]

Source: What Is Evusheld? COVID Protection for Immunocompromised People

The EU’s AI Act could have a chilling effect on open source efforts, experts warn

Posted on by

The nonpartisan think tank Brookings this week published a piece decrying the bloc’s regulation of open source AI, arguing it would create legal liability for general-purpose AI systems while simultaneously undermining their development. Under the EU’s draft AI Act, open source developers would have to adhere to guidelines for risk management, data governance, technical documentation and transparency, as well as standards of accuracy and cybersecurity.

If a company were to deploy an open source AI system that led to some disastrous outcome, the author asserts, it’s not inconceivable the company could attempt to deflect responsibility by suing the open source developers on which they built their product.

“This could further concentrate power over the future of AI in large technology companies and prevent research that is critical to the public’s understanding of AI,” Alex Engler, the analyst at Brookings who published the piece, wrote. “In the end, the [E.U.’s] attempt to regulate open-source could create a convoluted set of requirements that endangers open-source AI contributors, likely without improving use of general-purpose AI.”

[…]

In a recent example, Stable Diffusion, an open source AI system that generates images from text prompts, was released with a license prohibiting certain types of content. But it quickly found an audience within communities that use such AI tools to create pornographic deepfakes of celebrities.

[…]

“The road to regulation hell is paved with the EU’s good intentions,” Etzioni said. “Open source developers should not be subject to the same burden as those developing commercial software. It should always be the case that free software can be provided ‘as is’ — consider the case of a single student developing an AI capability; they cannot afford to comply with EU regulations and may be forced not to distribute their software, thereby having a chilling effect on academic progress and on reproducibility of scientific results.”

Instead of seeking to regulate AI technologies broadly, EU regulators should focus on specific applications of AI, Etzioni argues. “There is too much uncertainty and rapid change in AI for the slow-moving regulatory process to be effective,” he said. “Instead, AI applications such as autonomous vehicles, bots, or toys should be the subject of regulation.”

[…]

Source: The EU’s AI Act could have a chilling effect on open source efforts, experts warn | TechCrunch

Edit 14/9/22: Willy Tadema has been discussing this with the NL.gov people and points out that Axel Voss has introduced exemptions into the act:

Last week, the Legal Affairs committee in the European Parliament adopted my opinion on the #AIAct with strong support. 17 votes in favor, one against.

Focusing on 10 key areas within the competence of the JURI committee, we send a strong signal to the lead committees, LIBE and IMCO while also presenting new ideas for the political debate on #AI.

On the scope (Art. 2), we introduce three new exemptions.
– On research, testing, development to promote innovation in AI,
– On Business to Business (B2B) to avoid regulating non-risky industrial applications,
– On open-source until its commercialization to support small market players.

We also adjusted the responsibilities of providers (Art. 16) as well as users (Art. 29) as regards their supply chain. In addition, we specified under what circumstances those responsibilities might shift to another actor (Art. 23a) and we tried to integrate general purpose AI into the AI Act.

The JURI committee also transformed the AI Board into a powerful EU body with own legal personality and strong involvement of stakeholders which would help to better coordinate among Member States and to keep AI Act up to date.

As usual, I have to thank Kai Zenner for his tireless work and the great result!

Hydrogen could be harvested from thin air in the desert

Posted on by

[…]

To avoid taking water from an already strained local supply, a team led by Gang Kevin Li, senior lecturer at the University of Melbourne, Australia, has built a system which extracts water from airborne vapor using a hygroscopic electrolyte, in this case sulfuric acid. The approach then uses solar-generated electricity to split the water into hydrogen and oxygen.

The team proved it could operate at a relative humidity of about 4 percent, well below that of most deserts. On a warm sunny day, the meter-square unit was able to produce 3.7m3 of hydrogen.

“Hydrogen is the ultimate clean energy,” the paper, published in Nature Communications, said. “Despite being the most abundant element in the universe, hydrogen exists on the earth mainly in compounds like water. H2 produced by water electrolysis using renewable energy, namely, green hydrogen, represents the most promising energy carrier of the low-carbon economy. H2 can also be used as a medium of energy storage for intermittent energies such as solar, wind, and tidal.”

