Curceanu hopes the apparatus and methods of nuclear physics can solve the century-old mystery of why lentils – and other organisms too – constantly emit an extremely weak dribble of photons, or particles of light. Some reckon these “biophotons” are of no consequence. Others insist they are a subtle form of lentil communication. Curceanu leans towards the latter camp – and she has a hunch that the pulses between the pulses might even contain secret quantum signals. “These are only the first steps, but it looks extremely interesting,” she says.
There are already hints that living things make use of quantum phenomena, with inconclusive evidence that they feature in photosynthesis and the way birds navigate, among other things. But lentils, not known for their complex behaviour, would be the most startling example yet of quantum biology, says Michal Cifra at the Czech Academy of Sciences in Prague. “It would be amazing,” says Cifra. “If it’s true.” Since so many organisms emit biophotons, such a discovery might indicate that quantum effects are ubiquitous in nature.
Biophotons
Biophotons have had scientists stumped for precisely a century. In 1923, biologist Alexander Gurwitsch was studying how plant cells divide by placing onion roots near each other. The closer the roots were, the more cell division occurred, suggesting there was some signal alerting the roots to their neighbour’s presence.
[…]
To tease out how the onion roots were signalling, Gurwitsch repeated the experiment with all manner of physical barriers between the roots. Wood, metal, glass and even gelatine dampened cell division to the same level seen in single onion roots. But, to Gurwitsch’s surprise, a quartz divider had no effect. Compared to glass, quartz allows far more ultraviolet rays to pass through. Some kind of weak emission of UV radiation, he concluded, must be responsible.
[…]
Living organisms have long been known to communicate using light. Jellyfish, mushrooms and fireflies, to name just a few, glow or emit bright flashes to ward off enemies or attract a mate. But these obvious signals, known as bioluminescence, are different to the effect Gurwitsch had unearthed. Biophotons are “a very low-intensity light, not visible to the naked eye”, says Curceanu’s collaborator Maurizio Benfatto. In fact, biophotons were so weak that it took until 1954 to develop equipment sensitive enough to decisively confirm Gurwitsch’s idea.
Since then, dozens of research groups have reported cases of biophoton emission having a useful function in plants and even animals. Like onion roots, yeast cells are known to influence the growth rate of their neighbours. And in 2022, Zsolt PÓnya and Katalin Somfalvi-TÓth at the University of Kaposvár in Hungary observed biophotons being emitted by sunflowers when they were put under stress, which the researchers hoped to use to precisely monitor these crops. Elsewhere, a review carried out by Roeland Van Wijk and Eduard Van Wijk, now at the research company MELUNA in the Netherlands, suggested that biophotons may play a role in various human health conditions, from ageing to acne.
There is a simple explanation for how biophotons are created, too. During normal metabolism, chemical reactions in cells end up converting biomolecules to what researchers called an excited state, where electrons are elevated to higher energy levels. Those electrons then naturally drop to their ground state and emit a photon in the process. Because germinating seeds, like lentils, burn energy quickly to grow, they emit more biophotons.
Today, no one doubts that biophotons exist. Rather, the dispute is over whether lentils and other organisms have harnessed biophotons in a useful way.
[…]
We know that plants communicate using chemicals and sometimes even emit ultrasonic squeaks when stressed. This allows them to control their growth, warn each other about invading insects and attract pollinators. We also know they have ways of detecting and responding to photons in the form of regular sunlight. “Biological systems can detect photons and have feedback loops based on that,”
[…]
Curceanu and Benfatto are hoping that the application of serious physics equipment to this problem could finally let us eavesdrop on the legume’s secrets. They typically use supersensitive detectors to probe the foundations of reality. Now, they are applying these to a box of 75 lentil seeds – they need that many because if they used any fewer, the biophoton signals would be too weak.
