Daily Archives: November 5, 2022

Scientists zap clouds with electricity to make them rain

Posted on by

A new experiment has shown that zapping clouds with electrical charge can alter droplet sizes in fog or, potentially, help a constipated cloud to rain.

Last year Giles Harrison, from the University of Reading, and colleagues from the University of Bath, spent many early mornings chasing fogs in the Somerset Levels, flying uncrewed aircraft into the gloop and releasing charge. Their findings, published in Geophysical Research Letters, showed that when either positive or negative charge was emitted, the fog formed more water droplets.

“Electric charge can slow evaporation, or even – and this is always amazing to me – cause drops to explode because the electric force on them exceeds the surface tension holding them together,” said Harrison.

The findings could be put to good use in dry regions of the world, such as the Middle East and north Africa, as a means of encouraging clouds to release their rain. Cloud droplets are larger than fog droplets and so more likely to collide, and Harrison and his colleagues believe that adding electrical charge to a cloud could help droplets to stick together and become more weighty.

Source: Scientists zap clouds with electricity to make them rain | Environment | The Guardian

The world’s first offshore floating wind-solar pilot just came online in China

Posted on by

China’s government-owned utility State Power Investment Corporation (SPIC) has launched the world’s first commercial offshore floating solar that’s paired with an offshore wind turbine.

 

SPIC is one of five major electrical utility companies in China, and the world’s largest photovoltaic power generation enterprise. The pilot is located off the coast of Haiyang, a city in Shandong, eastern China.

The project uses Norway-based Ocean Sun‘s patented floating solar power technology.

The two solar floaters (see the photo above) have an installed capacity of 0.5 megawatts peak. They’re connected to a transformer on a SPIC-owned wind turbine and then a subsea cable runs from the wind turbine to the power grid.

If the pilot is successful, the plan is to build a 20 MW floating wind-solar farm in 2023 using Ocean Sun’s technology.

Ocean Sun signed an agreement to license its proprietary floating solar technology for the project in July. This project is fully funded by SPIC, and Ocean Sun’s first “truly offshore installation.”

In July, Børge Bjørneklett, CEO and founder of Ocean Sun, said [translation edited for clarity]:

Shandong Province is projecting 42GW of floating solar installations in the next few years, and Ocean Sun will now be a contender for some of this volume. These waters see challenging annual typhoons, and all involved parties are aware of the risks. Ocean Sun will improve our product with learnings from this exposed site.

A wind-solar hybrid system potentially offers the advantage of improving power output reliability. Solar peaks during the day, and whereas offshore wind turbines typically generate most of their power in the afternoon and evening.

Source: The world’s first offshore floating wind-solar pilot just came online in China

Multi-factor authentication bombing fatigue can blow open security

Posted on by

The September cyberattack on ride-hailing service Uber began when a criminal bought the stolen credentials of a company contractor on the dark web.

The miscreant then repeatedly tried to log into the contractor’s Uber account, triggering the two-factor login approval request that the contractor initially denied, blocking access. However, eventually the contractor accepted one of many push notifications, enabling the attacker to log into the account and get access to Uber’s corporate network, systems, and data.

[…]

Microsoft and Cisco Systems were also victims of MFA fatigue – also known as MFA spamming or MFA bombing – this year, and such attacks are rising rapidly. According to Microsoft, between December 2021 and August, the number of multi-factor MFA attacks spiked. There were 22,859 Azure Active Directory Protection sessions with multiple failed MFA attempts last December. In August, there were 40,942.

[…]

In an MFA fatigue situation, the attacker uses the stolen credentials to try to sign into an protected account over and over, overwhelming the user with push notifications. The user may initially tap on the prompt saying it isn’t them trying to sign in, but eventually they wear down from the spamming and accept it just to stop their phone going off. They may assume it’s a temporary glitch or an automated system causing the surge in requests.

[…]

sometimes the attacker will pose as part of the organization’s IT staff, messaging the employee to accept the access attempt.

[…]

Ensuring authentication apps can’t be fat-fingered and requests wrongly accepted before they can be fully evaluated, for instance, would be handy. Adding intelligent handling of logins, so that there’s a cooling off period after a bout of MFA spam, is, again, useful, too.

And on top of this, some forms of MFA, such as one-time authentication tokens, can be phished along with usernames and passwords to allow a miscreant to login as their victim. Finding and implementing a phish-resistant MFA approach is something worth thinking about.

[…]

Some companies are on the ball. Microsoft, for instance, is making number matching a default feature in its Authenticator app. This requires a user who responds to an MFA push notification using the tool to type in a number that appears on their device’s screen to approve a login. The number will only be sent to users who have been enabled for number matching, according to Microsoft.

They’re also adding other features to Authenticator, including showing users what application they’re signing into and the location of the device, based on its IP address, that is being used for signing in. If the user is in California but the device is in Europe, that should raise a big red flag. That also ought to be automatically caught by authentication systems, too.

[…]

As to limiting the number of unsuccessful MFA authentication requests: Okta limits that number to five; Microsoft and Duo offer organizations the ability to implement it in their settings and adjust the number of failed attempts before the user’s account is automatically locked. With Microsoft Authenticator, enterprises also can set the number of minutes before an account lockout counter is reset.

[…]

Source: Multi-factor authentication fatigue can blow open security • The Register