[…]

Source: Hydrogen could be harvested from thin air in the desert • The Register

Korean nuclear fusion tokamak reactor achieves 100 million°C for 30 seconds

Posted on by

A nuclear fusion reaction has lasted for 30 seconds at temperatures in excess of 100 million°C. While the duration and temperature alone aren’t records, the simultaneous achievement of heat and stability brings us a step closer to a viable fusion reactor – as long as the technique used can be scaled up.

Most scientists agree that viable fusion power is still decades away, but the incremental advances in understanding and results keep coming. An experiment conducted in 2021 created a reaction energetic enough to be self-sustaining, conceptual designs for a commercial reactor are being drawn up, while work continues on the large ITER experimental fusion reactor in France.

Now Yong-Su Na at Seoul National University in South Korea and his colleagues have succeeded in running a reaction at the extremely high temperatures that will be required for a viable reactor, and keeping the hot, ionised state of matter that is created within the device stable for 30 seconds.

Controlling this so-called plasma is vital. If it touches the walls of the reactor, it rapidly cools, stifling the reaction and causing significant damage to the chamber that holds it. Researchers normally use various shapes of magnetic fields to contain the plasma – some use an edge transport barrier (ETB), which sculpts plasma with a sharp cut-off in pressure near to the reactor wall, a state that stops heat and plasma escaping. Others use an internal transport barrier (ITB) that creates higher pressure nearer the centre of the plasma. But both can create instability.

Na’s team used a modified ITB technique at the Korea Superconducting Tokamak Advanced Research (KSTAR) device, achieving a much lower plasma density. Their approach seems to boost temperatures at the core of the plasma and lower them at the edge, which will probably extend the lifespan of reactor components.

[…]

Source: Korean nuclear fusion reactor achieves 100 million°C for 30 seconds | New Scientist

War profiteering Finland govt nationalises 1% of energy companies

Posted on by

With Russia closing the gas pipelines to Europe as a catalyst and using the people of Finland as blackmail material the Finnish government is taking control of company payment structures and grabs 1% of any company that signs up to the possibility of taking a loan from the government at extortionate interest rates.

It’s pretty obvious it’s a safe loan that will be paid back, but the amounts are beyond normal banking facilities to provide.

Energy companies can simply not afford to not sign up for the possibility of the loan (even if they’re not sure they actually need the facility yet) because bankruptcy is not an option if you’re servicing heating for the population and energy for companies to operate on. It’s this need to care for people that the Finnish government – which is supposed to protect the population – is strong arming the energy sector to sign up for these bizarre conditions.

To be sure: the Finnish government take the 1% of the company and control payments whether a loan is taken out or not and even after repayment of the loan.

They have potentially valued the energy sector in Finland at EUR 0,-.

[…]

Minister of Finance Annika Saarikko (Centre) stated that the funding should not be misconstrued as financial aid or subsidy.

“It’s a loan,” she emphasised. “Companies must pay it back in two years’ time. And the government would only lose money in the extreme circumstance where the company ends up permanently insolvent. Even then, similarly to a regular loan, a share of the company’s collaterals – such as power plants or electricity production – corresponding to the [loan] value would end up in the state’s possession.”

The emergency funding scheme enables the government to grant loans and guarantees to companies with an electricity production capacity of more than 100 megawatts that have exhausted all other financing options, that are deemed critical for the functioning of the electricity market and that are at risk of insolvency due to soaring collateral requirements.

[…]

The financing will be available until the end of next year with a maximum repayment period of two years and with a total interest rate of 10 per cent for the first six months and one of 12 per cent for the rest of the repayment period, according to Helsingin Sanomat.

The borrower, in turn, will be prohibited from making dividend payouts or re-distributing their profits in other ways until the loan has been repaid. Offering bonuses, pay rises and other incentives to the management will similarly be prohibited between 2022 and 2023. The borrower must also invite the government to take up a one per cent stake through a free share issue or consent to a three-percentage-point increase in the interest rate.

“The loan terms are exceptionally strict,” confirmed Saarikko. “It’s a message from the government to companies that this is a last-resort form of assistance. You should first turn to your owners, such as municipalities in the public sector, and market-based financing solutions.”

The government introduced the emergency funding scheme due to the mounting collateral requirements faced by energy companies active in the electricity derivatives market. Collaterals can be demanded by customers as a form of guarantee of their future electricity supply as their value is equal to the difference of the price defined in the futures contract and current price.

Energy prices have soared in the wake of Russia’s invasion of Ukraine.