[…]
Years ago, Benfatto came across a paper on biophotons and noticed there appeared to be patterns in the way they were produced. The intensity would swell, then fall away, almost like music. This gave him the idea of applying a method from physics called diffusion entropy analysis to investigate these patterns. The method provides a means of characterising the mathematical structures that underlie complex patterns. Imagine comparing a simple drumbeat with the melody of a pop song, for example – the method Benfatto wanted to apply could quantify the complexity embodied in each.
To apply this to the lentils, Benfatto, Curceanu and their colleagues put their seeds in a black box that shielded them from interference. Outside the box, they mounted an instrument capable of detecting single biophotons. They also had rotating filters that allowed them to detect photons with different wavelengths. All that remained was to set the lentils growing. “We add water and then we wait,” says Benfatto.
In 2021, they unveiled their initial findings. It turned out that the biophotons’ signals changed significantly during the lentils’ germination. During the first phase, the photons were emitted in a pattern that repeatedly reset, like a piece of music changing tempo. Then, during the second phase, the emissions took the form of another kind of complex pattern called fractional Brownian motion.
Are these germinating lentils communicating in quantum code?
Catalina Curceanu
The fact that the lentils’ biophoton emissions aren’t random is an indication that they could be communicating, says Benfatto. And that’s not all. Tantalisingly, the complexity in the second phase of the emissions is mathematically related to the equations of quantum mechanics. For this reason, Benfatto says his team’s work hints that signals displaying quantum coherence could have a role in directing lentil germination.
[…]
Part of the problem with designing experiments like these is that we don’t really know what quantum mechanical effects in living organisms look like. Any quantum effects discovered in lentils and other organisms would be “very different to textbook quantum mechanics”, says Scholes.
[…]
so far, the evidence for quantum lentils is sketchy. Still, he is pushing ahead with a new experimental design that makes the signal-to-noise ratio 100 times better. If you want to earwig on the clandestine whispers of these seeds, it might just help to get rid of their noisy neighbours, which is why he will study one germinating lentil at a time.
A zero-day exploit of Google account security was first teased by a cybercriminal known as “PRISMA” in October 2023, boasting that the technique could be used to log back into a victim’s account even after the password is changed. It can also be used to generate new session tokens to regain access to victims’ emails, cloud storage, and more as necessary.
Since then, developers of info-stealer malware – primarily targeting Windows, it seems – have steadily implemented the exploit in their code. The total number of known malware families that abuse the vulnerability stands at six, including Lumma and Rhadamanthys, while Eternity Stealer is also working on an update to release in the near future.
They’re called info stealers because once they’re running on some poor sap’s computer, they go to work finding sensitive information – such as remote desktop credentials, website cookies, and cryptowallets – on the local host and leaking them to remote servers run by miscreants.
Eggheads at CloudSEK say they found the root of the Google account exploit to be in the undocumented Google OAuth endpoint “MultiLogin.”
The exploit revolves around stealing victims’ session tokens. That is to say, malware first infects a person’s PC – typically via a malicious spam or a dodgy download, etc – and then scours the machine for, among other things, web browser session cookies that can be used to log into accounts.
Session cookies ideally expire frequently, something that can limit their usefulness in account takeover attacks. However, recent cases such as Okta’s in October, which involved the theft of HAR files that often contain session cookies, have demonstrated that session hijackings are entirely practical and can lead to major security incidents.
Those session tokens are then exfiltrated to the malware’s operators to enter and hijack those accounts. It turns out that these tokens can still be used to login even if the user realizes they’ve been compromised and change their Google password.
Here’s an important part: It appears users who’ve had their cookies stolen should log out entirely, and thus invalidate their session tokens, to prevent exploitation.
[…]
Reverse engineering the info-stealer malware revealed that the account IDs and auth-login tokens from logged-in Google accounts are taken from the token_service table of WebData in Chrome.
This table contains two columns crucial to the exploit’s functionality: service (contains a GAIA ID) and encrypted_token. The latter is decrypted using a key stored in Chrome’s Local State file, which resides in the UserData directory.