[…]

Source: Helsinki Times

Scientists Find a Simple Way to Produce Hydrogen From Water at Room Temperature

Posted on by

Hydrogen fuel promises to be a clean and abundant source of energy in the future – as long as scientists can figure out ways to produce it practically and cheaply, and without fossil fuels.

A new study provides us with another promising step in that direction, provided you can make use of existing supplies of post-consumer aluminum and gallium.

In the new research, scientists describe a relatively simple method involving aluminum nanoparticles that are able to strip the oxygen from water molecules and leave hydrogen gas.

The process yields large amounts of hydrogen, and it all works at room temperature.

That removes one of the big barriers to hydrogen fuel production: the large amounts of power required to produce it using existing methods.

This technique works with any kind of water, too, including wastewater and ocean water.

“We don’t need any energy input, and it bubbles hydrogen like crazy,” says materials scientist Scott Oliver from the University of California, Santa Cruz (UCSC).

“I’ve never seen anything like it.”

Key to the process is the use of gallium metal to enable an ongoing reaction with the water. This aluminum-gallium-water reaction has been known about for decades, but here the team optimized and enhanced it in a few particular ways.

With the help of scanning electron microscopy and X-ray diffraction techniques, the researchers were able to find the best mix of aluminum and gallium for producing hydrogen with the greatest efficiency: a 3:1 gallium-aluminum composite.

The gallium-rich alloy does double duty in both removing aluminum’s oxide coating (which would ordinarily block the reaction with water) and in producing the aluminum nanoparticles that enable faster reactions.

“The gallium separates the nanoparticles and keeps them from aggregating into larger particles,” says Bakthan Singaram, a professor of organic chemistry at UCSC.

“People have struggled to make aluminum nanoparticles, and here we are producing them under normal atmospheric pressure and room temperature conditions.”

The mixing method isn’t complicated, the researchers report, and the composite material can be stored for at least three months when submerged in cyclohexane to protect it from moisture, which would otherwise degrade its efficacy.

Aluminum is easier to get hold of than gallium as it can be sourced from post-consumer materials, such as discarded aluminum cans and foil.

Gallium is more expensive and less abundant, but in this process at least it can be recovered and reused many times over without losing its effectiveness.

There is still work to do, not least in making sure this can be scaled up from a lab set-up to something that can be used on an industrial scale. However, the early signs are that this is another method that has a lot of potential for hydrogen fuel production.

“Overall, the Ga-rich Ga−Al [gallium-rich gallium-aluminum] mixture produces substantial amounts of hydrogen at room temperature with no energy input, material manipulation, or pH modification,” the researchers conclude in their paper.

The research has been published in Applied Nano Materials.

Source: Scientists Find a Simple Way to Produce Hydrogen From Water at Room Temperature : ScienceAlert

Meta fined $402 million in EU over Instagram’s privacy settings for children

Posted on by

Meta has been fined €405 million ($402 million) by the Irish Data Protection Commission for its handling of children’s privacy settings on Instagram, which violated Europe’s General Data Protection Regulation (GDPR). As Politico reports, it’s the second-largest fine to come out of Europe’s GDPR laws, and the third (and largest) fine levied against Meta by the regulator.

A spokesperson for the DPC confirmed the fine, and said additional details about the decision would be available next week. The fine stems from the photo sharing app’s privacy settings on accounts run by children. The DPC had been investigating Instagram over children’s use of business accounts, which made personal data like email addresses and phone numbers publicly visible. The investigation also covered Instagram’s policy of defaulting all new accounts, including teens, to be publicly viewable.

[…]

Source: Meta faces $402 million EU fine over Instagram’s privacy settings for children | Engadget

Samsung says customer data stolen in July data breach – again

Posted on by

Electronics giant Samsung has confirmed a data breach affecting customers’ personal information.

In a brief notice, Samsung said it discovered the security incident in late-July and that an “unauthorized third party acquired information from some of Samsung’s U.S. systems.” The company said it determined customer data was compromised on August 4.

Samsung said Social Security numbers and credit card numbers were not affected, but some customer information — name, contact and demographic information, date of birth, and product registration information — was taken.

“The information affected for each relevant customer may vary. We are notifying customers to make them aware of this matter,” said the statement.

Samsung spokesperson Chris Langlois told TechCrunch by email via crisis communications firm Edelman that demographic data relates to customer information used for marketing and advertising, but didn’t specify what types of data this includes. Langlois added that registration data, provided by customers in order to access support and warranty information, includes product purchase date, model, and device ID.

Langlois declined to say how many customers were affected or why it took Samsung more than a month to notify customers about the breach, which was announced just hours ahead of a U.S. holiday weekend marking Labor Day.

[…]

This is the second time Samsung has confirmed a data breach this year. In March, the company admitted that the Lapsus$ hacking group — the same group that infiltrated Nvidia, Microsoft and T-Mobile — obtained and leaked almost 200 gigabytes of confidential data, including source code for various technologies and algorithms for biometric unlock operations.

Source: Samsung says customer data stolen in July data breach | TechCrunch

Pharma Startup President Convicted in Fake Covid Testing Scheme

Posted on by

Blood testing huckster and former Arrayit president Mark Schena has been convicted in a covid-19 and allergy test scheme that allegedly resulted in nearly $80 million worth of fraudulent claims. Schena, who was convicted on five separate charges, could potentially spend decades in prison, according to the Department of Justice

The DOJ alleges Schena misled investors with bogus claims of “revolutionary” new technology capable of testing for virtually any disease with just a couple of pinpricks of blood while president of his pharma startup. No, this isn’t Theranos but it yes, it sure does sound similar.

Schena allegedly misled investors and told them his company was valued at around $4.5 billion. In reality, the DOJ alleges the president withheld documents that revealed Arrayit was actually on the verge of bankruptcy. Arrayit allegedly released fabricated press releases and tweets falsely claiming major institutions had entered into partnerships with the company. Schena even boldly claimed he was on a “shortlist” for the Nobel Prize, a claim that also turned out to be bullshit.

[…]

All told, Arrayit allegedly filed $77 million worth of false and fraudulent claims for its covid-19 and allergy testing service. Schena, who was convicted of one count of conspiracy to commit health care fraud and conspiracy to commit wire fraud, two counts of health care fraud, one count of conspiracy to pay kickbacks, two counts of payment of kickbacks, and three counts of securities fraud, could potentially face decades in prison.

Source: Pharma Startup President Convicted in Fake Covid Testing Scheme

Scientists Turn Plastic Into Diamonds In Breakthrough

Posted on by

[…]

Since the 1970s, scientists believed that diamonds might actually rain down toward the mostly slushy planets’ rocky interiors—a diamond rain, if you will.

In 2017, researchers in Germany and California found a way to replicate those planetary conditions, fabricating teeny tiny diamonds called nanodiamonds in the lab using polystyrene (aka Styrofoam). Five years later and they’re back at it again, this time using some good ol’ polyethylene terephthalate (PET), according to a study published on Friday in Science Advances. The research has implications not only for our understanding of space, but paves a path toward creating nanodiamonds that are used in a range of contexts out of waste plastic.

[…]

When Kraus and his colleagues first attempted making nanodiamonds with polystyrene—which contains the same elements of carbon and hydrogen found on Neptune and Uranus—they did so by bombarding the material with the Linac Coherent Light Source, a high-powered X-ray laser at the SLAC National Acceleratory Laboratory in California. This process rapidly heated the polystyrene to 5,000 Kelvin (around 8,540 degrees Fahrenheit) and compressed it by 150 gigapascals, similar to conditions found about 6,000 miles into the interior of the icy planets.

While the researchers were able to make the microscopic bling with two quick hits from the laser, they later realized one vital chemical ingredient was missing: oxygen. So they turned to PET, which has a good balance of not only carbon and hydrogen but also oxygen, making it a closer chemical proxy to the ice giants than polystyrene.

[…]

“We found that the presence of oxygen enhances diamond formation instead of preventing it, making ‘diamond rain’ inside those planets a more likely scenario,” said Kraus. “We [also] see that diamonds grow larger for higher pressures and with progressing time in the experiments.”

They were also able to squeeze out a lot of tiny diamonds from just one shot of X-ray, on the order of a few billion crystallites (or a few micrograms if you’re talking total weight).

[…]

“If industrial scaling of the formation process indeed works as discussed above, and nanodiamonds will be required in very large quantitates for certain processes, e.g., catalysis for light-induced CO2 reduction reactions helping to reduce global warming, this may indeed become a potential way to recycle large amounts of PET,”  said Kraus.

[…]

Source: Scientists Turn Plastic Into Diamonds In Breakthrough