The stolen token:GAIA ID pairs can then be used together with MultiLogin to continually regenerate Google service cookies even after passwords have been reset, and those can be used to log in.
[…]
Google has confirmed that if you’ve had your session tokens stolen by local malware, don’t just change your password: log out to invalidate those cookies, and/or revoke access to compromised devices.
“Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events,” Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe, told TechCrunch in an email.
From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million victims because they had opted-in to 23andMe’s DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform.
In other words, by hacking into only 14,000 customers’ accounts, the hackers subsequently scraped personal data of another 6.9 million customers whose accounts were not directly hacked.
But in a letter sent to a group of hundreds of 23andMe users who are now suing the company, 23andMe said that “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe.”
“Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures,” the letter reads.
Zavareei said that 23andMe is “shamelessly” blaming the victims of the data breach.
[…]
“The breach impacted millions of consumers whose data was exposed through the DNA Relatives feature on 23andMe’s platform, not because they used recycled passwords. Of those millions, only a few thousand accounts were compromised due to credential stuffing. 23andMe’s attempt to shirk responsibility by blaming its customers does nothing for these millions of consumers whose data was compromised through no fault of their own whatsoever,” said Zavareei.
[…]
In an attempt to pre-empt the inevitable class action lawsuits and mass arbitration claims, 23andMe changed its terms of service to make it more difficult for victims to band together when filing a legal claim against the company. Lawyers with experience representing data breach victims told TechCrunch that the changes were “cynical,” “self-serving” and “a desperate attempt” to protect itself and deter customers from going after the company.
As December 2023 was underway, some streamers cleverly thought to play around with Twitch’s restrictions around nudity, broadcasting in such a fashion that implied they were completely naked on camera. Twitch, in response, began banning folks before shifting gears to allow various forms of “artistic nudity” to proliferate on the platform. However, after immediately rescinding the decision and expressing that being naked while livestreaming is a no-no, the company is now making it clear that implied nudity is also forbidden, and that anyone who tries to circumvent the rules will face disciplinary action.
In a January 3 blog post, the company laid out the new guidelines regarding implied nudity on the platform, which is now prohibited effective immediately. Anyone who shows skin that the rules deem should be covered—think genitals, nipples “for those who present as women,” and the like—will face “an enforcement action,” though Twitch didn’t specify what that means. So, if you’re wearing sheer or partially see-through clothing, or use black bars to cover your private parts, then you’re more than likely to get hit with some sort of discipline.
“We don’t permit streamers to be fully or partially nude, including exposing genitals or buttocks. Nor do we permit streamers to imply or suggest that they are fully or partially nude, including, but not limited to, covering breasts or genitals with objects or censor bars,” the company said in the blog post. “We do not permit the visible outline of genitals, even when covered. Broadcasting nude or partially nude minors is always prohibited, regardless of context. For those who present as women, we ask that you cover your nipples and do not expose underbust. Cleavage is unrestricted as long as these coverage requirements are met and it is clear that the streamer is wearing clothing. For all streamers, you must cover the area extending from your hips to the bottom of your pelvis and buttocks.”
[…]
At the beginning of December, some streamers, including Morgpie and LivStixs, began broadcasting in what appeared to be the complete nude. In actuality, these content creators were implying nudity by positioning their cameras at the right angle so as to show plenty of unobscured cleavage but keep nipples out of sight. “Artistic nudity” is what it was called and, as the meta took over the platform, Twitch conceded, allowing such nakedness to proliferate all over livestreams.
[…]
Company CEO Dan Clancy said on December 15 that “depictions of real or fictional nudity won’t be allowed on Twitch, regardless of the medium.” He also apologized for the confusion this whole situation has caused, saying that part of Twitch’s job is “to make adjustments that serve the community.” So be careful, streamers. If you show up nude on the platform, Twitch will come for you.
